[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: several questions on running cfengine
|
From: |
Andrew Stribblehill |
|
Subject: |
Re: several questions on running cfengine |
|
Date: |
Mon, 10 Mar 2003 20:49:06 +0000 |
|
User-agent: |
Mutt/1.5.3i |
Quoting Eva Hocks <hocks@sdsc.edu> (2003-03-10 07:05:17 GMT):
>
> thanks for your answer. Unfortunately that doesn't work either:
> cfengine:b80n11: Strong authentication of server=192.168.240.254
> connection confirmed
> Checking copy from 192.168.240.254:/usr/local/apps/cfengine/inputs to
> /var/cfengine/inputs
> cfengine:b80n11: Server returned error: Host authentication failed. Did
> you forget the domain name?
> cfengine:b80n11: Can't stat /usr/local/apps/cfengine/inputs in copy
>
> The configuration for cfservd is:
> public = ( /usr/local/ )
> almost_public = ( /usr/local/apps )
> cfrunCommand = ( /usr/local/apps/sbin/cfagent )
> MultipleConnections = ( true )
> MaxConnections = ( 10 )
> master_configs = ( /usr/local/apps/cfengine/inputs/cfagent.conf )
> AllowUsers = ( root hocks ) # This is always required.
> AllowConnectionsFrom = ( 192.168.0 192.168.240.1-254 )
> DenyBadClocks = ( false )
> TrustKeysFrom = ( 192.168.240.254 192.168.240.0/24 )
This smacks of cargo cult configuration to me. Your
MultipleConnections line is bogus -- maybe you want
AllowMultipleConnectionsFrom = ( a.b.c.d/e ) or somesuch. I don't
know what you're doing with 'public', 'almost_public' or
'master_configs' -- maybe you use them elsewhere though. And your
TrustKeysFrom contains a redundant first entry.
I presume you have a 'grant' entry as follows:
grant: # or 'admit'
/usr/local/apps/cfengine/inputs *
If not, or if nothing similar, cfservd hasn't been told it's allowed
to serve these files to its clients.
Try running cfservd in debug mode (-d 3) and see what it says about
the connection.
> I have two network interfaces in the nodes. One network is the service
> network I am using for communication between the nodes the other one is
> the external network. How do I specify what interface to use from the
> client?
Assuming that your internal network has a different IP range to your
external one (here, I give the example of a host which is 1.2.3.4 to
the outside world but 10.0.0.1 internally) you just need to specify
the right IP address to contact. So if your cfengine file-server is
on 10.0.0.2 (and possibly another IP that's externally visible) just
contact it on 10.0.0.2 and it will come from the network interface
attached to 10.0.0.1.
--
TYNE DOGGER FISHER GERMAN BIGHT HUMBER
SOUTHWEST 5 TO 7 VEERING WEST 4 OR 5. RAIN OR SHOWERS. MODERATE OR
GOOD
- OS patching via cfengine, Ryan Anderson, 2003/03/06
- Re: OS patching via cfengine, Mark . Burgess, 2003/03/06
- several questions on running cfengine, Eva Hocks, 2003/03/06
- Re: several questions on running cfengine, Andrew Stribblehill, 2003/03/06
- Re: several questions on running cfengine, Eva Hocks, 2003/03/07
- Re: several questions on running cfengine, Andrew Stribblehill, 2003/03/08
- Re: several questions on running cfengine, Eva Hocks, 2003/03/10
- Re: several questions on running cfengine,
Andrew Stribblehill <=
- Re: several questions on running cfengine, Eva Hocks, 2003/03/10
- Re: several questions on running cfengine, Mark . Burgess, 2003/03/11
- Re: several questions on running cfengine, Mark . Burgess, 2003/03/11
- Re: several questions on running cfengine, Thomas Glanzmann, 2003/03/11
- Message not available
- Re: several questions on running cfengine, Martin A. Brooks, 2003/03/11
- Re: several questions on running cfengine, Eva Hocks, 2003/03/11
- Re: several questions on running cfengine, Mark . Burgess, 2003/03/11
- Re: several questions on running cfengine, Marion Hakanson, 2003/03/11
- Re: several questions on running cfengine, Mark . Burgess, 2003/03/11
- Re: several questions on running cfengine, Mark . Burgess, 2003/03/11