Re: allowconnects matching clarification needed

Sun, 19 Feb 2012 00:12:25 -0800 

I can remember from the past that CIDR notation produced a lot of errors. Is 
this solved in newer versions of cfengine?
{{{

Protocol transaction broken off (1)
  !!! System reports error for recv: "Connection reset by peer"
I: Made in version '1.3.0' of '/var/lib/cfengine3/inputs/bundles/ssh.cf'
near line 79
I: Comment: Copy ssh file that does not require a restart
  !! Authentication dialogue with 192.168.144.204 failed

==============

Challenge response from server 192.168.144.204/192.168.144.204 was incorrect!
I: Made in version '1.3.0' of
'/var/lib/cfengine3/inputs/bundles/system_access.cf' near line 120
I: Comment: Root certifcate of the LDAP cluster hosts
  !! Authentication dialogue with 192.168.144.204 failed

==============

  !! Transmission refused or failed statting /data/cfengine3/config/modules
Got:

}}}

see:
 * https://cfengine.org/pipermail/help-cfengine/2011-March/012596.html  (mail 
thread)



On 19 feb. 2012, at 06:35, Diego Zamboni wrote:

Hi Abid,

The allowconnects, allowallconnects, admit, trustkeysfrom, and skipverify 
attributes all accept both CIDR notation and regular expressions, and will do 
the correct thing.

--Diego


On Feb 17, 2012, at 6:32 AM, Abid Khwaja wrote:

Today I begin the conversion of our CF2 environment to CF3.

Some basic questions I would like clarification on please.  In the below:

allowconnects => { "127.0.0.1" , "::1", @(def.acl) };

Each of the 3 items within brackets are regex’s.  But, at an examples CF3 code 
site, I see this:

allowconnects       => { "10.1.16.0/20" };


If I understand this correctly, the above statement will not work as intended 
because the regex will only match the string “10.1.16.0/20”.  Is this correct?

Also, where are the values for @(def.acl) coming from?
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org<mailto:Help-cfengine@cfengine.org>
https://cfengine.org/mailman/listinfo/help-cfengine

_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org<mailto:Help-cfengine@cfengine.org>
https://cfengine.org/mailman/listinfo/help-cfengine

--
Bas van der Vlies
b...@sara.nl<mailto:b...@sara.nl>



_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine

Reply via email to