Developers attend this maillist on more or less regular basis, but I can't guarantee their attention was gained by this thread.
The source code for the community edition is available here: http://cfengine.com/pages/source_code You can download it and read (and even adjust for your needs). 2011/7/19 Jerome Yanga <jya...@esri.com>: > Thank you, Seva. > > Are there any links that you can provide for cf-runagent and cf-serverd? > > Do developers see these messages? Or is there another thread that I should > forward this to? > > Regards, > j > > -----Original Message----- > From: Seva Gluschenko [mailto:seva.glusche...@gmail.com] > Sent: Monday, July 18, 2011 3:46 PM > To: Jerome Yanga > Cc: help-cfengine@cfengine.org > Subject: Re: Cfengine Help: Re: Making cf-runagent work > > Well, it seems like remote cf-agent runs its defaults (i.e. > promises.cf). I'm not sure whether cf-runagent is indeed able to alter > bundlesequence. You can call for developers attention or look into > cf-runagent and cf-serverd sources. > > 2011/7/19 Jerome Yanga <jya...@esri.com>: >> Thank you for your recommendation. >> >> >> Here is what I got from the remote host. Correct me if I am wrong, but it >> seems to be running the wrong cf file despite the fact that I have specified >> another. >> >> cf3> -> Accepting a connection >> cf3> Accepting connection from "192.168.1.10" >> cf3> New connection...(from 192.168.1.10:sd 4) >> cf3> Spawning new thread... >> cf3> Allowing 192.168.1.10 to connect without (re)checking ID >> cf3> Non-verified Host ID is node1.cfengine.com (Using skipverify) >> cf3> Non-verified User ID seems to be root (Using skipverify) >> cf3> -> Public key identity of host "192.168.1.10" is >> "MD5=81358344e2a8aa8b599950e58b097d2e" >> cf3> -> Last saw 192.168.1.10 (-MD5=81358344e2a8aa8b599950e58b097d2e) first >> time now >> cf3> -> Going to secondary storage for key >> cf3> -> Going to secondary storage for key >> cf3> A public key was already known from node1.cfengine.com/192.168.1.10 - >> no trust required >> cf3> Adding IP 192.168.1.10 to SkipVerify - no need to check this if we have >> a key >> cf3> The public key identity was confirmed as r...@node1.cfengine.com >> cf3> -> Strong authentication of client node1.cfengine.com/192.168.1.10 >> achieved >> cf3> -> Receiving session key from client (size=256)... >> cf3> User root granted connection privileges >> cf3> Found a matching rule in access list (/usr/local/sbin/cf-agent in >> /usr/local/sbin/cf-agent) >> cf3> Mapping root privileges to access non-root files >> cf3> Host node1.cfengine.com granted access to /usr/local/sbin/cf-agent >> cf3> Examining command string: >> cf3> Executing command /usr/local/sbin/cf-agent --inform >> cf3> -> Writing last-seen observations >> cf3> -> Last saw -MD5=81358344e2a8aa8b599950e58b097d2e (alias 192.168.1.10) >> at Mon Jul 18 15:14:04 2011 >> (noexpiry 1.5 <= 168.0) >> >> Regards, >> j >> >> -----Original Message----- >> From: Seva Gluschenko [mailto:seva.glusche...@gmail.com] >> Sent: Monday, July 18, 2011 3:03 PM >> To: Jerome Yanga >> Cc: help-cfengine@cfengine.org >> Subject: Re: Cfengine Help: Re: Making cf-runagent work >> >> Jerome, >> >> the best way to realize what's going on is to run cf-serverd -v (it >> doesn't fork then and stays in foreground) and then attempt to invoke >> cf-runagent and see server's output. >> >> 2011/7/19 Jerome Yanga <jya...@esri.com>: >>> I am tried this myself and I get the following errors. What am I missing? >>> I have checked all my binaries and none of them are symlinked. >>> >>> cf3> Initiate variable convergence... >>> cf3> SET ignore_missing_bundles true >>> cf3> SET trustkey = 1 >>> cf3> SET encrypt = 1 >>> cf3> -> Matched IP 192.168.1.10 to key MD5=81358344e2a8aa8b599950e58b097d2e >>> cf3> -> Using interactive key trust... >>> cf3> -> Going to secondary storage for key >>> cf3> >>> ........................................................................... >>> cf3> * Hailing node1.cfengine.com : 5308, with options "" (serial) >>> cf3> >>> ........................................................................... >>> cf3> No existing connection to 192.168.1.10 is established... >>> cf3> Set cfengine port number to 5308 = 5308 >>> cf3> Set connection timeout to 10 >>> cf3> -> Connect to node1.cfengine.com = 192.168.1.10 on port 5308 >>> cf3> -> Matched IP 192.168.1.10 to key MD5=81358344e2a8aa8b599950e58b097d2e >>> cf3> -> Going to secondary storage for key >>> cf3> .....................[.h.a.i.l.]................................. >>> cf3> Strong authentication of server=node1.cfengine.com connection confirmed >>> cf3> -> Public key identity of host "192.168.1.10" is >>> "MD5=81358344e2a8aa8b599950e58b097d2e" >>> cf3> -> Last saw 192.168.1.10 (+MD5=81358344e2a8aa8b599950e58b097d2e) >>> first time now >>> cf3> -> Going to secondary storage for key >>> cf3> !! >>> >>> cf3> -> Writing last-seen observations >>> cf3> -> Last saw +MD5=81358344e2a8aa8b599950e58b097d2e (alias >>> 192.168.1.10) at Mon Jul 18 13:45:36 2011 >>> (noexpiry 0.0 <= 168.0) >>> >>> The remote server is running cf-serverd. >>> # ps -ef | grep [s]erverd >>> root 12117 1 0 13:43 ? 00:00:00 cf-serverd -Kf >>> /tmp/templates/copy_local_file_via_cf_runagent.cf.test >>> >>> Cf-runagent was initiated using the following command: >>> # cf-runagent -i -H node1.cfengine.com -nvf >>> /tmp/templates/copy_local_file_via_cf_runagent.cf.test >>> >>> Here is the cf file. >>> >>> # >>> # testing cfengine with following: >>> # copy local file >>> # cf-runagent >>> # >>> body common control >>> { >>> bundlesequence => { "createFile" , "copyLocalFile" }; >>> ignore_missing_bundles => "true"; >>> require_comments => "true"; >>> inputs => { >>> "/var/cfengine/inputs/cfengine_stdlib.cf" }; >>> version => "1.0"; >>> } >>> >>> body server control >>> { >>> allowconnects => { "127.0.0.1" , "192.168.1.10" }; >>> allowallconnects => { "127.0.0.1" , "192.168.1.10" }; >>> trustkeysfrom => { "127.0.0.1" , "192.168.1.10" }; >>> maxconnections => "1024"; >>> hostnamekeys => "true"; >>> logallconnections => "true"; >>> cfruncommand => "/usr/local/sbin/cf-agent"; >>> allowusers => { "root" }; >>> bindtointerface => "192.168.1.12"; >>> } >>> >>> body agent control >>> { >>> verbose => "true"; >>> } >>> >>> bundle agent createFile >>> { >>> files: >>> # >>> # the stanza below creates folders and file if it does not exist >>> # >>> "/tmp/test/create_folder1/create_file4.txt" >>> comment => "create file", >>> perms => mog("755", "root", "root"), >>> create => "true"; >>> >>> "/tmp/test/create_folder1/create_folder2/create_file5.txt" >>> comment => "create file", >>> perms => mog("755", "root", "root"), >>> create => "true"; >>> >>> "/tmp/test/create_folder1/create_folder3/create_file6.txt" >>> comment => "create file", >>> perms => mog("755", "root", "root"), >>> create => "true"; >>> } >>> >>> bundle agent copyLocalFile >>> { >>> files: >>> "/tmp/test/create_folder1/copy_local_file.txt" >>> comment => "copy local file", >>> preserve => "true", >>> copy_from => myLocalCopy("/etc/hosts"); >>> } >>> >>> body copy_from myLocalCopy(from) >>> { >>> source => "$(from)"; >>> } >>> >>> bundle server access_rules >>> { >>> access: >>> "/etc" >>> comment => "define access", >>> admit => { "127.0.0.1" , "192.168.1.10" }, >>> maproot => { "127.0.0.1" , "192.168.1.10" }; >>> >>> "/usr/local/sbin/cf-agent" >>> comment => "provide access to the cf-agent binary", >>> admit => { "127.0.0.1" , "192.168.1.10" }, >>> maproot => { "127.0.0.1" , "192.168.1.10" }; >>> >>> "/tmp/templates/copy_local_file_via_cf_runagent.cf.test" >>> comment => "provide access to the conf file", >>> admit => { "127.0.0.1" , "192.168.1.10" }, >>> maproot => { "127.0.0.1" , "192.168.1.10" }; >>> >>> roles: >>> ".*" >>> comment => "provide access to root", >>> authorize => { "root" }; >>> } >>> >>> body runagent control >>> { >>> hosts => { "192.168.1.10" , "192.168.1.12" }; >>> trustkey => "true"; >>> encrypt => "true"; >>> } >>> >>> Here is the Cfengine version that I am running. >>> >>> # rpm -qa | grep cfengine >>> cfengine-community-3.1.5-1.el5 >>> >>> Regards, >>> j >>> >>> >>> -----Original Message----- >>> From: help-cfengine-boun...@cfengine.org >>> [mailto:help-cfengine-boun...@cfengine.org] On Behalf Of >>> no-re...@cfengine.com >>> Sent: Monday, June 27, 2011 5:06 AM >>> To: help-cfengine@cfengine.org >>> Subject: Cfengine Help: Re: Making cf-runagent work >>> >>> Forum: Cfengine Help >>> Subject: Re: Making cf-runagent work >>> Author: neilhwatson >>> Link to topic: https://cfengine.com/forum/read.php?3,22525,22622#msg-22622 >>> >>> Make sure your access rules are pointing to real locations and not >>> following sym links. >>> >>> _______________________________________________ >>> Help-cfengine mailing list >>> Help-cfengine@cfengine.org >>> https://cfengine.org/mailman/listinfo/help-cfengine >>> >>> _______________________________________________ >>> Help-cfengine mailing list >>> Help-cfengine@cfengine.org >>> https://cfengine.org/mailman/listinfo/help-cfengine >>> >> >> >> >> -- >> SY, Seva Gluschenko. >> >> > > > > -- > SY, Seva Gluschenko. > > -- SY, Seva Gluschenko. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
