mirror of
https://git.lapiole.org/dani/ansible-roles.git
synced 2025-04-26 15:13:20 +02:00
41 lines
1.0 KiB
YAML
41 lines
1.0 KiB
YAML
|
---
|
||
|
|
|
||
|
|
- name: Copy SELinux policy
|
||
|
|
copy: src=zabbix_server.te dest=/etc/selinux/targeted/local/
|
||
|
|
register: zabbix_server_selinux_policy
|
||
|
|
tags: zabbix
|
||
|
|
|
||
|
|
- name: Install needed packages
|
||
|
|
yum:
|
||
|
|
name: policycoreutils
|
||
|
|
tags: zabbix
|
||
|
|
|
||
|
|
- name: Compile SELinux policy
|
||
|
|
shell: |
|
||
|
|
cd /etc/selinux/targeted/local/
|
||
|
|
checkmodule -M -m -o zabbix_server.mod zabbix_server.te
|
||
|
|
semodule_package -o zabbix_server.pp -m zabbix_server.mod
|
||
|
|
when: zabbix_server_selinux_policy.changed
|
||
|
|
tags: zabbix
|
||
|
|
|
||
|
|
- name: Load policy for Zabbix Proxy
|
||
|
|
command: semodule -i /etc/selinux/targeted/local/zabbix_server.pp
|
||
|
|
when: zabbix_server_selinux_policy.changed
|
||
|
|
tags: zabbix
|
||
|
|
|
||
|
|
- name: Set SELinux context
|
||
|
|
sefcontext:
|
||
|
|
target: '/var/lib/zabbix/sessions(/.*)?'
|
||
|
|
setype: httpd_var_lib_t
|
||
|
|
state: present
|
||
|
|
tags: zabbix
|
||
|
|
|
||
|
|
- name: Restore SELinux context
|
||
|
|
command: restorecon -R /var/lib/zabbix/
|
||
|
|
changed_when: False
|
||
|
|
tags: zabbix
|
||
|
|
|
||
|
|
- name: Allow network connections in SELinux
|
||
|
|
seboolean: name=zabbix_can_network state=True persistent=True
|
||
|
|
tags: zabbix
|