Hi
With regard to the request for specific info here is what i have. Again,
this is with regard to not being able to pull files from my policy server.
Thanks in advance.
On the policy server. Here is my serverd.cf started as cf-serverd -v -f
serverd.cf
My client is to pull all data in /tmp/cfinputs and place them in
/var/tmp/input.
body common control
{
bundlesequence => {
"access_rules"
};
}
bundle server access_rules()
{
access:
"/tmp/cfinputs"
admit => { "169.196.32.158" },
deny => { "192.*" };
}
body server control
{
allowconnects => { "127.0.0.1" , "169.196.32.158" , "::1" };
allowallconnects => { "127.0.0.1" , "169.196.32.158" , "::1" };
trustkeysfrom => { "127.0.0.1" , "169.196.32.158" , "::1" };
# Make updates and runs happen in one
cfruncommand => "$(sys.workdir)/bin/cf-agent -f failsafe.cf &&
$(sys.workdir)/bin/cf-agent";
allowusers => { "root" };
}
============================================
============================================
My server is 10.162.73.143
my client is 169.196.32.158
On the client side, here is my test.cf
body common control
{
bundlesequence => {
"example"
};
}
body server control
{
allowconnects => { "127.0.0.1" , "10.162.73.143", "::1" };
allowallconnects => { "127.0.0.1" , "10.162.73.143", "::1" };
trustkeysfrom => { "127.0.0.1" , "10.162.73.143", "::1" };
}
bundle agent example
{
files:
ionapp1dev::
"/var/tmp/inputs"
"test.cf" 62L, 912C
body depth_search recurse1(d)
{
depth =>"$(d)";
exclude_dirs => {"tmp1"};
}
body perms my_p(p)
{
mode => "$(p)";
}
When i run version cf-serverd 3.0.2 everything works fine
cf3 Strong authentication of client
ionapp1dev.qa.jefco.com/::ffff:169.196.32.158 achieved
cf3 Received: [SSYNCH 40] on socket 5
cf3 Found a matching rule in access list (/tmp/cfinputs in /tmp/cfinputs)
cf3 No root privileges granted
cf3 Host ionapp1dev.qa.jefco.com granted access to /tmp/cfinputs
cf3 Received: [SOPENDIR 24] on socket 5
cf3 Found a matching rule in access list (/tmp/cfinputs in /tmp/cfinputs)
cf3 No root privileges granted
cf3 Host ionapp1dev.qa.jefco.com granted access to /tmp/cfinputs
cf3 Received: [SSYNCH 40] on socket 5
cf3 Found a matching rule in access list (/tmp/cfinputs/a in
/tmp/cfinputs)
cf3 No root privileges granted
cf3 Host ionapp1dev.qa.jefco.com granted access to /tmp/cfinputs/a
cf3 Received: [SOPENDIR 32] on socket 5
cf3 Found a matching rule in access list (/tmp/cfinputs/a in
/tmp/cfinputs)
cf3 No root privileges granted
cf3 Host ionapp1dev.qa.jefco.com granted access to /tmp/cfinputs/a
But when i run cf-serverd 3.0.3 it does not get the data
cf3 Strong authentication of client
ionapp1dev.qa.jefco.com/::ffff:169.196.32.158 achieved
cf3 Received: [SSYNCH 40] on socket 6
cf3 cfServerd access list is empty, no files are visible
cf3 Access control in sync
cf3 From (host=ionapp1dev.qa.jefco.com,user=root,ip=::ffff:169.196.32.158)
cf3 ID from connecting host: (SYNCH 1267333693 STAT /tmp/cfinputs)
Thanks in advance.
Jefferies archives and monitors outgoing and incoming e-mail. The contents of
this email, including any attachments, are confidential to the ordinary user of
the email address to which it was addressed. If you are not the addressee of
this email you may not copy, forward, disclose or otherwise use it or any part
of it in any form whatsoever. This email may be produced at the request of
regulators or in connection with civil litigation. Jefferies accepts no
liability for any errors or omissions arising as a result of transmission. Use
by other than intended recipients is prohibited. In the United Kingdom,
Jefferies operates as Jefferies International Limited; registered in England:
no. 1978621; registered office: Vintners Place, 68 Upper Thames Street, London
EC4V 3BJ. Jefferies International Limited is authorised and regulated by the
Financial Services Authority._______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
