You should use an @ rather than a $ when inserting an slist
allowallconnects => {
@(g.sdm_host_list)
};
The verbose output shows useful informations, you should always read
them thouroughly as they gives clues on what is wrong and right
Regards
Nicolas CHARLES
Normation SAS - http://www.normation.com
44 rue Cauchy – 94110 ARCUEIL
+33 (0)1 83 62 26 96 - +33 (0)6 14 63 25 18
On 10/02/2011 20:53, Sandra Wittenbrock wrote:
> Hello,
>
> I'm still having some trouble using a list for "allowallconnects" and
> "trustkeysfrom".
>
> I define the list in promises.cf:
>
> *******************************
>
> body common control
> {
> version => "0.2.0";
> inputs => {
> "update.cf",
> "library.cf",
> # "execd.cf",
> "serverd.cf",
> "sdm.cf"
> };
>
> bundlesequence => {
> "g",
> "update",
> "sdm"
> };
> }
>
> bundle common g{
>
> # vars referred to as ${g.masterfiles} etc
> vars:
> "workdir" string => "/var/lib/cfengine3";
> "masterfiles" string => "${g.workdir}/masterfiles";
> "inputs" string => "${g.workdir}/inputs";
> "sdm_host_list" slist => { "255.3.30.207", "255.3.30.201",
> "255.3.30.207", "255.3.30.46", "255.3.30.47", "255.3.30.48",
> "255.3.30.49", "255.3.30.64","255.3.30.108", "255.3.30.109",
> "255.3.30.36", "255.3.30.103", "255.3.30.45", "255.3.30.102",
> "255.3.30.105" };
>
> }
>
> *********************************
>
> In serverd.cf, I try to use g.sdm_host_list as follows:
>
> ********************************
>
> body server control
> {
> denybadclocks => "true";
> # allow connections from 255.3.30 subnet
> skipverify => { "255.3.30.*" };
> allowallconnects => {
> $(g.sdm_host_list)
> };
> allowconnects => {
> $(g.sdm_host_list)
> };
> maxconnections => "30";
> logallconnections => "true";
> trustkeysfrom => { $(g.sdm_host_list) };
> #trustkey => "true";
>
> allowusers => {"root"};
>
> }
>
> *********************************
>
> When I run cf-serverd -v, I get the following error:
>
> cf3 Listening for connections ...
> cf3 Not allowing connection from non-authorized IP 255.3.30.102
> cf3 Not allowing connection from non-authorized IP 255.3.30.102
> cf3 Not allowing connection from non-authorized IP 255.3.30.102
> cf3 Not allowing connection from non-authorized IP 255.3.30.105
> cf3 Not allowing connection from non-authorized IP 255.3.30.105
> cf3 Not allowing connection from non-authorized IP 255.3.30.108
> cf3 Not allowing connection from non-authorized IP 255.3.30.108
>
>
> On the client side, running cf-agent -v, I got:
>
>
> Set cfengine port number to 5308 = 5308
> cf3 Connect to 255.3.30.45 = 255.3.30.45 on port 5308
> cf3 LastSaw host 255.3.30.45 now
> cf3 Loaded /var/lib/cfengine3/ppkeys/root-255.3.30.45.pub
> cf3 Couldn't send
> cf3 !!! System error for send: "Broken pipe"
> cf3 Couldn't send
> cf3 !!! System error for send: "Broken pipe"
> cf3 Couldn't send
> cf3 !!! System error for send: "Broken pipe"
> cf3 Challenge response from server 255.3.30.45/255.3.30.45 was incorrect!
> cf3 I: Report relates to a promise with handle ""
> cf3 I: Made in version '0.2.0' of '/var/lib/cfengine3/inputs/update.cf'
> near line 35
> cf3 Authentication dialogue with 255.3.30.45 failed
> cf3 Unable to establish connection with 255.3.30.45
> cf3 No suitable server responded to hail
>
> _______________________________________________
> Help-cfengine mailing list
> [email protected]
> https://cfengine.org/mailman/listinfo/help-cfengine
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
