...
What to try: Take down the firewall temporarily to see if the error resolves. If so, an exception is needed.
...
SELinux (Security-Enabled Linux) is included in some linux distributions. It creates policies for every process and object in the system and then enforces rules designed to limit access between those processes and system objects. This is intended to confine the damage that can be caused by compromised applications.However, these policies can also block the Islandora module's access to Fedora's REST apis running on port 8080.
What to try:
First, see if SELinux is installed and enabled. Type the sestatus command. If enabled, you will see output similar to this:SELinux status: enabled
| Code Block |
|---|
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted |
To very quickly check whether SELinux is causing the connection error, you can temporarily switch its mode from "enforcing" to "permissive" (do this as root):
| Code Block |
|---|
setenforce Permissive |
Now test the Islandora module's connection to Fedora again. If that fixes the problem, you can then make a more permanent adjustment to SELinux to allow the connection to the Fedora server.
You could completely disable SELinux, by changing its configuration in /etc/selinux/config but it's not necessary (and most often not recommended!). The specific SELinux policy that is blocking access is likely httpd_can_network_connect. First, change the mode back to "Enforcing", then switch on the policy http_can_network_connect. Again, as root:
| Code Block |
|---|
setenforce Enforcing
setsebool -P httpd_can_network_connect on |
Test the Islandora module's connection to Fedora once more. If it works, you have adjusted the SELinux configuration to permit the needed connection without disabling it entirely.
| Info |
|---|
With thank to the Islandora Community and the user and developer listervs for contributing issues, tests, and solutions. |
...