• Failure to reach Postgres (in raas log):
  • raas[#####]: [CRITICAL] Failed to connect to the storage backend. Trying again in a bit.
• Failure to reach RaaS:
  • "Failed to save events" "no route to host"
• Failure to reach salt hosts in general (salt command output):
  • Salt request timed out. The master is not responding. You may need to run your command with --async in order to bypass the congested event bus.

• VMware Aria Automation Config / Tanzu Guardrails / Saltstack Enterprise

• Relevant ports need to be opened on each of these hosts: PostgreSQL, RaaS, Redis
• You must open ports at both the host and network level for salt (all hosts) and for psql, https, redis respectively for PostgreSQL, RaaS, Redis.

As a first check, make sure that the Postgres and Redis services are running on these hosts.
These services can typically be checked and restarted with systemctl. 

This resolution assumes each host is running the firewalld service, which comes with RHEL and blocks ports by default.
For other firewalls, you will need to adapt the commands to open the same ports.

This also assumes we are using the public (default) zone. Otherwise, specify the zone with --zone=<ZONE>

• Salt (needed on salt masters):  sudo firewall-cmd --permanent --add-port=4505-4506/tcp
• RaaS host:  sudo firewall-cmd --permanent --add-port=443/tcp
• Redis host:  sudo firewall-cmd --permanent --add-service=redis
• PSQL host:  sudo firewall-cmd --permanent --add-port=5432/tcp
• and after opening these ports as above on any host, run this to apply the change:
  • sudo firewall-cmd --reload

Please see the following documentation regarding network ports for Salt:

• Opening the Firewall up for Salt
• Required Automation Config dependencies
• A beginner's guide to firewalld in Linux (External / Red Hat)