Malcolm, Is there any reason to stick with 3.0.2 while 3.0.4p2 is available for quite a time already? I'd rather suggest you to upgrade the Cfengine.
2010/5/20 Malcolm Cowe <[email protected]>: > Hi, > > I'm running CF-Engine 3.0.2, community edition on a grid of around 600 > systems. We use this for distributing /etc/passwd, et al. and have > encountered a couple of issues. The most persistent problem we have > encountered is that the cf-serverd process will segfault at random > intervals but quite often (several times per day). Load does not appear > to be a direct factor, since I can force an update and the service will > usually "survive". > > I did try recompiling with "CFLAGS=-D_FORTIFY_SOURCE=0" which has > improved things but not enough. Currently I'm running a cron job to > check to see if the service is running as a hold-over until I can check > a new version. Does this tally with anyone else's experience? I can send > the configuration if that is of use. > > The second issue occurred yesterday on a client system that was under > heavy load. The cf-agent service failed with the following error: > > May 19 05:30:59 n123 cf-agent: Can't stat new file /etc/passwd.cfnew > May 19 05:30:59 n123 cf-agent: !!! System error for stat: "No such > file or directory" > May 19 05:30:59 n123 cf-agent: Unknown user root > May 19 05:30:59 n123 last message repeated 15 times > May 19 05:31:25 n123 sshd[6098]: fatal: Privilege separation user sshd > does not exist > > In itself, the fact that cf-agent can't find the newly downloaded file > is a bit worrying but, by itself, survivable. However, it appears that > the password file was itself deleted during this run as we were unable > to login to the system and some services on the host were impacted. Now, > quite aside from the merits or otherwise of using cf-engine to > distribute identity information in this way, it seems that there might > be cases where a file can be removed even though the updated (.cfnew) > file is not available (I distribute other non-identity related updates > using a similar mechanism). I have not been able to reproduce this case > at all, and the system healed itself once the system returned to an idle > state. > > I am already looking into alternatives to distributing /etc/passwd, > shadow and company throughout the grid while still using file based > authentication. But I think there is a more general problem here with > the copy_from method I use which is why I've written to the list. > > Any guidance greatly appreciated. > > Regards, > > Malcolm. > _______________________________________________ > Help-cfengine mailing list > [email protected] > https://cfengine.org/mailman/listinfo/help-cfengine > -- SY, Seva Gluschenko. _______________________________________________ Help-cfengine mailing list [email protected] https://cfengine.org/mailman/listinfo/help-cfengine
