From 0abd03b77b79eda95f29838d0ccc438a247adef5 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Sat, 29 May 2021 21:43:54 +0200
Subject: [PATCH] chore: drop selinux task and bind to unprivileged port

---
 defaults/main.yml                      |  6 +++---
 molecule/centos7/tests/test_default.py |  2 +-
 tasks/main.yml                         |  2 --
 tasks/selinux.yml                      | 13 -------------
 4 files changed, 4 insertions(+), 19 deletions(-)
 delete mode 100644 tasks/selinux.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index 6d59227..4b46917 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -15,8 +15,8 @@ prometheus_data_dir: "{{ prometheus_base_dir }}/data"
 prometheus_read_only_dirs: []
 
 prometheus_web_bind_ip: 127.0.0.1
-prometheus_web_bind_port: 9090
-prometheus_web_external_url: "http://localhost:9090/"
+prometheus_web_bind_port: 61000
+prometheus_web_external_url: "http://localhost:61000/"
 
 prometheus_web_tls_enabled: False
 prometheus_web_tls_cert_path: "{{ prometheus_base_dir }}/tls/certs/mycert.pem"
@@ -103,7 +103,7 @@ prometheus_scrape_configs:
     metrics_path: "{{ prometheus_web_external_url | urlsplit('path') if (prometheus_web_external_url | urlsplit('path')) | length > 1 else '' }}/metrics"
     static_configs:
       - targets:
-          - "{{ ansible_fqdn | default(ansible_host) | default('localhost') }}:9090"
+          - "{{ ansible_fqdn | default(ansible_host) | default('localhost') }}:61000"
 
 prometheus_alert_rules_files:
   - "prometheus/rules/*.rules"
diff --git a/molecule/centos7/tests/test_default.py b/molecule/centos7/tests/test_default.py
index d92b2f8..c08b312 100644
--- a/molecule/centos7/tests/test_default.py
+++ b/molecule/centos7/tests/test_default.py
@@ -17,4 +17,4 @@ def test_prometheus_running_and_enabled(host):
 
 def test_prometheus_socket(host):
     # Verify the socket is listening for HTTP traffic
-    assert host.socket("tcp://127.0.0.1:9090").is_listening
+    assert host.socket("tcp://127.0.0.1:61000").is_listening
diff --git a/tasks/main.yml b/tasks/main.yml
index 923a2de..3c6b43c 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,8 +1,6 @@
 ---
 - include_tasks: prepare.yml
 - include_tasks: setup.yml
-- include_tasks: selinux.yml
-  when: ansible_selinux.status == "enabled"
 - import_tasks: tls.yml
   when: prometheus_web_tls_enabled | bool
   tags: tls_renewal
diff --git a/tasks/selinux.yml b/tasks/selinux.yml
deleted file mode 100644
index 1a634d3..0000000
--- a/tasks/selinux.yml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-- block:
-    - name: Allow prometheus to bind to port in SELinux
-      seport:
-        ports: "{{ prometheus_web_bind_port }}"
-        proto: tcp
-        setype: http_port_t
-        state: present
-      when:
-        - ansible_version.full is version('2.4', '>=')
-        - ansible_selinux.status == "enabled"
-  become: True
-  become_user: root