Hey Dennis,
I've heard about this problem before; I will take a look at it this week
and keep y'all apprised. Thanks for the report!
-Steve Salevan
ssalevan@xxxxxxxxxx
On 01/01/2010 03:18 PM, Dennis, Eric wrote:
Hi all,
I am having problems using func's delegation feature, and I'm hoping someone out there can help me out.
I have two separate environments (we'll call them A and B), with one overlord per environment. I would like environment A's overlord to be able to issue commands to the minions in environment B via B's overlord. Environment A's overlord is named 'foo', and environment B's overlord is named 'bar'. The minion that I am trying to reach through 'bar' is named 'copper'.
Using the directions at https://fedorahosted.org/func/wiki/DelegationModule, I have successfully run func-build-map on foo, with the following results:
----- snip -----
host1.domain.com: {}
host2.domain.com: {}
bar.domain.com:
copper.domain.com: {}
anotherhost.domain.com: {}
host3.domain.com: {}
----- snip -----
However, when I try to make func calls to copper from foo, I am unsuccessful:
[edennis@foo ~]$ func "copper*" call test ping
ERROR: Can't find any minions matching "copper*".
I read through the code a bit, and noted that this failure seemed to be because copper's cert didn't exist in /var/lib/certmaster/certmaster/certs/ on foo. I didn't see anything in the delegation docs that indicated that certs needed to be exchanged between sub-minions and overlords for delegation to work, but I figured I'd drop copper's cert on foo to see what happened. After copying the cert into /var/lib/certmaster/certmaster/certs/ on foo, I got this:
[edennis@foo ~]$ func "copper*" call test ping
{'copper.domain.com': ['REMOTE_ERROR',
'OpenSSL.SSL.Error',
"[('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]",
' File "/usr/lib/python2.4/site-packages/func/overlord/client.py", line 648, in process_server\n retval = getattr(conn, meth)(*args[:])\n File "/usr/lib/python2.4/xmlrpclib.py", line 1096, in __call__\n return self.__send(self.__name, args)\n File "/usr/lib/python2.4/xmlrpclib.py", line 1383, in __request\n verbose=self.__verbose\n File "/usr/lib/python2.4/xmlrpclib.py", line 1129, in request\n self.send_content(h, request_body)\n File "/usr/lib/python2.4/xmlrpclib.py", line 1243, in send_content\n connection.endheaders()\n File "/usr/lib/python2.4/httplib.py", line 804, in endheaders\n self._send_output()\n File "/usr/lib/python2.4/httplib.py", line 685, in _send_output\n self.send(msg)\n File "/usr/lib/python2.4/httplib.py", line 664, in send\n self.sock.sendall(str)\n File "/usr/lib/python2.4/site-packages/certmaster/SSLConnection.py", line 109, in sendall\n sent = con.send(data, flags)\n']}
Any ideas on how I can get delegation to work? Am I missing something here? Thanks in advance for any help.
- Eric
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
