Forum: Cfengine Help Subject: Re: Connection reset by peer Author: mwlarsen Link to topic: https://cfengine.com/forum/read.php?3,17728,17745#msg-17745
Nakarin suggested this: https://cfengine.com/forum/read.php?3,17732 My site.cf was stock, it only contained what shipped with the rpm. I didn't expect I'd have to munge the .cf files to get basic communications going, but if that's what it is, it is. Anyway, I added cf-runagent and cfagent to the bundle server access_rules(): bundle server access_rules() { access: "/var/cfengine/bin/cf-runagent" admit => { "127.0.0.1" , "10.2.1.219" , "10.2.1.220" }; "/var/cfengine/bin/cf-agent" admit => { "127.0.0.1" , "10.2.1.219" , "10.2.1.220" }; roles: ".*" authorize => { "autotest" }; } and ran cf-serverd -v from the command line. I went to another ssh session and ran cf-runagent -i, got this: cf3 New connection...(from ::ffff:127.0.0.1/4) cf3 Spawning new thread... cf3 -> No new promises found cf3 -> Waiting at incoming select... cf3 Received: on socket 4 cf3 Allowing 127.0.0.1 to connect without (re)checking ID cf3 Non-verified Host ID is localhost.localdomain (Using skipverify) cf3 Non-verified User ID seems to be root (Using skipverify) cf3 LastSaw host localhost.localdomain now cf3 Received: on socket 4 cf3 Loaded /var/cfengine/ppkeys/root-127.0.0.1.pub cf3 A public key was already known from localhost.localdomain/::ffff:127.0.0.1 - no trust required cf3 Adding IP ::ffff:127.0.0.1 to SkipVerify - no need to check this if we have a key cf3 The public key identity was confirmed as r...@localhost.localdomain cf3 Strong authentication of client localhost.localdomain/::ffff:127.0.0.1 achieved cf3 -> Receiving session key from client (size=256)... cf3 Received: on socket 4 cf3 User root granted connection privileges cf3 Host localhost.localdomain denied access to /var/cfengine/bin/cf-agent cf3 Server refusal due to denied access to requested object cf3 From (host=localhost.localdomain,user=root,ip=::ffff:127.0.0.1) cf3 REFUSAL of request from connecting host: (EXEC ) Any idea why? The rest of the output implies that localhost.localdomain is synonymous with 127.0.0.1, and that's explicitly admitted in site.cf. Also, I don't see it trying to poll my other system for a key, so does cfengine just terminate the attempt on the first failure and not try other defined hosts? _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
