You should add a shared point, either folders or files, to server access_rules.
bundle server access_rules {
access:
"/srv/cf-serverd"
admit => { "172\.24\..*" };
"/jawoll"
admit => { "172\.24\..*" }
}
Cheers,
--Nakarin
On Feb 26, 2010, at 11:38 AM, Seifert, Christian wrote:
> Here ist my configuration:
>
> cf-serverd.cf on the policy server:
>
>
> body server control {
> trustkeysfrom => { "172.24.1.58" };
> allowconnects => { "172.24.1.58" };
> maxconnections => "10";
> logallconnections => "true";
> }
> bundle server access_rules {
> access:
> "/srv/cf-serverd"
> admit => { "172\.24\..*" };
> }
>
> The promises.cf on the policy server:
>
> body common control {
> bundlesequence => { hello, test };
> }
>
> bundle agent hello {
> reports:
> linux::
> # This is a comment
> "Hello, world";
> }
>
> bundle agent test {
> files:
> "/jawoll"
> copy_from => mycopy("/jawoll","172.24.1.58");
> }
>
> body copy_from mycopy(from,server) {
> source => "$(from)";
> servers => {"$(server)"};
> encrypt => true;
> }
>
>
>
> I want to transfer the file “/jawoll” from the policy server to the client.
> If I start a connection on the policy server with the command: “cf-serverd
> –v” and after that the command “cf-agent –bootstrap” on the client I get this
> on the policy server:
>
> cf3 New connection...(from ::ffff:172.24.1.58/4)
> cf3 Spawning new thread...
> cf3 Received: [CAUTH 172.24.1.58 hges2355.sz.salzgitter-ag.de root 0] on
> socket 4
> cf3 Allowing 172.24.1.58 to connect without (re)checking ID
> cf3 Non-verified Host ID is hges2355.sz.salzgitter-ag.de (Using skipverify)
> cf3 Non-verified User ID seems to be root (Using skipverify)
> cf3 LastSaw host hges2355.sz.salzgitter-ag.de now
> cf3 Received: [SAUTH y 256 37 c] on socket 4
> cf3 Loaded /var/cfengine/ppkeys/root-172.24.1.58.pub
> cf3 A public key was already known from
> hges2355.sz.salzgitter-ag.de/::ffff:172.24.1.58 - no trust required
> cf3 Adding IP ::ffff:172.24.1.58 to SkipVerify - no need to check this if we
> have a key
> cf3 The public key identity was confirmed as [email protected]
> cf3 Strong authentication of client
> hges2355.sz.salzgitter-ag.de/::ffff:172.24.1.58 achieved
> cf3 Received: [SSYNCH 48] on socket 4
> cf3 cfServerd access list is empty, no files are visible
> cf3 Access control in sync
> cf3 From (host=hges2355.sz.salzgitter-ag.de,user=root,ip=::ffff:172.24.1.58)
> cf3 ID from connecting host: (SYNCH 1267180028 STAT /srv/cf-serverd/inputs)
> cf3 Received signal 2 (SIGINT) while doing
> [lock.independent.server_cfengine..the_server_daemon_214_MD5=5b2c904169606aa9b27ec369fd13e016]
> cf3 Logical start time Fri Feb 26 11:26:58 2010
> cf3 This sub-task started really at Fri Feb 26 11:26:58 2010
> cf3 Trying to remove lock - try
> lock.independent.server_cfengine..the_server_daemon_214_MD5=5b2c904169606aa9b27ec369fd13e016
> cf3 Outcome of version (not specified): No checks were scheduled
> hgesnm3:/ # vi /var/cfengine/inputs/cf-serverd.cf
> hgesnm3:/ # vi /var/cfengine/inputs/promises.cf
> hgesnm3:/ # cf-serverd -v
> cf3 Cfengine - autonomous configuration engine - commence self-diagnostic
> prelude
> cf3 ------------------------------------------------------------------------
> cf3 Work directory is /var/cfengine
> cf3 Making sure that locks are private...
> cf3 Checking integrity of the state database
> cf3 Checking integrity of the module directory
> cf3 Checking integrity of the PKI directory
> cf3 Looking for a source of entropy in /var/cfengine/randseed
> cf3 Loaded /var/cfengine/ppkeys/localhost.priv
> cf3 Loaded /var/cfengine/ppkeys/localhost.pub
> cf3 Setting cfengine default port to 5308 = 5308
> cf3 Reference time set to Fri Feb 26 11:35:50 2010
> cf3 Cfengine - 3.0.3 (C) Cfengine AS 2008-
> cf3 ------------------------------------------------------------------------
> cf3 Host name is: hgesnm3
> cf3 Operating System Type is linux
> cf3 Operating System Release is 2.6.16.60-0.42.5-smp
> cf3 Architecture = x86_64
> cf3 Using internal soft-class linux for host hgesnm3
> cf3 The time is now Fri Feb 26 11:35:50 2010
> cf3 ------------------------------------------------------------------------
> cf3 # Extended system discovery is only available in version Nova and above
> cf3 Additional hard class defined as: 64_bit
> cf3 Additional hard class defined as: linux_2_6_16_60_0_42_5_smp
> cf3 Additional hard class defined as: linux_x86_64
> cf3 Additional hard class defined as: linux_x86_64_2_6_16_60_0_42_5_smp
> cf3 GNU autoconf class from compile time: compiled_on_linux_gnu
> cf3 Address given by nameserver: 192.168.78.50
> cf3 Interface 1: lo
> cf3 Interface 2: lo
> cf3 Interface 3: eth0
> cf3 Trying to locate my IPv6 address
> cf3 Found IPv6 address 3ffe:302:11:2:20a:e4ff:fe80:340a
> cf3 Found IPv6 address fe80::20a:e4ff:fe80:340a
> cf3 Looking for environment from cf-monitor...
> cf3 Unable to detect environment from cfMonitord
> cf3 This appears to be a SuSE system.
> cf3 Looking for SuSE enterprise info in "SUSE Linux Enterprise Server 10
> (x86_64)"
> cf3 ***********************************************************
> cf3 Loading persistent classes
> cf3 ***********************************************************
> cf3 ***********************************************************
> cf3 Loaded persistent memory
> cf3 ***********************************************************
> cf3 > Parsing file /var/cfengine/inputs/promises.cf
> cf3 Initiate variable convergence...
> cf3 Initiate variable convergence...
> cf3 # Knowledge map reporting feature is only available in version Nova and
> above
> cf3 -> Defined hard classes = { any verbose_mode Friday Hr11 Morning Min35
> Min35_40 Q3 Hr11_Q3 Day26 February Yr2010 Lcycle_0 GMT_Hr10 linux
> hgesnm3_sz_salzgitter_ag_de sz_salzgitter_ag_de salzgitter_ag_dede hgesnm3
> 64_bit linux_2_6_16_60_0_42_5_smp x86_64 linux_x86_64
> linux_x86_64_2_6_16_60_0_42_5_smp
> linux_x86_64_2_6_16_60_0_42_5_smp__1_SMP_Mon_Aug_24_09_41_41_UTC_2009
> compiled_on_linux_gnunet_iface_lo net_iface_eth0 192_168_78_50
> ipv4_192_168_78_50 ipv4_192_168_78 ipv4_192_168 ipv4_192
> 3ffe_302_11_2_20a_e4ff_fe80_340a fe80__20a_e4ff_fe80_340a cfengine_3_0_3
> cfengine_3_0 cfengine_3SuSE SLES10 server }
> cf3 -> Negated Classes = { }
> cf3 Initiate variable convergence...
> cf3 Initiate control variable convergence...
> cf3 Listening for connections ...
> cf3 New connection...(from ::ffff:172.24.1.58/4)
> cf3 Spawning new thread...
> cf3 Received: [CAUTH 172.24.1.58 hges2355.sz.salzgitter-ag.de root 0] on
> socket 4
> cf3 Allowing 172.24.1.58 to connect without (re)checking ID
> cf3 Non-verified Host ID is hges2355.sz.salzgitter-ag.de (Using skipverify)
> cf3 Non-verified User ID seems to be root (Using skipverify)
> cf3 LastSaw host hges2355.sz.salzgitter-ag.de now
> cf3 Received: [SAUTH y 256 37 c] on socket 4
> cf3 Loaded /var/cfengine/ppkeys/root-172.24.1.58.pub
> cf3 A public key was already known from
> hges2355.sz.salzgitter-ag.de/::ffff:172.24.1.58 - no trust required
> cf3 Adding IP ::ffff:172.24.1.58 to SkipVerify - no need to check this if we
> have a key
> cf3 The public key identity was confirmed as [email protected]
> cf3 Strong authentication of client
> hges2355.sz.salzgitter-ag.de/::ffff:172.24.1.58 achieved
> cf3 Received: [SSYNCH 48] on socket 4
> cf3 cfServerd access list is empty, no files are visible
> cf3 Access control in sync
> cf3 From (host=hges2355.sz.salzgitter-ag.de,user=root,ip=::ffff:172.24.1.58)
> cf3 ID from connecting host: (SYNCH 1267180561 STAT /srv/cf-serverd/inputs)
>
> Where is the problem because the file “jawoll” is not on the client after
> that.
>
> --
> Christian Seifert
>
> _______________________________________________
> Help-cfengine mailing list
> [email protected]
> https://cfengine.org/mailman/listinfo/help-cfengine
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
