[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: several questions on running cfengine
From: |
Mark . Burgess |
Subject: |
Re: several questions on running cfengine |
Date: |
Tue, 11 Mar 2003 23:36:22 +0100 (MET) |
I have to sleep now, but if you send the -d2 output from cfservd I promise
to look at it tomorrow.
Mark
On 11 Mar, Eva Hocks wrote:
>
> Thanks for all your help and suggestion. Unfortunately cfengine seems to
> be real stubborn. Even though cfservd sais:
>
>
> Define:: variable [domain=sdsc.edu] when any)
>
> Host IPs allowed connection access :
>
> IP: 192.168
> IP: 192.168.240
> IP: 192.168.240.1-254
> IP: 192.168.240.0/24
> Host IPs denied connection access :
>
> Host IPs allowed multiple connection access :
>
> IP: 192.168
> IP: 192.168.240
> IP: 192.168.240.1-254
> IP: 192.168.240.0/24
> Host IPs from whom we shall accept public keys on trust :
>
> IP: 192.168
> IP: 192.168.240
> IP: 192.168.240.1-254
> IP: 192.168.240.0/24
> Host IPs from NAT which we don't verify :
>
> IP: 192.168
> IP: 192.168.240
> IP: 192.168.240.1-254
> IP: 192.168.240.0/24
> Dynamical Host IPs (e.g. DHCP) whose bindings could vary over time :
>
>
> ACCESS GRANTED ----------------------:
>
> Path: /var/cfengine/inputs (encrypt=0)
> Admit: 192.168.240.* root=b80n11.sdsc.edu,
> Path: /usr/local (encrypt=0)
> Admit: 192.168.240.* root=b80n11.sdsc.edu,
> Path: /etc (encrypt=0)
> Admit: 192.168.240.* root=b80n11.sdsc.edu,
> Path: /usr/local/apps/sbin/cfagent (encrypt=0)
> Admit: 192.168.240.* root=
>
>
> the client is still not trusted:
> Connect to b80cw = 192.168.240.254 on port cfengine
> Loaded /var/cfengine/ppkeys/root-192.168.240.254.pub
> cfengine:b80n11: Strong authentication of server=b80cw connection
> confirmed
> Checking copy from b80cw://etc/inetd.conf.nodes to /etc/inetd.conf
> cfengine:b80n11: Server returned error: Host authentication failed. Did
> you forget the domain name?
>
>
> I put the domain name in all and every configuration file just to make
> sure cfengine wouldn't miss it. Still the cfagent on the client machine
> returns the same error with no further explaination (even in -d3). The
> internal network adapter names are in no DNS and they are not the
> hostname. They are in the /etc/hosts file:
> 192.168.240.11 b80n11e b80n11e.sdsc.edu
> The /etc/hosts file it kept the same on all nodes in the cluster by
> a scp script, one of the things I hoped to be able to do with cfengine.
>
> Where else should I put the domain name or whatever to allow the copy?
> Maybe I should just run the scp with ssh authentication rather than use
> the cfengine authentication?
>
>
> Thanks,
> Eva
>
> On Tue, 11 Mar 2003, Martin A. Brooks wrote:
>
>> At 17:39 07/03/2003 -0800, you wrote:
>> >Saving public key /var/cfengine/ppkeys/root-192.168.240.254.pub
>> >cfengine:b80n11: Server returned error: Host authentication failed. Did
>> >you forget the domain name?
>>
>> Hi Eva
>>
>> I see this problem with our installation every now and then. Our internal
>> domain is "lon4.fastsearch.net" and we use a replicated hosts file for
>> internal DNS. Whenever we see this problem, we do two things which always
>> seems to fix it.
>>
>> 1) We make sure than the FQDN is listed in the master hosts file i.e.
>>
>> 1.2.3.4 machine.lon4.fastsearch.net machine
>>
>> 2) We manually copy the master hosts file onto the affected machine.
>>
>> Hope this helps.
>>
>>
>> Martin A. Brooks
>> ---------------------------------
>> I/O, I/O, it's off to disk we go,
>> A bit or byte, to read or write,
>> I/O, I/O, I/O......
>>
>
>
>
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Re: several questions on running cfengine, (continued)
- Re: several questions on running cfengine, Mark . Burgess, 2003/03/11
- Re: several questions on running cfengine, Mark . Burgess, 2003/03/11
- Re: several questions on running cfengine, Thomas Glanzmann, 2003/03/11
- Message not available
- Re: several questions on running cfengine, Martin A. Brooks, 2003/03/11
- Re: several questions on running cfengine, Eva Hocks, 2003/03/11
- Re: several questions on running cfengine, Mark . Burgess, 2003/03/11
- Re: several questions on running cfengine, Marion Hakanson, 2003/03/11
- Re: several questions on running cfengine, Mark . Burgess, 2003/03/11
- Re: several questions on running cfengine,
Mark . Burgess <=
Re: OS patching via cfengine, Thomas Glanzmann, 2003/03/06
Re: OS patching via cfengine, Jamie Wilkinson, 2003/03/06
Re: OS patching via cfengine, Jamie Wilkinson, 2003/03/06
Re: OS patching via cfengine, Jamie Wilkinson, 2003/03/06