Hello,
I'm still having some trouble using a list for "allowallconnects" and
"trustkeysfrom".
I define the list in promises.cf:
*******************************
body common control
{
version => "0.2.0";
inputs => {
"update.cf",
"library.cf",
# "execd.cf",
"serverd.cf",
"sdm.cf"
};
bundlesequence => {
"g",
"update",
"sdm"
};
}
bundle common g{
# vars referred to as ${g.masterfiles} etc
vars:
"workdir" string => "/var/lib/cfengine3";
"masterfiles" string => "${g.workdir}/masterfiles";
"inputs" string => "${g.workdir}/inputs";
"sdm_host_list" slist => { "255.3.30.207", "255.3.30.201",
"255.3.30.207", "255.3.30.46", "255.3.30.47", "255.3.30.48",
"255.3.30.49", "255.3.30.64","255.3.30.108", "255.3.30.109",
"255.3.30.36", "255.3.30.103", "255.3.30.45", "255.3.30.102",
"255.3.30.105" };
}
*********************************
In serverd.cf, I try to use g.sdm_host_list as follows:
********************************
body server control
{
denybadclocks => "true";
# allow connections from 255.3.30 subnet
skipverify => { "255.3.30.*" };
allowallconnects => {
$(g.sdm_host_list)
};
allowconnects => {
$(g.sdm_host_list)
};
maxconnections => "30";
logallconnections => "true";
trustkeysfrom => { $(g.sdm_host_list) };
#trustkey => "true";
allowusers => {"root"};
}
*********************************
When I run cf-serverd -v, I get the following error:
cf3 Listening for connections ...
cf3 Not allowing connection from non-authorized IP 255.3.30.102
cf3 Not allowing connection from non-authorized IP 255.3.30.102
cf3 Not allowing connection from non-authorized IP 255.3.30.102
cf3 Not allowing connection from non-authorized IP 255.3.30.105
cf3 Not allowing connection from non-authorized IP 255.3.30.105
cf3 Not allowing connection from non-authorized IP 255.3.30.108
cf3 Not allowing connection from non-authorized IP 255.3.30.108
On the client side, running cf-agent -v, I got:
Set cfengine port number to 5308 = 5308
cf3 Connect to 255.3.30.45 = 255.3.30.45 on port 5308
cf3 LastSaw host 255.3.30.45 now
cf3 Loaded /var/lib/cfengine3/ppkeys/root-255.3.30.45.pub
cf3 Couldn't send
cf3 !!! System error for send: "Broken pipe"
cf3 Couldn't send
cf3 !!! System error for send: "Broken pipe"
cf3 Couldn't send
cf3 !!! System error for send: "Broken pipe"
cf3 Challenge response from server 255.3.30.45/255.3.30.45 was incorrect!
cf3 I: Report relates to a promise with handle ""
cf3 I: Made in version '0.2.0' of '/var/lib/cfengine3/inputs/update.cf'
near line 35
cf3 Authentication dialogue with 255.3.30.45 failed
cf3 Unable to establish connection with 255.3.30.45
cf3 No suitable server responded to hail
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
