Hi, On 12/06/11 19:07, Tom Tucker wrote: > > In the below example, I have two policy servers one in Atlanta and > another in Dallas and my clients have keys for both policy servers. > If I run this promise manually I get key errors (shown below), however > if I add the "packages_update" to the promises.cf <http://promises.cf> > file it works just fine. > What am I missing?
My guess is that your copy_from body isn't the same when you add that to promises.cf than in packages_update.cf on it's own... copy_from bodies can contain the trustkey option, which is likely what's making the difference. See http://www.cfengine.org/manuals/cf3-reference.html#Key-exchange. Jonathan > > > //////////////////////////////////////////////////// > # cf-agent -K -f ./packages_update.cf <http://packages_update.cf> -v > <extra lines removed> > cf3 No existing connection to 10.102.71.233 is established... > cf3 Set cfengine port number to 5308 = 5308 > cf3 Set connection timeout to 10 > cf3 -> Connect to 10.102.71.233 = 10.102.71.233 on port 5308 > cf3 -> Did not find new key format /var/cfengine/ppkeys/root-.pub > cf3 -> Trying old style /var/cfengine/ppkeys/root-10.102.71.233.pub > cf3 !! Not authorized to trust the server=10.102.71.233's public key > (trustkey=false) > cf3 Promise (version not specified) belongs to bundle 'packages_update' > in file './packages_update.cf <http://packages_update.cf>' near line 28 > cf3 !! Authentication dialogue with 10.102.71.233 failed > cf3 Unable to establish connection with 10.102.71.233 > cf3 -> No suitable server responded to hail > cf3 Promise (version not specified) belongs to bundle 'packages_update' > in file './packages_update.cf <http://packages_update.cf>' near line 28 > > > /////////////////////////////////////////////////////////////////// > body common control > { > bundlesequence => { packages_update }; > inputs => { "systems.cf <http://systems.cf>", > "cfengine_stdlib.cf <http://cfengine_stdlib.cf>" }; > } > > bundle common g { > classes: > vars: > atlanta_datacenter:: > "phost" string => "10.102.71.233"; > > dallas_datacenter:: > "phost" string => "10.225.11.203"; > } > > > bundle agent packages_update { > classes: > vars: > > "masterfiles" string => "/var/cfengine/masterfiles"; > "ps_servers" slist => { @(g.phost) }; > > files: > redhat_5:: > "/tmp/somefile" > perms => mog("0640","root","root"), > copy_from => > remote_copy2("$(masterfiles)/somefile","$(ps_servers)"), > action => immediate; > } > > > > > > _______________________________________________ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine -- ========================================== Jonathan CLARKE CTO - Directeur technique ------------------------------------------ Normation 44 rue Cauchy, 94110 Arcueil, France ------------------------------------------ Telephone: +33 (0)1 83 62 41 24 ------------------------------------------ Web: http://www.normation.com/ ========================================== _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
