help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: confused about cfrun

From: Morgan Ives
Subject: Re: confused about cfrun
Date: Wed, 08 Oct 2003 14:54:52 -0500
 
Brendan,

Try starting servd in an  interactive session with -d2 and watching the results.
- d2 is debug.  The error message you are seeing is a general message
 that is designed to tell you little.  -d2 will tell you a lot.

             Morgan
 

Brendan Strejcek wrote:

I have a cfengine site configuration which seems to be working other than
cfrun. Before I get specific and post my config files, let me be sure I
understand the general model governing cfrun.

I have a client running cfservd with {update,cfagent,cfservd}.conf files.
All of these have my domain set.

I have another machine (actually my policyserver, but I don't think
that should matter) trying execute cfagent remotely on client via cfrun.
It has a cfrun.hosts file with domain set correctly.

I have keys distributed properly.

Okay, I lied, I will give some details; here is some cfrun output:
(The invocation was cfrun -v client)

cfrun(0): .......... [ Hailing client ] ..........
Connecting to server client to port 0 with options
Loaded /var/cfengine/ppkeys/root-<client IP>.pub
Connect to client = <client IP> on port cfengine
Loaded /var/cfengine/ppkeys/root-<client IP>.pub
cfrun:policyhost: Strong authentication of server=client connection confirmed
client replies..

 Host authentication failed. Did you forget the domain name?cfrun:policyhost: Couldn't recv
cfrun:policyhost: recv
Connection with client completed

As far as I know, I have included my domain name in every possible
place. Here are some log messages I see which correspond to that connect:

Oct  8 13:49:32 client cfservd[421]:  Accepting connection from policyhost
Oct  8 13:49:32 client cfservd[11274]:  ID from connecting host: (EXEC  )

I suspect that this "ID from connecting host: (EXEC  )" is the key to my
problem...

This is my client cfservd.conf:

control:

        domain = ( mydomain )
        cfrunCommand = ( "/var/cfengine/bin/cfagent" )
        LogAllConnections = ( true )
        AllowUsers = ( root )

Do I need some grants in there? It doen't *seem* like I should, since
I don't want the clients to act as fileservers, but maybe I'm thinking
about this wrong...

And just in case it matters, this is my cfrun.hosts on policyhost:

domain=mydomain
access=root

client.mydomain

Any help will be much appreciated.

PS: See you guys at LISA.

_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://mail.gnu.org/mailman/listinfo/help-cfengine

-- 
 Morgan Ives / Senior Unix Administrator 
 Engineering Support Services / NCSG Information Technology
 Motorola Semiconductor Products Sector
 512.996.6785 (voice) 512.996.7755 (fax) 888.894.5079 (pager)

------------------------------------------------------------------------ 
  Motorola Document Classification 
  [X]  General business information 
  [ ]  Motorola internal use only 
  [ ]  Motorola confidential proprietary 
  ------------------------------------------------------------------------
 
reply via email to
[Prev in Thread] Current Thread [Next in Thread]