Hello,
I was hoping somebody can help me find out why my remote copy is not
working. It used to work with 3.0.2, but since I installed 3.0.3, it
stopped.
On my policy server, I ran cf-serverd in verbose mode and I believe the
key error is "cf3 cfServerd access list is empty, no files are visible".
has anybody else run into something like this? Below is some relavant
information. I would appreciate any pointers.
Thanks,
Ian
The whole message is:
cf3 Initiate variable convergence...
cf3 Initiate control variable convergence...
cf3 Listening for connections ...
cf3 New connection...(from ::ffff:169.196.32.158/6)
cf3 Spawning new thread...
cf3 Received: [CAUTH 169.196.32.158 ionapp1dev.qa.jefco.com root 0] on
socket 6
cf3 Allowing 169.196.32.158 to connect without (re)checking ID
cf3 Non-verified Host ID is ionapp1dev.qa.jefco.com (Using skipverify)
cf3 Non-verified User ID seems to be root (Using skipverify)
cf3 LastSaw host ionapp1dev.qa.jefco.com now
cf3 Received: [SAUTH y 256 37] on socket 6
cf3 Loaded /var/cfengine/ppkeys/root-169.196.32.158.pub
cf3 A public key was already known from
ionapp1dev.qa.jefco.com/::ffff:169.196.32.158 - no trust required
cf3 Adding IP ::ffff:169.196.32.158 to SkipVerify - no need to check this
if we have a key
cf3 The public key identity was confirmed as r...@ionapp1dev.qa.jefco.com
cf3 Strong authentication of client
ionapp1dev.qa.jefco.com/::ffff:169.196.32.158 achieved
cf3 Received: [SSYNCH 40] on socket 6
cf3 cfServerd access list is empty, no files are visible
cf3 Access control in sync
cf3 From (host=ionapp1dev.qa.jefco.com,user=root,ip=::ffff:169.196.32.158)
cf3 ID from connecting host: (SYNCH 1267246267 STAT /tmp/cfinputs)
^Ccf3 Received signal 2 (SIGINT) while doing
[lock.independent.server_cfengine..the_server_daemon_214_MD5=5b2c904169606aa9b27ec369fd13e016]
cf3 Logical start time Fri Feb 26 23:57:07 2010
cf3 This sub-task started really at Fri Feb 26 23:57:07 2010
cf3 Trying to remove lock - try
lock.independent.server_cfengine..the_server_daemon_214_MD5=5b2c904169606aa9b27ec369fd13e016
The interesting thing is that when I use the 3.0.2 cf-serverd binary, the
remote copy works. It is only failing with the 3.0.3 binary.
my server has the following :
body server control
{
allowconnects => { "127.0.0.1" , "169.196.32.158" , "::1" };
allowallconnects => { "127.0.0.1" , "169.196.32.158" , "::1" };
trustkeysfrom => { "127.0.0.1" , "169.196.32.158" , "::1" };
# Make updates and runs happen in one
cfruncommand => "$(sys.workdir)/bin/cf-agent -f failsafe.cf &&
$(sys.workdir)/bin/cf-agent";
allowusers => { "root" };
}
bundle server access_rules()
{
access:
"/var/cfengine/linux.bin"
admit => { "169.196.32.158" },
deny => { "192.*" };
"/tmp/cfinputs"
admit => { "169.196.32.158" },
deny => { "192.*" };
}
my client has
body common control
{
bundlesequence => {
"example"
};
}
body server control
{
allowconnects => { "127.0.0.1" , "10.162.73.143", "::1" };
allowallconnects => { "127.0.0.1" , "10.162.73.143", "::1" };
trustkeysfrom => { "127.0.0.1" , "10.162.73.143", "::1" };
}
bundle agent example
{
files:
ionapp1dev::
"/var/tmp/inputs"
perms => my_p("600"),
copy_from => mycopy("/tmp/cfinputs","sol-image"),
depth_search => recurse1("inf"),
action => immediate;
}
# Library template
body copy_from mycopy(file,server)
{
servers => { "$(server)" };
source => "$(file)";
trustkey => "true";
encrypt => "true";
}
Jefferies archives and monitors outgoing and incoming e-mail. The contents of
this email, including any attachments, are confidential to the ordinary user of
the email address to which it was addressed. If you are not the addressee of
this email you may not copy, forward, disclose or otherwise use it or any part
of it in any form whatsoever. This email may be produced at the request of
regulators or in connection with civil litigation. Jefferies accepts no
liability for any errors or omissions arising as a result of transmission. Use
by other than intended recipients is prohibited. In the United Kingdom,
Jefferies operates as Jefferies International Limited; registered in England:
no. 1978621; registered office: Vintners Place, 68 Upper Thames Street, London
EC4V 3BJ. Jefferies International Limited is authorised and regulated by the
Financial Services Authority._______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
