On 20/06/11 09:22, no-re...@cfengine.com wrote: > Forum: Cfengine Help > Subject: Making cf-runagent work > Author: sauer > Link to topic: https://cfengine.com/forum/read.php?3,22525,22525#msg-22525 > > So, I've given up on the manual. I'm not sure what I'm missing to make > cf-runagent actually work. I have a test server running cf-serverd with the > folowing config. I've run the config and the cf-serverd through a sed filter > (replacing hostnames/IP addresses) to keep the lawyers happy. I've done the > key exchange, and that appears to work, but I'm clearly missing a critical > component required to allow running the command. I don't know if I've messed > up a regex or if I'm just completely missing the boat somewhere. I've tried > removing the escapes on the IP addresses and using netmasks (/8 and /32, as > relevant) to no avail. Here's the cf-runagent output, the server > configuration, and the server output. Can someone who's made this work let > me know what dumb mistake I'm making (and make a suggestion for helping the > documentation)? :) > > cf-runagent - Open Source 3.0.4 and 3.1.5 behave the same > cf-serverd - Open Source 3.1.5 from cfengine-provided RPM > > runagent: > > $ sudo cf-runagent -i -H testserver -n > sf_cf3 !! Unspecified server refusal (see verbose server output)
> myprefix> Path: "/var/cfengine/bin/cf-agent" > myprefix> Path: /opt/security/cfconf > myprefix> Path: /opt/security/gathered_keys > myprefix> -> Host IPs allowed connection access : > myprefix> .... IP: 127\.0\.0\.1 > myprefix> .... IP: \:\:1 > myprefix> .... IP: 1\..* > myprefix> .... IP: .*\.domain\.org ... > myprefix> Host host.domain.org denied access to /var/cfengine/bin/cf-agent > myprefix> Server refusal due to denied access to requested object > myprefix> From (host=host.domain.org,user=root,ip=1.2.3.4) > myprefix> REFUSAL of request from connecting host: (EXEC ) My guess is that it is to do with the escapes. I think something changed between 3.1.2 (which Jessica says works with this exact config), and 3.1.4 or 3.1.5. I just specify the hostname with no escapes, and it's get access. Jonathan -- ========================================== Jonathan CLARKE CTO - Directeur technique ------------------------------------------ Normation 44 rue Cauchy, 94110 Arcueil, France ------------------------------------------ Telephone: +33 (0)1 83 62 41 24 ------------------------------------------ Web: http://www.normation.com/ ========================================== _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
