Forum: CFEngine Help
Subject: Re: Server issue
Author: sreejithpoothu
Link to topic: https://cfengine.com/forum/read.php?3,24844,24855#msg-24855
After killing the instance i run cf-serverd -v ,i am getting this output
cf3> Cfengine - autonomous configuration engine - commence self-diagnostic
prelude
cf3> ------------------------------------------------------------------------
cf3> Work directory is /var/cfengine
cf3> Making sure that locks are private...
cf3> Checking integrity of the state database
cf3> Checking integrity of the module directory
cf3> Checking integrity of the PKI directory
cf3> Looking for a source of entropy in /var/cfengine/randseed
cf3> -> Loaded private key /var/cfengine/ppkeys/localhost.priv
cf3> -> Loaded public key /var/cfengine/ppkeys/localhost.pub
cf3> Setting cfengine default port to 5308 = 5308
cf3> Reference time set to Thu Feb 16 01:39:52 2012
cf3> CFEngine Core 3.2.1
cf3> ------------------------------------------------------------------------
cf3> Host name is: cf-server
cf3> Operating System Type is linux
cf3> Operating System Release is 2.6.32-71.el6.i686
cf3> Architecture = i686
cf3> Using internal soft-class linux for host cf-server
cf3> The time is now Thu Feb 16 01:39:52 2012
cf3> ------------------------------------------------------------------------
cf3> # Extended system discovery is only available in version Nova and above
cf3> Additional hard class defined as: 32_bit
cf3> Additional hard class defined as: linux_2_6_32_71_el6_i686
cf3> Additional hard class defined as: linux_i686
cf3> Additional hard class defined as: linux_i686_2_6_32_71_el6_i686
cf3> GNU autoconf class from compile time: compiled_on_linux_gnu
cf3> Address given by nameserver: 10.1.1.199
cf3> Interface 1: lo
cf3> Interface 2: eth2
cf3> Trying to locate my IPv6 address
cf3> Found IPv6 address fe80::b01d:56ff:fe17:3a66
cf3> Looking for environment from cf-monitord...
cf3> Loading environment...
cf3> Environment data loaded
cf3> This appears to be a redhat (or redhat-based) system.
cf3> Looking for redhat linux info in "CentOS Linux release 6.0 (Final)"
cf3> ***********************************************************
cf3> Loading persistent classes
cf3> ***********************************************************
cf3> ***********************************************************
cf3> Loaded persistent memory
cf3> ***********************************************************
cf3> -> Found a policy server (hub) on 10.1.1.199
cf3> -> Policy is already validated
cf3> > Parsing file /var/cfengine/inputs/promises.cf
cf3> Initiate variable convergence...
cf3> > Parsing file /var/cfengine/inputs/cfengine_stdlib.cf
cf3> Initiate variable convergence...
cf3> Initiate variable convergence...
cf3> # Knowledge map reporting feature is only available in version Nova and
above
cf3> -> Defined classes = { 10_1_1_199 32_bit Day16 February GMT_Hr20 Hr01
Hr01_Q3 Lcycle_2 Min35_40 Min39 Night PK_MD5_c2005eacd4ee878b0eab0ddbb001762e
Q3 Thursday Yr2012 any centos centos_6 centos_6_0 cf_server cfengine cfengine_3
cfengine_3_2 cfengine_3_2_1 community_edition compiled_on_linux_gnu
diskfree_high_normal entropy_cfengine_in_low entropy_dns_in_low
entropy_dns_out_low entropy_ftp_in_low entropy_ftp_out_low entropy_icmp_in_low
entropy_icmp_out_low entropy_irc_in_low entropy_irc_out_low entropy_misc_in_low
entropy_misc_out_low entropy_netbiosdgm_in_low entropy_netbiosdgm_out_low
entropy_netbiosns_in_low entropy_netbiosns_out_low entropy_netbiosssn_in_low
entropy_netbiosssn_out_low entropy_nfsd_in_low entropy_nfsd_out_low
entropy_smtp_in_low entropy_smtp_out_low entropy_ssh_out_low
entropy_tcpack_in_low entropy_tcpack_out_low entropy_tcpfin_in_low
entropy_tcpfin_out_low entropy_tcpsyn_in_low entropy_tcpsyn_out_low
entropy_udp_in_low entropy_udp_out_low entropy_www
_in_low entropy_wwws_in_low entropy_wwws_out_low fe80__b01d_56ff_fe17_3a66
i686 ipv4_10 ipv4_10_1 ipv4_10_1_1 ipv4_10_1_1_199 linux
linux_2_6_32_71_el6_i686 linux_i686 linux_i686_2_6_32_71_el6_i686
linux_i686_2_6_32_71_el6_i686__1_SMP_Fri_Nov_12_04_17_17_GMT_2010 localhost6
localhost6_localdomain6 messages_low_normal net_iface_eth2
otherprocs_high_normal redhat rootprocs_high_normal server undefined_domain
verbose_mode }
cf3> -> Negated Classes = { }
cf3> Initiate variable convergence...
cf3> -> Additional class defined: am_policy_hub
cf3>
cf3> *****************************************************************
cf3> BUNDLE def
cf3> *****************************************************************
cf3>
cf3>
cf3> =========================================================
cf3> vars in bundle def (0)
cf3> =========================================================
cf3>
cf3>
cf3> *****************************************************************
cf3> BUNDLE access_rules
cf3> *****************************************************************
cf3>
cf3> ***********************************************************
cf3> Server control promises..
cf3> ***********************************************************
cf3> SET denybadclocks = 0
cf3> SET Allowing connections from ...
cf3> SET Allowing multiple connections from ...
cf3> SET Trust keys from ...
cf3> SET Skip verify connections from ...
cf3> SET Allowing users ...
cf3> SET cfruncommand = "/var/cfengine/bin/cf-agent"
cf3>
cf3> *****************************************************************
cf3> BUNDLE def
cf3> *****************************************************************
cf3>
cf3>
cf3> *****************************************************************
cf3> BUNDLE access_rules
cf3> *****************************************************************
cf3>
cf3>
cf3> =========================================================
cf3> access in bundle access_rules (0)
cf3> =========================================================
cf3>
cf3>
cf3> =========================================================
cf3> roles in bundle access_rules (0)
cf3> =========================================================
cf3>
cf3> Summarize control promises
cf3> Granted access to paths :
cf3> Path: /var/cfengine/masterfiles (encrypt=0)
cf3> Admit: 10.1.1.199/16 root=
cf3> Admit: .*example.com root=
cf3> Denied access to paths :
cf3> Path: /var/cfengine/masterfiles
cf3> -> Host IPs allowed connection access :
cf3> .... IP: 127.0.0.1
cf3> .... IP: 10.1.1.200
cf3> .... IP: ::1
cf3> .... IP: 10.1.1.199/16
cf3> Host IPs denied connection access :
cf3> Host IPs allowed multiple connection access :
cf3> .... IP: 127.0.0.1
cf3> .... IP: 10.1.1.200
cf3> .... IP: ::1
cf3> .... IP: 10.1.1.199/16
cf3> Host IPs from whom we shall accept public keys on trust :
cf3> .... IP: 127.0.0.1
cf3> .... IP: 10.1.1.200
cf3> .... IP: ::1
cf3> .... IP: 10.1.1.199/16
cf3> Users from whom we accept connections :
cf3> .... USERS: root
cf3> Host IPs from NAT which we don't verify :
cf3> .... IP: .*example.com
cf3> .... IP: 127.0.0.1
cf3> .... IP: ::1
cf3> .... IP: 10.1.1.199/16
cf3> Dynamical Host IPs (e.g. DHCP) whose bindings could vary over time :
cf3> Lock
lock.internal_bundle.server_cfengine.handle.-cf-server.the_server_daemon_5241_MD5=ebe46fded6b26976480ef3259902d26e
expired (after 71/1 minutes)
cf3> Trying to kill expired process, pid 1282
cf3> Listening for connections ...
cf3> -> Accepting a connection
cf3> Accepting connection from "10.1.1.200"
cf3> New connection...(from 10.1.1.200:sd 4)
cf3> Spawning new thread...
cf3> Allowing 10.1.1.200 to connect without (re)checking ID
cf3> Non-verified Host ID is cfclient (Using skipverify)
cf3> Non-verified User ID seems to be root (Using skipverify)
cf3> -> Public key identity of host "10.1.1.200" is
"MD5=b57d8e0741d6a4dfac41cd84e6cb6e98"
cf3> -> Last saw -MD5=b57d8e0741d6a4dfac41cd84e6cb6e98 (alias 10.1.1.200) at
Thu Feb 16 01:40:15 2012
cf3> A public key was already known from cfclient/10.1.1.200 - no trust required
cf3> Adding IP 10.1.1.200 to SkipVerify - no need to check this if we have a key
cf3> The public key identity was confirmed as root@cfclient
cf3> -> Strong authentication of client cfclient/10.1.1.200 achieved
cf3> -> Receiving session key from client (size=256)...
cf3> Filename /srv/cf-serverd/inputs is resolved to /srv/cf-serverd/inputs
cf3> Host cfclient denied access to /srv/cf-serverd/inputs
cf3> Access control in sync
cf3> From (host=cfclient,user=root,ip=10.1.1.200)
cf3> REFUSAL of request from connecting host: (SYNCH 1329336616 STAT
/srv/cf-serverd/inputs)
cf3> -> Accepting a connection
cf3> Accepting connection from "10.1.1.199"
cf3> New connection...(from 10.1.1.199:sd 4)
cf3> Spawning new thread...
cf3> Allowing 10.1.1.199 to connect without (re)checking ID
cf3> Non-verified Host ID is cf-server (Using skipverify)
cf3> Non-verified User ID seems to be root (Using skipverify)
cf3> -> Public key identity of host "10.1.1.199" is
"MD5=c2005eacd4ee878b0eab0ddbb001762e"
cf3> -> Last saw -MD5=c2005eacd4ee878b0eab0ddbb001762e (alias 10.1.1.199) at
Thu Feb 16 01:40:33 2012
cf3> A public key was already known from cf-server/10.1.1.199 - no trust
required
cf3> Adding IP 10.1.1.199 to SkipVerify - no need to check this if we have a key
cf3> The public key identity was confirmed as root@cf-server
cf3> -> Strong authentication of client cf-server/10.1.1.199 achieved
cf3> -> Receiving session key from client (size=256)...
cf3> Filename /srv/cf-serverd/inputs is resolved to /srv/cf-serverd/inputs
cf3> Host cf-server denied access to /srv/cf-serverd/inputs
cf3> Access control in sync
cf3> From (host=cf-server,user=root,ip=10.1.1.199)
cf3> REFUSAL of request from connecting host: (SYNCH 1329336633 STAT
/srv/cf-serverd/inputs)
cf3> -> Accepting a connection
cf3> Accepting connection from "10.1.1.200"
cf3> New connection...(from 10.1.1.200:sd 4)
cf3> Spawning new thread...
cf3> Allowing 10.1.1.200 to connect without (re)checking ID
cf3> Non-verified Host ID is cfclient (Using skipverify)
cf3> Non-verified User ID seems to be root (Using skipverify)
cf3> -> Public key identity of host "10.1.1.200" is
"MD5=b57d8e0741d6a4dfac41cd84e6cb6e98"
cf3> -> Last saw -MD5=b57d8e0741d6a4dfac41cd84e6cb6e98 (alias 10.1.1.200) at
Thu Feb 16 01:45:16 2012
cf3> A public key was already known from cfclient/10.1.1.200 - no trust required
cf3> Adding IP 10.1.1.200 to SkipVerify - no need to check this if we have a key
cf3> The public key identity was confirmed as root@cfclient
cf3> -> Strong authentication of client cfclient/10.1.1.200 achieved
cf3> -> Receiving session key from client (size=256)...
cf3> Filename /srv/cf-serverd/inputs is resolved to /srv/cf-serverd/inputs
cf3> Host cfclient denied access to /srv/cf-serverd/inputs
cf3> Access control in sync
cf3> From (host=cfclient,user=root,ip=10.1.1.200)
cf3> REFUSAL of request from connecting host: (SYNCH 1329336917 STAT
/srv/cf-serverd/inputs)
cf3> -> Accepting a connection
cf3> Accepting connection from "10.1.1.199"
cf3> New connection...(from 10.1.1.199:sd 4)
cf3> Spawning new thread...
cf3> Allowing 10.1.1.199 to connect without (re)checking ID
cf3> Non-verified Host ID is cf-server (Using skipverify)
cf3> Non-verified User ID seems to be root (Using skipverify)
cf3> -> Public key identity of host "10.1.1.199" is
"MD5=c2005eacd4ee878b0eab0ddbb001762e"
cf3> -> Last saw -MD5=c2005eacd4ee878b0eab0ddbb001762e (alias 10.1.1.199) at
Thu Feb 16 01:45:48 2012
cf3> A public key was already known from cf-server/10.1.1.199 - no trust
required
cf3> Adding IP 10.1.1.199 to SkipVerify - no need to check this if we have a key
cf3> The public key identity was confirmed as root@cf-server
cf3> -> Strong authentication of client cf-server/10.1.1.199 achieved
cf3> -> Receiving session key from client (size=256)...
cf3> Filename /srv/cf-serverd/inputs is resolved to /srv/cf-serverd/inputs
cf3> Host cf-server denied access to /srv/cf-serverd/inputs
cf3> Access control in sync
cf3> From (host=cf-server,user=root,ip=10.1.1.199)
cf3> REFUSAL of request from connecting host: (SYNCH 1329336948 STAT
/srv/cf-serverd/inputs)
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
