SELinux and icinga2::feature::api #592

b3n4kh · 2019-11-12T23:07:06Z

Enabling API Feature with 'puppet' as pki requires second puppetrun to work, if selinux set to Enforcing.

class { 'icinga2::feature::api':
  pki => 'puppet',
}

Expected Behavior

Puppet copies the certificates and starts icinga.

Puppet failes to start icinga service since the certificates can not be read, due to wrong seltype, even though icinga2-selinux is installed.

Installing icinga2-selinux not beforehand but during between icinga2 installation and configuration should fix the issue. Example https://github.com/b3n4kh/puppet-icinga2/tree/selinux

Apply following manifest with selinux set to Enforcing:

package { 'icinga2-selinux':
  ensure => 'installed'
}

include ::icinga2

class { 'icinga2::feature::api':
  pki => 'puppet',
}

Use icinga2 with selinux on Enforcing Mode.

The text was updated successfully, but these errors were encountered:

lbetz · 2019-11-18T06:38:49Z

To solve your problem, the module has the feature to disable the package management.

package { ['icinga2', 'icinga2-selinux']: }

class { 'icinga2':
manage_package => false,
}

Bye
Lennart

lbetz added the enhancement label Nov 18, 2019

lbetz added this to the 2.4.0 milestone Nov 18, 2019

b3n4kh mentioned this issue Jan 11, 2020

install icinga2-selinux #602

Merged

lbetz removed the enhancement label Jan 13, 2020

lbetz removed this from the 2.4.0 milestone Jan 13, 2020

lbetz closed this as completed Jan 13, 2020

lbetz added the duplicate label Mar 25, 2020