Forum: CFEngine Help Subject: Minimal provisioning network Author: davidlee Link to topic: https://cfengine.com/forum/read.php?3,23142,23142#msg-23142
(cfengine community 3.1.4 on RHEL 5.x) Summary: What is the bare minimum network support necessary for cf-agent to run? Detail: When in service, our machines will end up using a high-speed network connection as their main interface. But at installation time, the machine BIOS (IBM servers) doesn't attempt DHCP over this interface, but only over the main motherboard ethernets. Therefore our machine cobbler/kickstart installation, including the establishment of "cfengine", has to be done over such an ethernet, which we call our "provisioning network". Our cfengine server and the clients sit permanently on both the main network and provisioning network. The main network has full DNS and NIS etc. By contrast, the provisioning network has no DNS or NIS at all, only DHCP. The cobbler/kickstart installation process (DHCP) over that provisioning network works well. cfengine also works well over the main network.... but not over this minimal provisioning network. The server's "promises.cf" includes both networks in its "allowconnects", "allowallconnects" and "trustkeysfrom". Its "site.cf" includes both in its "admit". (Put the other way, when I grep for our main network number in "*.cf", the resulting lines also show inclusion of the provisioning network.) Now the first run of "cf-agent" on a freshly installed client only has this minimal provisioning network (10.156.164.0/22) available to it. And for some reason, it is failing: # cf-agent -KI Couldn't look up address v6 for : Temporary failure in name resolution !! Id-authentication for new-client.our.domain failed Unable to establish connection with 10.156.164.151 -> No suitable server responded to hail Promise (version not specified) belongs to bundle 'update' in file '/var/cfengine/inputs/update.cf' near line 35 Couldn't look up address v6 for : Temporary failure in name resolution !! Id-authentication for new-client.our.domain failed Unable to establish connection with 10.156.164.151 -> No suitable server responded to hail Promise (version not specified) belongs to bundle 'update' in file '/var/cfengine/inputs/update.cf' near line 42 # >From the output of "cf-agent -KIv": community> No existing connection to 10.156.164.151 is established... community> Set cfengine port number to 5308 = 5308 community> Set connection timeout to 10 community> -> Connect to 10.156.164.151 = 10.156.164.151 on port 5308 community> Couldn't look up address v6 for : Temporary failure in name resolution community> !! Id-authentication for dhs1101.ecmwf.int failed community> Unable to establish connection with 10.156.164.151 community> -> No suitable server responded to hail >From the client, I can successfully open a "telnet 10.156.164.151 5308". What are the minimal requirements for this provisioning network (the 10.156.164.0/22)? It has DHCP for the initial install (via cobbler/kickstart) but does not have any DNS, or NIS, etc. Does it need DNS? If so, do the "10.x" addresses need to be in such a DNS? _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
