Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-2495

hostname and hostname/16 entries in cf-serverd ACLs

    XMLWordPrintable

    Details

    • Type: Story
    • Status: To Do
    • Priority: Lowest
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: cf-serverd
    • Labels:
      None

      Description

      Background: The functionality of bootstrap-to-hostname was recently merged, which changed the policy_server.dat to contain a hostname, possibly.

      ACLs like allowconects don't currently support hostnames. If using the default policy, with sys.policy_hub in ACLs, the IP of the hostname will be resolved once and stay that way until the cf-serverd policy is re-evaluated. The practical implication of this is that users have to make sure their ACLs contain correct IPs/subnets if they have hostnames with moving IPs. (The ACL will not, by default, automagically follow the hostname). 

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              olehermanse Ole Herman Schumacher Elgesem
              Reporter:
              a10038 jimis (Dimitrios Apostolou)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated: