Forum: Cfengine Help
Subject: Re: OpenSSL errors on a 3.1.4 MPS
Author: [email protected]
Link to topic: https://cfengine.com/forum/read.php?3,20661,20686#msg-20686
So, this actually wasn't an issue with OpenSSL or with promises.cf. It was the
new caching mechanism introduced in 3.1.3.
Here's my MPS, and the timestamp of cf_promises_validated:
/var/cfengine/masterfiles $ date
Tue Feb 15 12:56:14 PST 2011
/var/cfengine/masterfiles $ ls -l cf_promises_validated
-rw------- 1 root root 0 Feb 5 06:16 cf_promises_validated
Trying to perform a network update from the client, this fails.
# /var/cfengine/bin/cf-agent -I -K -f failsafe.cf
-> Copying from
esv4-cfe-test.corp.linkedin.com:/var/cfengine/masterfiles/generic_cf-agent_policies/config-general/group_manifests_acct_manager/acct-manager.dw.manifest
!! Copy from
esv4-cfe-test.corp.linkedin.com:/var/cfengine/masterfiles/generic_cf-agent_policies/config-general/group_manifests_acct_manager/acct-manager.dw.manifest
failed
!! Transmission refused or failed statting
/var/cfengine/masterfiles/generic_cf-agent_policies/config-general/group_manifests_acct_manager/pkg-manager.jdk.manifest
Got:
!! Transmission refused or failed statting
/var/cfengine/masterfiles/generic_cf-agent_policies/config-general/group_manifests_acct_manager/acct-manager.bi.manifest
Got:
!! Transmission refused or failed statting
/var/cfengine/masterfiles/generic_cf-agent_policies/config-general/group_manifests_acct_manager/acct-manager.hadoop.manifest
Got:
!! Transmission refused or failed statting
/var/cfengine/masterfiles/generic_cf-agent_policies/config-general/group_manifests_acct_manager/pkg-manager.python.manifest
Got:
!! Transmission refused or failed statting
/var/cfengine/masterfiles/generic_cf-agent_policies/config-general/group_manifests_acct_manager/acct-manager.storops.manifest
Got:
!! Transmission refused or failed statting
/var/cfengine/masterfiles/generic_cf-agent_policies/config-general/group_manifests_acct_manager/acct-manager.siteops.manifest
Got:
!! Transmission refused or failed statting
/var/cfengine/masterfiles/generic_cf-agent_policies/config-general/group_manifests_acct_manager/acct-manager.sec.manifest
Got:
!! Transmission refused or failed statting
/var/cfengine/masterfiles/generic_cf-agent_policies/config-general/group_manifests_acct_manager/acct-manager.noc.manifest
Got:
!! Transmission refused or failed statting
/var/cfengine/masterfiles/generic_cf-agent_policies/config-general/group_manifests_acct_manager/acct-manager.sysops.manifest
Looking at the client's timestamp of cf_promises_validated
# ls -l /var/cfengine/masterfiles/cf_promises_validated
-rw------- 1 root root 0 Feb 15 12:54
/var/cfengine/masterfiles/cf_promises_validated
So, lets remove it from the client and try to perform another transfer.
# rm /var/cfengine/masterfiles/cf_promises_validated
# /var/cfengine/bin/cf-agent -I -K -f failsafe.cf
#
Ok, so it looked good? Checking the verbose output, the transfer still fails.
community> -> File /var/cfengine/inputs/cfreport_automated_execution.cf is an
up to date copy of source
community> -> Destination file "/var/cfengine/inputs/verify_splunk_install.cf"
already exists
community> -> File /var/cfengine/inputs/verify_splunk_install.cf is an up to
date copy of source
community> -> Destination file "/var/cfengine/inputs/cron_rolling_snap.cf"
already exists
community> -> File /var/cfengine/inputs/cron_rolling_snap.cf is an up to date
copy of source
community> -> Destination file "/var/cfengine/inputs/upgrade_cfengine.cf"
already exists
community> -> File /var/cfengine/inputs/upgrade_cfengine.cf is an up to date
copy of source
community> ->> Entering /var/cfengine/inputs/config-general
community> ->> Entering
/var/cfengine/inputs/config-general/group_manifests_acct_manager
community> -> Destination file
"/var/cfengine/inputs/config-general/group_manifests_acct_manager/acct-manager.netops.manifest"
already exists
community> -> File
/var/cfengine/inputs/config-general/group_manifests_acct_manager/acct-manager.netops.manifest
is an up to date copy of source
community> Server returned error: Unspecified server refusal (see verbose
server output)
community> !! (Can't stat
/var/cfengine/masterfiles/generic_cf-agent_policies/config-general/group_manifests_acct_manager/acct-manager.dw.manifest)
community> !!! System error for cf_stat: "Operation not permitted"
community> Server returned error: Unspecified server refusal (see verbose
server output)
community> !! (Can't stat
/var/cfengine/masterfiles/generic_cf-agent_policies/config-general/group_manifests_acct_manager/pkg-manager.jdk.manifest)
Removing this from the server, and running again, the network transfer succeeds.
/var/cfengine/masterfiles $ rm cf_promises_validated
# /var/cfengine/bin/cf-agent -I -K -f failsafe.cf
-> Copying from
esv4-cfe-test.corp.linkedin.com:/var/cfengine/masterfiles/generic_cf-agent_policies/config-general/group_manifests_acct_manager/acct-manager.dw.manifest
-> Copying from
esv4-cfe-test.corp.linkedin.com:/var/cfengine/masterfiles/generic_cf-agent_policies/config-general/group_manifests_acct_manager/pkg-manager.jdk.manifest
-> Copying from
esv4-cfe-test.corp.linkedin.com:/var/cfengine/masterfiles/generic_cf-agent_policies/config-general/group_manifests_acct_manager/acct-manager.bi.manifest
-> Copying from
esv4-cfe-test.corp.linkedin.com:/var/cfengine/masterfiles/generic_cf-agent_policies/config-general/group_manifests_acct_manager/acct-manager.hadoop.manifest
-> Copying from
esv4-cfe-test.corp.linkedin.com:/var/cfengine/masterfiles/generic_cf-agent_policies/config-general/group_manifests_acct_manager/pkg-manager.python.manifest
-> Copying from
esv4-cfe-test.corp.linkedin.com:/var/cfengine/masterfiles/generic_cf-agent_policies/config-general/group_manifests_acct_manager/acct-manager.storops.manifest
-> Copying from
esv4-cfe-test.corp.linkedin.com:/var/cfengine/masterfiles/generic_cf-agent_policies/config-general/group_manifests_acct_manager/acct-manager.siteops.manifest
-> Copying from
esv4-cfe-test.corp.linkedin.com:/var/cfengine/masterfiles/generic_cf-agent_policies/config-general/group_manifests_acct_manager/acct-manager.sec.manifest
So, I guess this is a new behavior that you should be aware of.
/var/cfengine/masterfiles/cf_promises_validated on the client and server is
pretty critical for a working network infrastructure.
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
