[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1041323: CFEngine agent connection errors

This is fixed by allowing "127.0.0.1" and "::1" to connect to cf-serverd in
cf3/promises.cf. There also seems to be a typo regarding the local network:

    …
    body server control
    # Debian Edu specific
    {
          allowconnects         => { "10.0.0.0.0/8" };
          allowallconnects      => { "10.0.0.0.0/8" };
          trustkeysfrom         => { "10.0.0.0.0/8" };
    …

After changing this to

    …
    body server control
    # Debian Edu specific
    {
          allowconnects         => { "127.0.0.1", "::1", "10.0.0.0/8" };
          allowallconnects      => { "127.0.0.1", "::1", "10.0.0.0/8" };
          trustkeysfrom         => { "10.0.0.0/8" };
    …

the agent connects but then aborts due to a different error about an
untrusted server key:


    Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)  TRUST FAILED, server presented untrusted key: MD5=42d62c2c4be843a78dafffb40dd40277
    Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)  No suitable server found for '/var/lib/cfengine3/inputs'
    Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)  Promise belongs to bundle 'failsafe_cfe_internal_update' in file '/var/lib/cfengine3/inputs/failsafe.cf' near line 121
    Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)  Errors encountered when actuating files promise '/var/lib/cfengine3/inputs'
    Jul 20 10:35:34 tjener.intern cf-serverd[1168]:    error: ::1>             SSL_write: underlying network error (Broken pipe)
    Jul 20 10:35:34 tjener.intern cf-serverd[1168]: CFEngine(server)  ::1>             SSL_write: underlying network error (Broken pipe)
    Jul 20 10:35:34 tjener.intern cf-serverd[1168]:   notice: ::1>             Connection was hung up!
    Jul 20 10:35:34 tjener.intern cf-serverd[1168]: CFEngine(server)  ::1>             Connection was hung up!
    Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)  TRUST FAILED, server presented untrusted key: MD5=42d62c2c4be843a78dafffb40dd40277
    Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)  No suitable server found for '/var/lib/cfengine3/modules'
    Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)  Promise belongs to bundle 'failsafe_cfe_internal_update' in file '/var/lib/cfengine3/inputs/failsafe.cf' near line 130
    Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)  Errors encountered when actuating files promise '/var/lib/cfengine3/modules'
    Jul 20 10:35:34 tjener.intern cf-serverd[1168]:    error: ::1>             SSL_write: underlying network error (Broken pipe)
    Jul 20 10:35:34 tjener.intern cf-serverd[1168]: CFEngine(server)  ::1>             SSL_write: underlying network error (Broken pipe)
    Jul 20 10:35:34 tjener.intern cf-serverd[1168]:   notice: ::1>             Connection was hung up!
    Jul 20 10:35:34 tjener.intern cf-serverd[1168]: CFEngine(server)  ::1>             Connection was hung up!
    Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)  TRUST FAILED, server presented untrusted key: MD5=42d62c2c4be843a78dafffb40dd40277
    Jul 20 10:35:34 tjener.intern cf-serverd[1168]:    error: ::1>             Connection was hung up while receiving line:
    Jul 20 10:35:34 tjener.intern cf-serverd[1168]: CFEngine(server)  ::1>             Connection was hung up while receiving line:
    Jul 20 10:35:34 tjener.intern cf-serverd[1168]:   notice: ::1>             Client closed connection early! He probably does not trust our key...
    Jul 20 10:35:34 tjener.intern cf-serverd[1168]: CFEngine(server)  ::1>             Client closed connection early! He probably does not trust our key...
    Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)  No suitable server found for '/var/lib/cfengine3/inputs'
    Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)  Promise belongs to bundle 'failsafe_cfe_internal_update' in file '/var/lib/cfengine3/inputs/failsafe.cf' near line 144
    Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)  Comment is 'If we failed to fetch policy we try again using
                                                                      the legacy default in case we are fetching policy
                                                                      from a hub that is not serving mastefiles via a
                                                                      shortcut.'
    Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)  Errors encountered when actuating files promise '/var/lib/cfengine3/inputs'
    Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)  Method 'failsafe_cfe_internal_update' failed in some repairs
    Jul 20 10:35:34 tjener.intern cf-agent[4734]: CFEngine(agent)  TRUST FAILED, server presented untrusted key: MD5=42d62c2c4be843a78dafffb40dd40277
    Jul 20 10:35:34 tjener.intern cf-agent[4734]: CFEngine(agent)  No suitable server found for '/var/lib/cfengine3/inputs/cf_promises_validated'
    Jul 20 10:35:34 tjener.intern cf-agent[4734]: CFEngine(agent)  Promise belongs to bundle 'cfe_internal_update_policy_cpv' in file '/var/lib/cfengine3/inputs/cfe_internal/update/update_policy.cf' near line 229
    Jul 20 10:35:34 tjener.intern cf-agent[4734]: CFEngine(agent)  Comment is 'Check whether a validation stamp is available for a new policy update to reduce the distributed load'
    Jul 20 10:35:34 tjener.intern cf-agent[4734]: CFEngine(agent)  Errors encountered when actuating files promise '/var/lib/cfengine3/inputs/cf_promises_validated'
    Jul 20 10:35:34 tjener.intern cf-serverd[1168]:    error: ::1>             SSL_write: underlying network error (Broken pipe)
    Jul 20 10:35:34 tjener.intern cf-serverd[1168]: CFEngine(server)  ::1>             SSL_write: underlying network error (Broken pipe)
    Jul 20 10:35:34 tjener.intern cf-serverd[1168]:   notice: ::1>             Connection was hung up!
    Jul 20 10:35:34 tjener.intern cf-serverd[1168]: CFEngine(server)  ::1>             Connection was hung up!
    Jul 20 10:35:34 tjener.intern cf-agent[4734]: CFEngine(agent)  Method 'cfe_internal_update_policy_cpv' failed in some repairs
    Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)  Q: ".../cf-agent" -f /":    error: TRUST FAILED, server presented untrusted key: MD5=42d62c2c4be843a78dafffb40dd40277
                                                  Q: ".../cf-agent" -f /":    error: No suitable server found for '/var/lib/cfengine3/inputs/cf_promises_validated'
                                                  Q: ".../cf-agent" -f /":    error: Promise belongs to bundle 'cfe_internal_update_policy_cpv' in file '/var/lib/cfengine3/inputs/cfe_internal/update/update_policy.cf' near line 229
                                                  Q: ".../cf-agent" -f /":    error: Comment is 'Check whether a validation stamp is available for a new policy update to reduce the distributed load'
                                                  Q: ".../cf-agent" -f /":    error: Errors encountered when actuating files promise '/var/lib/cfengine3/inputs/cf_promises_validated'
                                                  Q: ".../cf-agent" -f /":    error: Method 'cfe_internal_update_policy_cpv' failed in some repairs
    Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)  R: Built-in failsafe policy triggered

-- 
Guido Berhoerster
Reply to: