Document needed sebooleans for httpd/zabbix-web #481
Conversation
|
Hi @Fabian1976, thanks for this PR. I'm not sure if we should include those sebooleans in the module. They are apache specific, not zabbix specific. It is possible, that others manage this seboolean already, but outside of the module. Maybe it is better to handle this in a profile and add a note to the readme? |
|
I wonder if |
|
You could also fix this in a profile. But if you include zabbix::web (which needs apache), people assume that it sets the appropiate SEbooleans (it sets 1, why not all that are needed for web to work?) |
|
There is a small but important difference. It sets all needed sebooleans that httpd needs to talk to zabbix. It doesn't set all sebooleans that httpd need. IMO we shouldn't manage those sebooleans in the zabbix module. They should be part of httpd module or a profile. |
|
I can live with that. I allready added it to a profile as a work around. But then i will make it permanent. Not a problem. Shall i close my PR? |
|
It would be great if it's at least documented in the README. |
|
@Fabian1976 can you remove the current changes and instead document it in the README.md? |
|
Yes, not a problem. Will do |
…ct to the Zabbix database
|
I updated the README |
README.md
Outdated
| @@ -169,6 +169,16 @@ node 'zabbix.example.com' { | |||
| Everything will be installed on the same server. There is also an possibility to seperate the components, please check the following wiki: | |||
| https://github.com/voxpupuli/puppet-zabbix/wiki/Multi-node-Zabbix-Server-setup | |||
|
|
|||
| Please note that if you use apache as the frontend (which is the default) and SELinux is enabled, you need to set these SEBooleans (preferably in a profile) to allow apache to connect to the database: | |||
| ```ruby | |||
README.md
Outdated
| Please note that if you use apache as the frontend (which is the default) and SELinux is enabled, you need to set these SEBooleans (preferably in a profile) to allow apache to connect to the database: | ||
| ```ruby | ||
| if $facts['selinux'] { | ||
| selboolean { ['httpd_can_network_connect', 'httpd_can_network_connect_db'] |
bastelfreak
changed the title
bastelfreak
added
docs
The web.pp missed these sebooleans:
As mentioned in issue #477