help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Help with file copies


From: Ferguson, Steve
Subject: RE: Help with file copies
Date: Tue, 8 Jul 2003 11:36:23 -0400

A diagnostic point:

When I'm running cfagent, it seems to alternately work and fail.  On the
failure runs, I see the message:

cfengine:: Server returned error:  Host authentication failed. Did you
forget the domain name?

Yet, I have domain defined in both cfagent.conf and cfservd.conf, and I'm
using a FQDN as the policy host (which resides within the domain).  All DNS
lookups work correctly each time, and return the same address each time (no
round-robin records).

Steve

-----Original Message-----
From: Ferguson, Steve [mailto:address@hidden
Sent: Tuesday, July 08, 2003 9:12 AM
To: 'address@hidden'
Subject: Help with file copies


I'm trying to use the update.conf file on a node to force it to pull any
remaining conf files from a policy host.  I'm running cfengine-2.0.7p3.  My
primary problem is that no copy is actually happening.  I've boiled it down
to the simplest case I can.  I had no problem following the instructions to
manage the key exchange (and trust seems to be working) and have removed the
trustkey configuration options from the examples below.

The client system has this update.conf:

control:

  actionsequence = ( copy )
  domain = ( my.domain.com )
  policyhost = ( bigbox.my.domain.com )
  master_cfinput = ( /var/cfengine/master/inputs )
  workdir = ( /var/cfengine )

copy:

  $(master_cfinput)/cfagent.conf    dest=$(workdir)/inputs/cfagent.conf
                        server=$(policyhost)

I've also tried adding action=fix and force=true, to no avail.

The policy host (bigbox.my.domain.com, for our purposes here) has this
cfservd.conf:

control:

  domain = ( my.domain.com )
  configs = ( /var/cfengine/master/inputs )
  AllowConnectionsFrom = ( xx.yy.zz )
  AllowMultipleConnectionsFrom = ( xx.yy.zz )
  AllowUsers = ( root )

xx.yy.zz is my actual IP range, removed for security reasons.

Running 'cfagent -v' on the client system produces the following output
(only the relevant parts are included; if you need more information, please
ask):

cfengine:: getservbynameChecking copy from
bigbox.my.domain.com:/var/cfengine/mas
ter/inputs/cfagent.conf to /var/cfengine/inputs/cfagent.conf
Connect to bigbox.my.domain.com = xx.yy.zz.228 on port cfengine
Loaded /var/cfengine/ppkeys/root-xx.yy.zz.228.pub
cfengine:: Strong authentication of server=bigbox.my.domain.com connection
confir
med
cfengine:: Nothing scheduled for
copy._var_cfengine_master_inputs_cfagent_conf__
var_cfengine_inputs_cfagent_conf (0/1 minutes elapsed)

I don't understand why nothing is scheduled.  There is no
/var/cfengine/inputs/cfagent.conf file on my client.  Why isn't it copying
/var/cfengine/master/inputs/cfagent.conf from the server?  I've tried
numerous permutations with the various force* options and action, in
addition to attempting recursive copies of all of
/var/cfengine/master/inputs to /var/cfengine/inputs.  In no case am I able
to get a single file to copy.

I've tried running both cfservd and cfagent with -d1, -d2, and -d3 flags.
None of them appears to produce any new information.

Any help would be most appreciated.  If I can get through this, I'll be
deploying to well over 100 servers and cfengine will become a key piece of
the infrastructure here.

Steve

--
Steve Ferguson
gedas USA, Inc.
address@hidden
http://www.gedasusa.com


_______________________________________________
Help-cfengine mailing list
address@hidden
http://mail.gnu.org/mailman/listinfo/help-cfengine




reply via email to

[Prev in Thread] Current Thread [Next in Thread]