[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Help! private network with linux clusters -- Solved!
From: |
Adam M. Dunn |
Subject: |
Re: Help! private network with linux clusters -- Solved! |
Date: |
Tue, 26 Oct 2004 11:01:20 -0500 (CDT) |
Hi all. Well, I'm sure I would have recieved good help from you all,
however I've figured it out myself. Soon after I sent the email out I ran
accross a simple malformed character I'd missed in my `admit:' statement
on the head node cfservd.conf. Fixed it and everything worked like a
charm.
Thanks anyway for listening :)
~Adam
On Tue, 26 Oct 2004, Adam M. Dunn wrote:
>
> Hello.
> I'm working on deploying cfengine in a very diverse environment. I'm
> planning on having one master server which all client servers get updated
> from. Pretty typical, and that's the easy part. However, part of our
> environment consists of separate linux clusters, each with their own head
> node connected both to the primary lan, and to a private lan. In other
> words the head node has two NICs. The primary IP is just like any other
> server on the network, and has no trouble talking to the cfengine server.
> The other NIC is connected to an isolated network where all the other linux
> nodes live. It's very much a typical cluster setup. Now, I want to be able
> to update the linux nodes on the private network. I figured it would be too
> much trouble trying to talk to the master cfengine server on the other
> network, so I decided to settle for making the head node an intermediate
> server that the nodes could download updates over the private network.
>
> So the steps I took to set this up are as follows:
>
> 1) Setup the cfengine policy host.
> - Setup Keys. Used the example cfservd.conf file. Changed the domain to:
> domain = (hgsc.bcm.tmc.edu). Made sure the admit: is setup to allow from
> our domain. Setup keys.
>
> 2) Setup the head node as a typical client.
> - Setup keys. Ran update.conf to share keys and download the policy
> update from the policy host. Everything worked fine. Also used the same
> cfservd.conf as the main policy host.
>
> 3) Setup a client node (here's the problem).
> - This client was setup to talk to the head node just as I setup the head
> node to talk to the main policy host.
> - First off the keys did not exchange like they should have. I then tried
> manually copying them between the head node and client node. This got me a
> little further. I received an error:
>
> Cfengine:: Strong authentication ... connection confirmed.
>
> But get a failure after that:
>
> Cfengine:: Server returned error: Host authentication failed...
>
> My first thought was the `admit:' in the head node's cfservd.conf, so I made
> that completely non-restrictive, and still no luck. My only other thought
> is the domainname. The nodes use a domain = ( local ) since they are not on
> our regular domain. I've also tried using the same value here as other
> systems still with no luck.
>
>
>
> Can anyone think of how I can make this work? I'd really appreciate any
> help.
>
>
> Thanks,
> Adam Dunn
>
>
>
>
>
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://lists.gnu.org/mailman/listinfo/help-cfengine
>
>