cf-runagent (3.1.4) suddenly started having trust issues this morning. Everything is fine when running cf-agent directly from the clients, but attempting to use cf-runagent on the server, I got;
# cf-runagent -H hostname !! Not authorized to trust the server=hostname's public key (trustkey=false) !! Authentication dialogue with hostname failed Unable to establish connection with hostname The output of cfkey -s was missing the 120 entries it formerly had. In the verbose output; HashString() OpenDB(/var/cfengine/cf_lastseen.db) !! Error scanning hashbase cursor: DB_NOTFOUND: No matching key/data pair found HavePublickey(root-) -> Did not find new key format /var/cfengine/ppkeys/root-.pub -> Trying old style /var/cfengine/ppkeys/root-10.40.24.23.pub Did not have old-style key /var/cfengine/ppkeys/root-10.40.24.23.pub I removed cf_lastseen.db and restarted the server processes. After doing this, I was able to fix my clients by running interactively and accepting the keys. Unfortunately, I now seem to be required to do this. Previously, the client keys got added automatically during the kickstart process ... if I remember how this works correctly, 'trustkey => "true"' in the failsafe file I seed the clients with sets up trust. The verbose output of cf-runagent is still giving me the db errors pasted above. I believe this may be due to this happening early this AM; File descriptor 222 of child higher than MAX_FD in Unix_cf_pclose, check for defunct children Alternately, I tried updating to 3.2.1 last week, which I had to roll back from due to a connection refusal issue I haven't had time to get back to. Restoring the backup of my original configuration was successful as far as I was aware, perhaps "something happened" during the backup / restore process. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
