Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-9658

puppetlabs-postgresql : custom ports are not labeled correctly

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: postgresql
    • Labels:
      None
    • Environment:

      CentOS 6 with SELinux set to enforcing mode.  Postgresql is configured to run on a custom port, all other settings are set to defaults.

    • Template:
      MODULES Bug Template
    • Method Found:
      Automated Test
    • QA Risk Assessment:
      Needs Assessment

      Description

      Basic Info
      Module Version: 6.1.0
      Puppet Version: 4.10.12
      OS Name/Version:  CentOS release 6.10

      The postgresql service fails to start when a custom port is defined in the manifest.  For example:

      class

      { 'postgresql::globals': manage_package_repo => true, }

      ->

      class

      { 'postgresql::server': port => 2222, }

      This results in the following error when the agent runs.

      Error: Could not start Service[postgresqld]: Execution of '/sbin/service postgresql start' returned 1: Starting postgresql service: [FAILED]
      Error: /Stage[main]/Postgresql::Server::Service/Service[postgresqld]/ensure: change from stopped to running failed: Could not start Service[postgresqld]: Execution of '/sbin/service postgresql start' returned 1: Starting postgresql service: [FAILED]

      The error is caused by SELinux stopping the process from binding to the port.

      type=AVC msg=audit(1564784644.169:263): avc: denied { name_bind } for pid=3514 comm="postmaster" src=2222 scontext=unconfined_u:system_r:postgresql_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket

      Desired Behavior:

      Puppet configures the port correctly before attempting to start postgresql.

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              Blackknight Michael Watters
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:

                  Zendesk Support