diff --git a/roles/zabbix_proxy/tasks/Rocky.yml b/roles/zabbix_proxy/tasks/Rocky.yml index 50bd2af..2b82271 100644 --- a/roles/zabbix_proxy/tasks/Rocky.yml +++ b/roles/zabbix_proxy/tasks/Rocky.yml @@ -6,6 +6,9 @@ zabbix_db_file: "/var/lib/zabbix/zabbix_proxy.db" zabbix_db_type: "sqlite" # sqlite | mysql | postgres zabbix_api_url: "https://zabbix.sectorq.eu/api_jsonrpc.php" + zabbix_var_lib_path: "/var/lib/zabbix" + zabbix_config_path: "/etc/zabbix" + zabbix_log_path: "/var/log/zabbix" become: "{{ 'no' if inventory_hostname == 'nas.home.lan' else 'yes' }}" block: # ========================================================== @@ -179,6 +182,43 @@ # ========================================================== # Start service # ========================================================== + - name: Check SELinux status + command: getenforce + register: selinux_status + changed_when: false + + - name: Display SELinux status + debug: + msg: "SELinux is {{ selinux_status.stdout }}" + + - name: Add SELinux file context for Zabbix var_lib + sefcontext: + target: "{{ zabbix_var_lib_path }}(/.*)?" + setype: zabbix_var_lib_t + state: present + when: ansible_selinux.status == "enabled" + + - name: Add SELinux file context for Zabbix config + sefcontext: + target: "{{ zabbix_config_path }}(/.*)?" + setype: zabbix_etc_t + state: present + when: ansible_selinux.status == "enabled" + + - name: Add SELinux file context for Zabbix logs + sefcontext: + target: "{{ zabbix_log_path }}(/.*)?" + setype: zabbix_log_t + state: present + when: ansible_selinux.status == "enabled" + + - name: Restore SELinux contexts for Zabbix directories + command: restorecon -R {{ item }} + loop: + - "{{ zabbix_var_lib_path }}" + - "{{ zabbix_config_path }}" + - "{{ zabbix_log_path }}" + when: ansible_selinux.status == "enabled" - name: Restart Zabbix proxy systemd: