Forum: Cfengine Help
Subject: Trustkeys not being shared
Author: elleeseb
Link to topic: https://cfengine.com/forum/read.php?3,17676,17676#msg-17676
I must be missing something, when I try to pull a file from the server to the
client, I get broken pipe, and connection reset by peer. I am trying to follow
the guide as close as possible :). Maybe I am confused on some things...what am
I missing?
Trust keys are being shared to the server (client keys are seen in ppkeys on
server), but I do not see a trust key for the server on the client side.
Server Config (promises.cf)
body common control
{
bundlesequence => { "testbundle" };
}
bundle agent testbundle
{
reports:
linux::
"Hello world";
}
body runagent control
{
hosts => {
"127.0.0.1","10.128.205.118","10.128.205.119"
};
}
body server control
{
allowconnects => { "127.0.0.1","10.128.205.118","10.128.205.119" };
trustkeysfrom => { "127.0.0.1","10.128.205.118","10.128.205.119" };
allowusers => { "root" };
}
bundle server access_rules()
{
access:
"/cfengine/cfengine/"
admit => { "10.128.205.118", "10.128.205.119" };
}
Client Config (promises.cf)
body common control
{
bundlesequence => { "testbundle" };
}
bundle agent testbundle
{
files:
"/tmp/test.txt"
copy_from => remote_cp("/cfengine/cfengine/test.txt","10.128.205.118");
}
body runagent control
{
hosts => {
"127.0.0.1","10.128.205.118","10.128.205.119"
};
}
body server control
{
allowconnects => { "127.0.0.1","10.128.205.118","10.128.205.119" };
trustkeysfrom => { "127.0.0.1","10.128.205.118","10.128.205.119" };
allowusers => { "root" };
}
body copy_from remote_cp(from,server)
{
source => "$(from)";
copy_backup => "true";
purge => "true";
servers => { "$(server)" };
}
Here is the error seen on the client side
cf3 -> Handling file existence constraints on /tmp/test.txt
cf3 -> Copy file /tmp/test.txt from /cfengine/cfengine/test.txt check
cf3 No existing connection to 10.128.205.118 is established...
cf3 Set cfengine port number to 5308 = 5308
cf3 Connect to 10.128.205.118 = 10.128.205.118 on port 5308
cf3 LastSaw host 10.128.205.118 now
cf3 !! Not authorized to trust the server=10.128.205.118's public key
(trustkey=false)
cf3 Promise (version not specified) belongs to bundle 'testbundle' in file
'/var/cfengine/inputs/promises.cf' near line 18
cf3 !! Authentication dialogue with 10.128.205.118 failed
cf3 Unable to establish connection with 10.128.205.118
cf3 No suitable server responded to hail
cf3 Promise (version not specified) belongs to bundle 'testbundle' in file
'/var/cfengine/inputs/promises.cf' near line 18
cf3
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
