Changeset 1205

Timestamp:

12/13/06 17:47:17 (6 years ago)

Author:

mglb1

Message:

Remove CRCnet specific information from the cfservd template

File:

• ccsd/private/templates/network/cfservd_conf.tmpl (modified) (2 diffs)

ccsd/private/templates/network/cfservd_conf.tmpl

@@ -38 +38 @@
         AllowUsers = ( root cfengine )
 
-        # Only allow connections from within the CRCnet range
-        AllowConnectionsFrom = ( 10.1.0.0/16 )
+        # Allow configuration from any range known to the config system
+        # XXX: May want to tighten this in future
+!for %link_class_id,%link_class in %link_classes.items()        
+        AllowConnectionsFrom = ( %link_class.netblock )
+!end for
 
-        # Trust keys from our install ranges
-        TrustKeysFrom = ( 10.1.18.0/24 )
-        TrustKeysFrom = ( 10.1.23.0/24 )
-        TrustKeysFrom = ( 10.1.224.0/24 )
-        DynamicAddresses = ( 10.1.18.127-253 ) # admin DHCP
-        DynamicAddresses = ( 10.1.23.127-253 ) # admin DHCP
-        DynamicAddresses = ( 10.1.224.1-254 ) # PXE boot range
+        # Trust keys from our PXEboot ranges
+!! This is a hack, look for 'PXE' in the link description
+!for %link_id,%link in %links.items()
+    !if %link["description"].find("PXE") != -1
+        # %link.description
+        TrustKeysFrom = ( %link.network_address )
+        DynamicAddresses = ( %link.network_address )
+    !end if
+!end for
 
 any::
@@ -59 +64 @@
 grant:
 
-        # Grant access to all hosts at crc.net.nz.
+        # Grant access to all hosts that we are allowing connections from
         # Files should be world readable
-
-        /var/lib/cfengine2/inputs    10.1.*
+!for %link_class_id,%link_class in %link_classes.items()
+        /var/lib/cfengine2/inputs    %link_class.netblock
+!end for
 
 ###########