Gotta love the doorlocks...

By Simon, 21 January, 2016

I'm an idiot. No really. This web page has been down for last 3 weeks because SELinux apparently works. Visitors to this page were met with the following message after rebooting the server:

PDOException: SQLSTATE[HY000] [2003] Can't connect to MySQL server on 'my-database.amazonaws.com' (13) in lock_may_be_available() (line 167 of /var/www/html/includes/lock.inc).

When we moved the web server, we had this problem as well, and I scoured "teh Interwebs" to figure out how to fix it. Which I did. Then we went off traveling for a few weeks.

Of course, when you run out the door, it's common practice to reboot the servers to refresh memory, get rid of hung processes, and generally warding off the foobar for a little while longer.

Which is great if your fixes are permanent and not temporary. Um... yeah...

Here's the original fix from the Drupal website, which gives SELinux permission to let Drupal (actually httpd) through to talk to the database:

https://www.drupal.org/node/1223290#comment-8167249

The applicable command is this one (run as root):

setsebool httpd_can_network_connect_db=1

Except, in this form, it's not actually written to the configuration file permanently to continue at next boot. Once the server reboots, it forgets all about it and you're back with exactly the same issue. Um... guilty...

So to make this permanent, the -P flag needs to be invoked so all the pending values are written to disk:

setsebool -P httpd_can_network_connect_db=1

The full solution is also referenced here (note that writing values to disk with the -P flag takes a while):

https://drupal.stackexchange.com/questions/138649/how-do-we-configure-selinux-to-not-break-drupal