pupptboard Could not reach PuppetDB error

[Tim Dunphy]

Hey all,

 I just had to setup puppetdb on a new host. And everything seemed to go smoothly using the python pip install method. 

But when I load up the page with the puppetbaord on it, I see an 'internal server error' message on the web page. Tailing the apache error log gives me this:

[Fri Mar 20 19:37:35 2015] [error] ERROR:pypuppetdb.api:Could not reach PuppetDB on localhost:8080 over HTTP.

This is my jetty file:

[root@puppet:~] #grep -v '#' /etc/puppetdb/conf.d/jetty.ini

[jetty]

host = 0.0.0.0

port = 8080

ssl-host = 0.0.0.0

ssl-port = 8081

ssl-key = /etc/puppetdb/ssl/private.pem

ssl-cert = /etc/puppetdb/ssl/public.pem

ssl-ca-cert = /etc/puppetdb/ssl/ca.pem

And this is my settings file:

[root@puppet:~] #cat /var/www/puppetboard/settings.py

PUPPETDB_HOST = 'localhost'

PUPPETDB_PORT = 8080

PUPPETDB_TIMEOUT = 60

And here I can see that puppetdb is listening on all ports:

[root@puppet:~] #lsof -i :8080

COMMAND   PID     USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME

java    11983 puppetdb   15u  IPv6 140324244      0t0  TCP *:webcache (LISTEN)

And puppetdb is working just fine according to the logs:

[root@puppet:~] #tail -5  /var/log/puppetdb/puppetdb.log

2015-03-20 19:42:53,147 INFO  [c.p.p.command] [bfb4c274-1a9c-4316-bc0c-685d2d073c08] [replace facts] mail.jokefire.com

2015-03-20 19:42:54,598 INFO  [c.p.p.command] [adf079ee-b0bb-480a-bf64-6e01e7525009] [replace facts] hadoop1.jokefire.com

2015-03-20 19:42:56,532 INFO  [c.p.p.command] [a33a19fa-87a9-4bbe-af94-3f337e1214b2] [replace facts] lb2.jokefire.com

2015-03-20 19:42:57,422 INFO  [c.p.p.command] [0b6c4e73-8ebb-42de-8f72-a409d4f6de1c] [replace facts] hadoop2.jokefire.com

2015-03-20 19:42:59,311 INFO  [c.p.p.command] [cd04f4e3-802f-4c58-aced-3a38856764bf] [replace catalog] logs.jokefire.com

And I can see the puppetdb is populated:

puppetdb=# select * from certnames limit 5;

           name           | deactivated

--------------------------+-------------

 mail.mydomain.com        |

 logs.mydomain.com        |

 activemq.mydomain.com    |

 lb1.mydomain.com         |

 mcollective.mydomain.com |

(5 rows)

Does anyone have any ideas as to why this new puppetboard machine can't authenticate against the puppetdb?

Thanks,

Tim

~

--

GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B

[Tim Dunphy]

Hey guys,

I was able to find out the cause of the problem. I had SELinux enabled! Once I gave the 'setenforce 0' command, puppetboard starts working and filling in with data. 

So, I've been googling around for a little while, and still haven't found anything useful. Does anyone know the correct SELinux commands to make this error go away?

[Fri Mar 20 20:47:49 2015] [error] ERROR:pypuppetdb.api:Could not reach PuppetDB on localhost:8080 over HTTP.

Thanks!

Tim

[Tim Dunphy]

Yo guys, 

 I was able to find the secret sauce that got this working for me!

When I gave the command: setsebool -P httpd_can_network_relay=1

And reloaded the page.. voila! Everything worked. And there's nothing like success but success. 

Just wanted to let you know...

Tim