[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
difficulties communicating between cfengine hosts (still)
|
From: |
paul beard |
|
Subject: |
difficulties communicating between cfengine hosts (still) |
|
Date: |
Sun, 12 Feb 2006 21:45:08 -0800 |
I am taking a different and i hope simpler approach to learning where
this is going wrong for me. I have gotten cfengine 2.1.18 installed
on two OX.4 systems.
this is part of the result of a cfagent -q -K -v -d2 invocation:
Identifying this agent as 192.168.2.8 i.e. white.paulbeard.org, with
signature 0
cfengine:white: Couldn't lookup IP address
cfengine:white: gethostbyaddr: Unknown error: 0
cfengine:white: Id-authentication for white.paulbeard.org failed
Closing current connection
cfengine:white: Unable to establish connection with tichy (failover)
Closing current connection
The OS X port (from darwinports) comes with config files that look
like the examples in the documentation. I made the minimum of changes
to localize them.
cfagent on each system works just fine. It's getting a new cfagent
file and acting on it that's got me stalled.
More debug info is available.
This is not the first time someone has run into this on OS X, but the
solution was to install a package rather than install from source:
not so much a solution as a workaround.
http://lists.gnu.org/archive/html/help-cfengine/2005-06/msg00146.html
It looks like key exchanges are not happening. I get no public keys
exchanged. And if I try to prompt an exchange, each initiating host
wants a public key from itself whihc I think it already has.
tichy:/opt/local/var/cfengine root# uname -a
Darwin tichy.paulbeard.org 8.4.0 Darwin Kernel Version 8.4.0: Tue
Jan 3 18:22:10 PST 2006; root:xnu-792.6.56.obj~1/RELEASE_PPC Power
Macintosh powerpc
tichy:/opt/local/var/cfengine root# cfrun -v -- -k white
Domain name = paulbeard.org
GNU Cfengine server daemon -
2.1.18
Free Software Foundation 1994-
Donated by Mark Burgess, Faculty of Engineering,
Oslo University College, 0254 Oslo, Norway
------------------------------------------------------------------------
Host name is: tichy.paulbeard.org
Operating System Type is darwin
Operating System Release is 8.4.0
Architecture = power@macintosh
Using internal soft-class darwin for host darwin
The time is now Sun Feb 12 21:38:35 2006
------------------------------------------------------------------------
Additional hard class defined as: 32_bit
Additional hard class defined as: darwin_8_4_0
Additional hard class defined as: darwin_power_macintosh
Additional hard class defined as: darwin_power_macintosh_8_4_0
Additional hard class defined as:
darwin_power_macintosh_8_4_0_Darwin_Kernel_Version_8_4_0__Tue_Jan__3_18_
22_10_PST_2006__root_xnu_792_6_56_obj_1_RELEASE_PPC
GNU autoconf class from compile time: compiled_on_darwin8_4_0
Address given by nameserver: 192.168.2.2
Setting cfengine new port to 5308
Setting cfengine old port to 5308
Checking integrity of the state database
Checking integrity of the module directory
Checking integrity of the input data for RPC
Checking integrity of the output data for RPC
Checking integrity of the PKI directory
Making sure that locks are private...
Loaded /opt/local/var/cfengine/ppkeys/localhost.priv
Loaded /opt/local/var/cfengine/ppkeys/localhost.pub
Looking for a source of entropy in /opt/local/var/cfengine/randseed
cfrun(0): .......... [ Hailing tichy.paulbeard.org ] ..........
Connecting to server tichy.paulbeard.org to port 0 with options -k
white
WARNING - You do not have a public key from host tichy.paulbeard.org
= 192.168.2.2
Do you want to accept one on trust? (yes/no)
--> yes
Connect to tichy.paulbeard.org = 192.168.2.2, port =5308
Found address (192.168.2.2) for host tichy.paulbeard.org
Updating last-seen time for tichy.paulbeard.org
cfrun:tichy.paulbeard.org: Couldn't lookup IP address
cfrun:tichy.paulbeard.org: gethostbyaddr: Unknown error: 0
Unable to open a channel
Connection refused...
If I put the public key in place, it fails just the same, but without
asking for the key.
Connecting to server tichy.paulbeard.org to port 0 with options -k
white
Loaded /opt/local/var/cfengine/ppkeys/root-192.168.2.2.pub
Connect to tichy.paulbeard.org = 192.168.2.2, port =5308
Found address (192.168.2.2) for host tichy.paulbeard.org
Updating last-seen time for tichy.paulbeard.org
cfrun:tichy.paulbeard.org: Couldn't lookup IP address
cfrun:tichy.paulbeard.org: gethostbyaddr: Unknown error: 0
Unable to open a channel
Connection refused...
It makes sense that the client (white) would want a key from the
server, but it never asks for one, only from itself. Likewise, tichy
(the server) never asks to do an exchange with the client.
config files follow, if anyone wants to go that far.
#######
#
# BEGIN update.conf
#
# This script distributes the configuration, a simple file so that,
# if there are syntax errors in the main config, we can still
# distribute a correct configuration to the machines afterwards, even
# though the main config won't parse. It is read and run just before the
# main configuration is parsed.
#
#######
control:
Syslog = ( on ) # enable syslog logging
actionsequence = ( copy processes tidy ) # Keep this
simple and constant
domain = ( paulbeard.org ) # Needed for remote copy
#
# Which host/dir is the master for configuration roll-outs?
#
policyhost = ( tichy.paulbeard.org )
master_cfinput = ( /opt/local/var/cfengine/masterfiles/
inputs )
AddInstallable = ( new_cfenvd new_cfservd new_cfexecd )
#
# Some convenient variables
#
workdir = ( /opt/local/var/cfengine )
cf_install_dir = ( /opt/local/sbin )
# Avoid server contention
SplayTime = ( 5 )
########################################################################
####
#
# Make sure there is a local copy of the configuration and
# the most important binaries in case we have no connectivity
# e.g. for mobile stations or during DOS attacks
#
copy:
$(master_cfinput) dest=$(workdir)/inputs
r=inf
mode=700
type=binary
exclude=*-dist
exclude=*.lst
exclude=*~
exclude=#*
server=$(policyhost)
trustkey=true
$(cf_install_dir)/cfagent dest=$(workdir)/bin/cfagent
mode=755
backup=false
type=checksum
$(cf_install_dir)/cfservd dest=$(workdir)/bin/cfservd
mode=755
backup=false
type=checksum
define=new_cfservd
$(cf_install_dir)/cfexecd dest=$(workdir)/bin/cfexecd
mode=755
backup=false
type=checksum
define=new_cfexecd
$(cf_install_dir)/cfenvd dest=$(workdir)/bin/cfenvd
mode=755
backup=false
type=checksum
define=new_cfenvd
#####################################################################
tidy:
#
# Cfexecd stores output in this directory.
# Make sure we don't build up files and choke on our own words!
#
$(workdir)/outputs pattern=* age=7
#####################################################################
processes:
#
# Make sure to restart cfenvd or cfservd when the binaries
# are updated.
#
new_cfservd::
"cfservd" signal=term restart /opt/local/var/
cfengine/bin/cfservd
new_cfenvd::
"cfenvd" signal=kill restart "/opt/local/var/
cfengine/bin/cfenvd -H"
new_cfexecd::
"cfexecd$" signal=term restart /opt/local/var/
cfengine/bin/cfexecd
#######
#
# END update.conf
#
#######
##################################################
#
# cfagent.conf
#
# This is a simple file for getting started with
# cfengine. It is harmless. If you get cfengine
# running with this file, you can build on it.
#
##################################################
###
#
# BEGIN cfagent.conf (Only hard classes in this file )
#
###
control:
Syslog = ( on ) # enable syslog logging
actionsequence = ( checktimezone files processes
shellcommands copy )
domain = ( paulbeard.org )
timezone = ( PST )
smtpserver = ( red.paulbeard.org ) # used by cfexecd
sysadm = ( root@white.paulbeard.org ) # where to
mail output
schedule = ( Min00_05 ) # run once an hour
######################################################################
files:
# Check some important files
/etc/passwd mode=644 owner=root action=warnall
# Do a tripwire check on binaries!
/usr/bin # Scan /usr/bin dir
owner=root,daemon # all files must be owned by root
or daemon
checksum=md5 # use md5 or sha
recurse=inf # all subdirs
action=warnall
#####################################################################
processes:
"cfservd" restart /opt/local/var/cfengine/bin/cfservd
"cfenvd" restart "/opt/local/var/cfengine/bin/cfenvd -H"
"cfexecd$" restart /opt/local/var/cfengine/bin/cfexecd
######################################################################
shellcommands:
"/bin/echo 'Cfengine successfully executed.' && /bin/echo
'Replace me with something useful.'"
copy:
/tmp/hosts server=tichy dest=/tmp/hosts
###
#
# END cfagent.conf
#
###
#########################################################
#
# This is a cfservd config file - it is used for the server
# part of cfengine, for remote file transfers and control
# over cfengine using the cfrun program.
#
#########################################################
control:
domain = ( paulbeard.org )
cfrunCommand = ( "/opt/local/var/cfengine/bin/cfagent" )
any::
IfElapsed = ( 1 )
ExpireAfter = ( 15 )
MaxConnections = ( 50 )
MultipleConnections = ( true )
#########################################################
grant:
# Grant access to all hosts at paulbeard.org.
# Files should be world readable
/opt/local/var/cfengine/masterfiles/inputs *.paulbeard.org
/opt/local/var/cfengine/masterfiles/inputs *.local
# Make sure there is permission to execute by cfrun
/opt/local/var/cfengine/bin/cfagent *.paulbeard.org
/opt/local/var/cfengine/bin/cfagent *.local
########
#
# END cfservd.conf
#
########
##################################################
#
# cfagent.conf
#
# This is a simple file for getting started with
# cfengine. It is harmless. If you get cfengine
# running with this file, you can build on it.
#
##################################################
###
#
# BEGIN cfagent.conf (Only hard classes in this file )
#
###
control:
Syslog = ( on ) # enable syslog logging
actionsequence = ( checktimezone files processes
shellcommands copy )
domain = ( paulbeard.org )
timezone = ( PST )
smtpserver = ( red.paulbeard.org ) # used by cfexecd
sysadm = ( root@white.paulbeard.org ) # where to
mail output
schedule = ( Min00_05 ) # run once an hour
######################################################################
files:
# Check some important files
/etc/passwd mode=644 owner=root action=warnall
# Do a tripwire check on binaries!
/usr/bin # Scan /usr/bin dir
owner=root,daemon # all files must be owned by root
or daemon
checksum=md5 # use md5 or sha
recurse=inf # all subdirs
action=warnall
#####################################################################
processes:
"cfservd" restart /opt/local/var/cfengine/bin/cfservd
"cfenvd" restart "/opt/local/var/cfengine/bin/cfenvd -H"
"cfexecd$" restart /opt/local/var/cfengine/bin/cfexecd
######################################################################
shellcommands:
"/bin/echo 'Cfengine successfully executed.' && /bin/echo
'Replace me with something useful.'"
copy:
/tmp/hosts server=tichy dest=/tmp/hosts
###
#
# END cfagent.conf
#
###
--
Paul Beard
contact info: www.paulbeard.org/paulbeard.vcf
Are you trying to win an argument or solve a problem?
- difficulties communicating between cfengine hosts (still),
paul beard <=
- Re: difficulties communicating between cfengine hosts (still), Mark Burgess, 2006/02/13
- Re: difficulties communicating between cfengine hosts (still), paul beard, 2006/02/13
- Re: difficulties communicating between cfengine hosts (still), Mark Burgess, 2006/02/13
- Re: difficulties communicating between cfengine hosts (still), paul beard, 2006/02/13
- Re: difficulties communicating between cfengine hosts (still), Mark Burgess, 2006/02/14
- Re: difficulties communicating between cfengine hosts (still), paul beard, 2006/02/14
- Re: difficulties communicating between cfengine hosts (still), Ed Brown, 2006/02/14
- Re: difficulties communicating between cfengine hosts (still), David E. Nelson, 2006/02/14
- Re: difficulties communicating between cfengine hosts (still), paul beard, 2006/02/14
- Re: difficulties communicating between cfengine hosts (still), Marco van Beek, 2006/02/15