Custom Query (894 matches)

In my client bcfg2.conf file, I specify the server using its IP address. The client doesn't like that though:

vs1:~ # bcfg2 -v -n
No ca is specified. Cannot authenticate the server with SSL.
Unknown failure
Traceback (most recent call last):
  File "/usr/lib64/python2.4/site-packages/Bcfg2/Proxy.py", line 54, in __call__
    return _Method.__call__(self, *args)
  File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib64/python2.4/xmlrpclib.py", line 1383, in __request
    verbose=self.__verbose
  File "/usr/lib64/python2.4/site-packages/Bcfg2/Proxy.py", line 250, in request
    self.send_content(h, request_body)
  File "/usr/lib64/python2.4/xmlrpclib.py", line 1243, in send_content
    connection.endheaders()
  File "/usr/lib64/python2.4/httplib.py", line 795, in endheaders
    self._send_output()
  File "/usr/lib64/python2.4/httplib.py", line 676, in _send_output
    self.send(msg)
  File "/usr/lib64/python2.4/httplib.py", line 643, in send
    self.connect()
  File "/usr/lib64/python2.4/site-packages/Bcfg2/Proxy.py", line 152, in connect
    self._connect_m2crypto()
  File "/usr/lib64/python2.4/site-packages/Bcfg2/Proxy.py", line 223, in _connect_m2crypto
    self.sock.connect((self.host, self.port)) # automatically checks cert matches host
  File "/usr/local/lib64/python2.4/site-packages/M2Crypto/SSL/Connection.py", line 157, in connect
    if not check(self.get_peer_cert(), self.addr[0]):
  File "/usr/local/lib64/python2.4/site-packages/M2Crypto/SSL/Checker.py", line 101, in __call__
    fieldName='commonName')
WrongHost: Peer certificate commonName does not match host, expected 10.40.2.7, got mgt7.ether.alcf.anl.gov
Failed to download probes from bcfg2
Server Failure
vs1:~ # 

When running an 0.9.6 client against my 1.0 server, it honors the Ignore tags I have in my Pkgmgr files. When I run the 1.0 client, it ignores some of them. From my Pkgmgr file:

<Package name="aaa_base" priority="130" type="rpm" uri="http://10.40.2.7/sles10/x86_64/SLES10-SP2-Updates/sles-10-x86_64/rpm/x86_64">
  <Ignore name="/etc/inittab"/>
  <Ignore name="/etc/mailcap"/>
  <Ignore name="/etc/mime.types"/>
  <Instance simplefile="aaa_base-10-12.53.x86_64.rpm" version="10" release="12.53" arch="x86_64"/>
</Package>

From a 1.0 client run:

Verifying package instances for aaa_base
        10-12.53.x86_64
        verify_flags = ['']
 {'files': [['RPMVERIFY_MD5', 'RPMVERIFY_FILESIZE', 'RPMVERIFY_MTIME', 'c', '/etc/inittab'],
 ['RPMVERIFY_MD5', 'RPMVERIFY_FILESIZE', 'RPMVERIFY_MTIME', 'c', '/etc/mailcap'],
 ['RPMVERIFY_MD5', 'RPMVERIFY_FILESIZE', 'RPMVERIFY_MTIME', 'c', '/etc/mime.types']],    'nevra': ('aaa_base', None, '10', '12.53', 'x86_64')}
        Modlist/Ignore match: /etc/inittab
*** Instance 10-12.53.x86_64 failed RPM verification ***
        Package aaa_base failed verification.

gregcoit | so I built and installed the 1.0.1rc3 debs.  Now I get Server failure:       
         | Protocol Error: 401 Unauthorized                                             
    solj | gregcoit: are you using ssl certs for authentication?                        
gregcoit | this server is both a bcfg2 client and server, and used random password      
gregcoit | solj: so, i think the answer is no                                           
    solj | can you paste a sanitized copy of your bcfg2.conf?                           
gregcoit | solj: sure                                                                   
gregcoit | solj: http://pastebin.com/d27eb9e1b                                          
    solj | ok, so that's using the ssl certs                                            
    solj | try commenting out the cert/key/ca parts of the [communication] section      
    solj | see if that works                                                            
gregcoit | kk                                                                           
gregcoit | yep, that worked                                                             
    solj | k, i have a feeling that the debian installer is setup to regenerate keys or 
         | something                                                                    
    solj | maybe djbclark knows about that                                              
gregcoit | solj: ok, now a huge issue atm                                               
gregcoit | solj: and thanks!                                                            
    solj | np                                                                           
djbclark | solj: I'm pretty sure that's not there; if it is, I didn't add it. It's      
         | possible we need to tell ucf about files it doesn't currently know about. I  
         | should have time tomoorrow to update the ubuntu and debian testing repos with
         | rc3, and also test for config file overwriting problems.                     
    solj | djbclark: sounds good                                                        

Sol Jerome wrote:
> A release candidate for bcfg2 1.0.1rc3 is now available for final
> testing:
> 
> ftp://ftp.mcs.anl.gov/pub/bcfg
> 
> This release is geared toward bugfixes and packaging fixes. The
> following highlights some of these changes:
> 
>  * Improve debian/ubuntu packaging
> 
> Many thanks to all who contributed/tested 1.0.0. Daniel Clark cleaned up
> the debian packaging. In addition, he setup both stable and testing PPAs
> for Ubuntu while also adding a debian archive at http://debian.bcfg2.org.
> Thorsten Lockert tested out the reporting system and contributed various
> patches. Lisa Giacchetti tirelessly stress tested the server to find the
> file descriptor leaks. And, of course, Narayan Desai fixed those. Others
> have helped in testing as well.