Hi all,
In the reference manual, it is clearly stated that allowconnects and
trustkeysfrom, like allowallconnects takes regexps ("See also the
warning about regular expressions in allowallconnects.").
> http://www.cfengine.org/manuals/cf3-reference.html#allowconnects-in-server
So, I've configured my server as follows:
body server control {
trustkeysfrom => { "127\.0\.0\.0/8",
escape(host2ip("ip-10-227-123-176.eu-west-1.compute.internal")) };
allowconnects => { "127\.0\.0\.0/8",
escape(host2ip("ip-10-227-123-176.eu-west-1.compute.internal")) };
}
The IP address of ip-10-227-123-176.eu-west-1.compute.internal is
10.227.123.176.
So, running cf-serverd in verbose mode, it informs me that:
-> Host IPs allowed connection access :
.... IP: 10\.0\.0\.0/8
.... IP: 10\.227\.123\.176
Then, when said client tries to connect, I get:
-> Accepting a connection
Not allowing connection from non-authorized IP 10.229.123.176
-> Accepting a connection
Not allowing connection from non-authorized IP 10.229.123.176
However, if I change my server configuration to this:
body server control {
trustkeysfrom => { "127.0.0.0/8",
host2ip("ip-10-227-123-176.eu-west-1.compute.internal") };
allowconnects => { "127.0.0.0/8",
host2ip("ip-10-227-123-176.eu-west-1.compute.internal") };
}
Then everything works fine.
This has got me quite confused, so I hope this message is clear... My
question is whether this is expected behaviour, and thus an error in the
reference manual, or a bug in 3.1.4 ?
Thanks,
Jonathan
--
==========================================
Jonathan CLARKE
------------------------------------------
Normation
44 rue Cauchy, 94110 Arcueil, France
------------------------------------------
Telephone: +33 (0)1 83 62 41 24
------------------------------------------
Web: http://www.normation.com/
==========================================
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
