Merge pull request #191 from bastelfreak/feature-selinux

Feature selinux
voxpupuli · Apr 19, 2016 · 721616d · 721616d
2 parents 6559368 + a38610b
commit 721616d
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 5 deletions.
diff --git a/manifests/server.pp b/manifests/server.pp
@@ -505,4 +505,12 @@
         'ESTABLISHED'],
     }
   }
+
+  # check if selinux is active and allow zabbix
+  if $::selinux_config_mode == 'enforcing' {
+    selboolean{'zabbix_can_network':
+      persistent => true,
+      value      => 'on',
+    }
+  }
 }
diff --git a/manifests/web.pp b/manifests/web.pp
@@ -424,4 +424,12 @@
       require         => Package[$zabbix_web_package],
     }
   } # END if $manage_vhost
+
+  # check if selinux is active and allow zabbix
+  if $::selinux_config_mode == 'enforcing' {
+    selboolean{'httpd_can_connect_zabbix':
+      persistent => true,
+      value      => 'on',
+    }
+  }
 }
diff --git a/spec/classes/server_spec.rb b/spec/classes/server_spec.rb
@@ -29,12 +29,23 @@
         lsbdistcodename: '',
         id: 'root',
         kernel: 'Linux',
-        path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/sbin'
+        path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/sbin',
+        selinux_config_mode: ''
       }
     end
 
-    it { should contain_class('zabbix::repo') }
-    it { should contain_service('zabbix-server').with_ensure('running') }
+    describe 'with default settings' do
+      it { should contain_class('zabbix::repo') }
+      it { should contain_service('zabbix-server').with_ensure('running') }
+      it { should_not contain_selboolean('zabbix_can_network') }
+    end
+
+    describe 'with enabled selinux' do
+      let :facts do
+        super().merge(selinux_config_mode: 'enforcing')
+      end
+      it { should contain_selboolean('zabbix_can_network').with('value' => 'on', 'persistent' => true) }
+    end
 
     describe 'with database_type as postgresql' do
       let :params do

diff --git a/spec/classes/web_spec.rb b/spec/classes/web_spec.rb
@@ -34,12 +34,21 @@ def package_provider_for_gems
         lsbdistcodename: '',
         id: 'root',
         kernel: 'Linux',
-        path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/sbin'
+        path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/sbin',
+        selinux_config_mode: ''
       }
     end
 
     describe 'with default settings' do
       it { should contain_file('/etc/zabbix/web').with_ensure('directory') }
+      it { should_not contain_selboolean('httpd_can_connect_zabbix') }
+    end
+
+    describe 'with enabled selinux' do
+      let :facts do
+        super().merge(selinux_config_mode: 'enforcing')
+      end
+      it { should contain_selboolean('httpd_can_connect_zabbix').with('value' => 'on', 'persistent' => true) }
     end
 
     describe 'with database_type as postgresql' do
@@ -148,7 +157,8 @@ def package_provider_for_gems
         lsbdistcodename: 'squeeze',
         id: 'root',
         kernel: 'Linux',
-        path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/sbin'
+        path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/sbin',
+        selinux_config_mode: ''
       }
     end