puppetdb fails with selinux set to enforcing

123 views

Skip to first unread message

Tim Dunphy

unread,

Apr 25, 2015, 5:21:38 PM4/25/15

to puppet...@googlegroups.com

Hey all,

I'm having an odd sitution where puppet can't seem to connect to the puppetdb if SELInux is set to enforcing.

Here's what that looks like:

[root@puppet:~] #getenforce

Enforcing

[root@puppet:~] #puppet agent --test

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Loading facts

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for puppet.jokefire.com to PuppetDB at puppet.jokefire.com:8081: Permission denied - connect(2)

Warning: Not using cache on failed catalog

Error: Could not retrieve catalog; skipping run

However if I set everything to permissive, everything's back in working order:

[root@puppet:~] #setenforce 0

[root@puppet:~] #getenforce

Permissive

[root@puppet:~] #puppet agent --test

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Loading facts

Info: Caching catalog for puppet.jokefire.com

Info: Applying configuration version '1429996811'

Notice: /Stage[main]/Puppet::Service/Service[puppet]/ensure: ensure changed 'stopped' to 'running'

Info: /Stage[main]/Puppet::Service/Service[puppet]: Unscheduling refresh on Service[puppet]

Notice: Finished catalog run in 6.43 seconds

Does anyone have a guess as to why this is happening? And would anyone know the proper selinux command that would allow this to work?

Thanks.

Tim

GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B

Tim Dunphy

unread,

Apr 25, 2015, 7:11:05 PM4/25/15

to puppet...@googlegroups.com

Guys,

I found the answer! By running:

setsebool passenger_can_connect_all 1

I was able to connect to the pupetDB

[root@puppet:~] #puppet agent --test

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Loading facts

Info: Caching catalog for puppet.jokefire.com

Info: Applying configuration version '1430003367'

Notice: /Stage[main]/Puppet::Service/Service[puppet]/ensure: ensure changed 'stopped' to 'running'

Info: /Stage[main]/Puppet::Service/Service[puppet]: Unscheduling refresh on Service[puppet]

Notice: Finished catalog run in 6.04 seconds

[root@puppet:~] #getenforce

Enforcing

Tim

Reply all

Reply to author

Forward

0 new messages