Uploaded image for project: 'PuppetDB'
  1. PuppetDB
  2. PDB-3232

Open ports for PuppetDB based on assigned listen address

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Trivial
    • Resolution: Won't Fix
    • Affects Version/s: PDB module-5.1.0
    • Fix Version/s: None
    • Component/s: PuppetDB
    • Labels:
      None
    • Environment:

      Two CentOS 7.2 servers with disabled firewalls and selinux.
      puppetserver-2.7.2-1
      puppet-agent-1.8.2-1
      puppetlabs/puppetdb module version 5.1.2

    • Template:
    • QA Risk Assessment:
      Needs Assessment

      Description

      site.pp file:

      site.pp

      node default {}
      node puppetserver.example.com' {
          class { 'puppetmodules': }
          class { 'puppetdb::master::config':
          puppetdb_server => '10.0.0.10',
        }
      }
       
      node 'puppetdb.example.com' {
       
          class { 'puppetdb': }
       
      }
      

      Installation on PuppetDB node performst without any problems, netstat shows port is listening

      tcp6       0      0 :::8081                 :::*                    LISTEN      5960/java

      When running Puppet Agent on Puppet Server the next error occurs:

      Output

      Notice: Unable to connect to puppetdb server (https://10.0.0.10:8081): No route to host - connect(2) for "10.0.0.10" port 8081
      Notice: Failed to connect to puppetdb; sleeping 2 seconds before retry
      Error: Unable to connect to puppetdb server! (10.0.0.10:8081)
      Error: /Stage[main]/Puppetdb::Master::Config/Puppetdb_conn_validator[puppetdb_conn]/ensure: change from absent to present failed: Unable to connect to puppetdb server! (10.0.0.10:8081)
      

      Server pings PuppetDB successfully. Jetty ssl-host is set to 0.0.0.0, ssl-port is set to 8081 by PuppetDB module on PuppetDB node.

      cat < /dev/tcp/10.0.0.10/22
      SSH-2.0-OpenSSH_6.6.1
      cat < /dev/tcp/10.0.0.10/8081
      -bash: connect: No route to host
      -bash: /dev/tcp/10.0.0.10/8081: No route to host
      

      The problem is iptables were working though firewalld was stopped, so it would be nice if module was automatically managing firewall rules based on ip address and port settings.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              Dziki_Jam Valery Zabawski
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support