Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
39000 commits 9 branches 0 tags 111 MiB
Commit graph

20 commits

Author SHA1 Message Date
Aurélien Bompard
d7fdbe58b9
Add one more perm for collecd's selinux package 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2023-06-02 08:30:16 +02:00
Aurélien Bompard
dc623ed962
Collectd improvements 
- Increase the service stop timeout to give collectd time to flush the
  values to RRD files on the disk. It currently takes ~1m30s, setting
  the timeout to 5m
- add the unix socket plugin and configure the CGI to make use of it to
  request a flush of the RRD values when a graph is generated
- add SELinux permissions to allow those two to talk to each other

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2023-06-02 08:15:12 +02:00
Aurélien Bompard
e7d4e4e905
Collectd: add one more selinux permission 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2023-05-26 15:13:19 +02:00
Aurélien Bompard
45ad0573f3
Collectd: add one more selinux permission 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2023-05-26 14:54:32 +02:00
Aurélien Bompard
7b2ab9e07f
Improve the common collectd selinux module 
- Add a workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1731501
- Update the playbook to support module upgrades, not only fresh
  installs

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2023-05-26 12:21:59 +02:00
Kevin Fenzi
0aeb60adea collectd: add to selinux policy to prevent denied read for proc/net 
Should fix up these messages from all machines:
audit[865]: AVC avc:  denied  { read } for  pid=865 comm="reader#2" name="net" dev="proc" ino=4026531845 scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=lnk_file permissive=0
audit[865]: AVC avc:  denied  { read } for  pid=865 comm="reader#2" name="net" dev="proc" ino=4026531845 scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=lnk_file permissive=0

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-01-10 14:35:18 -08:00
Ralph Bean
172330f5b6 Updates to the fi-collectd selinux module for value01. 2014-12-16 18:32:22 +00:00
Ralph Bean
373cbb8980 Whitespace. 2014-12-16 18:25:58 +00:00
Stephen Smoogen
1d2c31fc3e put in sink with working version from puppet 2014-12-06 23:21:13 +00:00
Ralph Bean
38debf208c Update fi-collectd selinux module. 2014-11-10 17:26:47 +00:00
Ralph Bean
d61307e30c Separate fi-collectd into two separate selinux modules. 2014-11-05 16:04:43 +00:00
Ralph Bean
d85df84416 Compile that. 2014-10-01 20:29:54 +00:00
Ralph Bean
70924e6a89 Let collectd run bash scripts. 2014-10-01 20:09:53 +00:00
Ralph Bean
620beb87f3 Don't forget the unix_stream_socket. 2014-07-18 20:09:24 +00:00
Ralph Bean
7d0161c9fa Readin', and writin', and getattrin' 2014-07-18 20:06:55 +00:00
Ralph Bean
e0bbc8fe6e And.. talk to the sock. 2014-07-18 20:03:55 +00:00
Ralph Bean
28bd3996a7 This has to be the last one.. 2014-07-18 20:00:58 +00:00
Ralph Bean
8ef047dc5b Furthermore. 2014-07-18 19:53:12 +00:00
Ralph Bean
507a1492ae Also, this. 2014-07-18 19:46:33 +00:00
Ralph Bean
72f79922ae Add selinux module for collectd. 2014-07-18 19:38:09 +00:00