51252 days on xHamster
66131M profile views
98074K subscribers
77057 comments left

Cfengine client not updating

As the communication is key to getting something working if you don't manage to get the keys setup correctly you'll not get anything working if you have problems. So instead of using keys I'm going to ignore keyfiles completely - and trust all machines on the LAN. /var/lib/cfengine2/masterfiles/inputs *flat # # /etc/cfengine/- for the clients # control: actionsequence = ( copy ) domain = ( ) policyhost = ( flat ) # smtpserver = ( smtp.) # sysadm = ( [email protected]) master_cfinput = ( /var/lib/cfengine2/masterfiles/inputs ) repository = ( /var/lib/cfengine2/outputs ) # # Download the most recent 'cfagent.conf' file from the # server, and install it to /etc/cfengine # copy: $(master_cfinput)/dest=/etc/cfengine/mode=600 server=$(policyhost) force=true trustkey=true # # /etc/cfengine/for the clients # control: domain = ( ) Allow Connections From = ( ) Trust Keys From = ( ) cfrun Command = ( "/usr/sbin/cfagent" ) Allow Users = ( root ) Log All Connections = ( true ) If Elapsed = ( 1 ) Expire After = ( 15 ) Max Connections = ( 50 ) Multiple Connections = ( true ) grant: /usr/sbin/cfagent *flat [email protected]:~# ls -l /var/lib/cfengine2/ppkeys/ total 12 -rw------- 1 root root 1743 2005-08-22 -rw------- 1 root root 426 2005-08-22 -rw-r--r-- 1 root root 426 2005-08-22 [email protected]:~# cfrun flat cfrun(0): .......... cfengine:: Update of image /etc/cfengine/from master /var/lib/cfengine2/masterfiles/inputs/on flat cfengine:: Moved /etc/cfengine/cfsaved to repository location /var/lib/cfengine2/outputs/_etc_cfengine_cfsaved cfengine:scratchy: Object /etc/gshadow had permission 0, changed it to 640 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - I finally got cfengine going after reading the article, thanks. You might want to check the follow mkdir -p /var/lib/cfengine/masterfiles/inputs probably meant to be mkdir -p /var/lib/cfengine2/masterfiles/inputs as that's what's in the update.conf, and Once you've created the update file you're ready to create the file for this client. Each managed client will retrieve this rule file and then execute the rules locally. The server itself will be able to force "pushes" of this file, and thus execute the rules upon any of the managed clients, either individually or en masse. This means that the server's public key must be copied to the client, and the client's key must also be known to the server.

However, there is something that I cannot get done, and I wonder if someone could provide a working example. at leat your post easily let me work out what I wanted to do.. cfengine:myhost:/usr/bin/apt-get -y install %s: Building dependency tree...we'll now look at actually installing it and using it for real on a number of different hosts. The rules will come from one central host and be automatically pushed to a collection of managed servers where they will be executed. The rules file dialog asking if you wish to start several processes at boot time, along with an explanation of what each process is used for. I chose to enable all services at boot time for the moment, although you'll likely not need all services running upon each host.

Thereafter, there is NO trust, keys have to match on both ends or no communication takes place.

Please or register to post comments
If spammers comment on your content, only you can see and manage such comments Delete all
Jun 23, 2014. After the policy server was restarted with the new IP address, clients would not connect error Not authorized to trust public key of server. When updating masterfiles, wait usually 5 minutes for files to propagate to inputs on 192.1 before retrying. 2014-06-23T-0400 notice R Did not. 
27-Jun-2018 21:46
How to find the public key for a given host SHA · Manual Execution · Mustache templating · Unable to log into Mission Portal · Users · Variables · What is promise locking? Why are remote agents not updating? Why are some files inside masterfiles not being updated/distributed? Why does cfengine install into /var/cfengine. 
27-Jun-2018 21:49
Oct 28, 2016. In order to assign unique set of tags to each CFEngine client, I recommend putting them into a file outside $sys.masterdir and $sys.inputdir directories or when inside to use file with extension not matching $update_def.input name patterns. I.e. my implementation uses “$sys.workdir/node.tags” file and I. 
27-Jun-2018 21:52
If your clients get promise failures not kept similar to "Can't stat file '/var/cfengine/master_software_updates/cf-upgrade/linux.x86_64/cf-upgrade' on ' ' in files.copy_from promise" you can download and unpack gz on your Policy Server. This is caused by a known issue where some host packages lacked this. 
27-Jun-2018 21:55

Cfengine client not updating introduction

Cfengine client not updating

Recent posts

28-Jun-2018 01:13
28-Jun-2018 06:54
28-Jun-2018 15:16
28-Jun-2018 19:52
29-Jun-2018 00:42
29-Jun-2018 06:16