Hi,
It does seem to work now.
Thanks.
On 02/10/2011 12:48 PM, Nicolas Charles wrote:
> You should use an @ rather than a $ when inserting an slist
>
> allowallconnects => {
> @(g.sdm_host_list)
> };
>
>
>
> The verbose output shows useful informations, you should always read
> them thouroughly as they gives clues on what is wrong and right
>
> Regards
>
> Nicolas CHARLES
> Normation SAS - http://www.normation.com
> 44 rue Cauchy – 94110 ARCUEIL
> +33 (0)1 83 62 26 96 - +33 (0)6 14 63 25 18
>
>
> On 10/02/2011 20:53, Sandra Wittenbrock wrote:
>
>> Hello,
>>
>> I'm still having some trouble using a list for "allowallconnects" and
>> "trustkeysfrom".
>>
>> I define the list in promises.cf:
>>
>> *******************************
>>
>> body common control
>> {
>> version => "0.2.0";
>> inputs => {
>> "update.cf",
>> "library.cf",
>> # "execd.cf",
>> "serverd.cf",
>> "sdm.cf"
>> };
>>
>> bundlesequence => {
>> "g",
>> "update",
>> "sdm"
>> };
>> }
>>
>> bundle common g{
>>
>> # vars referred to as ${g.masterfiles} etc
>> vars:
>> "workdir" string => "/var/lib/cfengine3";
>> "masterfiles" string => "${g.workdir}/masterfiles";
>> "inputs" string => "${g.workdir}/inputs";
>> "sdm_host_list" slist => { "255.3.30.207", "255.3.30.201",
>> "255.3.30.207", "255.3.30.46", "255.3.30.47", "255.3.30.48",
>> "255.3.30.49", "255.3.30.64","255.3.30.108", "255.3.30.109",
>> "255.3.30.36", "255.3.30.103", "255.3.30.45", "255.3.30.102",
>> "255.3.30.105" };
>>
>> }
>>
>> *********************************
>>
>> In serverd.cf, I try to use g.sdm_host_list as follows:
>>
>> ********************************
>>
>> body server control
>> {
>> denybadclocks => "true";
>> # allow connections from 255.3.30 subnet
>> skipverify => { "255.3.30.*" };
>> allowallconnects => {
>> $(g.sdm_host_list)
>> };
>> allowconnects => {
>> $(g.sdm_host_list)
>> };
>> maxconnections => "30";
>> logallconnections => "true";
>> trustkeysfrom => { $(g.sdm_host_list) };
>> #trustkey => "true";
>>
>> allowusers => {"root"};
>>
>> }
>>
>> *********************************
>>
>> When I run cf-serverd -v, I get the following error:
>>
>> cf3 Listening for connections ...
>> cf3 Not allowing connection from non-authorized IP 255.3.30.102
>> cf3 Not allowing connection from non-authorized IP 255.3.30.102
>> cf3 Not allowing connection from non-authorized IP 255.3.30.102
>> cf3 Not allowing connection from non-authorized IP 255.3.30.105
>> cf3 Not allowing connection from non-authorized IP 255.3.30.105
>> cf3 Not allowing connection from non-authorized IP 255.3.30.108
>> cf3 Not allowing connection from non-authorized IP 255.3.30.108
>>
>>
>> On the client side, running cf-agent -v, I got:
>>
>>
>> Set cfengine port number to 5308 = 5308
>> cf3 Connect to 255.3.30.45 = 255.3.30.45 on port 5308
>> cf3 LastSaw host 255.3.30.45 now
>> cf3 Loaded /var/lib/cfengine3/ppkeys/root-255.3.30.45.pub
>> cf3 Couldn't send
>> cf3 !!! System error for send: "Broken pipe"
>> cf3 Couldn't send
>> cf3 !!! System error for send: "Broken pipe"
>> cf3 Couldn't send
>> cf3 !!! System error for send: "Broken pipe"
>> cf3 Challenge response from server 255.3.30.45/255.3.30.45 was incorrect!
>> cf3 I: Report relates to a promise with handle ""
>> cf3 I: Made in version '0.2.0' of '/var/lib/cfengine3/inputs/update.cf'
>> near line 35
>> cf3 Authentication dialogue with 255.3.30.45 failed
>> cf3 Unable to establish connection with 255.3.30.45
>> cf3 No suitable server responded to hail
>>
>> _______________________________________________
>> Help-cfengine mailing list
>> Help-cfengine@cfengine.org
>> https://cfengine.org/mailman/listinfo/help-cfengine
>>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
>
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
