Forum: Cfengine Help Subject: Connection reset by peer Author: mwlarsen Link to topic: https://cfengine.com/forum/read.php?3,17728,17728#msg-17728
I'm trying to connect to a client from the server with cf-runagent just to verify they can talk. The IP address on the server is 10.2.0.219 and the client is 10.2.0.220. I manually copied the localhost.pub keys to each host's /var/cfengine/ppkeys/root-10.2.0.2xx.pub. So, 10.2.0.219 has /var/cfengine/ppkeys/root-10.2.0.220.pub (the localhost.pub key that lives on the client, 220) and 10.2.0.220 has /var/cfengine/ppkeys/root-10.2.0.219.pub (the localhost.pub key that lives on the server, 219). So from the server (219) I attempt this: cf-runagent -H 10.2.1.220 -v The output I get is: cf3 ........................................................................... cf3 * Hailing 10.2.1.220 : 5308, with options "" (serial) cf3 ........................................................................... cf3 No existing connection to 10.2.1.220 is established... cf3 Set cfengine port number to 5308 = 5308 cf3 -> Connect to 10.2.1.220 = 10.2.1.220 on port 5308 cf3 LastSaw host 10.2.1.220 now cf3 Loaded /var/cfengine/ppkeys/root-10.2.1.220.pub cf3 .....................[.h.a.i.l.]................................. cf3 Strong authentication of server=10.2.1.220 connection confirmed cf3 !! Unspecified server refusal (see verbose server output)cf3 Couldn't recv cf3 !!! System error for recv: "Connection reset by peer" So I follow the directions and run: serverd -v I get the following: cf3 BUNDLE g cf3 ***************************************************************** cf3 cf3 cf3 ========================================================= cf3 vars in bundle g (0) cf3 ========================================================= cf3 cf3 Skipping whole promise, as context is SuSE cf3 cf3 ***************************************************************** cf3 BUNDLE access_rules cf3 ***************************************************************** cf3 cf3 cf3 ========================================================= cf3 roles in bundle access_rules (0) cf3 ========================================================= cf3 cf3 *********************************************************** cf3 Server control promises.. cf3 *********************************************************** cf3 SET Allowing connections from ... cf3 SET Allowing multiple connections from ... cf3 SET Trust keys from ... cf3 SET cfruncommand = /var/cfengine/bin/cf-agent -f failsafe.cf && /var/cfengine/bin/cf-agent cf3 SET Allowing users ... cf3 cf3 ***************************************************************** cf3 BUNDLE g cf3 ***************************************************************** cf3 cf3 cf3 ***************************************************************** cf3 BUNDLE access_rules cf3 ***************************************************************** cf3 cf3 cf3 ========================================================= cf3 access in bundle access_rules (0) cf3 ========================================================= cf3 cf3 Summarize control promises cf3 -> Host IPs allowed connection access : cf3 .... IP: 127.0.0.1 cf3 .... IP: ::1 cf3 .... IP: 10.2.1.219 cf3 .... IP: 10.2.1.220 cf3 .... IP: 10.2.1.221 cf3 Host IPs denied connection access : cf3 Host IPs allowed multiple connection access : cf3 .... IP: 127.0.0.1 cf3 .... IP: ::1 cf3 .... IP: 10.2.1.219 cf3 .... IP: 10.2.1.220 cf3 .... IP: 10.2.1.221 cf3 Host IPs from whom we shall accept public keys on trust : cf3 .... IP: 127.0.0.1 cf3 .... IP: ::1 cf3 .... IP: 10.2.1.219 cf3 .... IP: 10.2.1.220 cf3 .... IP: 10.2.1.221 cf3 Users from whom we accept connections : cf3 .... USERS: root cf3 .... USERS: autotest cf3 Host IPs from NAT which we don't verify : cf3 Dynamical Host IPs (e.g. DHCP) whose bindings could vary over time : cf3 Could not bind server address cf3 !!! System error for bind: "Address already in use" cf3 Could not bind server address cf3 !!! System error for bind: "Address already in use" cf3 Couldn't open bind an open socket Which, with the exception of the failures to bind, doesn't look particularly alarming. Can anyone shed some light? Thanks. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
