Problems with cf-serverd on policy host

Fri, 25 Mar 2011 05:24:35 -0700 

Everyday i get several messages with communication errors with the policy 
server. This is complete random which node reports the problem. The size of 
the cluster is 600 nodes. We use splaytime of 5 minutes so the load is 
spread for the policy server.

Are more people experiencing this problem?

On the server i run cfengine svn version: 1868

This are the errors i receive from the client. Listed with most common 
error as first:
{{{
Protocol transaction broken off (1)
  !!! System reports error for recv: "Connection reset by peer"
I: Made in version '1.3.0' of '/var/lib/cfengine3/inputs/bundles/ssh.cf' 
near line 79
I: Comment: Copy ssh file that does not require a restart
  !! Authentication dialogue with 192.168.144.204 failed

==============

Challenge response from server 192.168.144.204/192.168.144.204 was incorrect!
I: Made in version '1.3.0' of 
'/var/lib/cfengine3/inputs/bundles/system_access.cf' near line 120
I: Comment: Root certifcate of the LDAP cluster hosts
  !! Authentication dialogue with 192.168.144.204 failed

==============

  !! Transmission refused or failed statting /data/cfengine3/config/modules
Got:

}}}

On the server i have these errors:
{{{
Mar 25 06:49:27 bas cf3[9528]:  REFUSAL of request from connecting host: 
(SYNCH 1301032167 STAT /data/cfengine3/config/bundles/torque.cf)
Mar 25 07:01:23 bas cf3[9528]:  Not allowing connection from non-authorized 
IP 192.168.145.21
}}}

A note it would be useful to log the IP-address if there is "REFUSAL of 
request" error.

cf-serverd.cf:

body server control
{

allowconnects         => { "127.0.0.1" , "192.168.144.0/21" };
allowallconnects      => { "127.0.0.1" , "192.168.144.0/21" };
trustkeysfrom         => { "127.0.0.1" , "192.168.144.0/21" };

maxconnections        => "5000";
auditing              => "false";

logallconnections     => "true";
serverfacility        => "LOG_DAEMON";

allowusers            => { "root" };
}

bundle server access_rules()
{
         access:
                 any::
                         "/data/cfengine3"

                                 admit => { "192.168.144.0/21" };
         roles:
                 ".*" authorize => { "root" };
}


-- 
********************************************************************
*  Bas van der Vlies                    e-mail: b...@sara.nl       *
*  SARA - Academic Computing Services   Amsterdam, The Netherlands *
********************************************************************
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine

Reply via email to