Forum: Cfengine Help
Subject: Re: Making cf-runagent work
Author: jgreer
Link to topic: https://cfengine.com/forum/read.php?3,22525,22621#msg-22621
Sauer,
I don't see a problem with what you're doing (aside from a couple of places
where sed sanitization munged more than it ought to have). I'm doing
essentially the same thing, and I'm able to fire off agent runs by way of
cf-runagent without issue. Divergence between your policy and mine seems
strikes me as innocuous, and your verbose serverd output seems right.
Including relevant bits from my promises.cf, which we use to hail nodes running
the 3.1.2 RPM. Hope this helps you troubleshoot.
-Jessica
bundle common var {
vars:
any::
"yale_networks_connections"
slist => { "130\.132\..*", "172\.28\..*" };
}
body server control {
any::
logallconnections => "true";
maxconnections => "200";
allowusers => { "root" };
allowconnects => { @(var.yale_networks_connections) };
allowallconnects => { @(var.yale_networks_connections) };
cfruncommand => "/var/cfengine/bin/cf-agent";
trustkeysfrom => { @(var.yale_networks_connections) };
}
bundle server access_rules() {
vars:
"yale_networks_access"
slist => { "130\.132\..*", "172\.28\..*" };
access:
any::
"/var/cfengine/bin/cf-agent"
admit => { @(yale_networks_access) };
}
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
