Tracy R Reed wrote:
I put this problem on the back-burner for a week or so but now I am back
at it. We still have a problem. I currently have the following in my
update.conf:
Ok, I think I have figured it out. I did not pick up on your clue about
the domain and it was indeed a problem. The domain name is different
between the internal machines and the external machines. We use
domain.com for external and int.domain.com for internal. So I ended up
doing this in my update.conf file:
groups:
internal_network = ( IPRange(192.168.0.0/16) )
control:
actionsequence = ( copy )
master_cfinput = ( /dj/data/cfengine/inputs )
master_modules = ( /dj/data/cfengine/modules )
workdir = ( /var/cfengine )
internal_network::
policyhost = ( sdapp01 )
domain = ( int.domain.com )
!internal_network::
policyhost = ( mail )
domain = ( domain.com )
And now things work, more or less.
cfengines is quite tricksy. I edit the policy, run cfagent, nothing
different happens, wonder why, scratch head, investigate, edit policy,
run policy again, does something different from before but not what my
last edit intended, scratch head for a day, realize that the new policy
only gets copied into the inputs dir from the working dir on the first
invocation of cfagent but it is still running the old config and then
the actual changes only get run on the second invocation and that's only
if I have waited a minute since I last ran it. ARGH!
Ok, so now am working out a different problem:
Checking copy from mail:/dj/data/cfengine/inputs to /var/cfengine/inputs
Connect to mail = 1.2.3.4 on port 5308
Updating last-seen time for mail
Loaded /var/cfengine/ppkeys/root-1.2.3.4.pub
cfengine:: Received signal 13 (SIGPIPE) while doing [pre-lock-state]
cfengine:: Logical start time Sun May 21 19:21:49 2006
cfengine:: This sub-task started really at Sun May 21 19:21:49 2006
I seem to run into this one fairly often. I was getting this
occasionally when my update.conf was misconfigured with the wrong
domain. This machine has a third domain name so I have added another
group definition to update.conf to match this machine and specify the
domain and policyhost for it.
The hostname resolves to just domain.com in dns but the hostname of the
machine itself is mail01.domain.com. Could that cause an authentication
problem when cfengine resolves the ip it is connecting from and finds
that there is no host part to the machines name? I would change the dns
but I do not have access to it at the moment. Really wish the error
messages gave a little more info on exactly what went wrong.
--
Tracy R Reed
http://ultraviolet.org
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
http://cfengine.org/mailman/listinfo/help-cfengine
