help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cfrun fails on remote host reply.


From: Ryan Merrick
Subject: Cfrun fails on remote host reply.
Date: Fri, 23 Jan 2004 15:59:21 -0800
User-agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031121

Hello,

I can't get cfrun to successfully activate cfagent on a remote host, but I can login to that host and run cfagent without a problem. I am not using a access control and have the cfengine directories in the admit section of the cfservd.conf.

What else is needed ?


con0#cfrun -v alfheim
...
GNU Cfengine server daemon -
2.1.0p1
...
Additional hard class defined as: freebsd_i386_4_9_RC
...
cfrun(0):         .......... [ Hailing alfheim.heronetwork.com ] ..........
Connecting to server alfheim.heronetwork.com to port 0 with options
Loaded /var/cfengine/ppkeys/root-alfheim.heronetwork.com.pub
Connect to alfheim.heronetwork.com = 192.168.25.52 on port cfengine
Loaded /var/cfengine/ppkeys/root-192.168.25.52.pub
cfrun:con0.heronetwork.com: Strong authentication of server=alfheim.heronetwork.com connection confirmed
alfheim.heronetwork.com replies..

Host authentication failed. Did you forget the domain name or IP/DNS address registration (for ipv4 or ipv6)?Connection with alfheim.heronetwork.com completed



cfservd on con0:

control:
        domain          = ( heronetwork.com )
        cfrunCommand    = ( "/var/cfengine/bin/cfagent" )
  any::
        AllowConnectionsFrom = ( 192.168.0.0/16 )
        TrustKeysFrom = ( 192.168 )
        DynamicAddresses = ( 192.168.50.150-200 )
        LogAllConnections = ( true )
        DenyBadClocks = ( true )
        HostnameKeys = ( on )
        ChecksumDatabase = ( /tmp/testDATABASEcache )
        IfElapsed = ( 1 )
        MaxConnections = ( 10 )

admit:   # or grant:
#       Both
        /var/cfengine/bin/cfagent       *.heronetwork.com
        /var/cfengine/inputs            *.heronetwork.com
        /var/cfengine                   *.heronetwork.com
        /usr/ports/packages             *.heronetwork.com
        /tmp                            *.heronetwork.com

cfservd.conf on Alfheim:

control:
        domain          = ( heronetwork.com )
        cfrunCommand    = ( "/var/cfengine/bin/cfagent" )

  any::
        AllowConnectionsFrom = ( 192.168.25.0/24 )
        TrustKeysFrom = ( 192.168.25 )
        LogAllConnections = ( true )
        DenyBadClocks = ( true )
        HostnameKeys = ( on )
        ChecksumDatabase = ( /tmp/testDATABASEcache )
        IfElapsed = ( 1 )
        MaxConnections = ( 10 )
admit:   # or grant:
#       Both
        /usr/local/sbin/cfagent         *.heronetwork.com
        /var/cfengine/bin/cfagent       *.heronetwork.com
        /var/cfengine/inputs            *.heronetwork.com
        /var/cfengine                   *.heronetwork.com
        /tmp                            *.heronetwork.com


alfheim# cfagent -v
...
GNU Configuration Engine -
2.1.0p1
...
Additional hard class defined as: freebsd_i386_4_9_STABLE
...

Checking copy from con0.heronetwork.com:/var/cfengine/inputs to /var/cfengine//inputs
Connect to con0.heronetwork.com = 192.168.25.62 on port cfengine
Loaded /var/cfengine/ppkeys/root-192.168.25.62.pub
cfengine:: Strong authentication of server=con0.heronetwork.com connection confirmed
Registering root device as 171268
Checking copy from con0.heronetwork.com:/var/cfengine/inputs/cfservd.srv to /var/cfengine//inputs/cfservd.conf
Saving the setuid log in /var/cfengine/cfagent.alfheim.heronetwork.com.log
Job start time set to Fri Jan 23 15:21:09 2004
....


Checking copy from con0.heronetwork.com:/etc/periodic.conf to /etc/periodic.conf
Connect to con0.heronetwork.com = 192.168.25.62 on port cfengine
Loaded /var/cfengine/ppkeys/root-192.168.25.62.pub
cfengine:alfheim: Strong authentication of server=con0.heronetwork.com connection confirmed
Saving the setuid log in /var/cfengine/cfagent.alfheim.heronetwork.com.log
Job start time set to Fri Jan 23 15:21:10 2004


Ryan Merrick
Systems Administrator
wrmine@heronetwork.com
Heronetwork LLC





reply via email to

[Prev in Thread] Current Thread [Next in Thread]