help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: master server confusion


From: W. Ryan Merrick
Subject: Re: master server confusion
Date: Sat, 24 Jan 2004 16:30:47 -0800
User-agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031218

jptxs wrote:
As the help says many times, cfengine makes you think in a different
way.  I don't think I have the hang of it yet.  I've been reading
http://www.cfengine.org/docs/cfengine-Tutorial.html and even went to
the bookstore to read a bit of the book Automating Unix and Linux
Administration (isbn:1590592123) seeking answers.

I have things up and working (to a point).  What I just don't get is
what I need to put on the non-master hosts.  In my update.conf I have:

    policyhost      = ( bach.house.sander )
    master_cfinput  = ( /etc/cfengine/masters )

And bit further down:

copy:
$(master_cfinput) dest=$(workdir)/inputs
                        r=inf
                        mode=700
                        type=binary
                        exclude=*.lst
                        exclude=*~
                        exclude=#*
                        server=$(policyhost)
                        trustkey=true

I thought (but have come to doubt) this would grab the config files
from the policyhost and copy them to the local host.  That has not
happened.  And I keep getting errors when running cfagent -v on the
local host that look like:

cfengine:: Server returned error:  Host authentication failed. Did you
forget the domain name or IP/DNS address regist
ration (for ipv4 or ipv6)?
cfengine:: Can't stat /etc/cfengine/masters in copy

I do not get these errors when I run cfagent -v on the policyhost,
which has an identical update.conf file and an identical file
structure (relative to what's referenced in cfengine's configuration,
anyway).

I think that I'm just wrong about what I think this should do.

So my questions are:

1. Am I wrong to think that the copy should be grabbing the file from
the policyhost with the above setup?

2. If I am wrong, how can that be done?
I know this can be done from my reading.  I just cannot figure out
how.
_______________________________________________
Help-cfengine mailing list
address@hidden
http://mail.gnu.org/mailman/listinfo/help-cfengine

Hello,

I had this problem. Verify that your cfservd has a section like:

admit:   # or grant:
        /var/cfengine/bin/cfagent       *.heronetwork.com
        /var/cfengine/inputs            *.heronetwork.com
        /var/cfengine                    *.heronetwork.com

The wildcard.domain.TLD should be the same as your defined domain and your server names.

--
Ryan Merrick
address@hidden
Systems Administrator
Hero Network LLC






reply via email to

[Prev in Thread] Current Thread [Next in Thread]