Re: difficulties communicating between cfengine hosts (still)

Mon, 13 Feb 2006 15:33:14 -0800 


On Feb 13, 2006, at 1:56 PM, Mark Burgess wrote:


Looks like nothing was sent -- have you included
Allow(Multiple)ConnectionsFrom?


Well, here's what cfservd,conf on the master/policyhost looks like.

control:
  domain = ( paulbeard.org )
  TrustKeysFrom = ( 192.168.2.0/24 )
  AllowUsers = ( root )
  BindToInterface = ( 192.168.2.1 )
  AllowConnectionsFrom = ( 192.168.2.0/24 )
any::

  IfElapsed = ( 0 )
  ExpireAfter = ( 15 )
  MaxConnections = ( 50 )
  MultipleConnections = ( true )


grant:

   # Grant access to all hosts in paulbeard.org.
   /var/cfengine/inputs   *.paulbeard.org
   /var/cfengine/inputs   *.local

This is the tail-end of the output from cfservd -d2:

ACCESS GRANTED ----------------------:

Path: /var/cfengine/inputs (encrypt=0)
   Admit: *.local root=
   Admit: *.paulbeard.org root=
ACCESS DENIAL ------------------------ :

Host IPs allowed connection access :

IP: 192.168.2.0/24
Host IPs denied connection access :

Host IPs allowed multiple connection access :

Host IPs from whom we shall accept public keys on trust :

IP: 192.168.2.0/24
Host IPs from NAT which we don't verify :

Dynamical Host IPs (e.g. DHCP) whose bindings could vary over time :

IPV4 address
sockaddr_ntop(192.168.2.1)
Bound to address 192.168.2.1 on freebsd=14
Listening for connections ...

and this is what turns up when I run cfagent -q -K -v -d2  on a client:

IPV4 address
sockaddr_ntop(192.168.2.2)
Obtained IP address of 192.168.2.2 on socket 7 from accept

FuzzyItemIn(LIST,192.168.2.2)
Try FuzzySetMatch(192.168.2.0/24,192.168.2.2)
IPV4 address
sockaddr_ntop(192.168.2.0)
Coded ipv4 192.168.2.0
IPV4 address
sockaddr_ntop(192.168.2.2)
Coded ipv4 192.168.2.2

FuzzyItemIn(LIST,192.168.2.2)
Purging Old Connections...
Done purging

FuzzyItemIn(LIST,192.168.2.2)
Prepending [192.168.2.2]
*** New socket [7]
New connection...(from 192.168.2.2/7)
Spawning new thread...
Checking file updates on /var/cfengine/inputs/cfservd.conf (43f1165f/ 43f11681) 
RecvSocketStream(8)
Transmission empty or timed out...
Transaction Receive [][]
RecvSocketStream(0)
cfservd terminating NULL transmission!
Terminating thread...
***Closing socket 7 from 192.168.2.2
Deleted item 192.168.2.2

--
Paul Beard
contact info: www.paulbeard.org/paulbeard.vcf

Are you trying to win an argument or solve a problem?



_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://lists.gnu.org/mailman/listinfo/help-cfengine

Reply via email to