Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-703

bootstrap incorrectly reported as successful when connection to policy hub failed



    • Type: Bug
    • Status: Done
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.10.3
    • Component/s: Bootstrap
    • Labels:


      I'm trying to re-bootstrap a client:


      1. cf-agent -B -s
        • CFEngine BOOTSTRAP probe initiated

      @@@ CFEngine

      @ @@@ @ CFEngine Core 3.4.2
      @ @@@ @
      @ @@@ @
      @ @
      @ @
      @ @
      @ @

      Copyright (C) CFEngine AS 2008-2013
      See Licensing at http://cfengine.com/3rdpartylicenses

      -> This host is: cloud1
      -> Operating System Type is linux
      -> Operating System Release is 3.2.0-33-generic
      -> Architecture = x86_64
      -> Internal soft-class is linux
      -> An existing policy was cached on this host in /var/cfengine/inputs
      -> Assuming the policy distribution point at:
      -> Attempting to initiate promised autonomous services...

      !! Not authorized to trust the server='s public key (trustkey=false)
      !! Authentication dialogue with failed
      -> Bootstrap to completed successfully

      As you can see, the final line of the output reports successful
      completion of the bootstrap process, but the preceding lines alert
      that connection to the server actually failed. Indeed:

      root@cloud1:/var/cfengine/inputs# cf-agent -I -f failsafe.cf
      !! Not authorized to trust the server='s public key (trustkey=false)
      !! Authentication dialogue with failed
      Unable to establish connection with
      -> No suitable server responded to hail
      Promise (version Community Failsafe.cf 1.0.0) belongs to bundle 'update' in file '/var/cfengine/inputs/failsafe.cf' near line 110
      Comment: Check whether a validation stamp is available for a new policy update to reduce the distributed load

      The bootstrap should definitely not be considered successful if the
      connection to the server failed. I assume that the current bootstap
      promises check for existence of some files in `/var/cfengine/inputs`,
      which is correct for first-time bootstrap, but fails in case of a
      client being re-bootstrapped to a different server.




            • Assignee:
              a10042 Nick Anderson
              riccardomurri Riccardo Murri
            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created:

                Summary Panel