Thank you, Seva. Are there any links that you can provide for cf-runagent and cf-serverd?
Do developers see these messages? Or is there another thread that I should forward this to? Regards, j -----Original Message----- From: Seva Gluschenko [mailto:seva.glusche...@gmail.com] Sent: Monday, July 18, 2011 3:46 PM To: Jerome Yanga Cc: help-cfengine@cfengine.org Subject: Re: Cfengine Help: Re: Making cf-runagent work Well, it seems like remote cf-agent runs its defaults (i.e. promises.cf). I'm not sure whether cf-runagent is indeed able to alter bundlesequence. You can call for developers attention or look into cf-runagent and cf-serverd sources. 2011/7/19 Jerome Yanga <jya...@esri.com>: > Thank you for your recommendation. > > > Here is what I got from the remote host. Correct me if I am wrong, but it > seems to be running the wrong cf file despite the fact that I have specified > another. > > cf3> -> Accepting a connection > cf3> Accepting connection from "192.168.1.10" > cf3> New connection...(from 192.168.1.10:sd 4) > cf3> Spawning new thread... > cf3> Allowing 192.168.1.10 to connect without (re)checking ID > cf3> Non-verified Host ID is node1.cfengine.com (Using skipverify) > cf3> Non-verified User ID seems to be root (Using skipverify) > cf3> -> Public key identity of host "192.168.1.10" is > "MD5=81358344e2a8aa8b599950e58b097d2e" > cf3> -> Last saw 192.168.1.10 (-MD5=81358344e2a8aa8b599950e58b097d2e) first > time now > cf3> -> Going to secondary storage for key > cf3> -> Going to secondary storage for key > cf3> A public key was already known from node1.cfengine.com/192.168.1.10 - no > trust required > cf3> Adding IP 192.168.1.10 to SkipVerify - no need to check this if we have > a key > cf3> The public key identity was confirmed as r...@node1.cfengine.com > cf3> -> Strong authentication of client node1.cfengine.com/192.168.1.10 > achieved > cf3> -> Receiving session key from client (size=256)... > cf3> User root granted connection privileges > cf3> Found a matching rule in access list (/usr/local/sbin/cf-agent in > /usr/local/sbin/cf-agent) > cf3> Mapping root privileges to access non-root files > cf3> Host node1.cfengine.com granted access to /usr/local/sbin/cf-agent > cf3> Examining command string: > cf3> Executing command /usr/local/sbin/cf-agent --inform > cf3> -> Writing last-seen observations > cf3> -> Last saw -MD5=81358344e2a8aa8b599950e58b097d2e (alias 192.168.1.10) > at Mon Jul 18 15:14:04 2011 > (noexpiry 1.5 <= 168.0) > > Regards, > j > > -----Original Message----- > From: Seva Gluschenko [mailto:seva.glusche...@gmail.com] > Sent: Monday, July 18, 2011 3:03 PM > To: Jerome Yanga > Cc: help-cfengine@cfengine.org > Subject: Re: Cfengine Help: Re: Making cf-runagent work > > Jerome, > > the best way to realize what's going on is to run cf-serverd -v (it > doesn't fork then and stays in foreground) and then attempt to invoke > cf-runagent and see server's output. > > 2011/7/19 Jerome Yanga <jya...@esri.com>: >> I am tried this myself and I get the following errors. What am I missing? >> I have checked all my binaries and none of them are symlinked. >> >> cf3> Initiate variable convergence... >> cf3> SET ignore_missing_bundles true >> cf3> SET trustkey = 1 >> cf3> SET encrypt = 1 >> cf3> -> Matched IP 192.168.1.10 to key MD5=81358344e2a8aa8b599950e58b097d2e >> cf3> -> Using interactive key trust... >> cf3> -> Going to secondary storage for key >> cf3> >> ........................................................................... >> cf3> * Hailing node1.cfengine.com : 5308, with options "" (serial) >> cf3> >> ........................................................................... >> cf3> No existing connection to 192.168.1.10 is established... >> cf3> Set cfengine port number to 5308 = 5308 >> cf3> Set connection timeout to 10 >> cf3> -> Connect to node1.cfengine.com = 192.168.1.10 on port 5308 >> cf3> -> Matched IP 192.168.1.10 to key MD5=81358344e2a8aa8b599950e58b097d2e >> cf3> -> Going to secondary storage for key >> cf3> .....................[.h.a.i.l.]................................. >> cf3> Strong authentication of server=node1.cfengine.com connection confirmed >> cf3> -> Public key identity of host "192.168.1.10" is >> "MD5=81358344e2a8aa8b599950e58b097d2e" >> cf3> -> Last saw 192.168.1.10 (+MD5=81358344e2a8aa8b599950e58b097d2e) first >> time now >> cf3> -> Going to secondary storage for key >> cf3> !! >> >> cf3> -> Writing last-seen observations >> cf3> -> Last saw +MD5=81358344e2a8aa8b599950e58b097d2e (alias 192.168.1.10) >> at Mon Jul 18 13:45:36 2011 >> (noexpiry 0.0 <= 168.0) >> >> The remote server is running cf-serverd. >> # ps -ef | grep [s]erverd >> root 12117 1 0 13:43 ? 00:00:00 cf-serverd -Kf >> /tmp/templates/copy_local_file_via_cf_runagent.cf.test >> >> Cf-runagent was initiated using the following command: >> # cf-runagent -i -H node1.cfengine.com -nvf >> /tmp/templates/copy_local_file_via_cf_runagent.cf.test >> >> Here is the cf file. >> >> # >> # testing cfengine with following: >> # copy local file >> # cf-runagent >> # >> body common control >> { >> bundlesequence => { "createFile" , "copyLocalFile" }; >> ignore_missing_bundles => "true"; >> require_comments => "true"; >> inputs => { >> "/var/cfengine/inputs/cfengine_stdlib.cf" }; >> version => "1.0"; >> } >> >> body server control >> { >> allowconnects => { "127.0.0.1" , "192.168.1.10" }; >> allowallconnects => { "127.0.0.1" , "192.168.1.10" }; >> trustkeysfrom => { "127.0.0.1" , "192.168.1.10" }; >> maxconnections => "1024"; >> hostnamekeys => "true"; >> logallconnections => "true"; >> cfruncommand => "/usr/local/sbin/cf-agent"; >> allowusers => { "root" }; >> bindtointerface => "192.168.1.12"; >> } >> >> body agent control >> { >> verbose => "true"; >> } >> >> bundle agent createFile >> { >> files: >> # >> # the stanza below creates folders and file if it does not exist >> # >> "/tmp/test/create_folder1/create_file4.txt" >> comment => "create file", >> perms => mog("755", "root", "root"), >> create => "true"; >> >> "/tmp/test/create_folder1/create_folder2/create_file5.txt" >> comment => "create file", >> perms => mog("755", "root", "root"), >> create => "true"; >> >> "/tmp/test/create_folder1/create_folder3/create_file6.txt" >> comment => "create file", >> perms => mog("755", "root", "root"), >> create => "true"; >> } >> >> bundle agent copyLocalFile >> { >> files: >> "/tmp/test/create_folder1/copy_local_file.txt" >> comment => "copy local file", >> preserve => "true", >> copy_from => myLocalCopy("/etc/hosts"); >> } >> >> body copy_from myLocalCopy(from) >> { >> source => "$(from)"; >> } >> >> bundle server access_rules >> { >> access: >> "/etc" >> comment => "define access", >> admit => { "127.0.0.1" , "192.168.1.10" }, >> maproot => { "127.0.0.1" , "192.168.1.10" }; >> >> "/usr/local/sbin/cf-agent" >> comment => "provide access to the cf-agent binary", >> admit => { "127.0.0.1" , "192.168.1.10" }, >> maproot => { "127.0.0.1" , "192.168.1.10" }; >> >> "/tmp/templates/copy_local_file_via_cf_runagent.cf.test" >> comment => "provide access to the conf file", >> admit => { "127.0.0.1" , "192.168.1.10" }, >> maproot => { "127.0.0.1" , "192.168.1.10" }; >> >> roles: >> ".*" >> comment => "provide access to root", >> authorize => { "root" }; >> } >> >> body runagent control >> { >> hosts => { "192.168.1.10" , "192.168.1.12" }; >> trustkey => "true"; >> encrypt => "true"; >> } >> >> Here is the Cfengine version that I am running. >> >> # rpm -qa | grep cfengine >> cfengine-community-3.1.5-1.el5 >> >> Regards, >> j >> >> >> -----Original Message----- >> From: help-cfengine-boun...@cfengine.org >> [mailto:help-cfengine-boun...@cfengine.org] On Behalf Of >> no-re...@cfengine.com >> Sent: Monday, June 27, 2011 5:06 AM >> To: help-cfengine@cfengine.org >> Subject: Cfengine Help: Re: Making cf-runagent work >> >> Forum: Cfengine Help >> Subject: Re: Making cf-runagent work >> Author: neilhwatson >> Link to topic: https://cfengine.com/forum/read.php?3,22525,22622#msg-22622 >> >> Make sure your access rules are pointing to real locations and not following >> sym links. >> >> _______________________________________________ >> Help-cfengine mailing list >> Help-cfengine@cfengine.org >> https://cfengine.org/mailman/listinfo/help-cfengine >> >> _______________________________________________ >> Help-cfengine mailing list >> Help-cfengine@cfengine.org >> https://cfengine.org/mailman/listinfo/help-cfengine >> > > > > -- > SY, Seva Gluschenko. > > -- SY, Seva Gluschenko. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
