[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Help with file copies
From: |
Ferguson, Steve |
Subject: |
RE: Help with file copies |
Date: |
Tue, 8 Jul 2003 12:29:48 -0400 |
It seems to be working just the opposite. The first run fails. All
subsequent runs (until the lock expires) report success though nothing
happens. After the lock expires, I get the "Host authentication failed"
again, followed by more apparent successes. Removing
/var/cfengine/cfengine_lock_db on the client causes the "Host authentication
failed" to immediately with the next cfagent run.
Steve
-----Original Message-----
From: Mark.Burgess@iu.hio.no [mailto:Mark.Burgess@iu.hio.no]
Sent: Tuesday, July 08, 2003 12:10 PM
To: Steve.Ferguson@gedas.com
Cc: help-cfengine@gnu.org
Subject: Re: Help with file copies
Steve, it looks as though you are head-butting the anti-spam locks.
If you wait for the lock (default time 1 minute) to expire, the
copy will take place. You can switch off the locks (see ifelapsed in
manual),
but I do not recommend this. They are there for a number of reasons, all
for your protection.
It's not clear that anything else is wrong for you, but let me know
if you still have problems.
I do not understand why you get host authenticatin failed.
This should either happen all the time or never. It can occur
if you do not have a doman name defined, or if you have not
exchanged keys. After that, you should not see this.
M
On 8 Jul, Ferguson, Steve wrote:
> A diagnostic point:
>
> When I'm running cfagent, it seems to alternately work and fail. On the
> failure runs, I see the message:
>
> cfengine:: Server returned error: Host authentication failed. Did you
> forget the domain name?
>
> Yet, I have domain defined in both cfagent.conf and cfservd.conf, and I'm
> using a FQDN as the policy host (which resides within the domain). All
DNS
> lookups work correctly each time, and return the same address each time
(no
> round-robin records).
>
> Steve
>
> -----Original Message-----
> From: Ferguson, Steve [mailto:Steve.Ferguson@gedas.com]
> Sent: Tuesday, July 08, 2003 9:12 AM
> To: 'help-cfengine@gnu.org'
> Subject: Help with file copies
>
>
> I'm trying to use the update.conf file on a node to force it to pull any
> remaining conf files from a policy host. I'm running cfengine-2.0.7p3.
My
> primary problem is that no copy is actually happening. I've boiled it
down
> to the simplest case I can. I had no problem following the instructions
to
> manage the key exchange (and trust seems to be working) and have removed
the
> trustkey configuration options from the examples below.
>
> The client system has this update.conf:
>
> control:
>
> actionsequence = ( copy )
> domain = ( my.domain.com )
> policyhost = ( bigbox.my.domain.com )
> master_cfinput = ( /var/cfengine/master/inputs )
> workdir = ( /var/cfengine )
>
> copy:
>
> $(master_cfinput)/cfagent.conf dest=$(workdir)/inputs/cfagent.conf
> server=$(policyhost)
>
> I've also tried adding action=fix and force=true, to no avail.
>
> The policy host (bigbox.my.domain.com, for our purposes here) has this
> cfservd.conf:
>
> control:
>
> domain = ( my.domain.com )
> configs = ( /var/cfengine/master/inputs )
> AllowConnectionsFrom = ( xx.yy.zz )
> AllowMultipleConnectionsFrom = ( xx.yy.zz )
> AllowUsers = ( root )
>
> xx.yy.zz is my actual IP range, removed for security reasons.
>
> Running 'cfagent -v' on the client system produces the following output
> (only the relevant parts are included; if you need more information,
please
> ask):
>
> cfengine:: getservbynameChecking copy from
> bigbox.my.domain.com:/var/cfengine/mas
> ter/inputs/cfagent.conf to /var/cfengine/inputs/cfagent.conf
> Connect to bigbox.my.domain.com = xx.yy.zz.228 on port cfengine
> Loaded /var/cfengine/ppkeys/root-xx.yy.zz.228.pub
> cfengine:: Strong authentication of server=bigbox.my.domain.com connection
> confir
> med
> cfengine:: Nothing scheduled for
> copy._var_cfengine_master_inputs_cfagent_conf__
> var_cfengine_inputs_cfagent_conf (0/1 minutes elapsed)
>
> I don't understand why nothing is scheduled. There is no
> /var/cfengine/inputs/cfagent.conf file on my client. Why isn't it copying
> /var/cfengine/master/inputs/cfagent.conf from the server? I've tried
> numerous permutations with the various force* options and action, in
> addition to attempting recursive copies of all of
> /var/cfengine/master/inputs to /var/cfengine/inputs. In no case am I able
> to get a single file to copy.
>
> I've tried running both cfservd and cfagent with -d1, -d2, and -d3 flags.
> None of them appears to produce any new information.
>
> Any help would be most appreciated. If I can get through this, I'll be
> deploying to well over 100 servers and cfengine will become a key piece of
> the infrastructure here.
>
> Steve
>
> --
> Steve Ferguson
> gedas USA, Inc.
> Steve.Ferguson@gedas.com
> http://www.gedasusa.com
>
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine
>
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Help with file copies, Ferguson, Steve, 2003/07/08
- RE: Help with file copies, Ferguson, Steve, 2003/07/08
- RE: Help with file copies,
Ferguson, Steve <=
- RE: Help with file copies, Ferguson, Steve, 2003/07/08
- Re: Help with file copies, martynas sklizmantas, 2003/07/08
- RE: Help with file copies, Ferguson, Steve, 2003/07/08