ansible-collections/community.zabbix

Task `Add SEmodule to fix SELinux issue: zabix_proxy_alerter.sock` is not idempotent

andrew-landsverk-win opened this issue · 0 comments

andrew-landsverk-win commented
SUMMARY

Ever since updating to collection 3.0.0 (and also 3.0.3) this task runs and is marked as changed every time we run ansible. It happens with selinux set to permissive or enforcing.

I notice that this task expects a file to be created at /etc/selinux/targeted/active/modules/400/zabbix_proxy_add/cil but no such file is created on Rocky Linux 9 at least.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

zabbix_proxies role

ANSIBLE VERSION
ansible [core 2.15.3]
  config file = /home/andrew.landsverk/code/ansible/ansible.cfg
  configured module search path = ['/home/andrew.landsverk/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/andrew.landsverk/.local/lib/python3.9/site-packages/ansible
  ansible collection location = /home/andrew.landsverk/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/andrew.landsverk/.local/bin/ansible
  python version = 3.9.18 (main, May 16 2024, 00:00:00) [GCC 11.4.1 20231218 (Red Hat 11.4.1-3)] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True
CONFIGURATION
ANSIBLE_FORCE_COLOR(/home/andrew.landsverk/code/ansible/ansible.cfg) = True
ANSIBLE_NOCOWS(/home/andrew.landsverk/code/ansible/ansible.cfg) = False
CALLBACKS_ENABLED(/home/andrew.landsverk/code/ansible/ansible.cfg) = ['profile_tasks', 'redhat.satellite.foreman']
CONFIG_FILE() = /home/andrew.landsverk/code/ansible/ansible.cfg
DEFAULT_FORKS(/home/andrew.landsverk/code/ansible/ansible.cfg) = 20
DISPLAY_SKIPPED_HOSTS(/home/andrew.landsverk/code/ansible/ansible.cfg) = False
MAX_FILE_SIZE_FOR_DIFF(/home/andrew.landsverk/code/ansible/ansible.cfg) = 1044480
TASK_TIMEOUT(/home/andrew.landsverk/code/ansible/ansible.cfg) = 900
OS / ENVIRONMENT / Zabbix Version

Rocky Linux 9

STEPS TO REPRODUCE
Nothing specific, just running the zabbix proxy role.
EXPECTED RESULTS

All tasks to be idempotent

ACTUAL RESULTS
Add SEmodule to fix SELinux issue: zabix_proxy_alerter.sock runs every time.