Cfengine Help: Re: Cfengine Help: How to configure a client machine to contact the policy server and downloads updates?

[no-reply]

Forum: Cfengine Help
Subject: Re: Cfengine Help: How to configure a client machine to contact the 
policy server and downloads updates?
Author: David Brazzeal
Link to topic: https://cfengine.com/forum/read.php?3,19909,19968#msg-19968

Thanks for your responses! 
On my test policy server, I edited the /var/cfengine/masterfiles/promises.cf 
and added my client’s IP:
allowconnects         => { "127.0.0.1" , "::1", "172.18.160.102" };
allowallconnects      => { "127.0.0.1" , "::1", "172.18.160.102" };
trustkeysfrom         => { "127.0.0.1" , "::1", "172.18.160.102" };

I then ran cf-agent to get the promises file copied from the masterfiles dir to 
the input dir on the policy server.

Now it looks like my key authentication is working. I can tell because I see 
this in my agent log after I run this: cf-agent -v -B -s dbraz17
Strong authentication of server=dbraz17.aafes.com connection confirmed
cf3  -> Public key identity of host "172.18.161.2" is 
"MD5=b95774952d4a8a76b4f43196850afae8"
cf3  -> Last saw 172.18.161.2 (+MD5=b95774952d4a8a76b4f43196850afae8) first 
time now
cf3  -> Going to secondary storage for key

But I’m still seeing this error on my agent:
cf3 Server returned error:  Unspecified server refusal (see verbose server 
output)
cf3 Can't stat /var/cfengine/masterfiles in files.copyfrom promise

In following this:
http://www.cfengine.org/manuals/cf3-tutorial.html#Server-connection
It says this:

“Permission to access something
Your host name or IP address must be mentioned in an access promise inside a 
server bundle, made by the file that you are trying to access.”

Do you have any examples of how that’s done? (What does the access promise look 
like in what file(s) on the policy server?) Should I configure the server to 
give clients access to all files under /var/cfengine/masterfiles?
Am I supposed to expect all files from my policy server’s 
/var/cfengine/masterfiles folder to get copied to my agent’s 
/var/cfengine/input folder?
Thanks!

_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine