[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: several questions on running cfengine
|
From: |
Eva Hocks |
|
Subject: |
Re: several questions on running cfengine |
|
Date: |
Mon, 10 Mar 2003 11:05:17 -0800 (PST) |
Andrew,
thanks for your answer. Unfortunately that doesn't work either:
cfengine:b80n11: Strong authentication of server=192.168.240.254
connection confirmed
Checking copy from 192.168.240.254:/usr/local/apps/cfengine/inputs to
/var/cfengine/inputs
cfengine:b80n11: Server returned error: Host authentication failed. Did
you forget the domain name?
cfengine:b80n11: Can't stat /usr/local/apps/cfengine/inputs in copy
The configuration for cfservd is:
public = ( /usr/local/ )
almost_public = ( /usr/local/apps )
cfrunCommand = ( /usr/local/apps/sbin/cfagent )
MultipleConnections = ( true )
MaxConnections = ( 10 )
master_configs = ( /usr/local/apps/cfengine/inputs/cfagent.conf )
AllowUsers = ( root hocks ) # This is always required.
AllowConnectionsFrom = ( 192.168.0 192.168.240.1-254 )
DenyBadClocks = ( false )
TrustKeysFrom = ( 192.168.240.254 192.168.240.0/24 )
and I restarted the cfservd but it still complains about the
athentication.
I have two network interfaces in the nodes. One network is the service
network I am using for communication between the nodes the other one is
the external network. How do I specify what interface to use from the
client?
Thanks,
Eva
On Sat, 8 Mar 2003, Andrew Stribblehill wrote:
> Quoting Eva Hocks <hocks@sdsc.edu> (2003-03-08 01:39:52 GMT):
> >
> >
> > On Fri, 7 Mar 2003, Andrew Stribblehill wrote:
> >
> > > Quoting Eva Hocks <hocks@sdsc.edu> (2003-03-06 11:04:26 GMT):
> > > >
> > > > What is the difference to run cfagent or cfexecd?
> > >
> > > cfexecd performs two roles: it wraps cfagent and squirrels away its
> > > output, and by default it daemonises itself and runs cfagent hourly,
> > > emailing the admin if there exists output and it is different from
> > > the last run.
> > >
> > > > While cfagent runs all right, cfexecd complains about:
> > > > b80n13: cfengine defines no system administrator address
> > > > b80n13: Need: sysadm = ( ??@?? ) in control
> >
> > I figured the problem was I ran the command via the dsh (distributed
> > shell) on a 16 node cluster. That shell does not run the profile.
> >
> > > We could do with seeing the output from cfexecd to say what it can't
> > > find.
> >
> > The errors I got are the 2 lines in my email, that's all. But it's because
> > of the dsh, it works local on the node.
> >
> >
> > [snip]
> > > Likewise, if your server doesn't have <client's-ip>.pub in its ppkeys
> > > directory, it hasn't trusted your client. I find that the best way to
> > > introduce a client to a server is to set up cfservd.conf to trust the
> > > server's IP address and to allow the 'root' user. Then from the
> > > server, I run 'cfrun <client>' and allow it to trust the key. This is
> > > then a one-shot trust at at time of my choosing.
> >
> >
> > I deleted all existing keys, ran cfkey, changed the cfservd config to
> > trust the ip and restarted cfservd. Still the same error:
> >
> > Connect to b80cw = 192.168.240.254 on port cfengine
> > cfengine:b80n11: Trusting server identity and willing to accept key from
> > b80cw=192.168.240.254
> > Saving public key /var/cfengine/ppkeys/root-192.168.240.254.pub
> > cfengine:b80n11: Server returned error: Host authentication failed. Did
> > you forget the domain name?
> >
> > The server does have the correct root-192.168.240.11.pub which I compared
> > with the localhost.pub on the client. The root-192.168.240.254.pub is the
> > same as the localhost.pub on the server. Still isn't the correct key.
> >
> > There must be something else to trust the key?
> > Thanks,
>
> If both hosts have correct copies of each other's key, that part
> of the exchange will work. However, cfservd has to be told which
> users and IP ranges to trust.
>
> control:
> AllowUsers = ( root)
> AllowConnectionsFrom = ( 192.168.0 192.168.2.1-96 )
>
> for example.
> --
> HUMBER THAMES DOVER WIGHT PORTLAND PLYMOUTH NORTHWEST BISCAY
> WEST OR SOUTHWEST 5 TO 7, OCCASIONALLY GALE 8 AT FIRST IN HUMBER
> THAMES DOVER AND WIGHT. RAIN OR DRIZLE AT TIMES. GOOD BECOMING
> MODERATE OR POOR
>
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine
>
- OS patching via cfengine, Ryan Anderson, 2003/03/06
- Re: OS patching via cfengine, Mark . Burgess, 2003/03/06
- several questions on running cfengine, Eva Hocks, 2003/03/06
- Re: several questions on running cfengine, Andrew Stribblehill, 2003/03/06
- Re: several questions on running cfengine, Eva Hocks, 2003/03/07
- Re: several questions on running cfengine, Andrew Stribblehill, 2003/03/08
- Re: several questions on running cfengine,
Eva Hocks <=
- Re: several questions on running cfengine, Andrew Stribblehill, 2003/03/10
- Re: several questions on running cfengine, Eva Hocks, 2003/03/10
- Re: several questions on running cfengine, Mark . Burgess, 2003/03/11
- Re: several questions on running cfengine, Mark . Burgess, 2003/03/11
- Re: several questions on running cfengine, Thomas Glanzmann, 2003/03/11
- Message not available
- Re: several questions on running cfengine, Martin A. Brooks, 2003/03/11
- Re: several questions on running cfengine, Eva Hocks, 2003/03/11
- Re: several questions on running cfengine, Mark . Burgess, 2003/03/11
- Re: several questions on running cfengine, Marion Hakanson, 2003/03/11
- Re: several questions on running cfengine, Mark . Burgess, 2003/03/11