help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: several questions on running cfengine


From: Mark . Burgess
Subject: Re: several questions on running cfengine
Date: Tue, 11 Mar 2003 15:52:22 +0100 (MET)


Cfengine says "did you forget the domain name?" answer: yes you did! :)
There is no domain declartion

M

On 10 Mar, Eva Hocks wrote:
> 
> 
> Andrew,
> 
> thanks for your answer. Unfortunately that doesn't work either:
> cfengine:b80n11: Strong authentication of server=192.168.240.254
> connection confirmed
> Checking copy from 192.168.240.254:/usr/local/apps/cfengine/inputs to
> /var/cfengine/inputs
> cfengine:b80n11: Server returned error:  Host authentication failed. Did
> you forget the domain name?
> cfengine:b80n11: Can't stat /usr/local/apps/cfengine/inputs in copy
> 
> 
> The configuration for cfservd is:
>   public         = ( /usr/local/ )
>   almost_public  = ( /usr/local/apps )
>   cfrunCommand   = ( /usr/local/apps/sbin/cfagent )
>   MultipleConnections = ( true )
>   MaxConnections = ( 10 )
>   master_configs = ( /usr/local/apps/cfengine/inputs/cfagent.conf )
>   AllowUsers     = ( root hocks )         # This is always required.
>   AllowConnectionsFrom = ( 192.168.0  192.168.240.1-254 )
>   DenyBadClocks = ( false )
>   TrustKeysFrom  = ( 192.168.240.254 192.168.240.0/24 )
> 
> and I restarted the cfservd but it still complains about the
> athentication.
> 
> I have two network interfaces in the nodes. One network is the service
> network I am using for communication between the nodes the other one is
> the external network. How do I specify what interface to use from the
> client?
> 
> Thanks,
> Eva
> 
> 
> On Sat, 8 Mar 2003, Andrew Stribblehill wrote:
> 
>> Quoting Eva Hocks <address@hidden> (2003-03-08 01:39:52 GMT):
>> >
>> >
>> > On Fri, 7 Mar 2003, Andrew Stribblehill wrote:
>> >
>> > > Quoting Eva Hocks <address@hidden> (2003-03-06 11:04:26 GMT):
>> > > >
>> > > > What is the difference to run cfagent or cfexecd?
>> > >
>> > > cfexecd performs two roles: it wraps cfagent and squirrels away its
>> > > output, and by default it daemonises itself and runs cfagent hourly,
>> > > emailing the admin if there exists output and it is different from
>> > > the last run.
>> > >
>> > > > While cfagent runs all right, cfexecd complains about:
>> > > >  b80n13: cfengine defines no system administrator address
>> > > >  b80n13: Need: sysadm = ( address@hidden ) in control
>> >
>> > I figured the problem was I ran the command via the dsh (distributed
>> > shell) on a 16 node cluster. That shell does not run the profile.
>> >
>> > > We could do with seeing the output from cfexecd to say what it can't
>> > > find.
>> >
>> > The errors I got are the 2 lines in my email, that's all. But it's because
>> > of the dsh, it works local on the node.
>> >
>> >
>> > [snip]
>> > > Likewise, if your server doesn't have <client's-ip>.pub in its ppkeys
>> > > directory, it hasn't trusted your client. I find that the best way to
>> > > introduce a client to a server is to set up cfservd.conf to trust the
>> > > server's IP address and to allow the 'root' user. Then from the
>> > > server, I run 'cfrun <client>' and allow it to trust the key. This is
>> > > then a one-shot trust at at time of my choosing.
>> >
>> >
>> > I deleted all existing keys, ran cfkey, changed the cfservd config to
>> > trust the ip and restarted cfservd. Still the same error:
>> >
>> > Connect to b80cw = 192.168.240.254 on port cfengine
>> > cfengine:b80n11: Trusting server identity and willing to accept key from
>> > b80cw=192.168.240.254
>> > Saving public key /var/cfengine/ppkeys/root-192.168.240.254.pub
>> > cfengine:b80n11: Server returned error:  Host authentication failed. Did
>> > you forget the domain name?
>> >
>> > The server does have the correct root-192.168.240.11.pub which I compared
>> > with the localhost.pub on the client. The root-192.168.240.254.pub is the
>> > same as the localhost.pub on the server. Still isn't the correct key.
>> >
>> > There must be something else to trust the key?
>> > Thanks,
>>
>> If both hosts have correct copies of each other's key, that part
>> of the exchange will work. However, cfservd has to be told which
>> users and IP ranges to trust.
>>
>> control:
>>   AllowUsers = ( root)
>>   AllowConnectionsFrom = ( 192.168.0  192.168.2.1-96 )
>>
>> for example.
>> --
>> HUMBER THAMES DOVER WIGHT PORTLAND PLYMOUTH NORTHWEST BISCAY
>> WEST OR SOUTHWEST 5 TO 7, OCCASIONALLY GALE 8 AT FIRST IN HUMBER
>> THAMES DOVER AND WIGHT. RAIN OR DRIZLE AT TIMES. GOOD BECOMING
>> MODERATE OR POOR
>>
>>
>> _______________________________________________
>> Help-cfengine mailing list
>> address@hidden
>> http://mail.gnu.org/mailman/listinfo/help-cfengine
>>
> 
> 
> 
> _______________________________________________
> Help-cfengine mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/help-cfengine



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  address@hidden
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






reply via email to

[Prev in Thread] Current Thread [Next in Thread]