[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
OS X cfengine
|
From: |
Brendan Strejcek |
|
Subject: |
OS X cfengine |
|
Date: |
Wed, 29 Jun 2005 16:32:52 -0500 |
|
User-agent: |
Mutt/1.5.6+20040907i |
Anyone on the list have experience with running the Darwinports
distribution of cfengine on Mac OS X machines? I am running into some
run-time problems.
I'm getting output like this when I try to run "cfagent -q -K -v -B":
Checking copy from server:/path to /path
Connect to server = XXX.XXX.XXX.XXX, port =5308
Found address (XXX.XXX.XXX.XXX) for host server
Updating last-seen time for server
cfengine:: Couldn't lookup IP address
cfengine:: gethostbyaddr: Unknown error: 0
cfengine:: Id-authentication for client failed
cfengine:: Unable to establish connection with server (failover)
http://google.com/search?q=Id-authentication+failed+cfengine only gets
me cfengine source code.
The Darwinports client is running cfengine 2.1.13 and Mac OS X 10.3.9
and the server is running cfengine 2.1.10. According to the changelog,
the extra encryption stage was added to the C5 protocol in 2.1.14, so I
don't think that is my problem.
All the DNS stuff seems to check out on both ends, and the server public
key is identical on both ends. I see the cfservd "Accepting connection"
log for my client, but the client public key never shows up (I have the
server configured to accept keys from clients if they do not already
exist).
Any ideas? Or do others on this list use a different packaging of
cfengine for Macs?
>From the Fink web site, it seems to me like there is a Fink-packaged
version in their Unstable repository. Following
http://fink.sourceforge.net/faq/usage-fink.php#unstable
I got this installed, using "fink install cfengine". I'm don't much like
the idea of relying on the Unstable branch though, so I'm still open to
other suggestions. A binary package that I know will continue to work
with 10.3 would be ideal, as I would rather not have to worry about the
repository changing out from under me and breaking my customizations on
later Mac installs. For now, I plan to save the debs that I got out of
the Fink build process today.
Wait, Fink version built and I get virtually an identical error using
the 2.1.11 cfagent.
I know this message rambles, but I think the info might be useful to
have in the archive.
########################################################################
Since people often experience libdb problems, I looked into that. But it
seems as if that looks okay:
Fink version:
# otool -L /sw/sbin/cfagent
/sw/sbin/cfagent:
/sw/lib/libdb-4.2.dylib (compatibility version 4.2.0, current version
4.2.52)
/sw/lib/libcrypto.0.9.7.dylib (compatibility version 0.9.7, current
version 0.9.7)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current
version 71.1.3)
And ktrace tells me it's using the correct libdb:
10850 cfagent CALL open(0x152c,0,0)
10850 cfagent NAMI "/sw/lib/libdb-4.2.dylib"
10850 cfagent RET open 4
Darwinports version:
# otool -L /opt/local/sbin/cfagent
/opt/local/sbin/cfagent:
/opt/local/lib/libdb-4.2.dylib (compatibility version 0.0.0, current
version 0.0.0)
/usr/lib/libcrypto.0.9.7.dylib (compatibility version 0.9.7, current
version 0.9.7)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current
version 71.1.3)
/opt/local/lib/libpcreposix.0.dylib (compatibility version 1.0.0,
current version 1.0.0)
########################################################################
Using "-d 2":
Opening server connnection to someserver
Connect to server = XXX.XXX.XXX.XXX, port h=5308
Found address (XXX.XXX.XXX.XXX) for host server
Updating last-seen time for someserver
Remote IP set to XXX.XXX.XXX.XXX
IPV4 address
sockaddr_ntop(XXX.XXX.XXX.XXX)
Identifying this agent as XXX.XXX.XXX.XXX i.e. client.fqdn, with signature 0
cfengine:: Couldn't lookup IP address
cfengine:: gethostbyaddr: Unknown error: 0
cfengine:: Id-authentication for client.fqdn failed
Closing current connection
cfengine:: Unable to establish connection with someserver (failover)
Closing current connection
Saving the setuid log in /sw/var/cfengine/cfagent.client.fqdn.log
Purging private classes from context update
That "with signature 0" looks strange to me.
- OS X cfengine,
Brendan Strejcek <=