Updated logic on selinux install

pyrodie18 · Jun 6, 2024 · 32f7a96 · 32f7a96
1 parent 56c4f89
commit 32f7a96
Show file tree

Hide file tree

Showing 8 changed files with 9 additions and 14 deletions.
diff --git a/docs/ZABBIX_AGENT_ROLE.md b/docs/ZABBIX_AGENT_ROLE.md
@@ -123,7 +123,8 @@ The following is an overview of all available configuration default for this rol
 
 ### SElinux
 
-* `zabbix_agent_selinux`: Default: `False`. Enables an SELinux policy so that the server will run.
+Selinux options will be installed based on the status of selinux running on the target system.
+
 * `selinux_allow_zabbix_run_sudo`: Default: `False`.  Enable Zabbix root access on system.
 
 ### Zabbix Agent

diff --git a/docs/ZABBIX_PROXY_ROLE.md b/docs/ZABBIX_PROXY_ROLE.md
@@ -139,7 +139,7 @@ The following is an overview of all available configuration default for this rol
 
 ### SElinux
 
-* `zabbix_proxy_selinux`: Default: `False`. Enables an SELinux policy so that the Proxy will run.
+Selinux options will be installed based on the status of selinux running on the target system.
 
 ## Proxy
 

diff --git a/docs/ZABBIX_SERVER_ROLE.md b/docs/ZABBIX_SERVER_ROLE.md
@@ -111,7 +111,7 @@ The following is an overview of all available configuration default for this rol
 
 ### SElinux
 
-* `zabbix_server_selinux`: Default: `False`. Enables an SELinux policy so that the server will run.
+Selinux options will be installed based on the status of selinux running on the target system.
 * `selinux_allow_zabbix_can_network`: Default: `False`. 
 * `selinux_allow_zabbix_can_http`: Default: `False`. 
 

diff --git a/docs/ZABBIX_WEB_ROLE.md b/docs/ZABBIX_WEB_ROLE.md
@@ -152,7 +152,7 @@ The following properties are specific to Zabbix 5.0 and for the PHP(-FPM) config
 
 ### SElinux
 
-* `zabbix_web_selinux`: Default: `False`. Enables an SELinux policy so that the web will run.
+Selinux options will be installed based on the status of selinux running on the target system.
 * `selinux_allow_httpd_can_connect_zabbix`: Default: `false`. Set SELinux boolean to allow httpd to connect to zabbix.
 * `selinux_allow_httpd_can_connect_ldap`: Default: `false`. Set SELinux boolean to allow httpd to connect to LDAP.
 * `selinux_allow_httpd_can_network_connect_db`: Default: `false` Set SELinux boolean to allow httpd to connect databases over the network.

diff --git a/roles/zabbix_agent/tasks/Linux.yml b/roles/zabbix_agent/tasks/Linux.yml
@@ -85,8 +85,7 @@
 
 - name: "Configure SELinux when enabled"
   ansible.builtin.include_tasks: selinux.yml
-  when:
-    - zabbix_agent_selinux | default (false) |  bool
+  when: ansible_facts.selinux.status | default('disabled') == 'enabled'
 
 - name: "Adding zabbix group"
   ansible.builtin.group:

diff --git a/roles/zabbix_proxy/tasks/main.yml b/roles/zabbix_proxy/tasks/main.yml
@@ -56,9 +56,7 @@
 
 - name: "Configure SELinux when enabled"
   ansible.builtin.include_tasks: selinux.yml
-  when:
-    - zabbix_proxy_selinux | default (false) | bool
-    - ansiblle_os_family == "RedHat"
+  when: ansible_facts.selinux.status | default('disabled') == 'enabled'
 
 - name: "Install zabbix-proxy packages"
   ansible.builtin.package:

diff --git a/roles/zabbix_server/tasks/main.yml b/roles/zabbix_server/tasks/main.yml
@@ -38,9 +38,7 @@
 
 - name: "Configure SELinux when enabled"
   ansible.builtin.include_tasks: selinux.yml
-  when:
-    - zabbix_server_selinux | default (false) | bool
-    - ansiblle_os_family == "RedHat"
+  when: ansible_facts.selinux.status | default('disabled') == 'enabled'
 
 - name: Install zabbix-server packages
   ansible.builtin.package:

diff --git a/roles/zabbix_web/tasks/RedHat.yml b/roles/zabbix_web/tasks/RedHat.yml
@@ -41,5 +41,4 @@
 
 - name: "Configure SELinux when enabled"
   ansible.builtin.include_tasks: selinux.yml
-  when:
-    - zabbix_web_selinux | default (false) | bool
+  when: ansible_facts.selinux.status | default('disabled') == 'enabled'