help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Help! private network with linux clusters -- Solved!


From: Adam M. Dunn
Subject: Re: Help! private network with linux clusters -- Solved!
Date: Tue, 26 Oct 2004 11:01:20 -0500 (CDT)

Hi all.  Well, I'm sure I would have recieved good help from you all,
however I've figured it out myself.  Soon after I sent the email out I ran
accross a simple malformed character I'd missed in my `admit:' statement
on the head node cfservd.conf.  Fixed it and everything worked like a
charm.  

Thanks anyway for listening :)



~Adam


On Tue, 26 Oct 2004, Adam M. Dunn wrote:

> 
> Hello.  
> I'm working on deploying cfengine in a very diverse environment.  I'm
> planning on having one master server which all client servers get updated
> from.  Pretty typical, and that's the easy part.  However, part of our
> environment consists of separate linux clusters, each with their own head
> node connected both to the primary lan, and to a private lan.  In other
> words the head node has two NICs.  The primary IP is just like any other
> server on the network, and has no trouble talking to the cfengine server.
> The other NIC is connected to an isolated network where all the other linux
> nodes live.  It's very much a typical cluster setup.  Now, I want to be able
> to update the linux nodes on the private network.  I figured it would be too
> much trouble trying to talk to the master cfengine server on the other
> network, so I decided to settle for making the head node an intermediate
> server that the nodes could download updates over the private network.  
> 
> So the steps I took to set this up are as follows:
> 
> 1) Setup the cfengine policy host.
>   - Setup Keys.  Used the example cfservd.conf file.  Changed the domain to:
> domain = (hgsc.bcm.tmc.edu).  Made sure the admit: is setup to allow from
> our domain.  Setup keys.
> 
> 2) Setup the head node as a typical client.  
>   - Setup keys.  Ran update.conf to share keys and download the policy
> update from the policy host.  Everything worked fine.  Also used the same
> cfservd.conf as the main policy host.
> 
> 3) Setup a client node (here's the problem).
>   - This client was setup to talk to the head node just as I setup the head
> node to talk to the main policy host.
>   - First off the keys did not exchange like they should have.  I then tried
> manually copying them between the head node and client node.  This got me a
> little further.  I received an error:
> 
> Cfengine:: Strong authentication ... connection confirmed.  
> 
> But get a failure after that:
> 
> Cfengine:: Server returned error:  Host authentication failed...
> 
> My first thought was the `admit:' in the head node's cfservd.conf, so I made
> that completely non-restrictive, and still no luck.  My only other thought
> is the domainname.  The nodes use a domain = ( local ) since they are not on
> our regular domain.  I've also tried using the same value here as other
> systems still with no luck. 
> 
> 
> 
> Can anyone think of how I can make this work?  I'd really appreciate any
> help.  
> 
> 
> Thanks,
> Adam Dunn
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Help-cfengine mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/help-cfengine
> 
> 





reply via email to

[Prev in Thread] Current Thread [Next in Thread]