So, couldn't you, at the command line on the client host, issue this command to initiate the key exchange?
cf-agent -B -s policy_server (where "policy_server" is the hostname or IP address of the policy server) As long as the server trusts the client, the keys should be exchanged and you're good to go. I think that's all you need to get things started. Nick's failsafe.cf and update.cf are really nice additions. deb On 12/23/10 12:41 PM, Nick Anderson wrote: > On 12/23/2010 01:56 PM, [email protected] wrote: >> Thanks again Nick! >> I copied your failsafe.cf and the unmodified default update.cf that comes >> with the installation to /var/cfengine/inputs on the agent, then issued this >> command: >> cf-agent -B -s dbraz17 >> >> and I get this error: >> >> cf3:/var/cfengine/inputs/update.cf:26,1: Redefinition of bundle update for >> agent is a broken promise, near token '{' >> Protocol transaction broken off (1) >> !!! System reports error for recv: "Connection reset by peer" >> I: Made in version 'not specified' of '/var/cfengine/inputs/failsafe.cf' >> near line 39 >> !! Authentication dialogue with dbraz17 failed >> >> >> Here's the contents of the default update.cf that comes with the >> installation: > Yeah I noticed that when I tried to bootstrap a new host. The problem is > because the client dosnt have the policy hosts key. I guess I > miss-understood all that was required to bootstrap a host. You need a > way to get that server key trusted. I poked at several things and got > mine working again but I am not clear on what exactly my process will be > yet. .... > > I have decided I dont need update.cf so I pushed everything from it > into failsafe.cf. My body server control specifys my cfrun command as > cfruncommand => "$(sys.workdir)/bin/cf-agent -f failsafe.cf&& > $(sys.workdir)/bin/cf-agent"; > > This forces update then run so that the latest policy will be evaluated. > > I have attached my latest failsafe.cf for your enjoyment, please excuse > any mess in it if I havent cleaned up some of the syntax. > > > > _______________________________________________ > Help-cfengine mailing list > [email protected] > https://cfengine.org/mailman/listinfo/help-cfengine _______________________________________________ Help-cfengine mailing list [email protected] https://cfengine.org/mailman/listinfo/help-cfengine
