Package: cfengine2 Version: 2.1.14-1 Severity: important After upgrading all the machines in a small cluster to version 2.1.14-1, the nodes could still successfully authenticate themselves to the master.
The nodes do a complete reinstall from a local mirror each time they boot. They fetch their cfengine key pairs via tftp and try to run cfagent to fetch some basic configuration. This step failed after upgrading cfengine to 2.1.14-1, so the nodes couldn't reboot anymore. cfservd prints the following message to the syslog: Jun 3 01:49:53 master1 cfservd[3787]: Accepting connection from ::ffff:192.168.2.107 Jun 3 01:49:53 master1 cfservd[3787]: Private decrypt failed = padding check failed Jun 3 01:49:53 master1 cfservd[3787]: Host authorization/authentication failed or access denied Jun 3 01:49:53 master1 cfservd[3787]: From (host=node07.cluster,user=root,ip=::ffff:192.168.2.107) Jun 3 01:49:57 node07 clinitrd: panic: Could not execute 'inroot cfagent -v --no-lock -D install'. (the last line shows the cfagent command line) I know there was a change in the encrytion protocol that prevents new clients from talking to old servers, but I upgraded all machines. I also tried to regenerate all the keys, but that didn't work either. After reverting to 2.1.13 everything worked fine. I'm lacking the time to track down this bug properly and hope this report may help anyway. Greetings, Sven -- System Information: [stripped -- this computer doesn't even have cfengine installed...] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
