help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Cfengine daemons keep dying!!!


From: Wheeler, John
Subject: RE: Cfengine daemons keep dying!!!
Date: Mon, 29 Nov 2004 11:13:31 -0600

> * Wheeler, John <jwheeler@eb.com> [041129 16:24]:
> > The ref manual says that the default value for this is ten. Do you
> > (meaning this list) suppose this could be the cause of the millions
of
> > emails I get about:
> 
> put it to at least the number of your clients. Splay time doesn't work
> anyway when you really need it.

Good rule of thumb. I'll wiki it when I have a moment.

> 
> However. The challenge response problems your talking about we solve
the
> following way:
> 
> rm /var/cfengine/ppkeys/root-* on the servers. They will copied on the
> first request back when trustkey is yes. Also we have limited the
access
> to the cfengine ports only from the local machines via a firewall.
> 
> You have of course also delete the keys on the client side for some
rare
> cases. (In case the server key has changed) or you had one of that
buggy
> cfengine versions running (see archives for details).

It's not a trust or re-key issue. The message:

cfengine:--------: Challenge response from server cfengine/10.xxx.xxx.xx
was incorrect!
cfengine:--------: Authentication dialogue with cfengine failed


1. appears somewhat at random... but frequently ~2-3 times a day for a
given host.
2. obviously only appears during a copy operation
3. likely will not appear in the next run (about an hour later)


to mark,
Does it make sense that I'd get the message above if the server couldn't
fork a new child? I could just dig through the code, but thought I'd try
to be lazy first.

thanks
wheeler




reply via email to

[Prev in Thread] Current Thread [Next in Thread]