Forum: CFEngine Help
Subject: Re: Possible to encrypt and decrypt files with CFEngine keys
Author: nickanderson
Link to topic: https://cfengine.com/forum/read.php?3,26508,26509#msg-26509
I don't have an answer specific to your question. But I would like to point out
that you can use the en
Forum: CFEngine Help
Subject: Possible to encrypt and decrypt files with CFEngine keys
Author: tc1210id
Link to topic: https://cfengine.com/forum/read.php?3,26508,26508#msg-26508
I need to encrypt files on my hub then have a promise to move the file and
decrypt it on the client systems. I
Forum: CFEngine Help
Subject: Re: cf-serverd seems to be allowing connects from system w/new keys
Author: dhubler
Link to topic: https://cfengine.com/forum/read.php?3,26443,26449#msg-26449
I removed the public half from the server and regenerated a new public and
private pair on the remote
Forum: CFEngine Help
Subject: Re: cf-serverd seems to be allowing connects from system w/new keys
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,26443,26447#msg-26447
Did you remove the key from the client or the server or both? cf-key can be
used to remote keys IIRC
Forum: CFEngine Help
Subject: Re: cf-serverd seems to be allowing connects from system w/new keys
Author: dhubler
Link to topic: https://cfengine.com/forum/read.php?3,26443,26446#msg-26446
Here's my ACL
body server control {
skipverify => { ".*" };
allowconnects => {
Forum: CFEngine Help
Subject: Re: cf-serverd seems to be allowing connects from system w/new keys
Author: mark
Link to topic: https://cfengine.com/forum/read.php?3,26443,26445#msg-26445
Hey Douglas, you probably have the "trustkey" settings switched on with a broad
ACL. These should n
Forum: CFEngine Help
Subject: Re: cf-serverd seems to be allowing connects from system w/new keys
Author: dhubler
Link to topic: https://cfengine.com/forum/read.php?3,26443,26444#msg-26444
I forgot to mention, I'm using cfengine 3.3.4 on CentOS 6/64 bit with recent
yum u
Forum: CFEngine Help
Subject: cf-serverd seems to be allowing connects from system w/new keys
Author: dhubler
Link to topic: https://cfengine.com/forum/read.php?3,26443,26443#msg-26443
My cf-serverd seems to be automatically accepting all ssl keys from machines,
not just the first time.
I have
On 15/06/12 16:32, Neil Watson wrote:
>> It's set to true, in fact. One clarification though: are you suggesting
>> >to remove/comment out the directive, or to set it to false?
> Remove/comment it.
OK, thanks. I'll test it immediately!
>> >When I'll put these policies in production, they'll have
On Fri, Jun 15, 2012 at 04:26:04PM +0200, Marco Marongiu wrote:
>It's set to true, in fact. One clarification though: are you suggesting
>to remove/comment out the directive, or to set it to false?
Remove/comment it.
>When I'll put these policies in production, they'll have the grateful
>task to
On 15/06/12 16:20, Neil Watson wrote:
> This is slightly similar to a bug I saw when using IPV6. The trouble
> for me was skipidentify. If you have skipidentify => "true"; somewhere
> in your policy try removing it.
It's set to true, in fact. One clarification though: are you suggesting
to remov
This is slightly similar to a bug I saw when using IPV6. The trouble
for me was skipidentify. If you have skipidentify => "true"; somewhere
in your policy try removing it.
https://cfengine.com/bugtracker/view.php?id=988
>cf3> -> !! Package "puppet" cannot be verified -- no match
>cf3> -> !! P
On 14/06/12 20:23, no-re...@cfengine.com wrote:
> Marco, could you post the verbose output of cf-runagent, maybe we can
> get a clue what's going on from there.
That happened again, finally, and examining the output I found at least
one strangeness.
The file in attachment is a copy & paste from a
Forum: CFEngine Help
Subject: Re: cf-runagent and keys
Author: zzamboni
Link to topic: https://cfengine.com/forum/read.php?3,26210,26214#msg-26214
Marco, could you post the verbose output of cf-runagent, maybe we can get a
clue what's going on from
Hi all
I have a strange problem with cf-runagent. I am pretty sure that it's my
fault but I can't see what I am doing wrong.
I want to be able to run cf-runagent on the policy host and request
clients to perform certain actions (either run cf-agent, plain, or run
it with certain classes defined,
On Thu, May 10, 2012 at 03:08:52PM +0200, Mikhail Gusarov wrote:
>cf-key -r will complain if no keys are found, but first it removes the entry
>from lastseen database.
Could this have anything to do with hostseen/lastseen not working
properly at the moment? https://cfengine.com/bugt
Forum: CFEngine Help
Subject: Re: CFEngine Help: How do I delete old keys? help - newbie :)
Author: Arthur333
Link to topic: https://cfengine.com/forum/read.php?3,25871,25880#msg-25880
Ok no problem, will do - thanks again for your help
___
Help
On 05/10/2012 03:29 PM, no-re...@cfengine.com wrote:
> Nope it leaves the entry there, I'm using Tokyocabinet as my DB, is this the
> preferred DB? maybe a DB bug
I'd predict it's a problem with recent DB backend overhaul. Please file a bug
in
bug tracker and attach your cf_lastseen.tcdb f
Forum: CFEngine Help
Subject: Re: CFEngine Help: How do I delete old keys? help - newbie :)
Author: Arthur333
Link to topic: https://cfengine.com/forum/read.php?3,25871,25878#msg-25878
Nope it leaves the entry there, I'm using Tokyocabinet as my DB, is this the
preferred DB? maybe a D
On 05/10/2012 03:05 PM, no-re...@cfengine.com wrote:
> When I run the cf-key -r command it tells me that there are no keys for host
> xx.xx.xx.xx were found
Doesn't it remove the entry from the output of cf-key -s? If not, then it's the
bug.
cf-key -r will complain if no key
Forum: CFEngine Help
Subject: Re: CFEngine Help: How do I delete old keys? help - newbie :)
Author: Arthur333
Link to topic: https://cfengine.com/forum/read.php?3,25871,25876#msg-25876
Its cf-engine core 3.3.0
I removed the keys first from /var/cfengine/pppkeys for the client host then
tried to
On 05/10/2012 02:41 PM, no-re...@cfengine.com wrote:
> cf-key -r
>
> is that the correct syntax or should it be hostname?
IP address / hostname (as per --help).
> i.e I did:
>
> cf-key -r 0.0.0.0
>
> (example)
>
> cf-key -s
>
> still shows the same info (incoming line only)
That's worrysome. Wh
Forum: CFEngine Help
Subject: Re: CFEngine Help: How do I delete old keys? help - newbie :)
Author: Arthur333
Link to topic: https://cfengine.com/forum/read.php?3,25871,25874#msg-25874
Thanks but this seems to have no effect when I try it:
cf-key -r
is that the correct syntax or should it be
olicy hub
> server.
> How do I remove the old keys from the policy hub server so that I can add the
> new keys?
Use the cf-key -r
--
Mikhail Gusarov
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Forum: CFEngine Help
Subject: How do I delete old keys? help - newbie :)
Author: Arthur333
Link to topic: https://cfengine.com/forum/read.php?3,25870,25870#msg-25870
Hi all
I have just installed CFEngine and am playing around with the configuration, I
had an issue with my test system which was
Forum: CFEngine Help
Subject: Re: problem with RSA keys on HP-UX 11.31 ia 64
Author: Beto
Link to topic: https://cfengine.com/forum/read.php?3,23600,23605#msg-23605
I did not have any such problem running 3.0.5 on HP-UX 11.31 ia64. Suggest you
compile and test a more current cfengine version (3
Forum: CFEngine Help
Subject: problem with RSA keys on HP-UX 11.31 ia 64
Author: manimaran
Link to topic: https://cfengine.com/forum/read.php?3,23600,23600#msg-23600
I built cfEngine 3.0.5 for HPUX 11.31 ia64, and facing a problem. When I try
to run cf-promises or cf-agent, I get an error that
Forum: Cfengine Help
Subject: whenever I restart policy host I lose keys.
Author: chadpatt
Link to topic: https://cfengine.com/forum/read.php?3,22627,22627#msg-22627
I have a couple policy hosts and only one does this. If I restart cfengine3
services or reboot, I get:
BAD: Unspecified server
Forum: Cfengine Help
Subject: Hostname change and keys
Author: debheller
Link to topic: https://cfengine.com/forum/read.php?3,21661,21661#msg-21661
Hello All,
Just a short question today: When the hostname of a monitored system changes,
all pertinent promises are updated on the policy server
Forum: Cfengine Help
Subject: Re: Looking for constructive criticism - update SSH keys
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,21329,21330#msg-21330
Have you looked at this?
http://www.cfengine.org/manuals/cf3-solutions.html#Distribute-ssh-keys
The line
Forum: Cfengine Help
Subject: Looking for constructive criticism - update SSH keys
Author: random
Link to topic: https://cfengine.com/forum/read.php?3,21329,21329#msg-21329
I'm pretty new to this cfengine stuff, things are starting to come together a
bit now, though! I wrote this bund
Forum: Cfengine Help
Subject: Re: How to extract values (not keys) from an array to slist?
Author: sauer
Link to topic: https://cfengine.com/forum/read.php?3,21174,21232#msg-21232
neilhwatson Wrote:
---
> Unfortunately Red Hat init scripts
Forum: Cfengine Help
Subject: Re: How to extract values (not keys) from an array to slist?
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,21174,21231#msg-21231
Unfortunately Red Hat init scripts do not always return zero or one for service
state. I opened a ticket with
Forum: Cfengine Help
Subject: Re: Cfengine Help: Old cfengine client, new localhost.priv
localhost.pub keys (Nova)
Author: debheller
Link to topic: https://cfengine.com/forum/read.php?3,21215,21217#msg-21217
Mike,
Thanks for responding!
1. We already do that - we trust our hosts on certain
On 3/18/11 8:41 AM, no-re...@cfengine.com wrote:
> Forum: Cfengine Help
> Subject: Old cfengine client, new localhost.priv localhost.pub keys (Nova)
> Author: debheller
> Link to topic: https://cfengine.com/forum/read.php?3,21210,21210#msg-21210
>
> We have bandwidth measurement
Forum: Cfengine Help
Subject: Re: How to extract values (not keys) from an array to slist?
Author: sauer
Link to topic: https://cfengine.com/forum/read.php?3,21174,21214#msg-21214
I wonder if you could just make an slist of the services you want to keep
running, and use something like
Forum: Cfengine Help
Subject: Re: How to extract values (not keys) from an array to slist?
Author: yrouxel
Link to topic: https://cfengine.com/forum/read.php?3,21174,21211#msg-21211
Hi Mike,
I had a problem related to yours, but not quite the same. Sometimes, we want to
build a new list from an
Forum: Cfengine Help
Subject: Old cfengine client, new localhost.priv localhost.pub keys (Nova)
Author: debheller
Link to topic: https://cfengine.com/forum/read.php?3,21210,21210#msg-21210
We have bandwidth measurement test servers that are built from clones. These
servers are not backed up
Forum: Cfengine Help
Subject: Re: How to extract values (not keys) from an array to slist?
Author: msvob...@linkedin.com
Link to topic: https://cfengine.com/forum/read.php?3,21174,21200#msg-21200
Disregard the code in the example I posted before... I've been modifying this
policy a lot i
Forum: Cfengine Help
Subject: Re: How to extract values (not keys) from an array to slist?
Author: msvob...@linkedin.com
Link to topic: https://cfengine.com/forum/read.php?3,21174,21199#msg-21199
Hey Diego
Here's what I'm working on. Hopefully, this either helps someone else trying
Forum: Cfengine Help
Subject: Re: How to extract values (not keys) from an array to slist?
Author: zzamboni
Link to topic: https://cfengine.com/forum/read.php?3,21174,21190#msg-21190
Thanks Mark.
___
Help-cfengine mailing list
Help-cfengine
Rock on! Thanks Mark!
On 3/17/11 6:08 AM, "no-re...@cfengine.com" wrote:
> Forum: Cfengine Help
> Subject: Re: How to extract values (not keys) from an array to slist?
> Author: mark
> Link to topic: https://cfengine.com/forum/read.php?3,21174,21178#msg-21178
>
>
Forum: Cfengine Help
Subject: Re: How to extract values (not keys) from an array to slist?
Author: mark
Link to topic: https://cfengine.com/forum/read.php?3,21174,21178#msg-21178
I just comitted to svn a new function getvalues() which mirrors getindices and
makes a list of the values.
This is
Forum: Cfengine Help
Subject: Re: How to extract values (not keys) from an array to slist?
Author: zzamboni
Link to topic: https://cfengine.com/forum/read.php?3,21174,21177#msg-21177
I struggled with this same problem some time ago, and eventually realized that
I didn't really need a getv
Forum: Cfengine Help
Subject: Re: How to extract values (not keys) from an array to slist?
Author: sauer
Link to topic: https://cfengine.com/forum/read.php?3,21174,21175#msg-21175
Mike Svoboda Wrote:
---
> So, I can use getindexes() to extr
So, I can use getindexes() to extract the indexes of an array into an slist. I
need to do the opposite, and extract just the values. Anyone have a working
solution?
I just need to be able to create an slist with all of the values of the array.
Thanks
Mike
_
s.html)
> Some things work, and some doesn't.
>
> For instance, the distribution of ssh keys
> (http://www.cfengine.org/manuals/cf3-solutions.html#Distribute-ssh-keys)
> recipe give me the error "Scalar variable user contains itself
> (non-convergent): $(user)".
&g
Hi,
We're currently testing cfengine 3.0.2 (because that's what you get then
running Ubuntu 10.04).
I've used some examples from the CFengine Solutions
(http://www.cfengine.org/manuals/cf3-solutions.html)
Some things work, and some doesn't.
For instance, the distributio
Forum: Cfengine Help
Subject: Re: keys
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,19140,19142#msg-19142
You could look in the source code.
n...@ettin ~/src/cfengine-3.0.5/src $ grep -i blow *
cf.defs.h:#define CF_BLOWFISHSIZE 16
enterprise_stubs.c:return
Hello,
I am not sure my question arrives at the appropriate location but here it is
:
I have to prove that cfengine uses blowfish. I think that wireshark could do
that . I have seen a blowfish choice in "preferences" but I dont know really
how to do that. Can you help.
Regards
Franc
___
Forum: Cfengine Help
Subject: Re: public keys
Author: pieterb
Link to topic: https://cfengine.com/forum/read.php?3,17865,17866#msg-17866
Seems like a firewall issue. See if you can connect from your ubuntu box to the
windows server using telnet 192.168.2.104 5308. The response will indicate
Forum: Cfengine Help
Subject: public keys
Author: siham
Link to topic: https://cfengine.com/forum/read.php?3,17865,17865#msg-17865
My server is windows. And my client is on ubuntu. I changed the public keys
manually. But there is no connection establisched.
cf3 No existing connection to
Forum: Cfengine Help
Subject: Re: Question about keys and trust
Author: mlebel
Link to topic: https://cfengine.com/forum/read.php?3,16739,16762#msg-16762
Neil,
I thought of your suggestion but if my understanding of key exchange is correct
I would still end up with mistrust since on the first
Forum: Cfengine Help
Subject: Re: Question about keys and trust
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,16739,16761#msg-16761
Now I think I see. It sounds to me as though you have a cfservd process
running on each cluster node. You want a client to pull from
Forum: Cfengine Help
Subject: Re: Question about keys and trust
Author: mlebel
Link to topic: https://cfengine.com/forum/read.php?3,16739,16759#msg-16759
Neil,
Clearly I am not getting my message out, sorry for that. So here a simpler
attempt:
I have a management host that needs to pull files
Forum: Cfengine Help
Subject: Re: Question about keys and trust
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,16739,16757#msg-16757
I'm afraid your explanation is too vague for me to fully understand. Are you
saying that you want the agent on host A to copy files
Forum: Cfengine Help
Subject: Re: Question about keys and trust
Author: mlebel
Link to topic: https://cfengine.com/forum/read.php?3,16739,16756#msg-16756
Neil,
Ok so lets step back:
What I need is for a host to copy specific files from a host that is running a
known application accessible by a
Forum: Cfengine Help
Subject: Re: Question about keys and trust
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,16739,16755#msg-16755
I do not recommend your proposal. It will break trust. Try:
https://cfengine.org/pipermail/help-cfengine/2006-May/000224.html
Again
Forum: Cfengine Help
Subject: Re: Question about keys and trust
Author: mlebel
Link to topic: https://cfengine.com/forum/read.php?3,16739,16754#msg-16754
Neil,
I just tried searching for nat and nothing came out. Can you provided me with
your proposition?
Mine is as follow:(untested and I am
Forum: Cfengine Help
Subject: Re: Question about keys and trust
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,16739,16753#msg-16753
There might be ways to do what you desire. I worry that this will break the
trust mechanism. Further I suspect there is another way but
@cfengine.org
Subject: Cfengine Help: Re: Question about keys and trust
Forum: Cfengine Help
Subject: Re: Question about keys and trust
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,16739,16749#msg-16749
Are you referring to a virtual IP address, common in clusters? I don&#
Forum: Cfengine Help
Subject: Re: Question about keys and trust
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,16739,16749#msg-16749
Are you referring to a virtual IP address, common in clusters? I don't know
why you would use the VIP for Cf versus the node's
Leganger
Sent: Thursday, April 01, 2010 3:05 AM
To: help-cfengine@cfengine.org
Subject: Re: Question about keys and trust
On 31 March 2010 23:37, Lebel, Marco
mailto:marco.le...@domtar.com>> wrote:
I have applications that have IP addresses and DNS names associated with them.
These applic
On 31 March 2010 23:37, Lebel, Marco wrote:
> I have applications that have IP addresses and DNS names associated with
> them. These applications can run on any number of physical hosts but on
> only one at the time. Whenever I try to copy files across the network using
> cfengine specifying t
Hello all,
I have been struggling with this one for the longest time back to version 2.
Here is the context:
I have applications that have IP addresses and DNS names associated with them.
These applications can run on any number of physical hosts but on only one at
the time. Whenever I t
Hi,
The hostnamekeys and dynamicaddresses confuses me a lot.
Are not the server supposed to save the keys in files with hostname instead of
IP addresses?
More: the server seems to not accept
Allowconnects => { ".*\.domain\.net" }
Can this be related?
I don't have any problem
Emil Assarsson emil.assars...@sonyericsson.com
> Phone: +46 (0)10 8017422
>
>
>
> -Original Message-
> From: Mark Burgess [mailto:mark.burg...@iu.hio.no]
> Sent: onsdag den 24 februari 2010 15:28
> To: Assarsson, Emil
> Cc: 'help-cfengine@cfengine.org&#x
[mailto:mark.burg...@iu.hio.no]
Sent: onsdag den 24 februari 2010 15:28
To: Assarsson, Emil
Cc: 'help-cfengine@cfengine.org'
Subject: Re: cfengine2, dhcp clients and keys
Hej,
http://www.cfengine.org/manuals/cf3-reference.html#dynamicaddresses-in-server
http://www.cfengine.org/m
Hej,
http://www.cfengine.org/manuals/cf3-reference.html#dynamicaddresses-in-server
http://www.cfengine.org/manuals/cf3-reference.html#hostnamekeys-in-server
Assarsson, Emil wrote:
> Hi,
>
> I'm starting to take a second look on CFengine after being on the Puppet
> track for some time.
>
> Is
Hi,
I'm starting to take a second look on CFengine after being on the Puppet track
for some time.
Is there any way to make cfengine to trust DNS PTR records instead of binding
the key to the IP?
We are using DHCP to supply IP addresses so the IP addresses are not useful.
Best regards
Operatio
* Chris St. Pierre <[EMAIL PROTECTED]>
> After that, I run the following command to collect keys:
>
> /usr/bin/ssh-keyscan -t rsa -f /var/cfengine/masterfiles/all_hosts \
>2>/dev/null > /var/cfengine/masterfiles/ssh_known_keys
How do you deal with hosts being d
Here's the solution I eventually came up with:
Using the public keys maintained by Cfengine in /var/cfengine/dist/,
I'm generating a list of all hosts as such:
for ip in `ls /var/cfengine/ppkeys/*.pub | grep 10. | cut -d- -f 2 | \
awk -F. '{ OFS="."; print $1,$2,$3
On Wed May 10, 2006 at 11:17:42 -0500, Brendan Strejcek wrote:
>Chris St. Pierre wrote:
>
>> No, I'm not dealing with Cfengine keys. I'm dealing with host public
>> keys, e.g., /etc/ssh/ssh_known_keys. I'd like to aggregate and
>> distribute those keys witho
On Wed, May 10, 2006 at 04:32:47PM -0500, Brendan Strejcek wrote:
> > Possible alternatives would be for the cfagent script to contain some
> > other method of distribution. A web server on the central server and
> > having the cfagents do 'HTTP PUT' would likely work, for instance. scp
> > with re
H?kan Olsson wrote:
> Now, if only the copy keyword could copy *to* the server instead
> of only from it then I wouldn't have had to use a common
> NFS-(auto)mounted directory for the copy.
There are serious security implications to this. At the very least,
you would need to prevent a client from
milar. Although in my case any (re)installed host
will get new keys, these will be copied to a common location, a new
ssh_known_hosts file is generated and then (the next cfagent run)
distributed to the clients.
Now, if only the copy keyword could copy *to* the server instead of only
from it then I
Chris St. Pierre wrote:
> No, I'm not dealing with Cfengine keys. I'm dealing with host public
> keys, e.g., /etc/ssh/ssh_known_keys. I'd like to aggregate and
> distribute those keys without maintaining a list of hosts.
This a common example of a more general configur
Hi,
here we are using a litle script that use mqseries to send us back
those keys (u can use email too)
then i had installed a complete host keys distribution based on editfiles.
there's a directory
on our config server that contains a file by user, this file is a list of
public
No, I'm not dealing with Cfengine keys. I'm dealing with host public
keys, e.g., /etc/ssh/ssh_known_keys. I'd like to aggregate and
distribute those keys without maintaining a list of hosts.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
On Tue, 9 Ma
m not sure
what the ruleset would be. I can't seem to wrap my mind around how to
copy keys from each host to the policyhost (or to the other machines
on the network) without naming each machine explicitly in
cfservd.conf. I assume this can be done, but I'm apparently not
thinking "con
Chris St. Pierre wrote:
> I'd like to set up a ruleset in cfengine so that, when I add a new
> machine to the network (and to cfengine), its public key gets
> automatically propagated through the other hosts.
You are dealing with cfengine keys, right? When I am building a new
m
uld be. I can't seem to wrap my mind around how to
copy keys from each host to the policyhost (or to the other machines
on the network) without naming each machine explicitly in
cfservd.conf. I assume this can be done, but I'm apparently not
thinking "convergently." Any pointe
82 matches
Mail list logo
