help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OS X cfengine


From: Jeff McCune
Subject: Re: OS X cfengine
Date: Wed, 06 Jul 2005 12:13:40 -0400
User-agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317)

Brendan Strejcek wrote:
Brendan Strejcek wrote:


I'm getting output like this when I try to run "cfagent -q -K -v -B":

   Checking copy from server:/path to /path
   Connect to server = XXX.XXX.XXX.XXX, port =5308
   Found address (XXX.XXX.XXX.XXX) for host server
   Updating last-seen time for server
   cfengine:: Couldn't lookup IP address
   cfengine:: gethostbyaddr: Unknown error: 0
   cfengine:: Id-authentication for client failed
   cfengine:: Unable to establish connection with server (failover)


These problems ended up being specific to a particular client. I'm still
not sure what the issues was, but it is not happening on other machines.

The Darwinports install worked fine. For the list, this is how I set up
cfengine on a Mac running OS X (10.3).

Assuming you already have Xcode installed, this will work:

    ftp http://darwinports.opendarwin.org/downloads/DarwinPorts-1.0.dmg
    hdiutil attach ./DarwinPorts-1.0.dmg
    cd /Volumes/DarwinPorts1.0
    installer -pkg DarwinPorts.mpkg -target / # Can use -verbose option
    cd /; umount /Volumes/DarwinPorts1.0
    export PATH=$PATH:/opt/local/bin
    port install cfengine
    # Create /opt/local/var/cfengine/ppkeys/root-${CFSERVD_IP}.pub
    # Create /opt/local/var/cfengine/inputs/update.conf
    ln -s /opt/local/var/cfengine /var/cfengine
    cp /opt/local/sbin/cfagent /var/cfengine/bin
    echo /opt/local/sbin/cfexecd >>/etc/rc.local
    chmod 755 /etc/rc.local
    /opt/local/sbin/cfexecd

We run an extensive cfengine setup on about 200 Mac OSX machines here at the Mathematics department of Ohio State University. I'm currently in the process of rolling out my Tiger adaptation of our cfengine configuration.

In my experience, authentication errors with the policy host are the most common problem. In my shop, they're mostly a result of a host that moves from one hostname to another and the ppkeys no longer match what the policy host's copy.

Your message seems to indicate that the client can't perform a reverse DNS lookup on the IP address to determine the hostname of the policy host or it can't determine it's own hostname. I'd make sure that your network configuration of the client is good to go.

Hope this helps,
Jeff McCune


reply via email to

[Prev in Thread] Current Thread [Next in Thread]