From 6ef17adfa29decad7a647670f64755e74cc3fa17 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Thu, 18 Mar 2021 22:31:28 +0000
Subject: [PATCH] munin-master: Fix graph generation from cgi script

---
 roles/munin-master/files/munin-apache.conf |  2 +-
 roles/munin-master/files/override.conf     |  4 +++
 roles/munin-master/tasks/main.yml          | 37 ++++++++++++++++++++++
 3 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 roles/munin-master/files/override.conf

diff --git a/roles/munin-master/files/munin-apache.conf b/roles/munin-master/files/munin-apache.conf
index 7adcef6..5e70f53 100644
--- a/roles/munin-master/files/munin-apache.conf
+++ b/roles/munin-master/files/munin-apache.conf
@@ -3,7 +3,7 @@ Alias /static/ /etc/munin/static/
   Require all granted
 </Directory>
 
-ScriptAlias /munin-cgi-graph /var/www/html/munin/cgi/munin-cgi-graph
+ScriptAlias /munin-cgi/munin-cgi-graph /var/www/html/munin/cgi/munin-cgi-graph
 ScriptAlias / /var/www/html/munin/cgi/munin-cgi-html/
 <Directory /var/www/html/munin/cgi>
   Require all granted
diff --git a/roles/munin-master/files/override.conf b/roles/munin-master/files/override.conf
new file mode 100644
index 0000000..c8b74d5
--- /dev/null
+++ b/roles/munin-master/files/override.conf
@@ -0,0 +1,4 @@
+
+graph_strategy cgi
+cgiurl_graph /munin-cgi/munin-cgi-graph
+cgitmpdir /var/run/munin/cgi-tmp
diff --git a/roles/munin-master/tasks/main.yml b/roles/munin-master/tasks/main.yml
index e1f3d32..fc6a41b 100644
--- a/roles/munin-master/tasks/main.yml
+++ b/roles/munin-master/tasks/main.yml
@@ -18,6 +18,13 @@
     groups: hostkey
     append: yes
 
+# this needs better rule
+- name: fix selinux write errors
+  seboolean:
+    name: domain_can_mmap_files
+    state: true
+    persistent: true
+
 - name: create apache config
   copy:
     dest: /etc/httpd/conf.local.d/munin.conf
@@ -27,6 +34,28 @@
     group: "{{ ansible_wheel }}"
   notify: restart apache
 
+- name: fix selinx contexts from cache directory
+  sefcontext:
+    path: "/var/run/munin/cgi-tmp(/.*)?"
+    setype: munin_rw_content_t
+
+- name: add cache direcory to tmpfiles
+  copy:
+    dest: /etc/tmpfiles.d/munin.conf
+    content: "d /run/munin/cgi-tmp 0755 apache apache -"
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: create cache directory
+  file:
+    path: /var/run/munin/cgi-tmp
+    state: directory
+    mode: 0755
+    owner: apache
+    group: apache
+    setype: _default
+
 - name: create tls config
   template:
     dest: /etc/munin/conf.d/00-tls.conf
@@ -35,6 +64,14 @@
     owner: root
     group: "{{ ansible_wheel }}"
 
+- name: create override config
+  copy:
+    dest: /etc/munin/conf.d/00-override.conf
+    src: override.conf
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+
 - name: remove localhost node
   file:
     path: /etc/munin/conf.d/local.conf