help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Help with file copies


From: Ferguson, Steve
Subject: RE: Help with file copies
Date: Tue, 8 Jul 2003 12:29:48 -0400

It seems to be working just the opposite.  The first run fails.  All
subsequent runs (until the lock expires) report success though nothing
happens.  After the lock expires, I get the "Host authentication failed"
again, followed by more apparent successes.  Removing
/var/cfengine/cfengine_lock_db on the client causes the "Host authentication
failed" to immediately with the next cfagent run.

Steve

-----Original Message-----
From: address@hidden [mailto:address@hidden
Sent: Tuesday, July 08, 2003 12:10 PM
To: address@hidden
Cc: address@hidden
Subject: Re: Help with file copies



Steve, it looks as though  you are head-butting the anti-spam locks.
If you wait for the lock (default time 1 minute) to expire, the
copy will take place. You can switch off the locks (see ifelapsed in
manual),
but I do not recommend this. They are there for a number of reasons, all
for your protection.

It's not clear that anything else is wrong for you, but let me know
if you still have problems.

I do not understand why you get host authenticatin failed.
This should either happen all the time or never. It can occur
if you do not have a doman name defined, or if you have not
exchanged keys. After that, you should not see this.

M

On  8 Jul, Ferguson, Steve wrote:
> A diagnostic point:
> 
> When I'm running cfagent, it seems to alternately work and fail.  On the
> failure runs, I see the message:
> 
> cfengine:: Server returned error:  Host authentication failed. Did you
> forget the domain name?
> 
> Yet, I have domain defined in both cfagent.conf and cfservd.conf, and I'm
> using a FQDN as the policy host (which resides within the domain).  All
DNS
> lookups work correctly each time, and return the same address each time
(no
> round-robin records).
> 
> Steve
> 
> -----Original Message-----
> From: Ferguson, Steve [mailto:address@hidden
> Sent: Tuesday, July 08, 2003 9:12 AM
> To: 'address@hidden'
> Subject: Help with file copies
> 
> 
> I'm trying to use the update.conf file on a node to force it to pull any
> remaining conf files from a policy host.  I'm running cfengine-2.0.7p3.
My
> primary problem is that no copy is actually happening.  I've boiled it
down
> to the simplest case I can.  I had no problem following the instructions
to
> manage the key exchange (and trust seems to be working) and have removed
the
> trustkey configuration options from the examples below.
> 
> The client system has this update.conf:
> 
> control:
> 
>   actionsequence = ( copy )
>   domain = ( my.domain.com )
>   policyhost = ( bigbox.my.domain.com )
>   master_cfinput = ( /var/cfengine/master/inputs )
>   workdir = ( /var/cfengine )
> 
> copy:
> 
>   $(master_cfinput)/cfagent.conf    dest=$(workdir)/inputs/cfagent.conf
>                         server=$(policyhost)
> 
> I've also tried adding action=fix and force=true, to no avail.
> 
> The policy host (bigbox.my.domain.com, for our purposes here) has this
> cfservd.conf:
> 
> control:
> 
>   domain = ( my.domain.com )
>   configs = ( /var/cfengine/master/inputs )
>   AllowConnectionsFrom = ( xx.yy.zz )
>   AllowMultipleConnectionsFrom = ( xx.yy.zz )
>   AllowUsers = ( root )
> 
> xx.yy.zz is my actual IP range, removed for security reasons.
> 
> Running 'cfagent -v' on the client system produces the following output
> (only the relevant parts are included; if you need more information,
please
> ask):
> 
> cfengine:: getservbynameChecking copy from
> bigbox.my.domain.com:/var/cfengine/mas
> ter/inputs/cfagent.conf to /var/cfengine/inputs/cfagent.conf
> Connect to bigbox.my.domain.com = xx.yy.zz.228 on port cfengine
> Loaded /var/cfengine/ppkeys/root-xx.yy.zz.228.pub
> cfengine:: Strong authentication of server=bigbox.my.domain.com connection
> confir
> med
> cfengine:: Nothing scheduled for
> copy._var_cfengine_master_inputs_cfagent_conf__
> var_cfengine_inputs_cfagent_conf (0/1 minutes elapsed)
> 
> I don't understand why nothing is scheduled.  There is no
> /var/cfengine/inputs/cfagent.conf file on my client.  Why isn't it copying
> /var/cfengine/master/inputs/cfagent.conf from the server?  I've tried
> numerous permutations with the various force* options and action, in
> addition to attempting recursive copies of all of
> /var/cfengine/master/inputs to /var/cfengine/inputs.  In no case am I able
> to get a single file to copy.
> 
> I've tried running both cfservd and cfagent with -d1, -d2, and -d3 flags.
> None of them appears to produce any new information.
> 
> Any help would be most appreciated.  If I can get through this, I'll be
> deploying to well over 100 servers and cfengine will become a key piece of
> the infrastructure here.
> 
> Steve
> 
> --
> Steve Ferguson
> gedas USA, Inc.
> address@hidden
> http://www.gedasusa.com
> 
> 
> _______________________________________________
> Help-cfengine mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/help-cfengine
> 
> 
> _______________________________________________
> Help-cfengine mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/help-cfengine



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  address@hidden
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




reply via email to

[Prev in Thread] Current Thread [Next in Thread]