Grafana no database access possible after fedora upgrade "connect: permission denied"

• What Grafana version and what operating system are you using?

• Fedora 40

• Grafana v10.2.6 (NA)

• MariaDB 15.1.

• What are you trying to achieve?

• Connect Grafana to the MariaDB Database

• How are you trying to achieve it?

• Created a new datasource, put in the IP address of the database server with credentials.

• Cross checked on the Grafana machine if MariaDB is accessible (it is.)

• What happened?

• Got [sqleng.connectionError] failed to connect to server - please inspect Grafana server log for details

• What did you expect to happen?

• Connection to the MariaDB to be established.

• Can you copy/paste the configuration(s) that you are having problems with?

• Not sure what is needed here.

• Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.

• • Server log:

• logger=tsdb.mysql t=2024-12-09T00:05:33.478486674+01:00 level=error msg="Query error" err="dial tcp 192.168.178.125:3306: connect: permission denied

• Did you follow any online instructions? If so, what is the URL?
  No.

Thank You!

You have response on SO, that seems to be selinux. Why you don’t configure selinux properly? It’s doesn’t look like a Grafana issue, but your infra limitations.

I have disabled SELinux for testing.
Did not help.

How did you disable selinux? How did you checked that selinux is disabled?

via setenforce 0
Also the connection to the database works.
I’ve checked this on the grafana machine.

Are you s

Are you sure that’s enough? Please follow your OS documentation Changing SELinux States and Modes :: Fedora Docs

I guess under your user, because you again didn’t mention anything about any details. So then run Grafana under your user.

Your problem doesn’t seem to be related to Grafana config, but your OS issue/limitation. Check your OS doc/contact your OS admin, …

Blockquote
Are you sure that’s enough?

Yes, it is it puts SELinux into permissive mode - according to the documentation - I also had to do that to troubleshoot other things, where SELinux was indeed the issue.

The login credentials to the MariaDB are in the Grafana data sources, and those work when connecting via CLI oder other DB tools.
It also worked in Grafana up until yesterday and I have no idea where to look.

Look into your selinux logs.

I ended up setting up a new VM and imported the dashboards.
It works now.

This is a Fedora installation, and the problem is with SElinux:

datasource configuration

[root@fedora ~]# getsebool -a | grep grafana
grafana_can_reverse_proxy → off
grafana_can_tcp_connect_elasticsearch_port → off
grafana_can_tcp_connect_mysql_port → off
grafana_can_tcp_connect_postgresql_port → off
grafana_can_tcp_connect_prometheus_port → off

The highlighted boolean must be changed, at least. Use the -P flag to set it permanently:

[root@fedora ~]# setsebool -P grafana_can_tcp_connect_mysql_port 1
[root@fedora ~]#

I had also followed another technote to clear access from the http process, as well as myusql (though I was able to connect to mysql/mariadb from a terminal session, so that might not have been necessary):

[root@fedora ~]# setsebool -P httpd_can_network_connect_db 1
[root@fedora ~]# setsebool -P selinuxuser_mysql_connect_enabled 1

No reboot required. Refreshed the database connection page in Grafana, and green light!

use mysql/mariadb for grafana config

If you wish the Grafana configuration itself be stored in a localhost mysql/mariadb database, you will need to allow mysql access on all ports (actually, this might take the place of the mysql_connect setting, above – for you to test)

[root@fedora grafana]# setsebool -P mysql_connect_any 1

Then, modify the /etc/grafana/grafana.ini file to configure the database:

[database]
type = mysql
host = localhost:3306
name = grafana
user = grafana_service
password = grafana_service password here, no spaces please