After thinking about it some more. It is probably a good idea to use IPs for the server. I did manage to hack up the server code a little to be able to use hostnames, but IPs would be better, no dns, no spoofing, etc....
On Thu, Jun 11, 2009 at 12:55 PM, Matt Richards<[email protected]> wrote: > I am trying to have the server control body use hostnames instead of > IPs. It appears that only IP are valid. Running cf-serverd (assume > host.domain.com is 10.10.10.10): > > cf3 Initiate variable convergence... > cf3 Initiate control variable convergence... > cf3 SET Allowing connections from ... > cf3 SET Allowing multiple connections from ... > cf3 SET Trust keys from ... > cf3 SET Allowing users ... > cf3 Listening for connections ... > cf3 Not allowing connection from non-authorized IP 10.10.10.10. > > > The following promises.cf that was used for the test: > > ############################################ > > body common control { > > bundlesequence => { "server_test" }; > } > > ############################################ > > bundle agent server_test { > > files: > "/tmp/testA" > copy_from => server_copy("/tmp/test"); > } > > ############################################ > body copy_from server_copy(from) { > > servers => { "host.domain.com" }; > source => "$(from)"; > portnumber => "5308"; > copy_backup => "false"; > trustkey => "true"; > > } > > ############################################ > > body server control { > > hostnamekeys => "true"; > allowconnects => { "host.domain.com" }; > allowallconnects => { "host.domain.com" }; > trustkeysfrom => { "host.domain.com" }; > allowusers => { "root" }; > > } > > ############################################ > > bundle server access_rules() { > > access: > "/" > admit => { "host.domain.com" }; > > roles: > ".*" > authorize => { "root" }; > } > > ############################################ > _______________________________________________ Bug-cfengine mailing list [email protected] https://cfengine.org/mailman/listinfo/bug-cfengine
