Thank you for your recommendation.
Here is what I got from the remote host. Correct me if I am wrong, but it seems to be running the wrong cf file despite the fact that I have specified another. cf3> -> Accepting a connection cf3> Accepting connection from "192.168.1.10" cf3> New connection...(from 192.168.1.10:sd 4) cf3> Spawning new thread... cf3> Allowing 192.168.1.10 to connect without (re)checking ID cf3> Non-verified Host ID is node1.cfengine.com (Using skipverify) cf3> Non-verified User ID seems to be root (Using skipverify) cf3> -> Public key identity of host "192.168.1.10" is "MD5=81358344e2a8aa8b599950e58b097d2e" cf3> -> Last saw 192.168.1.10 (-MD5=81358344e2a8aa8b599950e58b097d2e) first time now cf3> -> Going to secondary storage for key cf3> -> Going to secondary storage for key cf3> A public key was already known from node1.cfengine.com/192.168.1.10 - no trust required cf3> Adding IP 192.168.1.10 to SkipVerify - no need to check this if we have a key cf3> The public key identity was confirmed as r...@node1.cfengine.com cf3> -> Strong authentication of client node1.cfengine.com/192.168.1.10 achieved cf3> -> Receiving session key from client (size=256)... cf3> User root granted connection privileges cf3> Found a matching rule in access list (/usr/local/sbin/cf-agent in /usr/local/sbin/cf-agent) cf3> Mapping root privileges to access non-root files cf3> Host node1.cfengine.com granted access to /usr/local/sbin/cf-agent cf3> Examining command string: cf3> Executing command /usr/local/sbin/cf-agent --inform cf3> -> Writing last-seen observations cf3> -> Last saw -MD5=81358344e2a8aa8b599950e58b097d2e (alias 192.168.1.10) at Mon Jul 18 15:14:04 2011 (noexpiry 1.5 <= 168.0) Regards, j -----Original Message----- From: Seva Gluschenko [mailto:seva.glusche...@gmail.com] Sent: Monday, July 18, 2011 3:03 PM To: Jerome Yanga Cc: help-cfengine@cfengine.org Subject: Re: Cfengine Help: Re: Making cf-runagent work Jerome, the best way to realize what's going on is to run cf-serverd -v (it doesn't fork then and stays in foreground) and then attempt to invoke cf-runagent and see server's output. 2011/7/19 Jerome Yanga <jya...@esri.com>: > I am tried this myself and I get the following errors. What am I missing? I > have checked all my binaries and none of them are symlinked. > > cf3> Initiate variable convergence... > cf3> SET ignore_missing_bundles true > cf3> SET trustkey = 1 > cf3> SET encrypt = 1 > cf3> -> Matched IP 192.168.1.10 to key MD5=81358344e2a8aa8b599950e58b097d2e > cf3> -> Using interactive key trust... > cf3> -> Going to secondary storage for key > cf3> > ........................................................................... > cf3> * Hailing node1.cfengine.com : 5308, with options "" (serial) > cf3> > ........................................................................... > cf3> No existing connection to 192.168.1.10 is established... > cf3> Set cfengine port number to 5308 = 5308 > cf3> Set connection timeout to 10 > cf3> -> Connect to node1.cfengine.com = 192.168.1.10 on port 5308 > cf3> -> Matched IP 192.168.1.10 to key MD5=81358344e2a8aa8b599950e58b097d2e > cf3> -> Going to secondary storage for key > cf3> .....................[.h.a.i.l.]................................. > cf3> Strong authentication of server=node1.cfengine.com connection confirmed > cf3> -> Public key identity of host "192.168.1.10" is > "MD5=81358344e2a8aa8b599950e58b097d2e" > cf3> -> Last saw 192.168.1.10 (+MD5=81358344e2a8aa8b599950e58b097d2e) first > time now > cf3> -> Going to secondary storage for key > cf3> !! > > cf3> -> Writing last-seen observations > cf3> -> Last saw +MD5=81358344e2a8aa8b599950e58b097d2e (alias 192.168.1.10) > at Mon Jul 18 13:45:36 2011 > (noexpiry 0.0 <= 168.0) > > The remote server is running cf-serverd. > # ps -ef | grep [s]erverd > root 12117 1 0 13:43 ? 00:00:00 cf-serverd -Kf > /tmp/templates/copy_local_file_via_cf_runagent.cf.test > > Cf-runagent was initiated using the following command: > # cf-runagent -i -H node1.cfengine.com -nvf > /tmp/templates/copy_local_file_via_cf_runagent.cf.test > > Here is the cf file. > > # > # testing cfengine with following: > # copy local file > # cf-runagent > # > body common control > { > bundlesequence => { "createFile" , "copyLocalFile" }; > ignore_missing_bundles => "true"; > require_comments => "true"; > inputs => { "/var/cfengine/inputs/cfengine_stdlib.cf" > }; > version => "1.0"; > } > > body server control > { > allowconnects => { "127.0.0.1" , "192.168.1.10" }; > allowallconnects => { "127.0.0.1" , "192.168.1.10" }; > trustkeysfrom => { "127.0.0.1" , "192.168.1.10" }; > maxconnections => "1024"; > hostnamekeys => "true"; > logallconnections => "true"; > cfruncommand => "/usr/local/sbin/cf-agent"; > allowusers => { "root" }; > bindtointerface => "192.168.1.12"; > } > > body agent control > { > verbose => "true"; > } > > bundle agent createFile > { > files: > # > # the stanza below creates folders and file if it does not exist > # > "/tmp/test/create_folder1/create_file4.txt" > comment => "create file", > perms => mog("755", "root", "root"), > create => "true"; > > "/tmp/test/create_folder1/create_folder2/create_file5.txt" > comment => "create file", > perms => mog("755", "root", "root"), > create => "true"; > > "/tmp/test/create_folder1/create_folder3/create_file6.txt" > comment => "create file", > perms => mog("755", "root", "root"), > create => "true"; > } > > bundle agent copyLocalFile > { > files: > "/tmp/test/create_folder1/copy_local_file.txt" > comment => "copy local file", > preserve => "true", > copy_from => myLocalCopy("/etc/hosts"); > } > > body copy_from myLocalCopy(from) > { > source => "$(from)"; > } > > bundle server access_rules > { > access: > "/etc" > comment => "define access", > admit => { "127.0.0.1" , "192.168.1.10" }, > maproot => { "127.0.0.1" , "192.168.1.10" }; > > "/usr/local/sbin/cf-agent" > comment => "provide access to the cf-agent binary", > admit => { "127.0.0.1" , "192.168.1.10" }, > maproot => { "127.0.0.1" , "192.168.1.10" }; > > "/tmp/templates/copy_local_file_via_cf_runagent.cf.test" > comment => "provide access to the conf file", > admit => { "127.0.0.1" , "192.168.1.10" }, > maproot => { "127.0.0.1" , "192.168.1.10" }; > > roles: > ".*" > comment => "provide access to root", > authorize => { "root" }; > } > > body runagent control > { > hosts => { "192.168.1.10" , "192.168.1.12" }; > trustkey => "true"; > encrypt => "true"; > } > > Here is the Cfengine version that I am running. > > # rpm -qa | grep cfengine > cfengine-community-3.1.5-1.el5 > > Regards, > j > > > -----Original Message----- > From: help-cfengine-boun...@cfengine.org > [mailto:help-cfengine-boun...@cfengine.org] On Behalf Of no-re...@cfengine.com > Sent: Monday, June 27, 2011 5:06 AM > To: help-cfengine@cfengine.org > Subject: Cfengine Help: Re: Making cf-runagent work > > Forum: Cfengine Help > Subject: Re: Making cf-runagent work > Author: neilhwatson > Link to topic: https://cfengine.com/forum/read.php?3,22525,22622#msg-22622 > > Make sure your access rules are pointing to real locations and not following > sym links. > > _______________________________________________ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine > > _______________________________________________ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine > -- SY, Seva Gluschenko. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
