puppet-collectd icon indicating copy to clipboard operation
puppet-collectd copied to clipboard
verified publisher icon voxpupuli

collectd_tcp_network_connect not set to "on"

Open sblatt opened this issue 9 years ago • 8 comments

Hello, Probably I am missing something major, but I'll ask anyway: This module does not set the seboolean for collectd_tcp_network_connect, and there is no switch for it. I already tried setting puppetagent_manage_all_files to "on" and run puppet agent again, with no success.

Affected Puppet, Ruby, OS and module versions/distributions

CentOS Linux release 7.2.1511 puppet-collectd (v5.0.0) ruby 2.0.0p598 puppet 3.8.7 foreman 1.11.3

Grafana 3.0.4 python-carbon 0.9.15

What are you seeing

Collectd cannot send stats as it is not allowed to connect to the network. the error message is: Filter subsystem: Built-in target `write': Dispatching value to all write plugins failed with status -1. write_graphite plugin: Connecting to grafanaserver:2003 via tcp failed. The last error was: failed to connect to remote host: Permission denied

SELinux config: collectd_tcp_network_connect --> off

What behaviour did you expect instead

Data to arrive at the carbon server

How did this behaviour get triggered

Right after installation trough puppet

Output log

collectd: Stopping 5 write threads. Initialization complete, entering read-loop. write_graphite plugin: Connecting to grafanaserver:2003 via tcp failed. The last error was: failed to connect to remote host: Permission denied Filter subsystem: Built-in target `write': Dispatching value to all write plugins failed with status -1.

Any additional information you'd like to impart

Thank you for your help!

sblatt avatar Jul 05 '16 11:07 sblatt

Thanks for reporting this. Are you able to create a PR with a fix as well?

bastelfreak avatar Jul 05 '16 11:07 bastelfreak

Actually I just wanted to know if this is a bug or if I missed something. If it is indeed a bug I will happily try to fix it.

sblatt avatar Jul 05 '16 11:07 sblatt

yeah, we currently don't deal with selinux at all in this module :(

bastelfreak avatar Jul 05 '16 11:07 bastelfreak

I never worked on a puppet module, but I'll try.

sblatt avatar Jul 05 '16 11:07 sblatt

If you need any help please join our IRC channel #voxpupuli, we're 24/7 happy to help.

bastelfreak avatar Jul 05 '16 11:07 bastelfreak

I commited a change to https://github.com/sblatt/puppet-collectd/tree/selinux_support

  • The variable is global to this module (as multiple plugins might need it, so they do not override eachother)
  • Default is false (which translates to off, but i just like bools better)
  • collectd gets restarted, which in my experience is needed for this bool to work (in both ways: on and off)
  • Does nothing if selinux is disabled ($::selinux = 'false' as far as I understand?)
  • name: $collectd_selinux
  • Integrates well into foreman

It still has issues:

  • the default value is false, which will alter already (manually) changed configurations
  • probably much more

Do you think this is the right way and i should continue running the tests?

sblatt avatar Jul 05 '16 14:07 sblatt

@sblatt Please put up a Pull Request, then we can have everyone's input all in the same spot

juniorsysadmin avatar Dec 20 '16 11:12 juniorsysadmin

The checks failed, now I am unsure what to do...

sblatt avatar Dec 20 '16 12:12 sblatt