search

robertdebock / ansible-role-zabbix_agent

Install and configure zabbix_agent on your system.
https://robertdebock.nl/
Apache License 2.0
9 stars 2 forks source link

checkmodule and semodule_package not installed #5

Open anutator opened 3 years ago

anutator commented 3 years ago

Describe the bug

On some CentOS7 servers I have an error in handler:

fatal: [preprod-db1]: FAILED! => {"changed": false, "cmd": "checkmodule -M -m -o /etc/zabbix/my-zabbixagent.mod /etc/zabbix/my-zabbixagent.te", "msg": "[Errno 2] No such file or directory", "rc": 2, "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}

It is impossible to resolve this problem rerunning the role because handlers are not triggered.

Is it possible to ensure that checkpolicy package is installed and execute checkmodule command after it?

handlers/main.yml

# handlers file for zabbix_agent

- name: ensure selinux tools are installed
  ansible.builtin.package:
    name:
    - checkpolicy
    - policycoreutils-python
    state: latest

- name: create selinux mod for zabbix_agent
  ansible.builtin.command: checkmodule -M -m -o /etc/zabbix/my-zabbixagent.mod /etc/zabbix/my-zabbixagent.te

- name: create selinux pp for zabbix_agent
  ansible.builtin.command: semodule_package -o /etc/zabbix/my-zabbixagent.pp -m /etc/zabbix/my-zabbixagent.mod

- name: load selinux pp for zabbix_agent
  ansible.builtin.command: semodule -i /etc/zabbix/my-zabbixagent.pp

...

tasks/main.yml

- name: place selinux type enforcement
  ansible.builtin.copy:
    src: my-zabbixagent.te
    dest: /etc/zabbix/my-zabbixagent.te
    mode: "0644"
  notify:
    - ensure selinux tools are installed
    - create selinux mod for zabbix_agent
    - create selinux pp for zabbix_agent
    - load selinux pp for zabbix_agent
  when:
    - ansible_selinux.status is defined
    - ansible_selinux.status == "enabled"