[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: several questions on running cfengine

From: Eva Hocks
Subject: Re: several questions on running cfengine
Date: Fri, 7 Mar 2003 17:39:52 -0800 (PST)

On Fri, 7 Mar 2003, Andrew Stribblehill wrote:

> Quoting Eva Hocks <address@hidden> (2003-03-06 11:04:26 GMT):
> >
> > What is the difference to run cfagent or cfexecd?
> cfexecd performs two roles: it wraps cfagent and squirrels away its
> output, and by default it daemonises itself and runs cfagent hourly,
> emailing the admin if there exists output and it is different from
> the last run.
> > While cfagent runs all right, cfexecd complains about:
> >  b80n13: cfengine defines no system administrator address
> >  b80n13: Need: sysadm = ( address@hidden ) in control

I figured the problem was I ran the command via the dsh (distributed
shell) on a 16 node cluster. That shell does not run the profile.

> We could do with seeing the output from cfexecd to say what it can't
> find.

The errors I got are the 2 lines in my email, that's all. But it's because
of the dsh, it works local on the node.

> Likewise, if your server doesn't have <client's-ip>.pub in its ppkeys
> directory, it hasn't trusted your client. I find that the best way to
> introduce a client to a server is to set up cfservd.conf to trust the
> server's IP address and to allow the 'root' user. Then from the
> server, I run 'cfrun <client>' and allow it to trust the key. This is
> then a one-shot trust at at time of my choosing.

I deleted all existing keys, ran cfkey, changed the cfservd config to
trust the ip and restarted cfservd. Still the same error:

Connect to b80cw = on port cfengine
cfengine:b80n11: Trusting server identity and willing to accept key from
Saving public key /var/cfengine/ppkeys/
cfengine:b80n11: Server returned error:  Host authentication failed. Did
you forget the domain name?

The server does have the correct which I compared
with the on the client. The is the
same as the on the server. Still isn't the correct key.

There must be something else to trust the key?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]