Dustin C. Hatch
8176eaf694
Tasks that configure the SELinux policy obviously only make sense if the host uses SELinux. Similarly, if the host does not use FirewallD, configuring firewall rules doesn't work.
55 lines
1.5 KiB
YAML
55 lines
1.5 KiB
YAML
- name: load distribution-specific values
|
|
include_vars: '{{ item }}'
|
|
with_first_found:
|
|
- '{{ ansible_distribution }}.yml'
|
|
- defaults.yml
|
|
tags:
|
|
- always
|
|
|
|
- name: ensure collectd write_prometheus plugin is installed
|
|
package:
|
|
name: '{{ collectd_prometheus_package }}'
|
|
state: present
|
|
when: collectd_prometheus_package is not none
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure collectd-local selinux module is installed
|
|
copy:
|
|
src: collectd-local.pp
|
|
mode: 'u=rw,go=r'
|
|
dest: /var/lib/selinux/collectd-local.pp
|
|
notify:
|
|
- install collectd-local selinux module
|
|
when: ansible_selinux.status == 'enabled'
|
|
tags:
|
|
- selinux
|
|
|
|
- name: ensure collectd write_prometheus plugin is configured
|
|
template:
|
|
src: collectd-prometheus.conf.j2
|
|
dest: /etc/collectd.d/prometheus.conf
|
|
mode: '0644'
|
|
notify:
|
|
- restart collectd
|
|
tags:
|
|
- collectd-config
|
|
|
|
- name: ensure firewall is configured for collectd write_prometheus plugin
|
|
firewalld:
|
|
port: '{{ collectd_prometheus_port }}/tcp'
|
|
permanent: false
|
|
immediate: true
|
|
state: '{{ "enabled" if collectd_prometheus_allow_outside else "disabled" }}'
|
|
when: host_uses_firewalld|d(true)|bool
|
|
tags: firewalld
|
|
|
|
- name: ensure firewall is configured for collectd write_prometheus plugin
|
|
firewalld:
|
|
port: '{{ collectd_prometheus_port }}/tcp'
|
|
permanent: true
|
|
immediate: false
|
|
state: '{{ "enabled" if collectd_prometheus_allow_outside else "disabled" }}'
|
|
when: host_uses_firewalld|d(true)|bool
|
|
tags: firewalld
|