Your message dated Sat, 19 Aug 2023 17:21:58 +0000
with message-id <e1qxpea-000phw...@fasolo.debian.org>
and subject line Bug#1041323: fixed in debian-edu-config 2.12.35
has caused the Debian Bug report #1041323,
regarding CFEngine agent connection errors
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1041323: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041323
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: debian-edu-config
Version: 2.12.32
There are regular failed connection attempts as follows logged:
Jul 17 12:55:43 tjener.intern cf-serverd[1031]: error: Remote host '::1' not
in allowconnects, denying connection
Jul 17 12:55:43 tjener.intern cf-serverd[1031]: CFEngine(server) Remote host
'::1' not in allowconnects, denying connection
Jul 17 12:55:43 tjener.intern cf-agent[3722]: CFEngine(agent) Failed to
establish TLS connection: underlying network error (Broken pipe)
Jul 17 12:55:43 tjener.intern cf-agent[3722]: CFEngine(agent) No suitable
server found for '/var/lib/cfengine3/inputs'
Jul 17 12:55:43 tjener.intern cf-agent[3722]: CFEngine(agent) Promise belongs
to bundle 'failsafe_cfe_internal_update' in file
'/var/lib/cfengine3/inputs/failsafe.cf' near line 121
Jul 17 12:55:43 tjener.intern cf-agent[3722]: CFEngine(agent) Errors
encountered when actuating files promise '/var/lib/cfengine3/inputs'
Jul 17 12:55:43 tjener.intern cf-serverd[1031]: error: Remote host '::1' not
in allowconnects, denying connection
Jul 17 12:55:43 tjener.intern cf-serverd[1031]: CFEngine(server) Remote host
'::1' not in allowconnects, denying connection
Jul 17 12:55:43 tjener.intern cf-agent[3722]: CFEngine(agent) Failed to
establish TLS connection: underlying network error (Broken pipe)
Jul 17 12:55:43 tjener.intern cf-agent[3722]: CFEngine(agent) No suitable
server found for '/var/lib/cfengine3/modules'
Jul 17 12:55:43 tjener.intern cf-agent[3722]: CFEngine(agent) Promise belongs
to bundle 'failsafe_cfe_internal_update' in file
'/var/lib/cfengine3/inputs/failsafe.cf' near line 130
Jul 17 12:55:43 tjener.intern cf-agent[3722]: CFEngine(agent) Errors
encountered when actuating files promise '/var/lib/cfengine3/modules'
Jul 17 12:55:43 tjener.intern cf-serverd[1031]: error: Remote host '::1' not
in allowconnects, denying connection
Jul 17 12:55:43 tjener.intern cf-serverd[1031]: CFEngine(server) Remote host
'::1' not in allowconnects, denying connection
Jul 17 12:55:43 tjener.intern cf-agent[3722]: CFEngine(agent) Failed to
establish TLS connection: underlying network error (Broken pipe)
Jul 17 12:55:43 tjener.intern cf-agent[3722]: CFEngine(agent) No suitable
server found for '/var/lib/cfengine3/inputs'
Jul 17 12:55:43 tjener.intern cf-agent[3722]: CFEngine(agent) Promise belongs
to bundle 'failsafe_cfe_internal_update' in file
'/var/lib/cfengine3/inputs/failsafe.cf' near line 144
Jul 17 12:55:43 tjener.intern cf-agent[3722]: CFEngine(agent) Comment is 'If
we failed to fetch policy we try again using
the legacy
default in case we are fetching policy
from a hub
that is not serving mastefiles via a
shortcut.'
Jul 17 12:55:43 tjener.intern cf-agent[3722]: CFEngine(agent) Errors
encountered when actuating files promise '/var/lib/cfengine3/inputs'
Jul 17 12:55:43 tjener.intern cf-agent[3722]: CFEngine(agent) Method
'failsafe_cfe_internal_update' failed in some repairs
Jul 17 12:55:43 tjener.intern cf-serverd[1031]: error: Remote host '::1' not
in allowconnects, denying connection
Jul 17 12:55:43 tjener.intern cf-serverd[1031]: CFEngine(server) Remote host
'::1' not in allowconnects, denying connection
Jul 17 12:55:43 tjener.intern cf-agent[3731]: CFEngine(agent) Failed to
establish TLS connection: underlying network error (Broken pipe)
Jul 17 12:55:43 tjener.intern cf-agent[3731]: CFEngine(agent) No suitable
server found for '/var/lib/cfengine3/inputs/cf_promises_validated'
Jul 17 12:55:43 tjener.intern cf-agent[3731]: CFEngine(agent) Promise belongs
to bundle 'cfe_internal_update_policy_cpv' in file
'/var/lib/cfengine3/inputs/cfe_internal/update/update_policy.cf' near line 229
Jul 17 12:55:43 tjener.intern cf-agent[3731]: CFEngine(agent) Comment is
'Check whether a validation stamp is available for a new policy update to
reduce the distributed load'
Jul 17 12:55:43 tjener.intern cf-agent[3731]: CFEngine(agent) Errors
encountered when actuating files promise
'/var/lib/cfengine3/inputs/cf_promises_validated'
Jul 17 12:55:43 tjener.intern cf-agent[3731]: CFEngine(agent) Method
'cfe_internal_update_policy_cpv' failed in some repairs
Jul 17 12:55:43 tjener.intern cf-agent[3722]: CFEngine(agent) Q:
".../cf-agent" -f /": error: Failed to establish TLS connection: underlying
network error (Broken pipe)
Q: ".../cf-agent" -f /":
error: No suitable server found for
'/var/lib/cfengine3/inputs/cf_promises_validated'
Q: ".../cf-agent" -f /":
error: Promise belongs to bundle 'cfe_internal_update_policy_cpv' in file
'/var/lib/cfengine3/inputs/cfe_internal/update/update_policy.cf' near line 229
Q: ".../cf-agent" -f /":
error: Comment is 'Check whether a validation stamp is available for a new
policy update to reduce the distributed load'
Q: ".../cf-agent" -f /":
error: Errors encountered when actuating files promise
'/var/lib/cfengine3/inputs/cf_promises_validated'
Q: ".../cf-agent" -f /":
error: Method 'cfe_internal_update_policy_cpv' failed in some repairs
Jul 17 12:55:43 tjener.intern cf-agent[3722]: CFEngine(agent) R: Built-in
failsafe policy triggered
It seems that the agent tries to contact the server using
the IPv6 loopback address which does not seem to be allowed
by the configuration.
--
Guido Berhoerster
--- End Message ---
--- Begin Message ---
Source: debian-edu-config
Source-Version: 2.12.35
Done: Mike Gabriel <sunwea...@debian.org>
We believe that the bug you reported is fixed in the latest version of
debian-edu-config, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1041...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mike Gabriel <sunwea...@debian.org> (supplier of updated debian-edu-config
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 19 Aug 2023 17:00:36 +0200
Source: debian-edu-config
Architecture: source
Version: 2.12.35
Distribution: unstable
Urgency: medium
Maintainer: Debian Edu Developers <debian-edu@lists.debian.org>
Changed-By: Mike Gabriel <sunwea...@debian.org>
Closes: 1008599 1041323 1043407 1049396
Changes:
debian-edu-config (2.12.35) unstable; urgency=medium
.
[ Guido Berhoerster ]
* Remove configure-edu-gateway. (Closes: #1043407).
The script is obsoleted by the more sophisticated configuration
abilities provided by the debian-edu-router-config package.
* Do not hardcode X2Go desktop to Xfce. (Closes: #1049396).
Add a commandline option --x2go_desktop for specifying the default desktop
and make a best effort finding a usable desktop if none is specified.
* Disable cf-execd on installation. (Closes: #1041323).
Currently cf-execd is enabled by default if systemd is used (see #1043353)
but the agent should only be run on installation.
* Do not attempt to fetch the rootCA cert outside of a DebianEdu network
An error should only be reported if the machine is inside a DebianEdu
network, i.e. www.intern is resolvable, but the download fails. (Closes:
#1008599).
.
[ Mike Gabriel ]
* debian/tests/control: Remove configure-edu-gateway from list of tests.
Script and testscript are now gone. (Related to closure of #1043407, see
above).
* Silence lintian warnings of type 'bash-term-in-posix-shell' by using
variable names that lintian can't confuse with bash-only pre-set
variables (e.g. $HOSTNAME or $UID).
Checksums-Sha1:
e3fdb998a5f86bda83d00b73fa524aeb9058ba44 2017 debian-edu-config_2.12.35.dsc
bbe1b2301099d9465e5e07596f266c471943384d 356628
debian-edu-config_2.12.35.tar.xz
1737e2af9c6b10402dd6605cb74bb52bcdd7335d 6733
debian-edu-config_2.12.35_source.buildinfo
Checksums-Sha256:
820f9d89250cc0977c483c8dc2dbf9450557624d3acf524ea7d31fe7e35e018e 2017
debian-edu-config_2.12.35.dsc
b8666d8c07b218132c9b3d1108d593bb47520170b8aa83c7af6b8fcd51903b6e 356628
debian-edu-config_2.12.35.tar.xz
54358304ba6f9f7139ace7e33fabdb18439c152079e344990dfc8d2d13e3d858 6733
debian-edu-config_2.12.35_source.buildinfo
Files:
78199d44dd961610378262c64552382a 2017 misc optional
debian-edu-config_2.12.35.dsc
4bc0787aed5bd8c14a80452eb00ca98b 356628 misc optional
debian-edu-config_2.12.35.tar.xz
e67d87c35799bdfec8fb1211afb4d218 6733 misc optional
debian-edu-config_2.12.35_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmTg3hUVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsx3u4QALA1ao87hRy6WJcZ6XshQyavDoaZ
i9CmIvMkb0OYCIsC3ShVZJhYXNW6kz/j10uZokiK/tINW/O/oyI6XTRGZiZYjEE0
7CSceM3Iuf1AjPwpT3qYzf3fHIEi85HFUEM//eh3wnJe3VaSYEE3WzAeyaIQyv17
2EBZwXFF+aXF1fFiMrfuJbGy+sofZroZYhUyWtw6pmHeYXuBEbGVtS+tFAUh8gLW
jE65wRWRNgLmjtFj0DD2Ztgp/00naI4sqlC5wEGtFCcIiEQGfUGPsxZ73tnGTca1
h5JesQo2KRBSecrnz8cpdF282smbundaYsQeQimpb8+zF50RD1/kbVjyvnf5X8zq
mLZiM83kDk0u43BQRhKWfMDbVoBzaJaP5Iftyh/P0Wr6bk1t2Mb4/HolXRccCwc4
fJpcjYxAXNa049e2TnHev9lH+sAobdSCQjM90CDLIM04j9fb+XQGrP2rFdf0FVUG
08MiKDpmd+3M0xFkSXZGQLv5HPtzT2IaVp4jACzY7JngmkB7OxwE1oYuPxWHaBFa
uYYaPhh/oxhTdqrJ61phV7+cmifjejm97CqA2pDfRzqIL9SC4uzydfJnDWv/qfvt
joEEY9S8lY4Jh0jq7R4VEZY0x5NXbj2Zrf1EmfKvB4Jr3Dy/NkYj3xbfsFeB6fiX
JbUeiMXoAJ1079h5
=QwlE
-----END PGP SIGNATURE-----
--- End Message ---
