[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Can't get a client to authorize?
|
From: |
Mark Burgess |
|
Subject: |
RE: Can't get a client to authorize? |
|
Date: |
Fri, 24 Feb 2006 09:32:27 +0100 |
Possibly you have misunderstood cfengine. You do not connect to clients
from a server. Clients connect to a server. But these words
server/client are very abused.
A server is a process (cfservd) that runs on some machine. A client is a
program (cfagent) that runs on some machine. You can run clients and
servers whereever you want, but the rule is that clients connect to
servers not the other way around.
M
On Wed, 2006-02-22 at 13:00 -0800, Josh Hurd wrote:
> Actually what I am really trying to do is operate cfe from one server
> and conect to clients on different domains.
> Can someone help with this?
>
> Josh
>
> _____________________________________________
> From: Josh Hurd
> Sent: Wednesday, February 22, 2006 12:29 PM
> To: Cfengine Mailing List Help
> Subject: Can't get a client to authorize?
>
> I am seeing this error when I run cfagent on a new client I just
> built. I am stumped. Can someone help me understand this?
>
> Denying connection from non-authorized IP 10.12.1.77
>
> My update.conf:
>
>
> # update.conf 2/15/05 Dougc
> groups:
> sea1_dc_digimine_com = ( IPRange(192.168.0.0/16)
> IPRange(10.254.0.0/16) IPRange(10.1.0.0/16) )
> qa_dmtest_com = ( IPRange(172.16.0.0/16)
> IPRange(10.12.0.0/16) )
> sb_dmtest_com = ( IPRange(172.16.0.0/16)
> IPRange(10.12.0.0/16) )
>
> control:
> sea1_dc_digimine_com::
> domain = ( sea1.dc.digimine.com )
> server = ( sea1-util01 )
> qa_dmtest_com::
> domain = ( qa.dmtest.com )
> server = ( qa-util01 )
> sb_dmtest_com::
> domain = ( sb.dmtest.com )
> server = ( sea1-util01 )
>
> any::
> actionsequence = ( copy files )
> workdir = ( /var/cfengine )
> configroot = ( /var/cfengine/master/inputs )
> SplayTime = ( 35 )
>
> copy:
> any::
> "$(configroot)" dest=$(workdir)/inputs
> mode=664
> owner=rsiadmin
> include=*.conf
> type=binary
> recurse=inf
> trustkey=true
> server=$(server)
> files:
> any::
> "$(workdir)/inputs/"
> mode=664
> owner=rsiadmin
> group=rsiadmin
> action=fixall
> recurse=inf
>
>
>
> My cfservd.conf:
>
> # $Header: /cfengine/Production/cfservd.conf 3 2/03/05 10:47
> JeffreyC $
> control:
> any::
> domain = ( sea1.dc.digimine.com sb.dmtest.com )
> server = ( sea1-util01 )
> TrustKeysFrom = ( 192.168.0.0/16 127.0.0.1/32 10.254.0.0/16
> 10.1.30.0/24 10.12.0.0/16 )
> AllowConnectionsFrom = ( 192.168.0.0/16 127.0.0.1/32 10.254.0.0/16
> 10.1.30.0 10.12.0.0/16 )
> TrustKeysFrom = ( 127.0.0.1 10.1 192.168 10.254
> 10.12.0.0/16 )
> AllowConnectionsFrom = ( 127.0.0.1 10.1 192.168 10.254
> 10.12.0.0/16 )
> SkipVerify = ( 10.1 10.12 )
> AllowUsers = ( root )
> cfrunCommand = ( "/usr/sbin/cfexecd -F" )
> HostnameKeys = ( off )
>
> sea1_util01::
> MaxConnections = ( 20 )
>
>
> admit:
> sea1_dc_digimine_com::
> /var/cfengine/master 192.168.0.0/16 127.0.0.1/32
> 10.254.0.0/16 10.1.30.0/24
> /usr/sbin/cfagent 192.168.0.0/16 127.0.0.1/32
> 10.254.0.0/16 10.1.30.0/24
> /usr/sbin/cfexecd 192.168.0.0/16 127.0.0.1/32
> 10.254.0.0/16 10.1.30.0/24
> sb_dmtest_com::
> /var/cfengine/master 10.12.0.0/16
> /usr/sbin/cfagent 10.12.0.0/16
> /usr/sbin/cfexecd 10.12.0.0/16
>
> sea1_util01::
> /var/ftp/pub/linux 192.168.0.0/16 127.0.0.1/32
> 10.254.0.0/16 10.1.30.0/24 10.12.0.0/16
> /mnt/rsi/logs02/Network/ExtractFiles 192.168.0.0/16 127.0.0.1/32
> 10.254.0.0/16 10.1.30.0/24 10.12.0.0/16
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://lists.gnu.org/mailman/listinfo/help-cfengine