Forum: CFEngine Help Subject: Authentication dialogue failed, After upgrade to 3.2.0 Author: ryanwilliams Link to topic: https://cfengine.com/forum/read.php?3,23248,23248#msg-23248
I used yum to upgrade a client from cfengine-commuinity-3.1.5 to cfengine-community-3.2.0 Now my client(s) refuses to download the masterfiles from the server. # cf-agent -K -f failsafe.cf !! Not authorized to trust the server=172.17.0.28's public key (trustkey=false) !! Authentication dialogue with 172.17.0.28 failed If i set trustkey => "true", and run the client again it works. If i then remove trustkey the client continues to work as expected. However I beleive that the client should already trust the servers key as the servers key is already present in ppkeys and the yum installation did not alter any keys or the file or directory permissions for anything in ppkeys. To try and work out what happened, on the client I created a backup of /var/cfengine, executed cf-agent with trustkey set to true and then ran a diff between /var/cfengine.bak and /var/cfengine It appears that only the following files were modified: cfengine/cf_classes.tcdb cfengine/cf_lastseen.tcdb cfengine/performance.tcdb cfengine/promise_summary.log cfengine/state/allclasses.txt cfengine/state/cf_otherprocs cfengine/state/cf_procs cfengine/state/cf_rootprocs On another client which was previously working with 3.1.5 I upgraded it to 3.2.0, deleted all of the files listed above and tried running the agent leaving trustkey disabled. It also failed with the same error. What am i missing here? Clients fail to update unless I enable trustkey, but after the first run with trustkey => "true" there don't appear to be any changes to the content of /var/cfengine. Obviously I'd like to be able to use yum to upgrade my clients and still have them contact the server afterwards. I'm running CentOS_x86_64, any ideas welcome. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
