RE: Cfengine Help: Re: Making cf-runagent work

Mon, 18 Jul 2011 14:08:52 -0700 

I am tried this myself and I get the following errors.  What am I missing?  I 
have checked all my binaries and none of them are symlinked.

cf3> Initiate variable convergence...
cf3> SET ignore_missing_bundles true
cf3> SET trustkey = 1
cf3> SET encrypt = 1
cf3>  -> Matched IP 192.168.1.10 to key MD5=81358344e2a8aa8b599950e58b097d2e
cf3>  -> Using interactive key trust...
cf3>  -> Going to secondary storage for key
cf3> ...........................................................................
cf3>  * Hailing node1.cfengine.com : 5308, with options "" (serial)
cf3> ...........................................................................
cf3> No existing connection to 192.168.1.10 is established...
cf3> Set cfengine port number to 5308 = 5308
cf3> Set connection timeout to 10
cf3>  -> Connect to node1.cfengine.com = 192.168.1.10 on port 5308
cf3>  -> Matched IP 192.168.1.10 to key MD5=81358344e2a8aa8b599950e58b097d2e
cf3>  -> Going to secondary storage for key
cf3> .....................[.h.a.i.l.].................................
cf3> Strong authentication of server=node1.cfengine.com connection confirmed
cf3>  -> Public key identity of host "192.168.1.10" is 
"MD5=81358344e2a8aa8b599950e58b097d2e"
cf3>  -> Last saw 192.168.1.10 (+MD5=81358344e2a8aa8b599950e58b097d2e) first 
time now
cf3>  -> Going to secondary storage for key
cf3>  !!

cf3>  -> Writing last-seen observations
cf3>  -> Last saw +MD5=81358344e2a8aa8b599950e58b097d2e (alias 192.168.1.10) at 
Mon Jul 18 13:45:36 2011
 (noexpiry 0.0 <= 168.0)

The remote server is running cf-serverd.
# ps -ef | grep [s]erverd
root     12117     1  0 13:43 ?        00:00:00 cf-serverd -Kf 
/tmp/templates/copy_local_file_via_cf_runagent.cf.test

Cf-runagent was initiated using the following command:
# cf-runagent -i -H node1.cfengine.com -nvf 
/tmp/templates/copy_local_file_via_cf_runagent.cf.test

Here is the cf file.

#
#       testing cfengine with following:
#               copy local file
#               cf-runagent
#
body common control
{
        bundlesequence          => { "createFile" , "copyLocalFile" };
        ignore_missing_bundles  => "true";
        require_comments        => "true";
        inputs                  => { "/var/cfengine/inputs/cfengine_stdlib.cf" 
};
        version                 => "1.0";
}

body server control
{
        allowconnects           => { "127.0.0.1" , "192.168.1.10" };
        allowallconnects        => { "127.0.0.1" , "192.168.1.10" };
        trustkeysfrom           => { "127.0.0.1" , "192.168.1.10" };
        maxconnections          => "1024";
        hostnamekeys            => "true";
        logallconnections       => "true";
        cfruncommand            => "/usr/local/sbin/cf-agent";
        allowusers              => { "root" };
        bindtointerface         => "192.168.1.12";
}

body agent control
{
        verbose         => "true"; 
} 

bundle agent createFile
{
        files:
#
#       the stanza below creates folders and file if it does not exist
#
                "/tmp/test/create_folder1/create_file4.txt"
                comment => "create file",
                perms => mog("755", "root", "root"),
                create => "true";

                "/tmp/test/create_folder1/create_folder2/create_file5.txt"
                comment => "create file",
                perms => mog("755", "root", "root"),
                create => "true";

                "/tmp/test/create_folder1/create_folder3/create_file6.txt"
                comment => "create file",
                perms => mog("755", "root", "root"),
                create => "true";
}

bundle agent copyLocalFile
{
        files:
                "/tmp/test/create_folder1/copy_local_file.txt"
                comment         => "copy local file",
                preserve        => "true",
                copy_from       => myLocalCopy("/etc/hosts");
}

body copy_from myLocalCopy(from)
{
        source  => "$(from)";
}

bundle server access_rules
{
        access:
                "/etc"
                comment         => "define access",
                admit           => { "127.0.0.1" , "192.168.1.10" },
                maproot         => { "127.0.0.1" , "192.168.1.10" };

                "/usr/local/sbin/cf-agent"
                comment         => "provide access to the cf-agent binary",
                admit           => { "127.0.0.1" , "192.168.1.10" },
                maproot         => { "127.0.0.1" , "192.168.1.10" };

                "/tmp/templates/copy_local_file_via_cf_runagent.cf.test"
                comment         => "provide access to the conf file",
                admit           => { "127.0.0.1" , "192.168.1.10" },
                maproot         => { "127.0.0.1" , "192.168.1.10" };

        roles:
                ".*" 
                comment         => "provide access to root",
                authorize       => { "root" };
}

body runagent control
{
        hosts           => { "192.168.1.10" , "192.168.1.12" };
        trustkey        => "true";
        encrypt         => "true";
}

Here is the Cfengine version that I am running.

# rpm -qa | grep cfengine
cfengine-community-3.1.5-1.el5

Regards,
j


-----Original Message-----
From: [email protected] 
[mailto:[email protected]] On Behalf Of [email protected]
Sent: Monday, June 27, 2011 5:06 AM
To: [email protected]
Subject: Cfengine Help: Re: Making cf-runagent work

Forum: Cfengine Help
Subject: Re: Making cf-runagent work
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,22525,22622#msg-22622

Make sure your access rules are pointing to real locations and not following 
sym links.

_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine

_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine

Reply via email to