Bug#1041323: CFEngine agent connection errors
This is fixed by allowing "127.0.0.1" and "::1" to connect to cf-serverd in
cf3/promises.cf. There also seems to be a typo regarding the local network:
…
body server control
# Debian Edu specific
{
allowconnects => { "10.0.0.0.0/8" };
allowallconnects => { "10.0.0.0.0/8" };
trustkeysfrom => { "10.0.0.0.0/8" };
…
After changing this to
…
body server control
# Debian Edu specific
{
allowconnects => { "127.0.0.1", "::1", "10.0.0.0/8" };
allowallconnects => { "127.0.0.1", "::1", "10.0.0.0/8" };
trustkeysfrom => { "10.0.0.0/8" };
…
the agent connects but then aborts due to a different error about an
untrusted server key:
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent) TRUST FAILED, server presented untrusted key: MD5=42d62c2c4be843a78dafffb40dd40277
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent) No suitable server found for '/var/lib/cfengine3/inputs'
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent) Promise belongs to bundle 'failsafe_cfe_internal_update' in file '/var/lib/cfengine3/inputs/failsafe.cf' near line 121
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent) Errors encountered when actuating files promise '/var/lib/cfengine3/inputs'
Jul 20 10:35:34 tjener.intern cf-serverd[1168]: error: ::1> SSL_write: underlying network error (Broken pipe)
Jul 20 10:35:34 tjener.intern cf-serverd[1168]: CFEngine(server) ::1> SSL_write: underlying network error (Broken pipe)
Jul 20 10:35:34 tjener.intern cf-serverd[1168]: notice: ::1> Connection was hung up!
Jul 20 10:35:34 tjener.intern cf-serverd[1168]: CFEngine(server) ::1> Connection was hung up!
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent) TRUST FAILED, server presented untrusted key: MD5=42d62c2c4be843a78dafffb40dd40277
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent) No suitable server found for '/var/lib/cfengine3/modules'
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent) Promise belongs to bundle 'failsafe_cfe_internal_update' in file '/var/lib/cfengine3/inputs/failsafe.cf' near line 130
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent) Errors encountered when actuating files promise '/var/lib/cfengine3/modules'
Jul 20 10:35:34 tjener.intern cf-serverd[1168]: error: ::1> SSL_write: underlying network error (Broken pipe)
Jul 20 10:35:34 tjener.intern cf-serverd[1168]: CFEngine(server) ::1> SSL_write: underlying network error (Broken pipe)
Jul 20 10:35:34 tjener.intern cf-serverd[1168]: notice: ::1> Connection was hung up!
Jul 20 10:35:34 tjener.intern cf-serverd[1168]: CFEngine(server) ::1> Connection was hung up!
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent) TRUST FAILED, server presented untrusted key: MD5=42d62c2c4be843a78dafffb40dd40277
Jul 20 10:35:34 tjener.intern cf-serverd[1168]: error: ::1> Connection was hung up while receiving line:
Jul 20 10:35:34 tjener.intern cf-serverd[1168]: CFEngine(server) ::1> Connection was hung up while receiving line:
Jul 20 10:35:34 tjener.intern cf-serverd[1168]: notice: ::1> Client closed connection early! He probably does not trust our key...
Jul 20 10:35:34 tjener.intern cf-serverd[1168]: CFEngine(server) ::1> Client closed connection early! He probably does not trust our key...
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent) No suitable server found for '/var/lib/cfengine3/inputs'
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent) Promise belongs to bundle 'failsafe_cfe_internal_update' in file '/var/lib/cfengine3/inputs/failsafe.cf' near line 144
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent) Comment is 'If we failed to fetch policy we try again using
the legacy default in case we are fetching policy
from a hub that is not serving mastefiles via a
shortcut.'
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent) Errors encountered when actuating files promise '/var/lib/cfengine3/inputs'
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent) Method 'failsafe_cfe_internal_update' failed in some repairs
Jul 20 10:35:34 tjener.intern cf-agent[4734]: CFEngine(agent) TRUST FAILED, server presented untrusted key: MD5=42d62c2c4be843a78dafffb40dd40277
Jul 20 10:35:34 tjener.intern cf-agent[4734]: CFEngine(agent) No suitable server found for '/var/lib/cfengine3/inputs/cf_promises_validated'
Jul 20 10:35:34 tjener.intern cf-agent[4734]: CFEngine(agent) Promise belongs to bundle 'cfe_internal_update_policy_cpv' in file '/var/lib/cfengine3/inputs/cfe_internal/update/update_policy.cf' near line 229
Jul 20 10:35:34 tjener.intern cf-agent[4734]: CFEngine(agent) Comment is 'Check whether a validation stamp is available for a new policy update to reduce the distributed load'
Jul 20 10:35:34 tjener.intern cf-agent[4734]: CFEngine(agent) Errors encountered when actuating files promise '/var/lib/cfengine3/inputs/cf_promises_validated'
Jul 20 10:35:34 tjener.intern cf-serverd[1168]: error: ::1> SSL_write: underlying network error (Broken pipe)
Jul 20 10:35:34 tjener.intern cf-serverd[1168]: CFEngine(server) ::1> SSL_write: underlying network error (Broken pipe)
Jul 20 10:35:34 tjener.intern cf-serverd[1168]: notice: ::1> Connection was hung up!
Jul 20 10:35:34 tjener.intern cf-serverd[1168]: CFEngine(server) ::1> Connection was hung up!
Jul 20 10:35:34 tjener.intern cf-agent[4734]: CFEngine(agent) Method 'cfe_internal_update_policy_cpv' failed in some repairs
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent) Q: ".../cf-agent" -f /": error: TRUST FAILED, server presented untrusted key: MD5=42d62c2c4be843a78dafffb40dd40277
Q: ".../cf-agent" -f /": error: No suitable server found for '/var/lib/cfengine3/inputs/cf_promises_validated'
Q: ".../cf-agent" -f /": error: Promise belongs to bundle 'cfe_internal_update_policy_cpv' in file '/var/lib/cfengine3/inputs/cfe_internal/update/update_policy.cf' near line 229
Q: ".../cf-agent" -f /": error: Comment is 'Check whether a validation stamp is available for a new policy update to reduce the distributed load'
Q: ".../cf-agent" -f /": error: Errors encountered when actuating files promise '/var/lib/cfengine3/inputs/cf_promises_validated'
Q: ".../cf-agent" -f /": error: Method 'cfe_internal_update_policy_cpv' failed in some repairs
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent) R: Built-in failsafe policy triggered
--
Guido Berhoerster
Reply to: