chore: drop selinux task and bind to unprivileged port

defaults/main.yml

@@ -15,8 +15,8 @@ prometheus_data_dir: "{{ prometheus_base_dir }}/data"
 prometheus_read_only_dirs: []
 
 prometheus_web_bind_ip: 127.0.0.1
-prometheus_web_bind_port: 9090
+prometheus_web_bind_port: 61000
-prometheus_web_external_url: "http://localhost:9090/"
+prometheus_web_external_url: "http://localhost:61000/"
 
 prometheus_web_tls_enabled: False
 prometheus_web_tls_cert_path: "{{ prometheus_base_dir }}/tls/certs/mycert.pem"
@@ -103,7 +103,7 @@ prometheus_scrape_configs:
     metrics_path: "{{ prometheus_web_external_url | urlsplit('path') if (prometheus_web_external_url | urlsplit('path')) | length > 1 else '' }}/metrics"
     static_configs:
       - targets:
-          - "{{ ansible_fqdn | default(ansible_host) | default('localhost') }}:9090"
+          - "{{ ansible_fqdn | default(ansible_host) | default('localhost') }}:61000"
 
 prometheus_alert_rules_files:
   - "prometheus/rules/*.rules"

molecule/centos7/tests/test_default.py

@@ -17,4 +17,4 @@ def test_prometheus_running_and_enabled(host):
 
 def test_prometheus_socket(host):
     # Verify the socket is listening for HTTP traffic
-    assert host.socket("tcp://127.0.0.1:9090").is_listening
+    assert host.socket("tcp://127.0.0.1:61000").is_listening

tasks/main.yml

@@ -1,8 +1,6 @@
 ---
 - include_tasks: prepare.yml
 - include_tasks: setup.yml
-- include_tasks: selinux.yml
-  when: ansible_selinux.status == "enabled"
 - import_tasks: tls.yml
   when: prometheus_web_tls_enabled | bool
   tags: tls_renewal

tasks/selinux.yml

@@ -1,13 +0,0 @@
----
-- block:
-    - name: Allow prometheus to bind to port in SELinux
-      seport:
-        ports: "{{ prometheus_web_bind_port }}"
-        proto: tcp
-        setype: http_port_t
-        state: present
-      when:
-        - ansible_version.full is version('2.4', '>=')
-        - ansible_selinux.status == "enabled"
-  become: True
-  become_user: root