Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-1127

document cmdb integration



    • Type: Task
    • Status: Done
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.6.0
    • Component/s: Documentation
    • Labels:


      This needs to go into the docs, together with practical examples:

      CMDB integration.

      Bundle server access_rules can now accept new constraints for each
      entry: "admit_ips", "admit_hostnames", "admit_keys". Previous generic
      "admit" constraint is deprecated, and the new ones do not accept generic
      regular expression like it used to be the case.

      The new thing is mostly in admit_keys. We can restrict specific files to
      be accessible to specific hosts, not based on their IP address or
      hostname, but based on their RSA key.

      If the resource_type is "path" (default) then the promiser can now be a
      path containing the special string "$(connection.ip)"
      "$(connection.fqdn)" "$(connection.key)". By writing an access rule like
      that, we can allow host-specific filenames to be accessible only to the
      relevant hosts. Example:

      shortcut => "me.json",
      admit_keys =>

      { "$(connection.key)" }


      Moreover, notice the new "shortcut" constraint. This allows the agent to
      request a file by its shortcut, and expansion is taking place on the
      server according to this constraint in bundle server access_rules. This
      is only for ease of use, a file can always be requested with its
      absolute path.

      The server tries to find an expansion for the first part of every
      non-absolute (a.k.a. relative...) request path. E.g. the source file
      "masterdir/failsafe.cf" will be served by the server, only if you have
      defined an ACL entry with shortcut=>"masterdir".



          Issue Links



              • Assignee:
                jiraadmin Old User (Inactive)
              • Votes:
                0 Vote for this issue
                3 Start watching this issue


                • Created:

                  Summary Panel