Hi all, I am having problems using func's delegation feature, and I'm hoping someone out there can help me out. I have two separate environments (we'll call them A and B), with one overlord per environment. I would like environment A's overlord to be able to issue commands to the minions in environment B via B's overlord. Environment A's overlord is named 'foo', and environment B's overlord is named 'bar'. The minion that I am trying to reach through 'bar' is named 'copper'. Using the directions at https://fedorahosted.org/func/wiki/DelegationModule, I have successfully run func-build-map on foo, with the following results: ----- snip ----- host1.domain.com: {} host2.domain.com: {} bar.domain.com: copper.domain.com: {} anotherhost.domain.com: {} host3.domain.com: {} ----- snip ----- However, when I try to make func calls to copper from foo, I am unsuccessful: [edennis@foo ~]$ func "copper*" call test ping ERROR: Can't find any minions matching "copper*". I read through the code a bit, and noted that this failure seemed to be because copper's cert didn't exist in /var/lib/certmaster/certmaster/certs/ on foo. I didn't see anything in the delegation docs that indicated that certs needed to be exchanged between sub-minions and overlords for delegation to work, but I figured I'd drop copper's cert on foo to see what happened. After copying the cert into /var/lib/certmaster/certmaster/certs/ on foo, I got this: [edennis@foo ~]$ func "copper*" call test ping {'copper.domain.com': ['REMOTE_ERROR', 'OpenSSL.SSL.Error', "[('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]", ' File "/usr/lib/python2.4/site-packages/func/overlord/client.py", line 648, in process_server\n retval = getattr(conn, meth)(*args[:])\n File "/usr/lib/python2.4/xmlrpclib.py", line 1096, in __call__\n return self.__send(self.__name, args)\n File "/usr/lib/python2.4/xmlrpclib.py", line 1383, in __request\n verbose=self.__verbose\n File "/usr/lib/python2.4/xmlrpclib.py", line 1129, in request\n self.send_content(h, request_body)\n File "/usr/lib/python2.4/xmlrpclib.py", line 1243, in send_content\n connection.endheaders()\n File "/usr/lib/python2.4/httplib.py", line 804, in endheaders\n self._send_output()\n File "/usr/lib/python2.4/httplib.py", line 685, in _send_output\n self.send(msg)\n File "/usr/lib/python2.4/httplib.py", line 664, in send\n self.sock.sendall(str)\n File "/usr/lib/python2.4/site-packages/certmaster/SSLConnection.py", line 109, in sendall\n sent = con.send(data, flags)\n']} Any ideas on how I can get delegation to work? Am I missing something here? Thanks in advance for any help. - Eric _______________________________________________ Func-list mailing list Func-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/func-list
