The rewrite was only an implementation patch, the protocol should be the same,
and fully
compatible. I would recommend running in debug mode and looking for an access
control
issue. Note that allowconnections must be IP addresses.
Eystein Måløy Stenberg wrote:
> Hi,
>
> I believe the network transaction code has been rewritten from 3.0.2 to
> 3.0.3, and the versions are not compatible.
> Do you have any issues when connecting nodes with the same version?
>
> --Eystein
>
> On 02/28/2010 06:08 AM, Ian Goldstein wrote:
>> Hi
>>
>> With regard to the request for specific info here is what i have. Again,
>> this is with regard to not being able to pull files from my policy server.
>> Thanks in advance.
>>
>> On the policy server. Here is my serverd.cf started as cf-serverd -v -f
>> serverd.cf
>> My client is to pull all data in /tmp/cfinputs and place them in
>> /var/tmp/input.
>>
>> body common control
>> {
>> bundlesequence => {
>> "access_rules"
>> };
>> }
>>
>> bundle server access_rules()
>> {
>> access:
>> "/tmp/cfinputs"
>> admit => { "169.196.32.158" },
>> deny => { "192.*" };
>> }
>>
>> body server control
>> {
>> allowconnects => { "127.0.0.1" , "169.196.32.158" , "::1" };
>> allowallconnects => { "127.0.0.1" , "169.196.32.158" , "::1" };
>> trustkeysfrom => { "127.0.0.1" , "169.196.32.158" , "::1" };
>>
>> # Make updates and runs happen in one
>>
>> cfruncommand => "$(sys.workdir)/bin/cf-agent -f failsafe.cf &&
>> $(sys.workdir)/bin/cf-agent";
>> allowusers => { "root" };
>> }
>> ============================================
>> ============================================
>>
>> My server is 10.162.73.143
>> my client is 169.196.32.158
>>
>> On the client side, here is my test.cf
>>
>> body common control
>> {
>> bundlesequence => {
>> "example"
>> };
>>
>> }
>> body server control
>> {
>> allowconnects => { "127.0.0.1" , "10.162.73.143", "::1" };
>> allowallconnects => { "127.0.0.1" , "10.162.73.143", "::1" };
>> trustkeysfrom => { "127.0.0.1" , "10.162.73.143", "::1" };
>> }
>>
>> bundle agent example
>> {
>>
>> files:
>>
>> ionapp1dev::
>>
>> "/var/tmp/inputs"
>> "test.cf" 62L, 912C
>> body depth_search recurse1(d)
>> {
>> depth =>"$(d)";
>> exclude_dirs => {"tmp1"};
>> }
>>
>> body perms my_p(p)
>>
>> {
>> mode => "$(p)";
>> }
>>
>>
>> When i run version cf-serverd 3.0.2 everything works fine
>>
>> cf3 Strong authentication of client
>> ionapp1dev.qa.jefco.com/::ffff:169.196.32.158 achieved
>> cf3 Received: [SSYNCH 40] on socket 5
>> cf3 Found a matching rule in access list (/tmp/cfinputs in /tmp/cfinputs)
>> cf3 No root privileges granted
>> cf3 Host ionapp1dev.qa.jefco.com granted access to /tmp/cfinputs
>> cf3 Received: [SOPENDIR 24] on socket 5
>> cf3 Found a matching rule in access list (/tmp/cfinputs in /tmp/cfinputs)
>> cf3 No root privileges granted
>> cf3 Host ionapp1dev.qa.jefco.com granted access to /tmp/cfinputs
>> cf3 Received: [SSYNCH 40] on socket 5
>> cf3 Found a matching rule in access list (/tmp/cfinputs/a in /tmp/cfinputs)
>> cf3 No root privileges granted
>> cf3 Host ionapp1dev.qa.jefco.com granted access to /tmp/cfinputs/a
>> cf3 Received: [SOPENDIR 32] on socket 5
>> cf3 Found a matching rule in access list (/tmp/cfinputs/a in /tmp/cfinputs)
>> cf3 No root privileges granted
>> cf3 Host ionapp1dev.qa.jefco.com granted access to /tmp/cfinputs/a
>>
>>
>> But when i run cf-serverd 3.0.3 it does not get the data
>>
>>
>> cf3 Strong authentication of client
>> ionapp1dev.qa.jefco.com/::ffff:169.196.32.158 achieved
>> cf3 Received: [SSYNCH 40] on socket 6
>> cf3 cfServerd access list is empty, no files are visible
>> cf3 Access control in sync
>> cf3 From (host=ionapp1dev.qa.jefco.com,user=root,ip=::ffff:169.196.32.158)
>> cf3 ID from connecting host: (SYNCH 1267333693 STAT /tmp/cfinputs)
>>
>>
>> Thanks in advance.
>>
>>
>>
>>
>>
>> Jefferies archives and monitors outgoing and incoming e-mail. The
>> contents of this email, including any attachments, are confidential to
>> the ordinary user of the email address to which it was addressed. If you
>> are not the addressee of this email you may not copy, forward, disclose
>> or otherwise use it or any part of it in any form whatsoever. This email
>> may be produced at the request of regulators or in connection with civil
>> litigation. Jefferies accepts no liability for any errors or omissions
>> arising as a result of transmission. Use by other than intended
>> recipients is prohibited. In the United Kingdom, Jefferies operates as
>> Jefferies International Limited; registered in England: no. 1978621;
>> registered office: Vintners Place, 68 Upper Thames Street, London EC4V
>> 3BJ. Jefferies International Limited is authorised and regulated by the
>> Financial Services Authority.
>>
>>
>>
>> _______________________________________________
>> Help-cfengine mailing list
>> Help-cfengine@cfengine.org
>> https://cfengine.org/mailman/listinfo/help-cfengine
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
--
Mark Burgess
-------------------------------------------------
Professor of Network and System Administration
Oslo University College, Norway
Personal Web: http://www.iu.hio.no/~mark
Office Telf : +47 22453272
-------------------------------------------------
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
