help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: several questions on running cfengine


From: Eva Hocks
Subject: Re: several questions on running cfengine
Date: Fri, 7 Mar 2003 17:39:52 -0800 (PST)


On Fri, 7 Mar 2003, Andrew Stribblehill wrote:

> Quoting Eva Hocks <address@hidden> (2003-03-06 11:04:26 GMT):
> >
> > What is the difference to run cfagent or cfexecd?
>
> cfexecd performs two roles: it wraps cfagent and squirrels away its
> output, and by default it daemonises itself and runs cfagent hourly,
> emailing the admin if there exists output and it is different from
> the last run.
>
> > While cfagent runs all right, cfexecd complains about:
> >  b80n13: cfengine defines no system administrator address
> >  b80n13: Need: sysadm = ( address@hidden ) in control

I figured the problem was I ran the command via the dsh (distributed
shell) on a 16 node cluster. That shell does not run the profile.

> We could do with seeing the output from cfexecd to say what it can't
> find.

The errors I got are the 2 lines in my email, that's all. But it's because
of the dsh, it works local on the node.


[snip]
> Likewise, if your server doesn't have <client's-ip>.pub in its ppkeys
> directory, it hasn't trusted your client. I find that the best way to
> introduce a client to a server is to set up cfservd.conf to trust the
> server's IP address and to allow the 'root' user. Then from the
> server, I run 'cfrun <client>' and allow it to trust the key. This is
> then a one-shot trust at at time of my choosing.


I deleted all existing keys, ran cfkey, changed the cfservd config to
trust the ip and restarted cfservd. Still the same error:

Connect to b80cw = 192.168.240.254 on port cfengine
cfengine:b80n11: Trusting server identity and willing to accept key from
b80cw=192.168.240.254
Saving public key /var/cfengine/ppkeys/root-192.168.240.254.pub
cfengine:b80n11: Server returned error:  Host authentication failed. Did
you forget the domain name?

The server does have the correct root-192.168.240.11.pub which I compared
with the localhost.pub on the client. The root-192.168.240.254.pub is the
same as the localhost.pub on the server. Still isn't the correct key.


There must be something else to trust the key?
Thanks,
Eva






reply via email to

[Prev in Thread] Current Thread [Next in Thread]