Open anutator opened 3 years ago
On some CentOS7 servers I have an error in handler:
fatal: [preprod-db1]: FAILED! => {"changed": false, "cmd": "checkmodule -M -m -o /etc/zabbix/my-zabbixagent.mod /etc/zabbix/my-zabbixagent.te", "msg": "[Errno 2] No such file or directory", "rc": 2, "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
It is impossible to resolve this problem rerunning the role because handlers are not triggered.
Is it possible to ensure that checkpolicy package is installed and execute checkmodule command after it?
handlers/main.yml
# handlers file for zabbix_agent - name: ensure selinux tools are installed ansible.builtin.package: name: - checkpolicy - policycoreutils-python state: latest - name: create selinux mod for zabbix_agent ansible.builtin.command: checkmodule -M -m -o /etc/zabbix/my-zabbixagent.mod /etc/zabbix/my-zabbixagent.te - name: create selinux pp for zabbix_agent ansible.builtin.command: semodule_package -o /etc/zabbix/my-zabbixagent.pp -m /etc/zabbix/my-zabbixagent.mod - name: load selinux pp for zabbix_agent ansible.builtin.command: semodule -i /etc/zabbix/my-zabbixagent.pp ...
tasks/main.yml
- name: place selinux type enforcement ansible.builtin.copy: src: my-zabbixagent.te dest: /etc/zabbix/my-zabbixagent.te mode: "0644" notify: - ensure selinux tools are installed - create selinux mod for zabbix_agent - create selinux pp for zabbix_agent - load selinux pp for zabbix_agent when: - ansible_selinux.status is defined - ansible_selinux.status == "enabled"
Describe the bug
On some CentOS7 servers I have an error in handler:
fatal: [preprod-db1]: FAILED! => {"changed": false, "cmd": "checkmodule -M -m -o /etc/zabbix/my-zabbixagent.mod /etc/zabbix/my-zabbixagent.te", "msg": "[Errno 2] No such file or directory", "rc": 2, "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
It is impossible to resolve this problem rerunning the role because handlers are not triggered.
Is it possible to ensure that checkpolicy package is installed and execute checkmodule command after it?
handlers/main.yml
tasks/main.yml