Hello,
I can't get cfrun to successfully activate cfagent on a remote host, but
I can login to that host and run cfagent without a problem. I am not
using a access control and have the cfengine directories in the admit
section of the cfservd.conf.
What else is needed ?
con0#cfrun -v alfheim
...
GNU Cfengine server daemon -
2.1.0p1
...
Additional hard class defined as: freebsd_i386_4_9_RC
...
cfrun(0): .......... [ Hailing alfheim.heronetwork.com ] ..........
Connecting to server alfheim.heronetwork.com to port 0 with options
Loaded /var/cfengine/ppkeys/root-alfheim.heronetwork.com.pub
Connect to alfheim.heronetwork.com = 192.168.25.52 on port cfengine
Loaded /var/cfengine/ppkeys/root-192.168.25.52.pub
cfrun:con0.heronetwork.com: Strong authentication of
server=alfheim.heronetwork.com connection confirmed
alfheim.heronetwork.com replies..
Host authentication failed. Did you forget the domain name or IP/DNS
address registration (for ipv4 or ipv6)?Connection with
alfheim.heronetwork.com completed
cfservd on con0:
control:
domain = ( heronetwork.com )
cfrunCommand = ( "/var/cfengine/bin/cfagent" )
any::
AllowConnectionsFrom = ( 192.168.0.0/16 )
TrustKeysFrom = ( 192.168 )
DynamicAddresses = ( 192.168.50.150-200 )
LogAllConnections = ( true )
DenyBadClocks = ( true )
HostnameKeys = ( on )
ChecksumDatabase = ( /tmp/testDATABASEcache )
IfElapsed = ( 1 )
MaxConnections = ( 10 )
admit: # or grant:
# Both
/var/cfengine/bin/cfagent *.heronetwork.com
/var/cfengine/inputs *.heronetwork.com
/var/cfengine *.heronetwork.com
/usr/ports/packages *.heronetwork.com
/tmp *.heronetwork.com
cfservd.conf on Alfheim:
control:
domain = ( heronetwork.com )
cfrunCommand = ( "/var/cfengine/bin/cfagent" )
any::
AllowConnectionsFrom = ( 192.168.25.0/24 )
TrustKeysFrom = ( 192.168.25 )
LogAllConnections = ( true )
DenyBadClocks = ( true )
HostnameKeys = ( on )
ChecksumDatabase = ( /tmp/testDATABASEcache )
IfElapsed = ( 1 )
MaxConnections = ( 10 )
admit: # or grant:
# Both
/usr/local/sbin/cfagent *.heronetwork.com
/var/cfengine/bin/cfagent *.heronetwork.com
/var/cfengine/inputs *.heronetwork.com
/var/cfengine *.heronetwork.com
/tmp *.heronetwork.com
alfheim# cfagent -v
...
GNU Configuration Engine -
2.1.0p1
...
Additional hard class defined as: freebsd_i386_4_9_STABLE
...
Checking copy from con0.heronetwork.com:/var/cfengine/inputs to
/var/cfengine//inputs
Connect to con0.heronetwork.com = 192.168.25.62 on port cfengine
Loaded /var/cfengine/ppkeys/root-192.168.25.62.pub
cfengine:: Strong authentication of server=con0.heronetwork.com
connection confirmed
Registering root device as 171268
Checking copy from con0.heronetwork.com:/var/cfengine/inputs/cfservd.srv
to /var/cfengine//inputs/cfservd.conf
Saving the setuid log in /var/cfengine/cfagent.alfheim.heronetwork.com.log
Job start time set to Fri Jan 23 15:21:09 2004
....
Checking copy from con0.heronetwork.com:/etc/periodic.conf to
/etc/periodic.conf
Connect to con0.heronetwork.com = 192.168.25.62 on port cfengine
Loaded /var/cfengine/ppkeys/root-192.168.25.62.pub
cfengine:alfheim: Strong authentication of server=con0.heronetwork.com
connection confirmed
Saving the setuid log in /var/cfengine/cfagent.alfheim.heronetwork.com.log
Job start time set to Fri Jan 23 15:21:10 2004
Ryan Merrick
Systems Administrator
wrmine@heronetwork.com
Heronetwork LLC
_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://mail.gnu.org/mailman/listinfo/help-cfengine