Problem with delegation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

I am having problems using func's delegation feature, and I'm hoping someone out there can help me out.

I have two separate environments (we'll call them A and B), with one overlord per environment. I would like environment A's overlord to be able to issue commands to the minions in environment B via B's overlord. Environment A's overlord is named 'foo', and environment B's overlord is named 'bar'. The minion that I am trying to reach through 'bar' is named 'copper'.

Using the directions at https://fedorahosted.org/func/wiki/DelegationModule, I have successfully run func-build-map on foo, with the following results:

----- snip -----
host1.domain.com: {}
host2.domain.com: {}
bar.domain.com:
    copper.domain.com: {}
    anotherhost.domain.com: {}
host3.domain.com: {}
----- snip -----

However, when I try to make func calls to copper from foo, I am unsuccessful:

[edennis@foo ~]$ func "copper*" call test ping
ERROR: Can't find any minions matching "copper*".

I read through the code a bit, and noted that this failure seemed to be because copper's cert didn't exist in /var/lib/certmaster/certmaster/certs/ on foo. I didn't see anything in the delegation docs that indicated that certs needed to be exchanged between sub-minions and overlords for delegation to work, but I figured I'd drop copper's cert on foo to see what happened. After copying the cert into /var/lib/certmaster/certmaster/certs/ on foo, I got this:

[edennis@foo ~]$ func "copper*" call test ping
{'copper.domain.com': ['REMOTE_ERROR',
                           'OpenSSL.SSL.Error',
                           "[('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]",
                           '  File "/usr/lib/python2.4/site-packages/func/overlord/client.py", line 648, in process_server\n    retval = getattr(conn, meth)(*args[:])\n   File "/usr/lib/python2.4/xmlrpclib.py", line 1096, in __call__\n    return self.__send(self.__name, args)\n   File "/usr/lib/python2.4/xmlrpclib.py", line 1383, in __request\n    verbose=self.__verbose\n   File "/usr/lib/python2.4/xmlrpclib.py", line 1129, in request\n    self.send_content(h, request_body)\n   File "/usr/lib/python2.4/xmlrpclib.py", line 1243, in send_content\n    connection.endheaders()\n   File "/usr/lib/python2.4/httplib.py", line 804, in endheaders\n    self._send_output()\n   File "/usr/lib/python2.4/httplib.py", line 685, in _send_output\n    self.send(msg)\n   File "/usr/lib/python2.4/httplib.py", line 664, in send\n    self.sock.sendall(str)\n   File "/usr/lib/python2.4/site-packages/certmaster/SSLConnection.py", line 109, in sendall\n    sent = con.send(data, flags)\n']}

Any ideas on how I can get delegation to work? Am I missing something here? Thanks in advance for any help.

- Eric

_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list

[Index of Archives]     [Fedora Users]     [Linux Networking]     [Fedora Legacy List]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux