[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
confused about cfrun
From: |
Brendan Strejcek |
Subject: |
confused about cfrun |
Date: |
Wed, 8 Oct 2003 14:28:58 -0500 |
User-agent: |
Mutt/1.3.28i |
I have a cfengine site configuration which seems to be working other than
cfrun. Before I get specific and post my config files, let me be sure I
understand the general model governing cfrun.
I have a client running cfservd with {update,cfagent,cfservd}.conf files.
All of these have my domain set.
I have another machine (actually my policyserver, but I don't think
that should matter) trying execute cfagent remotely on client via cfrun.
It has a cfrun.hosts file with domain set correctly.
I have keys distributed properly.
Okay, I lied, I will give some details; here is some cfrun output:
(The invocation was cfrun -v client)
cfrun(0): .......... [ Hailing client ] ..........
Connecting to server client to port 0 with options
Loaded /var/cfengine/ppkeys/root-<client IP>.pub
Connect to client = <client IP> on port cfengine
Loaded /var/cfengine/ppkeys/root-<client IP>.pub
cfrun:policyhost: Strong authentication of server=client connection confirmed
client replies..
Host authentication failed. Did you forget the domain name?cfrun:policyhost:
Couldn't recv
cfrun:policyhost: recv
Connection with client completed
As far as I know, I have included my domain name in every possible
place. Here are some log messages I see which correspond to that connect:
Oct 8 13:49:32 client cfservd[421]: Accepting connection from policyhost
Oct 8 13:49:32 client cfservd[11274]: ID from connecting host: (EXEC )
I suspect that this "ID from connecting host: (EXEC )" is the key to my
problem...
This is my client cfservd.conf:
control:
domain = ( mydomain )
cfrunCommand = ( "/var/cfengine/bin/cfagent" )
LogAllConnections = ( true )
AllowUsers = ( root )
Do I need some grants in there? It doen't *seem* like I should, since
I don't want the clients to act as fileservers, but maybe I'm thinking
about this wrong...
And just in case it matters, this is my cfrun.hosts on policyhost:
domain=mydomain
access=root
client.mydomain
Any help will be much appreciated.
PS: See you guys at LISA.
- confused about cfrun,
Brendan Strejcek <=