Question #3541
closed
Nodes No Answer
Description
I have accepted a new nodes.
node : corentin (192.168.22.79)
server-rudder-root : 192.168.22.104
I created a rules :
- I created a techniques
- I add the node at this rules
After to have define this nodes, i wait 10 minutes and i have no answer.
I don't understand why my node said no answer.
How i can to verify my node receive this rules ?
Thank
Files
Updated by Vincent MEMBRÉ over 11 years ago
You can see the node output by running the agent on it.
the command is : /var/rudder/cfengine-community/cf-agent -KI
You have to be root to use that command.
If the node is still not answering, can you please post the output of that command?
Updated by Corentin Guilleme over 11 years ago
The node is not answering
Here is the message :
root@corentin:/home/corentin# /var/rudder/cfengine-community/bin/cf-agent -KI@Common@
!! Duplicate selection of value for variable "execRun" in scope g
!! Rule from /var/rudder/cfengine-community/inputs/common/1.0/site.cf at/before line 58
R: log_info@hasPolicyServer-root@common-root@00@common@StartRun@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c#Start execution
Can't stat /var/rudder/share/2f30796d-dd5f-4462-9fc8-f0737aa0a14c/rules/cfengine-community/rudder_promises_generated in files.copyfrom promise
R: @Common@result_error@hasPolicyServer-root@common-root@00@Update@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#Cannot update node's policy or dependencies
R: @Common@result_success@hasPolicyServer-root@common-root@00@Security parameters@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#The internal environment security is acceptable
R: @Common@result_success@&TRACKINGKEY&@Process checking@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#There is an acceptable number of cf-execd processes (between 0 and 2) and cf-agent processes (between 0 and 5)
R: @Common@result_success@hasPolicyServer-root@common-root@00@CRON Daemon@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#The CRON daemon is running
R: @Common@result_success@hasPolicyServer-root@common-root@00@Binaries update@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#The CFengine binaries in /var/rudder/cfengine-community/bin are up to date
-> Executing '/usr/bin/curl -s -f --proxy '' -o "/var/rudder/tmp/uuid.txt" http://192.168.22.104/uuid' ...(timeout=-678,owner=-1,group=-1)
-> Completed execution of /usr/bin/curl -s -f --proxy '' -o "/var/rudder/tmp/uuid.txt" http://192.168.22.104/uuid
R: @Inventory@log_info@inventory-all@inventory-all@00@inventory@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#An inventory was already sent less than 8 hours ago
R: @Inventory@result_success@inventory-all@inventory-all@00@inventory@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#Next inventory scheduled between 00:00 and 06:00
R: @Common@log_info@hasPolicyServer-root@common-root@00@common@EndRun@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#End execution@
Updated by Vincent MEMBRÉ over 11 years ago
We can see that the node could not get its promises generated by the server:
Can't stat /var/rudder/share/2f30796d-dd5f-4462-9fc8-f0737aa0a14c/rules/cfengine-community/rudder_promises_generated in files.copyfrom promise R: @Common@result_error@hasPolicyServer-root@common-root@00@Update@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#Cannot update node's policy or dependenciesThat may happen for several reasons:
- There is a network problem (dns, /etc/hosts file) : Make sure that the server and the node can ping each other using their hostnames
- Time problem: Make sure the server and the node are time synchronized
If those are correct, can you send us a execution of the agent in verbose
/var/rudder/cfengine-community/bin/cf-agent -KI -v
Updated by Corentin Guilleme over 11 years ago
I have in the file /etc/hosts
192.168.22.104 debian6-tests3.vtech.fr debian6-tests3
Can't stat /var/rudder/share/2f30796d-dd5f-4462-9fc8-f0737aa0a14c/rules/cfengine-community/rudder_promises_generated in files.copyfrom promise
There are still no reports in Configuration Policy (compliace 0%)
I think my node does not respond
I sent you the file after the command:
/var/rudder/cfengine-community/bin/cf-agent -KI -v
Updated by Vincent MEMBRÉ over 11 years ago
Ok then it seems that it's not a networking issue.
Does the deployment went well ? ( in the up right corner of the webapp)
if not, can you tell me what is in the detail section?
Does the /var/rudder/share/2f30796d-dd5f-4462-9fc8-f0737aa0a14c/ and its subdirectory are generated on the server ?
Finally, can you kill and relaunch the cf-serverd in verbose on your server :
first, kill the running cf-serverd
ps -aux | grep cf-serverd kill -9 pid
or
killall cf-serverd
then launch
/var/rudder/cfengine-community/bin/cf-serverd -Kv
You can now see all outputs of CFEngine on the server.
When the agent will be launched on the node you should get messages here, can you send the message you get here ?
Updated by Vincent MEMBRÉ over 11 years ago
- Tracker changed from Bug to Question
Switched the issue to Question type, As for now, it is not a bug (it may change later, when we found it out)
Updated by Corentin Guilleme over 11 years ago
Yes the deployment went well
Success: Rules Applied at 2013-04-26 10:34 (Took less than 1s)
Yes I have the directory and subdirectories in
/ Var/rudder/share/2f30796d-dd5f-4462-9fc8-f0737aa0a14c /
I subdirectories / rules / cfengine-communty and below I:
checkGenericFileContent / failsafe.cf promises.cf
common / inventory / rudder_promises_generated
Then I killed the process cf-serverd
rudder> Listening for connections ...
rudder> -> Accepting a connection
rudder> Accepting connection from "192.168.22.79"
rudder> New Connection ... (from 192.168.22.79: sd 4)
rudder> Spawning new thread ...
rudder> Allowing 192.168.22.79 to connect without (re) checking ID
rudder> Non-verified Host ID is corentin.local (Using skipverify)
rudder> Non-verified User ID Seems to be root (Using skipverify)
rudder> -> Public key identity of host "192.168.22.79" is "MD5 = d1a9f1252d36fcec3bf0cf9563e05f2d"
rudder> -> Last saw-MD5 = d1a9f1252d36fcec3bf0cf9563e05f2d (aka 192.168.22.79) at Fri Apr 26 10:47:36 2013
rudder> A public key was Already known from corentin.local/192.168.22.79 - no trust required
rudder> Adding IP 192.168.22.79 to SkipVerify - no need to check this if We Have a key
rudder> The public key identity was confirmed as root@corentin.local
rudder> -> Strong authentication of customer corentin.local/192.168.22.79 Achieved
rudder> -> Receiving session key from client (size = 256) ...
rudder> Filename is resolved to
rudder> Found a matching rule in access list in / var/rudder/share/2f30796d-dd5f-4462-9fc8-f0737aa0a14c)
rudder> Host corentin.local denied access to
rudder> Access control in sync
rudder> From (host = corentin.local, user = root, ip = 192.168.22.79)
rudder> REFUSAL of request from connecting host: (SYNCH 1366966061 STAT
Updated by Vincent MEMBRÉ over 11 years ago
- Tracker changed from Question to Bug
To work correctly, Rudder need a fully functional DNS system.
If the server could not resolve the hostname, the server refuse the connection.
You need to add a line to the /etc/hosts file of your Rudder server:
192.168.22.79 corentin.local
Updated by Vincent MEMBRÉ over 11 years ago
- Status changed from New to Discussion
Updated by Vincent MEMBRÉ over 11 years ago
- Tracker changed from Bug to Question
There is some examples of how to configure a server Rudder in the "rudder-vagrant" project: https://github.com/Normation/rudder-vagrant
You have to checkout to branch branches/rudder/2.5 and check provision/server.sh
Updated by Corentin Guilleme over 11 years ago
I have add in the /etc/hosts on rudder-server-root (192.168.22.104) :
192.168.22.79 corentin.vtech.fr corentin
After launch the commande on the rudder-agent (192.168.22.79)
/var/rudder/cfengine-community/bin/cf-agent -KI -v
On the rudder-server-root (192.168.22.104) :
There is Success for the rules
Updated by Vincent MEMBRÉ over 11 years ago
Nice :) So everything's working fine ?
If you have any more questions don't hesitate, We will be glad to answer all your questions.
If you want to discuss directly you can find us on IRC: #rudder
Updated by Nicolas PERRON over 11 years ago
- Target version changed from 2.5.3 to 2.5.4
Updated by Nicolas CHARLES over 11 years ago
- Status changed from Discussion to Resolved
Since everything seems to be in order, i'm closing this ticket
Updated by Benoît PECCATTE over 9 years ago
- Project changed from 34 to Rudder
- Category set to Packaging