[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
cfengine errors
|
From: |
Tracy R Reed |
|
Subject: |
cfengine errors |
|
Date: |
Tue, 5 Nov 2002 14:40:58 -0800 |
|
User-agent: |
Mutt/1.2.5i |
Greestings,
I have had the misfortune (although cfengine is clearly amazing software)
of having a large cfengine project dumped into my lap in the middle of
implementation after the original implementor of cfengine at our site
(2000 hosts) had a car wreck and landed in the hospital. It's the classic
example of the only person knowing how it all works stepping in front of a
bus. Except my colleague ran his motorcycle into an SUV and lived to spend
a long time in the hospital. A couple weeks ago I knew nothing about
cfengine. Now I don't know a whole lot more about it but I'm slowly
getting there.
We have an automated expect script which deploys cfengine on our client
systems but I suspect it has flaws. We have all errors sent to
cfengine-errors@ and it is being bombarded (cfagent runs every 5 minutes)
with mail related to authentication errors. A few examples:
host1.mydomain.com: Challenge response from server
cfmaster.mydomain.com/1.2.3.4 was incorrect!
host1.mydomain.com: Authentication dialogue with cfmaster.mydomain.com failed
host1.mydomain.com: Can't open file /var/cfengine/inputs/cfagent.conf
host1.mydomain.com: (CFINPUTS is set to <nothing>)
host2.mydomain.com: BAD: Host authentication failed. Did you forget the domain
name?
host2.mydomain.com: Authentication dialogue with cfmaster.mydomain.com failed
host2.mydomain.com: Can't open file /var/cfengine/inputs/cfagent.conf
host2.mydomain.com: (CFINPUTS is set to <nothing>)
host3.mydomain.com: Can't open file /var/cfengine/inputs/cfagent.conf
host3.mydomain.com: (CFINPUTS is set to <nothing>)
These are the three biggest types of errors I am seeing at the moment.
The class C's for all of these machines are listed in servd.conf in the
TrustKeysFrom and AllowConnectionsFrom stanzas. There is no such file
/var/cfengine/inputs/cfagent.conf on the client machines at the moment but
there is an updates.conf. Would this cause the authentication to fail? I
think the reason there is no cfagent.conf at the moment because we just
don't have any rules to deploy for these machines yet.
Thanks for any tips anyone can provide!
--
Tracy Reed http://www.ultraviolet.org
"Our products just aren't engineered for security." - Brian Valentine,
senior VP in charge of Microsoft's Windows development 5 Sept 2002
pgpS5yHfcy0cS.pgp
Description: PGP signature
- cfengine errors,
Tracy R Reed <=