help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: difficulties communicating between cfengine hosts (still)

From: David E. Nelson
Subject: Re: difficulties communicating between cfengine hosts (still)
Date: Tue, 14 Feb 2006 19:04:13 -0600 (CST)
I haven't been following this thread very closely, but thought I'd pitch in a little nugget that bit me this afternoon on some RedHat boxes. This kept me from authenticating to the CFEngine server because reverse DNS lookups would fail. 

BAD:
/etc/hosts
127.0.0.1 mybox mybox.mydomain localhost.localdomain localhost

GOOD:
/etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.2.14 mybox mybox.mydomain # Or mybox.mydomain mybox

We require 'mybox mybox.mydomain' for specific software reasons.

BTW, this is on 2.1.14.
I'd encourage you to not give up. Because when you get it to work, it's a FANTASTIC toolbox (IMHO of course ;). 

Good luck,
         /\/elson

On Tue, 14 Feb 2006, Ed Brown wrote:


On Tue, 2006-02-14 at 07:36 -0800, paul beard wrote:

It may be time to put this aside for a bit. I'm plainly not getting
something about this. It's getting close to taking up the time it was
going to save me.


Sorry to see you give up after all the effort.  Mark's didactic response
(multiple errors: let the student find them) had me looking closely to
see if I could find more than one.  In case a more specific enumeration
would help:

He gave you:

   MultipleConnections = ( true )


Of course, it should be
AllowMultipleConnectionsFrom = ( 192.168.2.0/24 )

(A typo in the docs at:
<http://www.cfengine.org/docs/cfengine-Reference.html#Cfservd_002econf-
and-cfrun-reference> says 'AllMultipleConnectionsFrom')

But I'd say just drop it, not generally necessary, unless you see
"denying repeated connection attempts..."  We don't use it.

The only other error that I could spot was

   ExpireAfter = ( 15 )

which is not a cfservd.conf configuration.

I would suggest dropping 'BindToInterface', unless you have multiple
interfaces on this box.  (Shouldn't hurt to have it, but since you asked
what was extraneous...)

For that matter, and I was very surprised to find this earlier today in
reviewing our configs for another reason, is that we do not specify
domain, anywhere.  I thought this was required, but I find it's been
commented out for over a year in our cfagent.conf.  (Yet "cfagent -Q
domain" does return the correct value, even on test hardware with no
cfengine config files.)

Just to be sure about this: you are modifying the ip addresses in your
correspondence?  Mark mentioned reverse dns lookups: the addresses you
use in your configs DO have to correspond to dns entries for the
hostnames that you are using.  If you are really using 192.168
addresses, or the hostnames aren't in your local dns that way, you may
be able to use SkipVerify to get around this.

No mac experience here, so if this problem is related to the mac-
specific bug you referenced, I couldn't help with that...

hang in there,
Ed



_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://lists.gnu.org/mailman/listinfo/help-cfengine



--
~~ ** ~~ If you don't think too well, then don't think too much. ~~ ** ~~
reply via email to
[Prev in Thread] Current Thread [Next in Thread]