Guys, I found the answer! By running:
setsebool passenger_can_connect_all 1 I was able to connect to the pupetDB [root@puppet:~] #puppet agent --test Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts Info: Caching catalog for puppet.jokefire.com Info: Applying configuration version '1430003367' Notice: /Stage[main]/Puppet::Service/Service[puppet]/ensure: ensure changed 'stopped' to 'running' Info: /Stage[main]/Puppet::Service/Service[puppet]: Unscheduling refresh on Service[puppet] Notice: Finished catalog run in 6.04 seconds [root@puppet:~] #getenforce Enforcing Tim On Sat, Apr 25, 2015 at 5:21 PM, Tim Dunphy <[email protected]> wrote: > Hey all, > > I'm having an odd sitution where puppet can't seem to connect to the > puppetdb if SELInux is set to enforcing. > > Here's what that looks like: > > [root@puppet:~] #getenforce > Enforcing > > [root@puppet:~] #puppet agent --test > Info: Retrieving pluginfacts > Info: Retrieving plugin > Info: Loading facts > Error: Could not retrieve catalog from remote server: Error 400 on SERVER: > Failed to submit 'replace facts' command for puppet.jokefire.com to > PuppetDB at puppet.jokefire.com:8081: Permission denied - connect(2) > Warning: Not using cache on failed catalog > Error: Could not retrieve catalog; skipping run > > However if I set everything to permissive, everything's back in working > order: > > [root@puppet:~] #setenforce 0 > [root@puppet:~] #getenforce > Permissive > > [root@puppet:~] #puppet agent --test > Info: Retrieving pluginfacts > Info: Retrieving plugin > Info: Loading facts > Info: Caching catalog for puppet.jokefire.com > Info: Applying configuration version '1429996811' > Notice: /Stage[main]/Puppet::Service/Service[puppet]/ensure: ensure > changed 'stopped' to 'running' > Info: /Stage[main]/Puppet::Service/Service[puppet]: Unscheduling refresh > on Service[puppet] > Notice: Finished catalog run in 6.43 seconds > > Does anyone have a guess as to why this is happening? And would anyone > know the proper selinux command that would allow this to work? > > Thanks. > Tim > > > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAOZy0enxjqu%3D8H1CmrKNBQCLFhpAzqF7mVNpOnkS_W2LD%3DuSJw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
