Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add selinux workaround for IPC in zabbix-server3.4 #459

Merged
merged 2 commits into from
Oct 20, 2017
Merged

add selinux workaround for IPC in zabbix-server3.4 #459

merged 2 commits into from
Oct 20, 2017

Conversation

bastelfreak
Copy link
Member

No description provided.

@bastelfreak bastelfreak added the bug Something isn't working label Oct 20, 2017
@wyardley wyardley self-requested a review October 20, 2017 23:51
@wyardley wyardley merged commit 2844105 into voxpupuli:master Oct 20, 2017
@bastelfreak bastelfreak deleted the selinux branch October 20, 2017 23:58
@jameskirsop
Copy link
Contributor

This doesn't seem to have fixed the sockets issue noted in the URL found within the comments.

Running 6.1.0 on Centos 7.4 I'm seeing:

audit.log

type=AVC msg=audit(1513652338.998:453): avc:  denied  { create } for  pid=44803 comm="zabbix_server" name="zabbix_server_alerter.sock" scontext=system_u:system_r:zabbix_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file

and in zabbix-server.log

4845:20171219:140033.356 cannot start alert manager service: Cannot bind socket to "/tmp/zabbix_server_alerter.sock": [13] Permission denied.
 44846:20171219:140033.363 server #30 started [preprocessing manager #1]
 44846:20171219:140033.363 cannot start preprocessing service: Cannot bind socket to "/tmp/zabbix_server_preprocessing.sock": [13] Permission denied.

@bastelfreak
Copy link
Member Author

strange that it worked in our tests. How do you call the module, just include the class or set any params?

@jameskirsop
Copy link
Contributor

I've basically pulled it directly out of the guide on the Forge page:

node 'zabbix.notrealdomain.com' {
  class { 'apache':
    mpm_module => 'prefork',
  }
  include apache::mod::php

  class { 'mysql::server': }

  class { 'zabbix':
    zabbix_url    => 'client.notrealdomain.com',
    database_type => 'mysql',
  }
}

Some more specific details about the host:
uname -a output: 3.10.0-693.el7.x86_64
sudo /opt/puppetlabs/bin/puppet --version = 5.3.3

and it's running all the latest available packages from the regular repos. It's a plain install that I've built in a VM for testing.

@wyardley
Copy link
Contributor

wyardley commented Dec 19, 2017 via email

@jameskirsop
Copy link
Contributor

Yeah, I did try that previously, with no success:

  class { 'zabbix':
    zabbix_url    => 'zabbix.daraco.com.au',
    database_type => 'mysql',
    manage_selinux => true,
  }

Still doesn't have the desired result, unfortunately.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wyardley wyardley wyardley approved these changes

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@bastelfreak @jameskirsop @wyardley @Fabian1976