Open d1nuc0m opened 5 months ago
Checks fails because CI can't find PostgreSQL 11 packages in the repositories and PuppetDB install fails, this is due to puppetlabs/puppetlabs-puppetdb#379 and puppetlabs/puppetlabs-puppetdb#396 because the failed checks installed puppetlabs-puppetdb v7.14.0
@d1nuc0m please rebase against our latest master branch to get rid of the python version commit.
Done, with a bit of tinkering as I also needed to edit metadata.json to add SELinux module.
Regarding tests (IRC), what could/should I add?
@bastelfreak
Pull Request (PR) description
This should fix issues with SELinux and allow usage in enforcing mode. It works, but as I am not a SELinux expert, permissions for puppetboard and venv files should be reviewed to check if something is missing/permissions should be more restrictive.
Another issue is best practice for certificate path in single node mode - with SELinux enforcing mode Puppetboard can't read files with context
puppet_etc_t
(and it should be like this) . In my environment I fixed with this snippetBut probably it is not the best solution, so where should certificates go?
/etc/puppetboard/ssl
?This Pull Request (PR) fixes the following issues
Fixes #336 Fixes #365