help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: difficulties communicating between cfengine hosts (still)

From: paul beard
Subject: Re: difficulties communicating between cfengine hosts (still)
Date: Mon, 13 Feb 2006 19:39:06 -0800 
On Feb 13, 2006, at 1:56 PM, Mark Burgess wrote:

Looks like nothing was sent -- have you included
Allow(Multiple)ConnectionsFrom?



Yes, it's in there:

control:
  domain = ( paulbeard.org )
  TrustKeysFrom = ( 192.168.2.0/24 )
  AllowUsers = ( root )
  BindToInterface = ( 192.168.2.1 )
  AllowConnectionsFrom = ( 192.168.2.0/24 )

  IfElapsed = ( 0 )
  ExpireAfter = ( 15 )
  MaxConnections = ( 50 )
  MultipleConnections = ( true )

grant:
   # Grant access to all hosts in paulbeard.org.
   /var/cfengine/inputs   *.paulbeard.org
   /var/cfengine/inputs   *.local
is there anything extraneous I can remove? I feel like every page I read suggests one more detail that Worked For Themâ„¢ and it's getting even more confusing. The update.conf I am working with is pretty much the one that comes with source kit.
If I ever get it working, I'll setup some classes, but for the sake of clarity, the FreeBSD-based server keeps everything in /var/ cfengine while the OS X client(s) keep their stuff in /opt/local/var/ cfengine, the sandbox used by Darwinports. I could symlink it but I'd rather get it working in some way that I can understand first.
if I understand the general idea, all a client needs to get started is a working update.conf: from that it can pull an up-to-date cfagent.conf. And to make that work, the client needs a working cfservd (synonymous with cfd?) as the transport. 

I don't quite see how these errors:

Connect to red.paulbeard.org = 192.168.2.1, port =5308
Found address (192.168.2.1) for host red.paulbeard.org
Updating last-seen time for red.paulbeard.org
cfengine:: Couldn't lookup IP address
cfengine:: gethostbyaddr: Unknown error: 0
cfengine:: Id-authentication for white.paulbeard.org failed
cfengine:: Unable to establish connection with red.paulbeard.org (failover) 

when these are all hardcoded/hosts file entries?

FuzzyItemIn(LIST,192.168.2.8)
Prepending [192.168.2.8]
*** New socket [7]
New connection...(from 192.168.2.8/7)
Spawning new thread...
Checking file updates on /var/cfengine/inputs/cfservd.conf (43f14e0c/ 43f14e18) 
RecvSocketStream(8)
Transmission empty or timed out...
Transaction Receive [][]
RecvSocketStream(0)
cfservd terminating NULL transmission!
Terminating thread...
***Closing socket 7 from 192.168.2.8
Deleted item 192.168.2.8
Checking file updates on /var/cfengine/inputs/cfservd.conf (43f14e0c/ 43f14e18) Checking file updates on /var/cfengine/inputs/cfservd.conf (43f14e0c/ 43f14e18) Checking file updates on /var/cfengine/inputs/cfservd.conf (43f14e0c/ 43f14e18) Checking file updates on /var/cfengine/inputs/cfservd.conf (43f14e0c/ 43f14e18) 



#######
#
# BEGIN update.conf
#
# This script distributes the configuration, a simple file so that,
# if there are syntax errors in the main config, we can still
# distribute a correct configuration to the machines afterwards, even
# though the main config won't parse. It is read and run just before the
# main configuration is parsed.
#
#######

control:

        Syslog = ( on )  # enable syslog logging
actionsequence = ( copy processes tidy ) # Keep this simple and constant 

        domain          = ( paulbeard.org )  # Needed for remote copy

        #
        # Which host/dir is the master for configuration roll-outs?
        #

        policyhost      = ( red.paulbeard.org )
        master_cfinput  = ( /var/cfengine/inputs )

        AddInstallable  = ( new_cfenvd new_cfservd new_cfexecd )

        #
        # Some convenient variables
        #

        workdir         = ( /opt/local/var/cfengine )
        cf_install_dir  = ( /opt/local/sbin )

        # Avoid server contention

        SplayTime = ( 5 )
######################################################################## #### 

#
# Make sure there is a local copy of the configuration and
# the most important binaries in case we have no connectivity
# e.g. for mobile stations or during DOS attacks
#

copy:
        /opt/local/var/cfengine/cfagent.conf
                dest=/var/cfengine/inputs
                server=red.paulbeard.org

        $(master_cfinput)            dest=$(workdir)/inputs
                                 r=inf
                                 mode=700
                                 type=binary
                                 exclude=*-dist
                                 exclude=*.lst
                                 exclude=*~
                                 exclude=#*
                                 server=$(policyhost)
                                 trustkey=true

        $(cf_install_dir)/cfagent    dest=$(workdir)/bin/cfagent
                                 mode=755
                                 backup=false
                                 type=checksum

        $(cf_install_dir)/cfservd    dest=$(workdir)/bin/cfservd
                                 mode=755
                                 backup=false
                                 type=checksum
                                 define=new_cfservd

        $(cf_install_dir)/cfexecd    dest=$(workdir)/bin/cfexecd
                                 mode=755
                                 backup=false
                                 type=checksum
                                 define=new_cfexecd

        $(cf_install_dir)/cfenvd     dest=$(workdir)/bin/cfenvd
                                 mode=755
                                 backup=false
                                 type=checksum
                                 define=new_cfenvd

#####################################################################

tidy:

        #
        # Cfexecd stores output in this directory.
        # Make sure we don't build up files and choke on our own words!
        #

        $(workdir)/outputs pattern=* age=7

#####################################################################

processes:

        #
        # Make sure to restart cfenvd or cfservd when the binaries
        # are updated.
        #

        new_cfservd::
"cfservd" signal=term restart /opt/local/var/ cfengine/bin/cfservd 

        new_cfenvd::
"cfenvd" signal=kill restart "/opt/local/var/ cfengine/bin/cfenvd -H" 

        new_cfexecd::
"cfexecd$" signal=term restart /opt/local/var/ cfengine/bin/cfexecd 

#######
#
# END update.conf
#
#######






--
Paul Beard
contact info: www.paulbeard.org/paulbeard.vcf

Are you trying to win an argument or solve a problem?
reply via email to
[Prev in Thread] Current Thread [Next in Thread]