Also make sure the port 5308 is open on the server/client to talk to
"itself".
deb
On 12/10/10 7:00 AM, Daniel Bidwell wrote:
> I am attempting to bring up an initial installation of 3.1.1 (need to
> try 3.1.2 now), but am having trouble with the automatic key exchange
> between the server and client. I am running the client on the server as
> the first test. Here is a portion of the output of running cf-agent -v:
>
> cf3 No existing connection to 143.207.2.70 is established...
> cf3 Set cfengine port number to 5308 = 5308
> cf3 Set connection timeout to 10
> cf3 -> Connect to 143.207.2.70 = 143.207.2.70 on port 5308
> cf3 -> Matched IP 143.207.2.70 to key
> MD5=ced9d0e1cecbe9a73e7d72cb28abb856
> cf3 -> Going to secondary storage for key
> cf3 Couldn't send
> cf3 !!! System error for send: "Broken pipe"
> cf3 Couldn't send
> cf3 !!! System error for send: "Broken pipe"
> cf3 Couldn't send
> cf3 !!! System error for send: "Broken pipe"
> cf3 Challenge response from server 143.207.2.70/143.207.2.70 was
> incorrect!
> cf3 I: Report relates to a promise with handle ""
> cf3 I: Made in version '0.01' of '/var/cfengine/inputs/update.cf' near
> line 17
> cf3 !! Authentication dialogue with 143.207.2.70 failed
> cf3 Unable to establish connection with 143.207.2.70
> cf3 -> No suitable server responded to hail
> cf3 Promise (version 0.01) belongs to bundle 'update' in file
> '/var/cfengine/inputs/update.cf' near line 17
>
> Here is my cf-serverd.conf which I have pieced together from examples
> that I have been able to find:
>
> ######################################################
> #
> # cf-serverd.cf
> #
> #######################################################
>
> body server control
>
> {
> skipverify => {
> "143.207.0.0/22","143.207.5.0/24","143.207.7.0/24" };
> allowconnects => {
> "143.207.0.0/22","143.207.5.0/24","143.207.7.0/24" };
> allowallconnects => {
> "143.207.0.0/22","143.207.5.0/24","143.207.7.0/24" };
> trustkeysfrom => {
> "143.207.0.0/22","143.207.5.0/24","143.207.7.0/24" };
>
> maxconnections => "10";
> logallconnections => "true";
> allowusers => { "root" };
> port => "5308";
>
> # Make updates and runs happen in one
>
> cfruncommand => "$(sys.workdir)/bin/cf-agent -f failsafe.cf&&
> $(sys.workdir)/bin/cf-agent";
>
> bundle agent server {
> processes:
> "cf-serverd"
> restart_class => "start_cf_serverd",
> comment => "bundle agent serer check if
> cf-server is running";
>
> commands:
> start_cf_serverd::
> "/usr/sbin/cf-serverd",
> comment => "bundle agent server restarted the
> cf-server";
> }
>
> bundle server access_rules {
> access:
> "${globalset.masterfiles}/"
> admit => { "143.207.0.0/16" },
> comment => "Access rules to the masterfiles";
> "/usr/sbin/cf-agent"
> admit => { "${globalset.cfmaster}" },
> comment => "Access rules for cf-agent, Only
> cfmaster is allpowed";
> roles:
> ".*"
> authorize => { "root" },
> comment => "It must be root to maintain cfengine";
> }
>
>
> The copy_from that is failing is attempting to get a directory from
> "${globalset.masterfiles}/inputs".
>
> I am sure that I am missing something, but not sure what.
>
> And the forum seems to be down pretty much right now.
--
Deb Heller-Evans 1 Cyclotron Road
Computer Systems Engineer Berkeley, CA 94720
ESnet http://www.es.net/ Desk: 510/495-2243
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
