Re: confused about cfrun

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: confused about cfrun

From:	Mark . Burgess
Subject:	Re: confused about cfrun
Date:	Wed, 8 Oct 2003 21:45:14 +0200 (MEST)

Even though you do not want to copy the cfrun command, you do need to grant 
access
to it in order to have it executed remotely. Probably this is what you
are missing,

cheers,
Mark


On  8 Oct, Brendan Strejcek wrote:
> I have a cfengine site configuration which seems to be working other than
> cfrun. Before I get specific and post my config files, let me be sure I
> understand the general model governing cfrun.
> 
> I have a client running cfservd with {update,cfagent,cfservd}.conf files.
> All of these have my domain set.
> 
> I have another machine (actually my policyserver, but I don't think
> that should matter) trying execute cfagent remotely on client via cfrun.
> It has a cfrun.hosts file with domain set correctly.
> 
> I have keys distributed properly.
> 
> Okay, I lied, I will give some details; here is some cfrun output:
> (The invocation was cfrun -v client)
> 
> cfrun(0): .......... [ Hailing client ] ..........
> Connecting to server client to port 0 with options  
> Loaded /var/cfengine/ppkeys/root-<client IP>.pub
> Connect to client = <client IP> on port cfengine
> Loaded /var/cfengine/ppkeys/root-<client IP>.pub
> cfrun:policyhost: Strong authentication of server=client connection confirmed
> client replies..
> 
>  Host authentication failed. Did you forget the domain name?cfrun:policyhost: 
> Couldn't recv
> cfrun:policyhost: recv
> Connection with client completed
> 
> As far as I know, I have included my domain name in every possible
> place. Here are some log messages I see which correspond to that connect:
> 
> Oct  8 13:49:32 client cfservd[421]:  Accepting connection from policyhost
> Oct  8 13:49:32 client cfservd[11274]:  ID from connecting host: (EXEC  )
> 
> I suspect that this "ID from connecting host: (EXEC  )" is the key to my
> problem...
> 
> This is my client cfservd.conf:
> 
> control:
> 
>         domain = ( mydomain )
>         cfrunCommand = ( "/var/cfengine/bin/cfagent" )
>         LogAllConnections = ( true )
>         AllowUsers = ( root )
> 
> Do I need some grants in there? It doen't *seem* like I should, since
> I don't want the clients to act as fileservers, but maybe I'm thinking
> about this wrong...
> 
> And just in case it matters, this is my cfrun.hosts on policyhost:
> 
> domain=mydomain
> access=root
> 
> client.mydomain
> 
> Any help will be much appreciated.
> 
> PS: See you guys at LISA.
> 
> 
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Prev in Thread]

Current Thread

[Next in Thread]

confused about cfrun, Brendan Strejcek, 2003/10/08
- Re: confused about cfrun, Kurt Lieber, 2003/10/08
- Re: confused about cfrun, Mark . Burgess <=
  - Re: confused about cfrun & another q., Brendan Strejcek, 2003/10/08
- Re: confused about cfrun, Morgan Ives, 2003/10/08

Prev by Date: Re: confused about cfrun
Next by Date: Re: confused about cfrun
Previous by thread: Re: confused about cfrun
Next by thread: Re: confused about cfrun & another q.
Index(es):
- Date
- Thread