--
You received this message because you are subscribed to the Google Groups "help-cfengine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengin...@googlegroups.com.
To post to this group, send email to help-c...@googlegroups.com.
Visit this group at http://groups.google.com/group/help-cfengine.
For more options, visit https://groups.google.com/d/optout.
Thanks Brian.
In the operational scenario where a faulty device is replaced, this solution isn't feasible. Its not even possible to know which device will replace the faulty one before the demise of the faulty one.
There might be up to 20 agent nodes attached to this hub on a private lan.
I am tempted to have the startup script on the agents blow away the root-* keys at each restart.
Unless there is a tool that can detect the authentication failure - the cause being in correct keys ?
Perhaps a "checkauth" promise can be written to check key validity at startup on agent nodes ?
# Copyright 2015, Brian Bennett <bah...@digitalelf.net>
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.bundle agent rebootstrap {vars:"hub_mdns_ip" string => host2ip("_cfenginehub._tcp.local"),comment => "Find the currently published policy hub IP address";classes:"hub_has_changed" expression => strcmp("$(hub_mdns_ip)","$(sys.policy_hub)")comment => "Flag a change if the mdns address does not match the system policy hub";commands:hub_has_changed::"$(sys.cf_agent) -B $(hub_mdns_ip)"comment => "Bootstrap to the newly detected mDNS advertised policy hub";}