CFEngine Help: Re: CFEngine Help: multihomed cf-serverd and ipv6

[no-reply]

Forum: CFEngine Help
Subject: Re: CFEngine Help: multihomed cf-serverd and ipv6
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,25049,25057#msg-25057

I think this is the interesting part from the agent:


cf3>  -> Handling file existence constraints on /var/cfengine/inputs/failsafe.cf
cf3>  -> Copy file /var/cfengine/inputs/failsafe.cf from 
/var/cfengine/masterfiles/failsafe.cf check
cf3> No existing connection to 2604:8800:100:111::2 is established...
cf3> Set cfengine port number to 5308 = 5308
cf3> Set connection timeout to 10
cf3>  -> Connect to 2604:8800:100:111::2 = 2604:8800:100:111::2 on port 5308
cf3> skipidentify was promised, so we are trusting and simply announcing the 
identity as (earth.watson-wilson.ca) for this host
cf3>  -> Matched IP 2604:8800:100:111::2 to key 
MD5=49c0d7a71a9ae2003e20c28e40384a3b
cf3> .....................[.h.a.i.l.].................................
cf3> Strong authentication of server=2604:8800:100:111::2 connection confirmed
cf3>  -> Public key identity of host "2604:8800:100:111::2" is 
"MD5=49c0d7a71a9ae2003e20c28e40384a3b"
cf3>  -> Last saw +MD5=49c0d7a71a9ae2003e20c28e40384a3b (alias 
2604:8800:100:111::2) at Mon Feb 27 22:05:34 2012
cf3>  -> Destination file "/var/cfengine/inputs/failsafe.cf" already exists
cf3>  !! Image file /var/cfengine/inputs/failsafe.cf has a wrong 
digest/checksum (should be copy of /var/cfengine/masterfiles/failsafe.cf)
cf3>  -> Updated /var/cfengine/inputs/failsafe.cf from source 
/var/cfengine/masterfiles/failsafe.cf on 2604:8800:100:111::2
cf3>  ?> defining promise result class got_policy
???
cf3> Network access to cleartext 
2604:8800:100:111::2:/var/cfengine/masterfiles/failsafe.cf denied
cf3> Was not able to copy /var/cfengine/masterfiles/failsafe.cf to 
/var/cfengine/inputs/failsafe.cf


The server side:


cf3> Granted access to paths :
cf3> Path: /var/cfengine/masterfiles (encrypt=0)
cf3>    Admit: 2a02:750:11:2::/64 root=
...

cf3> Accepting connection from "2a02:750:11:2::4"
cf3> New connection...(from 2a02:750:11:2::4:sd 4)
cf3> Spawning new thread...
cf3> Allowing root to connect without (re)checking ID
cf3> Non-verified Host ID is 0 (Using skipverify)
cf3> Non-verified User ID seems to be  (Using skipverify)
cf3>  -> Public key identity of host "2a02:750:11:2::4" is 
"MD5=ef79123ca22cbafb2be7ef372dc82c39"
cf3>  -> Last saw -MD5=ef79123ca22cbafb2be7ef372dc82c39 (alias 
2a02:750:11:2::4) at Mon Feb 27 17:03:07 2012
cf3> A public key was already known from 0/2a02:750:11:2::4 - no trust required
cf3> Adding IP 2a02:750:11:2::4 to SkipVerify - no need to check this if we 
have a key
cf3> The public key identity was confirmed as @0
cf3>  -> Strong authentication of client 0/2a02:750:11:2::4 achieved
cf3>  -> Receiving session key from client (size=256)...
cf3> Filename /var/cfengine/masterfiles/failsafe.cf is resolved to 
/var/cfengine/masterfiles/failsafe.cf
cf3> Found a matching rule in access list 
(/var/cfengine/masterfiles/failsafe.cf in /var/cfengine/masterfiles)
cf3> Host 0 granted access to /var/cfengine/masterfiles/failsafe.cf
cf3> Filename /var/cfengine/masterfiles/failsafe.cf is resolved to 
/var/cfengine/masterfiles/failsafe.cf
cf3> Found a matching rule in access list 
(/var/cfengine/masterfiles/failsafe.cf in /var/cfengine/masterfiles)
???
cf3> Host 0 granted access to /var/cfengine/masterfiles/failsafe.cf
cf3> !! Remote user denied right to file 
"/var/cfengine/masterfiles/failsafe.cf" (consider maproot?)
cf3> From (host=0,user=?,ip=2a02:750:11:2::4)
cf3> Couldn't recv
cf3>  !!! System error for recv: "Connection reset by peer"


_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine