Hello,
I am using cfengine for firewall configurations. I have many servers,
and most have different firewall configurations. I am using classes to
specify the firewall settings. I'm having difficulty when there is only
one server in a class.
For the classes containing lists of servers I define them as follows and
this works:
bundle common g{
classes:
"sdm_hosts" or => { "dmx17_gov", "dmx11_gov",
"ipv4_128_3_30_207", "data1_gov", "data2_gov", "data3_gov", "data4_gov",
"data5__gov","datagridF_gov", "sim_gov", "sdm_gov", "sdmhome_gov",
"sdmis2_gov", "dmsoft_gov", "esg_gov", "srm_gov" },
}
I'm not sure how to define just one. I try to run a section only when
the system is dmg, but it is making the file modifications all the time
regardless of the system name. Neither of the following entries seemed
to work:
"dmg" or => { "dmg_gov" };
"dmg" expression => "dmg_gov";
Here are the entries in more detail:
bundle common g{
classes:
"dmg" expression => "dmg_gov";
}
bundle agent sdm
{
files:
dmg::
"/etc/firestarter/inbound/allow-service"
create => "true",
edit_line => sdmallowservicedmg,
perms => usystem("0440"),
classes => if_repaired("firewall_reconfigured");
processes:
firewall_reconfigured::
"/etc/init.d/firestarter"
restart_class => "restart_firestarter";
commands:
restart_firestarter::
"/etc/init.d/firestarter restart";
}
bundle edit_line sdmallowservicedmg
{
"SSH, 22, everyone,";
}
Thanks for any advice. I can't find how to do this in the reference manual.
Sandra
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
