Try running the server with -v to see the reason for the failure. Regex are
allowed in
trustkeys
Assarsson, Emil wrote:
> Hi,
>
> It seems like I can't use hostnames with (for example) trustkeysfrom:
> ----
> body server control
> {
> trustkeysfrom => { '.*\.domain\.net' };
> dynamicaddresses => { '10\..*'};
> allowconnects => { '10\..*' };
> hostnamekeys => "true";
> }
> ----
> I get a "!! Authentication dialogue with cfserver.domain.net failed" when I
> run "cf-agent -vK". The error occurs on the agent side. No key gets saved on
> server.
> From what I understand on the reference this should be possible. I'm running
> cfengine 3.0.3 patch 1.
>
>
> If I use this it works fine:
> ----
> body server control
> {
> trustkeysfrom => { '10\..*' };
> dynamicaddresses => { '10\..*'};
> allowconnects => { '10\..*' };
> hostnamekeys => "true";
> }
> ----
>
> I guess there is a problem with the name resolution inside cfengine. Do I
> need to configure anything special to make it work? I can run getent hosts on
> both ip and name without any problem on both sides. Dig works fine too.
>
>
> Best regards
> Operational Services LUX Application Platforms within BI Enterprise Services
>
> Emil Assarsson
> Sony Ericsson Mobile Communications AB
> Nya Vattentornet, SE-221 88 Lund, Sweden
> e-Mail: emil.assars...@sonyericsson.com
> Phone: +46 (0)10 8017422
> "The information in this email, and attachment(s) thereto, is strictly
> confidential and may be legally privileged. It is intended solely for the
> named recipient(s), and access to this e-mail, or any attachment(s) thereto,
> by anyone else is unauthorized. Violations hereof may result in legal
> actions. Any attachment(s) to this e-mail has been checked for viruses, but
> please rely on your own virus-checker and procedures. If you contact us by
> e-mail, we will store your name and address to facilitate communications in
> the matter concerned. If you do not consent to us storing your name and
> address for above stated purpose, please notify the sender promptly. Also, if
> you are not the intended recipient please inform the sender by replying to
> this transmission, and delete the e-mail, its attachment(s), and any copies
> of it without, disclosing it."
>
>
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
--
Mark Burgess
-------------------------------------------------
Professor of Network and System Administration
Oslo University College, Norway
Personal Web: http://www.iu.hio.no/~mark
Office Telf : +47 22453272
-------------------------------------------------
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
