| 1 | #*doc-module: |
|---|
| 2 | crcnetd - CRCnet Configuration System Daemon Template |
|---|
| 3 | |
|---|
| 4 | This template controls the operation of the CFengine server |
|---|
| 5 | *# |
|---|
| 6 | #attr $author = "Matt Brown <matt@crc.net.nz>" |
|---|
| 7 | #attr $version = "$Id$" |
|---|
| 8 | #attr $copyright = "Copyright (C) 2006 The University of Waikato" |
|---|
| 9 | #attr $license = "No usage or redistribution rights are granted. See LICENSE for details." |
|---|
| 10 | #attr $eventList = [] |
|---|
| 11 | #attr $fileName = "cfservd.conf" |
|---|
| 12 | #from crcnetd._utils.ccsd_cfengine import ccs_template |
|---|
| 13 | #extends ccs_template |
|---|
| 14 | #compiler-settings |
|---|
| 15 | ## Change the Cheetah start tokens so that we don't conflict with CFengine |
|---|
| 16 | cheetahVarStartToken = % |
|---|
| 17 | directiveStartToken = ! |
|---|
| 18 | commentStartToken = !! |
|---|
| 19 | #end compiler-settings |
|---|
| 20 | ############################################################# |
|---|
| 21 | # |
|---|
| 22 | # cfservd.conf -- for %domain |
|---|
| 23 | # $Date$ |
|---|
| 24 | # |
|---|
| 25 | # This file contains configuration for the CFengine server |
|---|
| 26 | # on the central node. |
|---|
| 27 | # |
|---|
| 28 | # WARNING: Do not modify this file since it is automatically |
|---|
| 29 | # generated |
|---|
| 30 | # |
|---|
| 31 | ############################################################# |
|---|
| 32 | control: |
|---|
| 33 | domain = ( %domain ) |
|---|
| 34 | |
|---|
| 35 | cfrunCommand = ( "/usr/sbin/cfagent" ) |
|---|
| 36 | |
|---|
| 37 | # Connecting user must be root or cfengine |
|---|
| 38 | AllowUsers = ( root cfengine ) |
|---|
| 39 | |
|---|
| 40 | # Allow configuration from any range known to the config system |
|---|
| 41 | # XXX: May want to tighten this in future |
|---|
| 42 | !for %link_class_id,%link_class in %link_classes.items() |
|---|
| 43 | AllowConnectionsFrom = ( %link_class.netblock ) |
|---|
| 44 | !end for |
|---|
| 45 | # Allow multiple connections from ourself |
|---|
| 46 | AllowMultipleConnectionsFrom = ( %policy_ip ) |
|---|
| 47 | |
|---|
| 48 | # Trust keys from our PXEboot ranges |
|---|
| 49 | !! This is a hack, look for 'PXE' in the link description |
|---|
| 50 | !for %link_id,%link in %links.items() |
|---|
| 51 | !if %link["description"].find("PXE") != -1 |
|---|
| 52 | # %link.description |
|---|
| 53 | TrustKeysFrom = ( %link.network_address ) |
|---|
| 54 | DynamicAddresses = ( %link.network_address ) |
|---|
| 55 | !end if |
|---|
| 56 | !end for |
|---|
| 57 | |
|---|
| 58 | any:: |
|---|
| 59 | |
|---|
| 60 | IfElapsed = ( 0 ) |
|---|
| 61 | ExpireAfter = ( 15 ) |
|---|
| 62 | MaxConnections = ( 40 ) |
|---|
| 63 | MultipleConnections = ( true ) |
|---|
| 64 | LogAllConnections = ( true ) |
|---|
| 65 | |
|---|
| 66 | grant: |
|---|
| 67 | |
|---|
| 68 | # Grant access to all hosts that we are allowing connections from |
|---|
| 69 | # Files should be world readable |
|---|
| 70 | !for %link_class_id,%link_class in %link_classes.items() |
|---|
| 71 | /var/lib/cfengine2/inputs %link_class.netblock |
|---|
| 72 | !end for |
|---|
| 73 | |
|---|
| 74 | ########### |
|---|
| 75 | # |
|---|
| 76 | # END cfservd.conf |
|---|
| 77 | # |
|---|
| 78 | ########### |
|---|
