I am attempting to bring up an initial installation of 3.1.1 (need to
try 3.1.2 now), but am having trouble with the automatic key exchange
between the server and client. I am running the client on the server as
the first test. Here is a portion of the output of running cf-agent -v:
cf3 No existing connection to 143.207.2.70 is established...
cf3 Set cfengine port number to 5308 = 5308
cf3 Set connection timeout to 10
cf3 -> Connect to 143.207.2.70 = 143.207.2.70 on port 5308
cf3 -> Matched IP 143.207.2.70 to key
MD5=ced9d0e1cecbe9a73e7d72cb28abb856
cf3 -> Going to secondary storage for key
cf3 Couldn't send
cf3 !!! System error for send: "Broken pipe"
cf3 Couldn't send
cf3 !!! System error for send: "Broken pipe"
cf3 Couldn't send
cf3 !!! System error for send: "Broken pipe"
cf3 Challenge response from server 143.207.2.70/143.207.2.70 was
incorrect!
cf3 I: Report relates to a promise with handle ""
cf3 I: Made in version '0.01' of '/var/cfengine/inputs/update.cf' near
line 17
cf3 !! Authentication dialogue with 143.207.2.70 failed
cf3 Unable to establish connection with 143.207.2.70
cf3 -> No suitable server responded to hail
cf3 Promise (version 0.01) belongs to bundle 'update' in file
'/var/cfengine/inputs/update.cf' near line 17
Here is my cf-serverd.conf which I have pieced together from examples
that I have been able to find:
######################################################
#
# cf-serverd.cf
#
#######################################################
body server control
{
skipverify => { "143.207.0.0/22","143.207.5.0/24","143.207.7.0/24" };
allowconnects => { "143.207.0.0/22","143.207.5.0/24","143.207.7.0/24" };
allowallconnects => { "143.207.0.0/22","143.207.5.0/24","143.207.7.0/24" };
trustkeysfrom => { "143.207.0.0/22","143.207.5.0/24","143.207.7.0/24" };
maxconnections => "10";
logallconnections => "true";
allowusers => { "root" };
port => "5308";
# Make updates and runs happen in one
cfruncommand => "$(sys.workdir)/bin/cf-agent -f failsafe.cf &&
$(sys.workdir)/bin/cf-agent";
bundle agent server {
processes:
"cf-serverd"
restart_class => "start_cf_serverd",
comment => "bundle agent serer check if
cf-server is running";
commands:
start_cf_serverd::
"/usr/sbin/cf-serverd",
comment => "bundle agent server restarted the
cf-server";
}
bundle server access_rules {
access:
"${globalset.masterfiles}/"
admit => { "143.207.0.0/16" },
comment => "Access rules to the masterfiles";
"/usr/sbin/cf-agent"
admit => { "${globalset.cfmaster}" },
comment => "Access rules for cf-agent, Only cfmaster is
allpowed";
roles:
".*"
authorize => { "root" },
comment => "It must be root to maintain cfengine";
}
The copy_from that is failing is attempting to get a directory from
"${globalset.masterfiles}/inputs".
I am sure that I am missing something, but not sure what.
And the forum seems to be down pretty much right now.
--
Daniel R. Bidwell | bidw...@andrews.edu
Andrews University | Information Technology Services
If two always agree, one of them is unnecessary
"Friends don't let friends do DOS"
"In theory, theory and practice are the same.
In practice, however, they are not."
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
