Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-2495

hostname and hostname/16 entries in cf-serverd ACLs

    XMLWordPrintable

    Details

    • Type: Story
    • Status: To Do
    • Priority: Lowest
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: cf-serverd
    • Labels:
      None

      Description

      Background: The functionality of bootstrap-to-hostname was recently merged, which changed the policy_server.dat to contain a hostname, possibly.

      ACLs like allowconects don't currently support hostnames. If using the default policy, with sys.policy_hub in ACLs, the IP of the hostname will be resolved once and stay that way until the cf-serverd policy is re-evaluated. The practical implication of this is that users have to make sure their ACLs contain correct IPs/subnets if they have hostnames with moving IPs. (The ACL will not, by default, automagically follow the hostname). 

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                olehermanse Ole Herman Schumacher Elgesem
                Reporter:
                a10038 jimis (Dimitrios Apostolou)
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Summary Panel