Guys, I found the answer! By running:
setsebool passenger_can_connect_all 1 I was able to connect to the pupetDB [root@puppet:~] #puppet agent --test Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts Info: Caching catalog for puppet.jokefire.com Info: Applying configuration version '1430003367' Notice: /Stage[main]/Puppet::Service/Service[puppet]/ensure: ensure changed 'stopped' to 'running' Info: /Stage[main]/Puppet::Service/Service[puppet]: Unscheduling refresh on Service[puppet] Notice: Finished catalog run in 6.04 seconds [root@puppet:~] #getenforce Enforcing Tim On Sat, Apr 25, 2015 at 5:21 PM, Tim Dunphy <bluethu...@gmail.com> wrote: > Hey all, > > I'm having an odd sitution where puppet can't seem to connect to the > puppetdb if SELInux is set to enforcing. > > Here's what that looks like: > > [root@puppet:~] #getenforce > Enforcing > > [root@puppet:~] #puppet agent --test > Info: Retrieving pluginfacts > Info: Retrieving plugin > Info: Loading facts > Error: Could not retrieve catalog from remote server: Error 400 on SERVER: > Failed to submit 'replace facts' command for puppet.jokefire.com to > PuppetDB at puppet.jokefire.com:8081: Permission denied - connect(2) > Warning: Not using cache on failed catalog > Error: Could not retrieve catalog; skipping run > > However if I set everything to permissive, everything's back in working > order: > > [root@puppet:~] #setenforce 0 > [root@puppet:~] #getenforce > Permissive > > [root@puppet:~] #puppet agent --test > Info: Retrieving pluginfacts > Info: Retrieving plugin > Info: Loading facts > Info: Caching catalog for puppet.jokefire.com > Info: Applying configuration version '1429996811' > Notice: /Stage[main]/Puppet::Service/Service[puppet]/ensure: ensure > changed 'stopped' to 'running' > Info: /Stage[main]/Puppet::Service/Service[puppet]: Unscheduling refresh > on Service[puppet] > Notice: Finished catalog run in 6.43 seconds > > Does anyone have a guess as to why this is happening? And would anyone > know the proper selinux command that would allow this to work? > > Thanks. > Tim > > > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAOZy0enxjqu%3D8H1CmrKNBQCLFhpAzqF7mVNpOnkS_W2LD%3DuSJw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
