Possibly you have misunderstood cfengine. You do not connect to clients from a server. Clients connect to a server. But these words server/client are very abused.
A server is a process (cfservd) that runs on some machine. A client is a program (cfagent) that runs on some machine. You can run clients and servers whereever you want, but the rule is that clients connect to servers not the other way around. M On Wed, 2006-02-22 at 13:00 -0800, Josh Hurd wrote: > Actually what I am really trying to do is operate cfe from one server > and conect to clients on different domains. > Can someone help with this? > > Josh > > _____________________________________________ > From: Josh Hurd > Sent: Wednesday, February 22, 2006 12:29 PM > To: Cfengine Mailing List Help > Subject: Can't get a client to authorize? > > I am seeing this error when I run cfagent on a new client I just > built. I am stumped. Can someone help me understand this? > > Denying connection from non-authorized IP 10.12.1.77 > > My update.conf: > > > # update.conf 2/15/05 Dougc > groups: > sea1_dc_digimine_com = ( IPRange(192.168.0.0/16) > IPRange(10.254.0.0/16) IPRange(10.1.0.0/16) ) > qa_dmtest_com = ( IPRange(172.16.0.0/16) > IPRange(10.12.0.0/16) ) > sb_dmtest_com = ( IPRange(172.16.0.0/16) > IPRange(10.12.0.0/16) ) > > control: > sea1_dc_digimine_com:: > domain = ( sea1.dc.digimine.com ) > server = ( sea1-util01 ) > qa_dmtest_com:: > domain = ( qa.dmtest.com ) > server = ( qa-util01 ) > sb_dmtest_com:: > domain = ( sb.dmtest.com ) > server = ( sea1-util01 ) > > any:: > actionsequence = ( copy files ) > workdir = ( /var/cfengine ) > configroot = ( /var/cfengine/master/inputs ) > SplayTime = ( 35 ) > > copy: > any:: > "$(configroot)" dest=$(workdir)/inputs > mode=664 > owner=rsiadmin > include=*.conf > type=binary > recurse=inf > trustkey=true > server=$(server) > files: > any:: > "$(workdir)/inputs/" > mode=664 > owner=rsiadmin > group=rsiadmin > action=fixall > recurse=inf > > > > My cfservd.conf: > > # $Header: /cfengine/Production/cfservd.conf 3 2/03/05 10:47 > JeffreyC $ > control: > any:: > domain = ( sea1.dc.digimine.com sb.dmtest.com ) > server = ( sea1-util01 ) > TrustKeysFrom = ( 192.168.0.0/16 127.0.0.1/32 10.254.0.0/16 > 10.1.30.0/24 10.12.0.0/16 ) > AllowConnectionsFrom = ( 192.168.0.0/16 127.0.0.1/32 10.254.0.0/16 > 10.1.30.0 10.12.0.0/16 ) > TrustKeysFrom = ( 127.0.0.1 10.1 192.168 10.254 > 10.12.0.0/16 ) > AllowConnectionsFrom = ( 127.0.0.1 10.1 192.168 10.254 > 10.12.0.0/16 ) > SkipVerify = ( 10.1 10.12 ) > AllowUsers = ( root ) > cfrunCommand = ( "/usr/sbin/cfexecd -F" ) > HostnameKeys = ( off ) > > sea1_util01:: > MaxConnections = ( 20 ) > > > admit: > sea1_dc_digimine_com:: > /var/cfengine/master 192.168.0.0/16 127.0.0.1/32 > 10.254.0.0/16 10.1.30.0/24 > /usr/sbin/cfagent 192.168.0.0/16 127.0.0.1/32 > 10.254.0.0/16 10.1.30.0/24 > /usr/sbin/cfexecd 192.168.0.0/16 127.0.0.1/32 > 10.254.0.0/16 10.1.30.0/24 > sb_dmtest_com:: > /var/cfengine/master 10.12.0.0/16 > /usr/sbin/cfagent 10.12.0.0/16 > /usr/sbin/cfexecd 10.12.0.0/16 > > sea1_util01:: > /var/ftp/pub/linux 192.168.0.0/16 127.0.0.1/32 > 10.254.0.0/16 10.1.30.0/24 10.12.0.0/16 > /mnt/rsi/logs02/Network/ExtractFiles 192.168.0.0/16 127.0.0.1/32 > 10.254.0.0/16 10.1.30.0/24 10.12.0.0/16 > > _______________________________________________ > Help-cfengine mailing list > Help-cfengine@gnu.org > http://lists.gnu.org/mailman/listinfo/help-cfengine _______________________________________________ Help-cfengine mailing list Help-cfengine@gnu.org http://lists.gnu.org/mailman/listinfo/help-cfengine
