I strongly back Seva, you should update to the latest version. You'll have most of your bug corrected and have access to some nice new features that'll ease your use of cfengine
Nicolas On Thu, May 20, 2010 at 6:32 AM, Seva Gluschenko <[email protected]> wrote: > Malcolm, > > Is there any reason to stick with 3.0.2 while 3.0.4p2 is available for > quite a time already? I'd rather suggest you to upgrade the Cfengine. > > 2010/5/20 Malcolm Cowe <[email protected]>: >> Hi, >> >> I'm running CF-Engine 3.0.2, community edition on a grid of around 600 >> systems. We use this for distributing /etc/passwd, et al. and have >> encountered a couple of issues. The most persistent problem we have >> encountered is that the cf-serverd process will segfault at random >> intervals but quite often (several times per day). Load does not appear >> to be a direct factor, since I can force an update and the service will >> usually "survive". >> >> I did try recompiling with "CFLAGS=-D_FORTIFY_SOURCE=0" which has >> improved things but not enough. Currently I'm running a cron job to >> check to see if the service is running as a hold-over until I can check >> a new version. Does this tally with anyone else's experience? I can send >> the configuration if that is of use. >> >> The second issue occurred yesterday on a client system that was under >> heavy load. The cf-agent service failed with the following error: >> >> May 19 05:30:59 n123 cf-agent: Can't stat new file /etc/passwd.cfnew >> May 19 05:30:59 n123 cf-agent: !!! System error for stat: "No such >> file or directory" >> May 19 05:30:59 n123 cf-agent: Unknown user root >> May 19 05:30:59 n123 last message repeated 15 times >> May 19 05:31:25 n123 sshd[6098]: fatal: Privilege separation user sshd >> does not exist >> >> In itself, the fact that cf-agent can't find the newly downloaded file >> is a bit worrying but, by itself, survivable. However, it appears that >> the password file was itself deleted during this run as we were unable >> to login to the system and some services on the host were impacted. Now, >> quite aside from the merits or otherwise of using cf-engine to >> distribute identity information in this way, it seems that there might >> be cases where a file can be removed even though the updated (.cfnew) >> file is not available (I distribute other non-identity related updates >> using a similar mechanism). I have not been able to reproduce this case >> at all, and the system healed itself once the system returned to an idle >> state. >> >> I am already looking into alternatives to distributing /etc/passwd, >> shadow and company throughout the grid while still using file based >> authentication. But I think there is a more general problem here with >> the copy_from method I use which is why I've written to the list. >> >> Any guidance greatly appreciated. >> >> Regards, >> >> Malcolm. >> _______________________________________________ >> Help-cfengine mailing list >> [email protected] >> https://cfengine.org/mailman/listinfo/help-cfengine >> > > > > -- > SY, Seva Gluschenko. > _______________________________________________ > Help-cfengine mailing list > [email protected] > https://cfengine.org/mailman/listinfo/help-cfengine > _______________________________________________ Help-cfengine mailing list [email protected] https://cfengine.org/mailman/listinfo/help-cfengine
