Uploaded image for project: 'PuppetDB'
  1. PuppetDB
  2. PDB-137

Document use of PuppetDB with SELinux

    Details

    • Type: Task
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PDB 2.3.0
    • Component/s: None
    • Labels:
    • Template:
    • Story Points:
      5

      Description

      From the mailing list:

      <pre>
      I've configured puppet to use storedconfigs and puppetDB,
      If I start the puppet master using the init script puppetmaster I get a permission denied error when a node connects:

      Master:
      [root@puppet ~]# service puppetmaster start
      Starting puppetmaster: [ OK ]

      Node:
      [root@puppet-slave ~]# puppet agent --test
      err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for puppet-slave.test.net to PuppetDB at puppet.test.net:8081: Permission denied - connect(2)
      warning: Not using cache on failed catalog
      err: Could not retrieve catalog; skipping run

      If I start the puppet master using the script puppet command, it works fine:

      Master:
      [root@puppet ~]# puppet master start

      Node:
      [root@puppet-slave ~]# puppet agent --test
      info: Caching catalog for puppet-slave.test.net
      info: Applying configuration version '1340967639'
      notice: /Stage[main]/Drupal/Exec[install-drupal]/returns: executed successfully
      notice: Finished catalog run in 17.72 seconds

      Anyone come across this behaviour before, or found a solution?

      All packages are from RPM installs (except ruby gems for pupetdb....)

      [root@puppet ~]# rpm -qa | grep puppet
      puppet-server-2.7.17-1.el6.noarch
      puppetlabs-release-6-1.noarch
      puppet-2.7.17-1.el6.noarch
      puppetdb-0.9.1-2.el6.noarch
      puppetdb-terminus-0.9.1-2.el6.noarch
      </pre>

      I think that, at a minimum, we should document in the installation docs what ports and permissions need to be there for puppetdb to work in an selinux environment.

        Attachments

          Activity

            jsd-sla-details-panel

              People

              • Assignee:
                rnelson0@gmail.com Rob Nelson
                Reporter:
                redmine.exporter redmine.exporter
                QA Contact:
                Kurt Wall
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: