Forum: CFEngine Help
Subject: Domain name issues.
Author: sreejithpoothu
Link to topic: https://cfengine.com/forum/read.php?3,25195,25195#msg-25195
Hi,
We want to allow all hosts under a particular domain.For eg, we want to allow
all hosts coming under .example.com using their domain names.We are using
static ips.So we cannot give ips.But when we are giving domain names its not
connecting.Here is the body server control
body server control
{
denybadclocks => "false";
allowconnects => { ".*$(def.domain)" , "127.0.0.1" , "::1",
@(def.acl) };
allowallconnects => { ".*$(def.domain)" , "127.0.0.1" , "::1", @(def.acl)
};
trustkeysfrom => { ".*$(def.domain)" , "127.0.0.1" , "::1", @(def.acl)
};
skipverify => { ".*$(def.domain)" , "127.0.0.1" , "::1", @(def.acl)
};
In bundle common def ,If we are giving this "*.*.*.*/*" to allow from any
hosts,it is working.But when we specify a particular domain its not working.
bundle common def
{
vars:
# Begin change # Your domain name, for use in access control
"domain" string => ".example.com",
comment => "Define a global domain for all hosts",
handle => "common_def_vars_domain";
# List here the IP masks that we grant access to on the server
"acl" slist => {
# "$(sys.policy_hub)/16" # Assume /16 LAN clients to start
with
"$(sys.policy_hub)/16", # Assume /16 LAN clients to start
with
"*.*.*.*/*"
# "2001:700:700:3.*",
# "217.77.34.18",
# "217.77.34.19",
},
comment => "Define an acl for the machines to be granted accesses",
handle => "common_def_vars_acl";
# End change #
"dir_masterfiles" string => translatepath("$(sys.workdir)/masterfiles"),
comment => "Define masterfiles path",
handle => "common_def_vars_dir_masterfiles";
}
Is there anything wrong with these rules or syntaxes. Please help.
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
