Cfengine Help: Re: List expansion in access rules

[no-reply]

Forum: Cfengine Help
Subject: Re: List expansion in access rules
Author: phnakarin
Link to topic: https://cfengine.com/forum/read.php?3,17585,17595#msg-17595

Could you give us more details about the errors? I'm interested in the case and 
so I did a bit work around. Surprisingly, It went smoothly for me.


body common control
{
 bundlesequence => { "test" };
}

body agent control
{
 skipidentify => "true";
}

bundle agent test
{
 files:
  "/tmp/result/prod.inputs"
     copy_from => 
secure_cp("/tmp/cfengine/prod/stage/inputs/prod.inputs","172.19.1.2");

  "/tmp/result/test.modules"
     copy_from => 
secure_cp("/tmp/cfengine/test/stage/modules/test.modules","172.19.1.2");

  "/tmp/result/dev.repo"
     copy_from => secure_cp("/tmp/cfengine/dev/repo/dev.repo","172.19.1.2");
}

bundle common var
{
 vars:
  "client_networks" slist => { "172.19.1.0/24" };
}

body server control 

{
denybadclocks         => "false";
allowconnects         => { "127.0.0.1" , "::1", @(var.client_networks) };
allowallconnects      => { "127.0.0.1" , "::1", @(var.client_networks) };
trustkeysfrom         => { "127.0.0.1" , "::1", @(var.client_networks) };
skipverify            => { "127.0.0.1" , "::1", @(var.client_networks) };
allowusers            => { "root" };
}

bundle server access_rule()
{
 vars:

 "file_repos" slist => { "stage/inputs", "stage/modules", "repo" };

 "m_master_files_prod"
      string => "/tmp/cfengine/prod";

 "m_master_files_test"
       string => "/tmp/cfengine/test";

 "m_master_files_dev"
       string => "/tmp/cfengine/dev";

 access:
 "$(m_master_files_prod)/$(file_repos)" admit => { @(var.client_networks) };
 "$(m_master_files_test)/$(file_repos)" admit => { @(var.client_networks) };
 "$(m_master_files_dev)/$(file_repos)"  admit => { @(var.client_networks) }; 
}

body copy_from secure_cp(from,server)
{
source      => "$(from)";
servers     => { "$(server)" };
compare     => "digest";
encrypt     => "true";
verify      => "true";
}



r...@ip-172-19-1-2:/tmp# find /tmp/cfengine/ -print
/tmp/cfengine/
/tmp/cfengine/test
/tmp/cfengine/test/stage
/tmp/cfengine/test/stage/modules
/tmp/cfengine/test/stage/modules/test.modules
/tmp/cfengine/dev
/tmp/cfengine/dev/repo
/tmp/cfengine/dev/repo/dev.repo
/tmp/cfengine/prod
/tmp/cfengine/prod/stage
/tmp/cfengine/prod/stage/inputs
/tmp/cfengine/prod/stage/inputs/prod.inputs
r...@ip-172-19-1-2:/tmp# ./cf-agent -f ./test.cf -IK
 -> Copying from 172.19.1.2:/tmp/cfengine/prod/stage/inputs/prod.inputs
 -> Copying from 172.19.1.2:/tmp/cfengine/test/stage/modules/test.modules
 -> Copying from 172.19.1.2:/tmp/cfengine/dev/repo/dev.repo
r...@ip-172-19-1-2:/tmp# find /tmp/result/ -print
/tmp/result/
/tmp/result/test.modules
/tmp/result/prod.inputs
/tmp/result/dev.repo
r...@ip-172-19-1-2:/tmp# ./cf-agent -V
This comprises cf-agent core community version 3.0.5 - Copyright (C) Cfengine 
AS 2008-


Do I miss anything?

_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine