collectd_tcp_network_connect not set to "on"

[sblatt]

Hello, Probably I am missing something major, but I'll ask anyway: This module does not set the seboolean for collectd_tcp_network_connect, and there is no switch for it. I already tried setting puppetagent_manage_all_files to "on" and run puppet agent again, with no success.

Affected Puppet, Ruby, OS and module versions/distributions

CentOS Linux release 7.2.1511 puppet-collectd (v5.0.0) ruby 2.0.0p598 puppet 3.8.7 foreman 1.11.3

Grafana 3.0.4 python-carbon 0.9.15

What are you seeing

Collectd cannot send stats as it is not allowed to connect to the network. the error message is: Filter subsystem: Built-in target `write': Dispatching value to all write plugins failed with status -1. write_graphite plugin: Connecting to grafanaserver:2003 via tcp failed. The last error was: failed to connect to remote host: Permission denied

SELinux config: collectd_tcp_network_connect --> off

What behaviour did you expect instead

Data to arrive at the carbon server

How did this behaviour get triggered

Right after installation trough puppet

Output log

collectd: Stopping 5 write threads. Initialization complete, entering read-loop. write_graphite plugin: Connecting to grafanaserver:2003 via tcp failed. The last error was: failed to connect to remote host: Permission denied Filter subsystem: Built-in target `write': Dispatching value to all write plugins failed with status -1.

Any additional information you'd like to impart

Thank you for your help!

[bastelfreak]

Thanks for reporting this. Are you able to create a PR with a fix as well?

[sblatt]

Actually I just wanted to know if this is a bug or if I missed something. If it is indeed a bug I will happily try to fix it.

[bastelfreak]

yeah, we currently don't deal with selinux at all in this module :(

[sblatt]

I never worked on a puppet module, but I'll try.

[bastelfreak]

If you need any help please join our IRC channel #voxpupuli, we're 24/7 happy to help.

[sblatt]

I commited a change to https://github.com/sblatt/puppet-collectd/tree/selinux_support

• The variable is global to this module (as multiple plugins might need it, so they do not override eachother)
• Default is false (which translates to off, but i just like bools better)
• collectd gets restarted, which in my experience is needed for this bool to work (in both ways: on and off)
• Does nothing if selinux is disabled ($::selinux = 'false' as far as I understand?)
• name: $collectd_selinux
• Integrates well into foreman

It still has issues:

• the default value is false, which will alter already (manually) changed configurations
• probably much more

Do you think this is the right way and i should continue running the tests?

[juniorsysadmin]

@sblatt Please put up a Pull Request, then we can have everyone's input all in the same spot

[sblatt]

The checks failed, now I am unsure what to do...