Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Cfengine 2.2.9 multiple IP aliases issue

6 views
Skip to first unread message

Tom Callahan

unread,
Aug 13, 2009, 9:16:49 AM8/13/09
to
I have several servers managed by Cfengine that have up to 20 IP
Aliases on them, ie.

bond0
bond0:1
bond0:2
bond0:3

etc.

The cfagent execution from the shell prompt seems to use the correct
routing path, using bond0 as the interface to connect to the master
server as. However, when run from cfexecd, it seems to use (what
appears to be) random interfaces, causing the key trust to fail.

How do I fix this?

Thanks,
Tom Callahan

Aleksandar Ivanisevic

unread,
Aug 18, 2009, 8:54:31 AM8/18/09
to
Tom Callahan <tca...@gmail.com> writes:

This is Linux, right? look at ip route output, what does it think that
the source address should be, try setting the explicit source ip on
the route, i.e.

ip route replace x.x.x.x/yy dev zzz src 1.2.3.4

where xxx/yy and zzz is the route to the server and the appropriate
device.

alternatively you can set the outgoing address with iptables SNAT

--
Gle, svaka cast tebi i tvom poslu ali kaj nas moras svaki puta dojit sa
tvojom placom i poslom itd. Pa svaki post koji postas prije ili kasnije
pocinje aludirati na tvoje vrhunaravne izvore prihoda i materijalnih dobara.
Daj se sredi malo. Mislim da na ama bas nikoga ne zanima koliko ti zaradujes
i kako trosis svoje pare. Tomislav Kralj - hr.comp.programiranje.baze

Tom Callahan

unread,
Aug 24, 2009, 9:03:29 AM8/24/09
to
On Aug 18, 8:54 am, Aleksandar Ivanisevic <aleksan...@ivanisevic.de>
wrote:

> This is Linux, right? look at ip route output, what does it think that
> the source address should be, try setting the explicit source ip on
> the route, i.e.
>
> ip route replace x.x.x.x/yy dev zzz src 1.2.3.4
>
> where xxx/yy and zzz is the route to the server and the appropriate
> device.
>
> alternatively you can set the outgoing address with iptables SNAT
>
> --
> Gle, svaka cast tebi i tvom poslu ali kaj nas moras svaki puta dojit sa
> tvojom placom i poslom itd. Pa svaki post koji postas prije ili kasnije
> pocinje aludirati na tvoje vrhunaravne izvore prihoda i materijalnih dobara.
> Daj se sredi malo. Mislim da na ama bas nikoga ne zanima koliko ti zaradujes
> i kako trosis svoje pare. Tomislav Kralj - hr.comp.programiranje.baze

I've worked with the route tables, and it seems hit or miss. I have
not tried SNAT'ing yet.

I'm somewhat surprised there isn't a configuration setting in CfEngine
that lets you define the active interface to use when communicating.
Is this available, and I've just missed it in the documentation?

Thanks,
Tom Callahan

0 new messages