[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Help! private network with linux clusters

From: Adam M. Dunn
Subject: Help! private network with linux clusters
Date: Tue, 26 Oct 2004 09:13:16 -0500 (CDT)

I'm working on deploying cfengine in a very diverse environment.  I'm
planning on having one master server which all client servers get updated
from.  Pretty typical, and that's the easy part.  However, part of our
environment consists of separate linux clusters, each with their own head
node connected both to the primary lan, and to a private lan.  In other
words the head node has two NICs.  The primary IP is just like any other
server on the network, and has no trouble talking to the cfengine server.
The other NIC is connected to an isolated network where all the other linux
nodes live.  It's very much a typical cluster setup.  Now, I want to be able
to update the linux nodes on the private network.  I figured it would be too
much trouble trying to talk to the master cfengine server on the other
network, so I decided to settle for making the head node an intermediate
server that the nodes could download updates over the private network.  

So the steps I took to set this up are as follows:

1) Setup the cfengine policy host.
  - Setup Keys.  Used the example cfservd.conf file.  Changed the domain to:
domain = (  Made sure the admit: is setup to allow from
our domain.  Setup keys.

2) Setup the head node as a typical client.  
  - Setup keys.  Ran update.conf to share keys and download the policy
update from the policy host.  Everything worked fine.  Also used the same
cfservd.conf as the main policy host.

3) Setup a client node (here's the problem).
  - This client was setup to talk to the head node just as I setup the head
node to talk to the main policy host.
  - First off the keys did not exchange like they should have.  I then tried
manually copying them between the head node and client node.  This got me a
little further.  I received an error:

Cfengine:: Strong authentication ... connection confirmed.  

But get a failure after that:

Cfengine:: Server returned error:  Host authentication failed...

My first thought was the `admit:' in the head node's cfservd.conf, so I made
that completely non-restrictive, and still no luck.  My only other thought
is the domainname.  The nodes use a domain = ( local ) since they are not on
our regular domain.  I've also tried using the same value here as other
systems still with no luck. 

Can anyone think of how I can make this work?  I'd really appreciate any

Adam Dunn

reply via email to

[Prev in Thread] Current Thread [Next in Thread]