help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Help-cfengine Digest, Vol 13, Issue 14

From: Harish Chauhan
Subject: Re: Help-cfengine Digest, Vol 13, Issue 14
Date: Tue, 23 Dec 2003 09:18:49 -0500

Hi,

I have recently compiled the latest version but I get a strange message when try to execute the following command line :

/opt/cfengine/bin/cfagent  -f  /repos/daily.conf

...
...
cfengine:lamp: Couldn't stat  /opt/cfengine/state/cf_procs, which needs editing        
cfengine:lamp: Check defination in program - if file NFS mounted ?

Can anybody help ?

Thanks in advance...
Regards, Harish Chauhan



help-cfengine-request@gnu.org
Sent by: help-cfengine-bounces+harish=us.ibm.com@gnu.org

12/22/2003 06:53 PM
Please respond to help-cfengine

       
        To:        help-cfengine@gnu.org
        cc:        
        Subject:        Help-cfengine Digest, Vol 13, Issue 14

       


Send Help-cfengine mailing list submissions to
                help-cfengine@gnu.org

To subscribe or unsubscribe via the World Wide Web, visit
                http://mail.gnu.org/mailman/listinfo/help-cfengine
or, via email, send a message with subject or body 'help' to
                help-cfengine-request@gnu.org

You can reach the person managing the list at
                help-cfengine-owner@gnu.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Help-cfengine digest..."


Today's Topics:

  1. Re: BerkeleyDB error compiling latest cfengine (Armin Wolfermann)
  2. Re: BerkeleyDB error compiling latest cfengine (Antoine Jacoutot)
  3. Re: BerkeleyDB error compiling latest cfengine (Antoine Jacoutot)
  4. Re: BerkeleyDB error compiling latest cfengine (Chip Seraphine)
  5. Re: BerkeleyDB error compiling latest cfengine (Antoine Jacoutot)
  6. Re: Restart daemon after config change (Kief Morris)
  7. ChessBrain: World Record! (The ChessBrain Network)
  8. a quick check on my config files (Antoine Jacoutot)
  9. Re: Restart daemon after config change (Kief Morris)
 10. cfservd configuration question (Stan Norton)
 11. Re: cfservd configuration question (Mark.Burgess@iu.hio.no)


----------------------------------------------------------------------

Message: 1
Date: Thu, 18 Dec 2003 17:53:39 +0059
From: Armin Wolfermann <aw@osn.de>
Subject: Re: BerkeleyDB error compiling latest cfengine
To: help-cfengine@gnu.org
Message-ID: <20031218165401.GC23780@kuba.osn.de>
Content-Type: text/plain; charset=us-ascii

* Antoine Jacoutot <ajacoutot@lphp.org> [18.12.2003 16:07]:
> $ pkg_info | grep db
> db-4.1.25p1        Berkeley DB package, revision 4

This is no official port, which one of test ports is it?

> Any idea how to solve this issue ?

The configure script checks for library and header file. If you omit
the pathname after --with-berkeleydb it checks for the header db.h in
{/opt /usr/local /usr}/include/{db-4 db4 db3 db}.

Regards,
Armin Wolfermann



------------------------------

Message: 2
Date: Thu, 18 Dec 2003 18:05:27 +0100
From: Antoine Jacoutot <ajacoutot@lphp.org>
Subject: Re: BerkeleyDB error compiling latest cfengine
To: Armin Wolfermann <aw@osn.de>, help-cfengine@gnu.org
Message-ID: <200312181805.27432.ajacoutot@lphp.org>
Content-Type: text/plain;  charset="iso-8859-1"

On Thursday 18 December 2003 17:54, Armin Wolfermann wrote:
> * Antoine Jacoutot <ajacoutot@lphp.org> [18.12.2003 16:07]:
> > $ pkg_info | grep db
> > db-4.1.25p1        Berkeley DB package, revision 4
>
> This is no official port, which one of test ports is it?

I use the db4 port from -current and compiled it under 3.4-stable.

> The configure script checks for library and header file. If you omit
> the pathname after --with-berkeleydb it checks for the header db.h in
> {/opt /usr/local /usr}/include/{db-4 db4 db3 db}.

Here is everything I tried (well I also tried to change the FLAGS):
./configure
./configure -with-berkeleydb=/usr/local
./configure -with-berkeleydb=/usr/local/lib
./configure -with-berkeleydb=/usr/local/lib/db4
./configure -with-berkeleydb=/usr/local/include
./configure -with-berkeleydb=/usr/local/include/db4

I always get the error...
Thanks a lot.

Antoine




------------------------------

Message: 3
Date: Thu, 18 Dec 2003 18:09:20 +0100
From: Antoine Jacoutot <ajacoutot@lphp.org>
Subject: Re: BerkeleyDB error compiling latest cfengine
To: Thomas Glanzmann <sithglan@stud.uni-erlangen.de>
Cc: help-cfengine@gnu.org
Message-ID: <200312181809.20487.ajacoutot@lphp.org>
Content-Type: text/plain;  charset="iso-8859-1"

On Thursday 18 December 2003 18:03, Thomas Glanzmann wrote:
> Hi Antoine,
>
> * Antoine Jacoutot <ajacoutot@lphp.org> [031218 16:57]:
> > $ ./configure
>
> ./configure --with-berkeleydb=/usr/local

What the... !!!
This was the first thing I tried (a lot of times) and it did not work and now
it works :)
Woowooh, thanks so much :)
I have no idea why this works but well, I'm happy...

Thanks anyway.

Antoine




------------------------------

Message: 4
Date: Thu, 18 Dec 2003 11:36:41 -0600
From: Chip Seraphine <chip@trdlnk.com>
Subject: Re: BerkeleyDB error compiling latest cfengine
To: Antoine Jacoutot <ajacoutot@lphp.org>,                 Thomas Glanzmann
                <sithglan@stud.uni-erlangen.de>
Cc: help-cfengine@gnu.org
Message-ID: <200312181136.41494.chip@trdlnk.com>
Content-Type: text/plain;  charset="iso-8859-1"


If your previous email was an exact pasting, then the problem might be that
you said '-with-berkeleydb' instead of the Stallmanically Correct
double-dashed '--with-berkeleydb'.

On Thursday 18 December 2003 11:09, Antoine Jacoutot wrote:
> On Thursday 18 December 2003 18:03, Thomas Glanzmann wrote:
> > Hi Antoine,
> >
> > * Antoine Jacoutot <ajacoutot@lphp.org> [031218 16:57]:
> > > $ ./configure
> >
> > ./configure --with-berkeleydb=/usr/local
>
> What the... !!!
> This was the first thing I tried (a lot of times) and it did not work and
> now it works :)
> Woowooh, thanks so much :)
> I have no idea why this works but well, I'm happy...
>
> Thanks anyway.
>
> Antoine
>
>
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine




------------------------------

Message: 5
Date: Thu, 18 Dec 2003 19:11:02 +0100
From: Antoine Jacoutot <ajacoutot@lphp.org>
Subject: Re: BerkeleyDB error compiling latest cfengine
To: chip@trdlnk.com
Cc: help-cfengine@gnu.org
Message-ID: <200312181911.02456.ajacoutot@lphp.org>
Content-Type: text/plain;  charset="iso-8859-1"

On Thursday 18 December 2003 18:36, Chip Seraphine wrote:
> If your previous email was an exact pasting, then the problem might be that
> you said '-with-berkeleydb' instead of the Stallmanically Correct
> double-dashed '--with-berkeleydb'.

Well, no, it was a copy mistake from me, I really meant --with-berkeleydb...
Anyway, thank you everyone, I can now begin to learn cfengine :)

Antoine




------------------------------

Message: 6
Date: Fri, 19 Dec 2003 13:29:23 +0000
From: Kief Morris <kief@kief.com>
Subject: Re: Restart daemon after config change
To: help-cfengine@gnu.org
Message-ID: <4.3.2.7.2.20031219132744.02257150@kief.com>
Content-Type: text/plain; charset="us-ascii"

Alexander Mattausch typed the following on 16:20 18/12/2003 +0100
>Actually this mechanism is working very well with the copy statement,
>I'm not using it in the files section. So when the documentation says
>that a class is only set when the file is modified by the files
>statement, then the class is probably not set.

Yes, I've thought of using the copy statement, but I didn't want to
have a separate copy operation for each daemon's configuration
files. It may be the simplest way to do this though.

Kief




------------------------------

Message: 7
Date: Fri, 19 Dec 2003 11:33:41 -0800
From: "The ChessBrain Network" <listserver@chessbrain.net>
Subject: ChessBrain: World Record!
To: help-cfengine@gnu.org
Message-ID: <E1AXRKh-00073L-Qr@monty-python.gnu.org>
Content-Type: text/plain; charset="iso-8859-1"

The ChessBrain Network


T o be removed from our mailing list, send an email to support@chessbrain.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnu.org/pipermail/help-cfengine/attachments/20031219/9a9f1532/attachment.htm

------------------------------

Message: 8
Date: Mon, 22 Dec 2003 09:36:40 +0100
From: Antoine Jacoutot <ajacoutot@dioranews.com>
Subject: a quick check on my config files
To: help-cfengine@gnu.org
Message-ID: <200312220936.40511.ajacoutot@dioranews.com>
Content-Type: text/plain;  charset="us-ascii"

Hi :)

After some reading and testing I ended up with the following configuration for
cfengine.
As I am far from being an expert and I do not (yet !) understand everything
about this product, I just wanted you to check my config files just to see if
there're ok or just plain stupid...
Note that for now, it does not do anything usefull, before entering real
rules, I want to make sure my base config is right.

I start the following on all my boxes (cfengine policy server and clients):
/usr/local/sbin/cfenvd
/usr/local/sbin/cfservd
/usr/local/sbin/cfexecd -f /usr/local/sbin/cfagent

I would really appreciate any feedback :)

Thanks in advance.
Regards,

Antoine

-------------------------------

##############
# cfagent.conf
##############

control:
access = ( root )
site = ( my-domain )
smtpserver = ( smtp.my-domain.com )
sysadm = ( root@my-domain.com )
schedule = ( Min00_05 Min30_35 )
domain = ( my-domain.com )
Syslog = ( on )
Inform = ( on )
SplayTime = ( 5 )
IfElapsed = ( 1 )
LockDirectory = ( /var/cfengine )
LogDirectory  = ( /var/cfengine )
moduledirectory = ( /var/cfengine/modules )
ChecksumDatabase = ( /var/cfengine/cf.db )
actionsequence = ( resolve files editfiles )

resolve:
192.168.0.1
192.168.0.2

files:
/var/cfengine/inputs mode=700 action=""> /var/cfengine/outputs mode=700 action="">
editfiles:
openbsd::
 { /etc/login.conf
 AppendIfNoSuchLine "# Test cfengine"
 }

#############
# update.conf
#############

control:
domain = ( my-domain.com )
actionsequence  = ( copy tidy )
policyhost = ( server.my-domain.com )
master_cfinput = ( /var/cfengine/inputs )
workdir = ( /var/cfengine )
SplayTime = ( 5 )
IfElapsed = ( 1 )

copy:
!$(policyhost)::
 $(master_cfinput) dest=$(workdir)/inputs
 r=inf
 purge=true
 mode=700
 type=binary
 encrypt=true
 verify=true
 exclude=*.lst
 exclude=*~
 exclude=#*
 server=$(policyhost)

tidy:
$(workdir)/outputs pattern=* age=7

#############
# cservd.conf
#############

control:
domain = ( my-domain.com )
AllowConnectionsFrom = ( 192.168.0.0/24 )
TrustKeysFrom = ( 192.168.0.0/24 )
Access = ( root )
cfrunCommand = ( "/usr/local/sbin/cfagent" )
ChecksumDatabase = ( /var/cfengine/cf.db )
IfElapsed = ( 1 )
ExpireAfter = ( 15 )
MaxConnections = ( 50 )
MultipleConnections = ( true )

grant:
/var/cfengine/inputs encrypt=true *.my-domain.com
/usr/local/sbin/ encrypt=true $(policyhost)




------------------------------

Message: 9
Date: Mon, 22 Dec 2003 10:25:36 +0000
From: Kief Morris <kmorris@kief.com>
Subject: Re: Restart daemon after config change
To: help-cfengine@gnu.org
Message-ID: <4.3.2.7.2.20031222102528.02243358@kief.com>
Content-Type: text/plain; charset="us-ascii"

Alexander Mattausch typed the following on 16:20 18/12/2003 +0100
>Actually this mechanism is working very well with the copy statement,
>I'm not using it in the files section. So when the documentation says
>that a class is only set when the file is modified by the files
>statement, then the class is probably not set.

Yes, I've thought of using the copy statement, but I didn't want to
have a separate copy operation for each daemon's configuration
files. It may be the simplest way to do this though.

Kief




------------------------------

Message: 10
Date: Mon, 22 Dec 2003 16:50:54 -0500
From: Stan Norton <sjn@sjn.cc>
Subject: cfservd configuration question
To: help-cfengine@gnu.org
Message-ID: <20031222215054.GA31670@smtp.pharmetrics.com>
Content-Type: text/plain; charset=us-ascii

I've been attempting to get cfengine 2.1.0p1 running on freebsd 5.1-RELEASE.
Ipv6 was not working, so I rebuilt kernels on two machines, to test in ipv4
mode.

cfagent work fine. I am experiencing problems attempting to connect via
cfrun from another host (on which cfagent works) to cfservd.


I'm concerned about two lines from -d2 output:

AccessControl(/var/cfengine/bin/cfagent)
AccessControl(/usr/var/cfengine/bin/cfagent,rtty2.domain.com)

/var is symlinked from /usr/var. Is the symlink creating a problem with
cfengine?

This is the entry in cfservd.conf:

cfrunCommand = ( "/var/cfengine/bin/cfagent" )

grant:

/var/cfengine/bin/cfagent       rtty2.domain.com

I have also tried these as:


cfrunCommand = ( "/usr/var/cfengine/bin/cfagent" ) with an appropriate grant
change. No effect.

Thanks for any help. I'm looking forward to getting this going.


--------------------------------------------------------------------------------------------------


Edited -d2 output:

...
ACCESS GRANTED ----------------------:

Path: /var/cfengine/bin/cfagent (encrypt=0)
  Admit: rtty2.domain.com root=
Path: /var/cfengine/inputs (encrypt=0)
  Admit: rtty2.domain.com root=
ACCESS DENIAL ------------------------ :

Host IPs allowed connection access :

IP: 192.168.1.215
Host IPs denied connection access :

Host IPs allowed multiple connection access :

Host IPs from whom we shall accept public keys on trust :

IP: 192.168.1.215

...

Connecting host identifies itself as 192.168.1.215 rtty2.domain.com
root 0
(ipstring=[192.168.1.215],fqname=[rtty2.domain.com],username=[root],socket=[192.168.1.215])
cfservd: Allowing 192.168.1.215 to connect without (re)checking ID
Non-verified Host ID is rtty2.domain.com (Using skipverify)
Non-verified User ID seems to be root (Using skipverify)

...

Havekey(root-192.168.1.215)
Loaded /var/cfengine/ppkeys/root-192.168.1.215.pub

...

A public key was already known from rtty2.domain.com/192.168.1.215 -
no trust required
Adding IP 192.168.1.215 to SkipVerify - no need to check this if we have a key
Prepending 192.168.1.215
The public key identity was confirmed as root@rtty2.domain.com

...

cfservd: Strongly authentication of client
rtty2.domain.com/192.168.1.215

...



User root granted connection privileges
>>>AccessControl(/var/cfengine/bin/cfagent)
>>>AccessControl(/usr/var/cfengine/bin/cfagent,rtty2.domain.com)
encrypt request=0
cfservd: Host rtty2.domain.com denied access to
/usr/var/cfengine/bin/cfagent
cfservd: Host authorization/authentication failed or access denied





------------------------------

Message: 11
Date: Mon, 22 Dec 2003 23:48:27 +0100 (MET)
From: Mark.Burgess@iu.hio.no
Subject: Re: cfservd configuration question
To: sjn@sjn.cc
Cc: help-cfengine@gnu.org
Message-ID: <200312222248.hBMMmRNE025888@nexus.iu.hio.no>
Content-Type: TEXT/plain; charset=us-ascii


FreeBSD handles ipv6 differently to all other OSes, but it should work,
even in spite of the illogical way it is implemented. I believe
some freebsd users have verified this. It certainly works ok on linux
and solaris.

I do not understand the reference to /usr in these messages. Perhaps
there is an issue with symbolic links here. You need to grant access
to the true path, not via a symlink.

M

On 22 Dec, Stan Norton wrote:
> I've been attempting to get cfengine 2.1.0p1 running on freebsd 5.1-RELEASE.
> Ipv6 was not working, so I rebuilt kernels on two machines, to test in ipv4
> mode.
>
> cfagent work fine. I am experiencing problems attempting to connect via
> cfrun from another host (on which cfagent works) to cfservd.
>
>
> I'm concerned about two lines from -d2 output:
>
> AccessControl(/var/cfengine/bin/cfagent)
> AccessControl(/usr/var/cfengine/bin/cfagent,rtty2.domain.com)
>
> /var is symlinked from /usr/var. Is the symlink creating a problem with
> cfengine?
>
> This is the entry in cfservd.conf:
>
> cfrunCommand = ( "/var/cfengine/bin/cfagent" )
>
> grant:
>
> /var/cfengine/bin/cfagent       rtty2.domain.com
>
> I have also tried these as:
>
>
> cfrunCommand = ( "/usr/var/cfengine/bin/cfagent" ) with an appropriate grant
> change. No effect.
>
> Thanks for any help. I'm looking forward to getting this going.
>
>
> --------------------------------------------------------------------------------------------------
>
>
> Edited -d2 output:
>
> ...
> ACCESS GRANTED ----------------------:
>
> Path: /var/cfengine/bin/cfagent (encrypt=0)
>    Admit: rtty2.domain.com root=
> Path: /var/cfengine/inputs (encrypt=0)
>    Admit: rtty2.domain.com root=
> ACCESS DENIAL ------------------------ :
>
> Host IPs allowed connection access :
>
> IP: 192.168.1.215
> Host IPs denied connection access :
>
> Host IPs allowed multiple connection access :
>
> Host IPs from whom we shall accept public keys on trust :
>
> IP: 192.168.1.215
>
> ...
>
> Connecting host identifies itself as 192.168.1.215 rtty2.domain.com
> root 0
> (ipstring=[192.168.1.215],fqname=[rtty2.domain.com],username=[root],socket=[192.168.1.215])
> cfservd: Allowing 192.168.1.215 to connect without (re)checking ID
> Non-verified Host ID is rtty2.domain.com (Using skipverify)
> Non-verified User ID seems to be root (Using skipverify)
>
> ...
>
> Havekey(root-192.168.1.215)
> Loaded /var/cfengine/ppkeys/root-192.168.1.215.pub
>
> ...
>
> A public key was already known from rtty2.domain.com/192.168.1.215 -
> no trust required
> Adding IP 192.168.1.215 to SkipVerify - no need to check this if we have a key
> Prepending 192.168.1.215
> The public key identity was confirmed as root@rtty2.domain.com
>
> ...
>
> cfservd: Strongly authentication of client
> rtty2.domain.com/192.168.1.215
>
> ...
>
>
>
> User root granted connection privileges
>>>>AccessControl(/var/cfengine/bin/cfagent)
>>>>AccessControl(/usr/var/cfengine/bin/cfagent,rtty2.domain.com)
> encrypt request=0
> cfservd: Host rtty2.domain.com denied access to
> /usr/var/cfengine/bin/cfagent
> cfservd: Host authorization/authentication failed or access denied
>
>
>
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




------------------------------

_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://mail.gnu.org/mailman/listinfo/help-cfengine


End of Help-cfengine Digest, Vol 13, Issue 14
*********************************************
reply via email to
[Prev in Thread] Current Thread [Next in Thread]