I have a client machine that is attempting to copy some logs from another client machine. They same public keys that the policy hub has for the clients have been installed on each of the machines.
Here is how their IP's are setup: cf-agent bge0: 10.6.8.200 vnic0: 192.168.69.1 cf-server eth0: 10.6.8.207 eth0:0: 10.6.8.53 eth1: 192.168.159.101 In both cases the first IP is the physical interface, the last IP is a host-only interface used for virtualization. The eth0:0 is a secondary IP for the server, I am transitioning systems from DHCP to static IP's and will maintain both for awhile. >From cf-agent I get: cf3> -> Copy file /export/backup/servers/us-stl-cc1/artifacts from /var/spool/cruisecontrol/artifacts check cf3> No existing connection to 10.6.8.53 is established... cf3> Set cfengine port number to 5308 = 5308 cf3> Set connection timeout to 10 cf3> -> Connect to us-stl-cc1 = 10.6.8.53 on port 5308 cf3> skipidentify was promised, so we are trusting and simply announcing the identity as (us-hop-dev1) for this host cf3> -> Did not find new key format /var/cfengine/ppkeys/root-.pub cf3> -> Trying old style /var/cfengine/ppkeys/root-10.6.8.53.pub cf3> !! Not authorized to trust the server=us-stl-cc1's public key (trustkey=false) ... cf3> !! Authentication dialogue with us-stl-cc1 failed cf3> Unable to establish connection with us-stl-cc1 cf3> ?> defining promise result class cc_backup_failed_artifacts cf3> -> No suitable server responded to hail cf3> ?> defining promise result class cc_backup_failed_artifacts And from the server on us-stl-c1, I get: cf3> Listening for connections ... cf3> -> Accepting a connection cf3> Accepting connection from "::ffff:10.6.8.200" cf3> New connection...(from ::ffff:10.6.8.200:sd 4) cf3> Spawning new thread... cf3> Allowing 192.168.69.1 to connect without (re)checking ID cf3> Non-verified Host ID is us-hop-dev1 (Using skipverify) cf3> Non-verified User ID seems to be root (Using skipverify) cf3> -> Public key identity of host "::ffff:10.6.8.200" is "MD5=987b169fdccbee8236d444a5ea017795" cf3> A public key was already known from us-hop-dev1/::ffff:10.6.8.200 - no trust required cf3> Adding IP ::ffff:10.6.8.200 to SkipVerify - no need to check this if we have a key cf3> The public key identity was confirmed as root@us-hop-dev1 cf3> Challenge response from client ::ffff:10.6.8.200 was incorrect - ID false? cf3> Auth dialogue error cf3> From (host=us-hop-dev1,user=root,ip=::ffff:10.6.8.200) cf3> -> Accepting a connection cf3> Accepting connection from "::ffff:10.6.8.200" cf3> New connection...(from ::ffff:10.6.8.200:sd 4) cf3> Spawning new thread... cf3> Allowing 192.168.69.1 to connect without (re)checking ID cf3> Non-verified Host ID is us-hop-dev1 (Using skipverify) cf3> Non-verified User ID seems to be root (Using skipverify) cf3> -> Public key identity of host "::ffff:10.6.8.200" is "MD5=987b169fdccbee8236d444a5ea017795" cf3> A public key was already known from us-hop-dev1/::ffff:10.6.8.200 - no trust required cf3> Adding IP ::ffff:10.6.8.200 to SkipVerify - no need to check this if we have a key cf3> The public key identity was confirmed as root@us-hop-dev1 cf3> Challenge response from client ::ffff:10.6.8.200 was incorrect - ID false? cf3> Auth dialogue error cf3> From (host=us-hop-dev1,user=root,ip=::ffff:10.6.8.200) cf3> -> Accepting a connection cf3> Accepting connection from "::ffff:10.6.8.200" cf3> New connection...(from ::ffff:10.6.8.200:sd 4) cf3> Spawning new thread... cf3> Allowing 192.168.69.1 to connect without (re)checking ID cf3> Non-verified Host ID is us-hop-dev1 (Using skipverify) cf3> Non-verified User ID seems to be root (Using skipverify) cf3> -> Public key identity of host "::ffff:10.6.8.200" is "MD5=987b169fdccbee8236d444a5ea017795" cf3> A public key was already known from us-hop-dev1/::ffff:10.6.8.200 - no trust required cf3> Adding IP ::ffff:10.6.8.200 to SkipVerify - no need to check this if we have a key cf3> The public key identity was confirmed as root@us-hop-dev1 cf3> Challenge response from client ::ffff:10.6.8.200 was incorrect - ID false? cf3> Auth dialogue error cf3> From (host=us-hop-dev1,user=root,ip=::ffff:10.6.8.200) So, how do I get them to play nicely? I notice that the server mentions the agents VNIC IP in a couple places and its public IP in others. Also odd is the attempt by the client to access a file named /var/cfengine/ppkeys/root-.pub. On a sidenote the secondary IP on eth0:0 never shows up in the sys variables: R: sys.interface = eth0 R: sys.interfaces = eth0 R: sys.interfaces = eth1 R: sys.ip_addresses = 10.6.8.207 R: sys.ip_addresses = 192.168.159.101 R: sys.ipv4 = 10.6.8.207 R: sys.ipv4[eth0] = 10.6.8.207 R: sys.ipv4[eth1] = 192.168.159.101 This strikes me as a bug. -- Ron Parker _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
