cf3 无法在 files.copyfrom 承诺中声明 ...

tag-icon tag-icon debian cfengine
cf3 无法在 files.copyfrom 承诺中声明 ...

在客户端上:

# cf-agent -KIv
...
cf3  -> Handling file existence constraints on /etc/cfengine3
cf3  -> Copy file /etc/cfengine3 from /srv/cfengine/sysconf/server/inputs check
cf3 No existing connection to 172.31.69.83 is established...
cf3 Set cfengine port number to 5308 = 5308
cf3  -> Connect to 172.31.69.83 = 172.31.69.83 on port 5308
cf3 LastSaw host 172.31.69.83 now
cf3 Loaded /var/lib/cfengine3/ppkeys/root-172.31.69.83.pub
cf3 .....................[.h.a.i.l.].................................
cf3 Strong authentication of server=172.31.69.83 connection confirmed
cf3 Server returned error:  Unspecified server refusal (see verbose server output)
cf3 Can't stat /srv/cfengine/sysconf/server/inputs in files.copyfrom promise
cf3  ?> defining promise result class Cfengine_Inputs_Updated_Failed
....
cf3     .........................................................
cf3     Promise handle: 
cf3     Promise made by: [cf-agent.cf      ] FAILED 172.31.69.83:///srv/cfengine/sysconf/server/inputs -> localhost:///etc/cfengine3

然而,在服务器(172.31.69.83)上,没有理由无法统计目录:

cyrus:/srv/cfengine/sysconf/server# ls -l /srv/cfengine/sysconf/server/inputs
total 52
-rw-r--r-- 1 root root 2142 Sep  6 21:54 cf-agent.cf
-rw-r--r-- 1 root root  831 Sep  6 18:31 cf-execd.cf
-rw-r--r-- 1 root root 4517 Sep  6 21:44 cf-serverd.cf
-rw-r--r-- 1 root root 3082 Sep  6 21:44 dns.cf
-rw-r--r-- 1 root root 2028 Sep  6 15:12 failsafe.cf
-rw-r--r-- 1 root root 5966 Sep  6 21:44 ldap-masters.cf
-rw-r--r-- 1 root root 4380 Sep  6 18:31 ldap-security.cf
-rw-r--r-- 1 root root 2735 Sep  6 08:21 lib-core.cf
-rw-r--r-- 1 root root 1506 Sep  6 21:45 lib-utils.cf
-rw-r--r-- 1 root root 2635 Sep  6 20:27 lib-vars.cf
-rw-r--r-- 1 root root 2057 Sep  3 17:46 nss.cf
-rw-r--r-- 1 root root 1472 Sep  6 18:31 packages.cf
-rw-r--r-- 1 root root 1257 Sep  6 18:01 pam-security.cf
-rw-r--r-- 1 root root 4019 Sep  6 19:32 promises.cf
-rw-r--r-- 1 root root 2808 Sep  3 17:22 site.cf
-rw-r--r-- 1 root root 1670 Sep  6 18:31 sudo-security.cf
-rw-r--r-- 1 root root  831 Sep  6 18:31 sys-security.cf
-rw-r--r-- 1 root root  890 Sep  6 18:31 sys-users.cf
cyrus:/srv/cfengine/sysconf/server#

运行时我也没有看到任何有趣的服务器端:

/usr/sbin/cf-serverd -d4 --verbose --no-fork

并且以下没有任何抱怨:

/usr/sbin/cf-promises -v

有任何想法吗?

我在 debian、v3.0.5+dfsg-1 上运行 cfengine3 - cf-agent.cf 文件如下:

bundle agent Update {
files:
    linux::
        "${cf3.path[inputs]}"
            action => immediate,
            move_obstructions => "true",
            depth_search => Recursive,
            copy_from => MirrorFrom(
                "${cf3.host[server]}",
                "${cf3.path[scm-inputs]}",
                "true",
                "0400"
            ),
            classes => DefineSoftClass("Cfengine_Inputs_Updated")
        ;

        "${cf3.path[sbin]}"
            comment => "Setting cf3 client sbin scripts: ${cf3.path[sbin]}/",
            action => immediate,
            depth_search => Recursive,
            copy_from => MirrorFrom(
                "${cf3.host[server]}",
                "${cf3.path[scm-cnt-scripts]}",
                "false",
                "0555"
            )
        ;


reports:
    Cfengine_Inputs_Updated::
        "[cf-agent.cf      ] Services:CFAgent:Inputs:Updated";
    Cfengine_Inputs_Updated_Failed::
        "[cf-agent.cf      ] FAILED ${cf3.host[server]}://${cf3.path[scm-inputs]} -> localhost://${cf3.path[inputs]}";
}

我撒谎了,再多调试一下就会发现一些有趣的东西......

AccessControl(/srv/cfengine/sysconf/server/inputs)
AccessControl, match(/srv/cfengine/sysconf/server/inputs,client.com.au) encrypt request=1
Examining rule in access list (/srv/cfengine/sysconf/server/inputs,/home/cfengine)?
cf3 Host client.com.au denied access to /srv/cfengine/sysconf/server/inputs
Unappending Host client.com.au denied access to /srv/cfengine/sysconf/server/inputs
cf3 Access control in sync
Unappending Access control in sync
Transaction Send[t 59][Packed text]
Attempting to send 67 bytes
SendSocketStream, sent 67
cf3 From (host=client.com.au,user=root,ip=172.31.69.3)
Unappending From (host=client.com.au,user=root,ip=172.31.69.3)
cf3 REFUSAL of request from connecting host: (SYNCH 1283777156 STAT /srv/cfengine/sysconf/server/inputs)
Unappending REFUSAL of request from connecting host: (SYNCH 1283777156 STAT /srv/cfengine/sysconf/server/inputs)
RecvSocketStream(8)
cf3  -> Accepting a connection

我会继续寻找。

答案1

我是个老手,只用过 cfengine v2。无论如何,类似于您的错误消息总是因为:

  • DNS 不匹配

  • 重新安置服务器并配备新硬件等

  • 由于某些负载均衡器存在 SNAT/DNAT

  • 其实没有配置按键

您的系统中所有地方都存在这个问题吗?还是只在一个客户端上存在?

答案2

好的,是的,它与 ACL 有关,现在已修复 - 感谢 Janne 的尝试 :)

相关内容