[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: master server confusion

From: W. Ryan Merrick
Subject: Re: master server confusion
Date: Sat, 24 Jan 2004 16:30:47 -0800
User-agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031218

jptxs wrote:
As the help says many times, cfengine makes you think in a different
way.  I don't think I have the hang of it yet.  I've been reading and even went to
the bookstore to read a bit of the book Automating Unix and Linux
Administration (isbn:1590592123) seeking answers.

I have things up and working (to a point).  What I just don't get is
what I need to put on the non-master hosts.  In my update.conf I have:

    policyhost      = ( )
    master_cfinput  = ( /etc/cfengine/masters )

And bit further down:

$(master_cfinput) dest=$(workdir)/inputs

I thought (but have come to doubt) this would grab the config files
from the policyhost and copy them to the local host.  That has not
happened.  And I keep getting errors when running cfagent -v on the
local host that look like:

cfengine:: Server returned error:  Host authentication failed. Did you
forget the domain name or IP/DNS address regist
ration (for ipv4 or ipv6)?
cfengine:: Can't stat /etc/cfengine/masters in copy

I do not get these errors when I run cfagent -v on the policyhost,
which has an identical update.conf file and an identical file
structure (relative to what's referenced in cfengine's configuration,

I think that I'm just wrong about what I think this should do.

So my questions are:

1. Am I wrong to think that the copy should be grabbing the file from
the policyhost with the above setup?

2. If I am wrong, how can that be done?
I know this can be done from my reading.  I just cannot figure out
Help-cfengine mailing list


I had this problem. Verify that your cfservd has a section like:

admit:   # or grant:
        /var/cfengine/bin/cfagent       *
        /var/cfengine/inputs            *
        /var/cfengine                    *

The wildcard.domain.TLD should be the same as your defined domain and your server names.

Ryan Merrick
Systems Administrator
Hero Network LLC

reply via email to

[Prev in Thread] Current Thread [Next in Thread]