On 03/22/2016 08:50 AM, Enrico Scholz wrote:
> How are $(connection.XXXX) like variables to be used?
Hi Enrico,
The connection variables are expanded by cf-serverd when clients
connect. In the
case of connection.hostname, the variable expands to the hostname of the
connecting agent as determined by a *reverse DNS lookup* from
cf-serverd. So you
need to make sure that you have proper reverse dns resolution in order
to use
that. If instead of organizing the files by hostname, you organized them
by key
sha you should be able to allow each host access to its own directory using
something like the following:
#+begin_src cfengine3
bundle server my_special_access_rules
{
access:
# /srv/cfengine3/MD5=0a9082478b1a1466f6e56fd5e48db8c4/<stuff>
"/srv/cfengine3/$(connnection.key)"
shortcut => "host_cfinput",
admit_keys => { $(connetion.key) };
}
#+end_src
And then in an agent bundle you can do this:
#+begin_src cfengine3
bundle agent have_a_copy_of_my_files
{
files:
# Using the shortcut
"/tmp/myfiles/."
copy_from => remote_dcp("host_cfinput", $(sys.policy_hub)),
depth_search => recurse(inf);
# Without using the shortcut
"/tmp/another_myfiles/."
copy_from => remote_dcp("/srv/cfengine3/$(sys.key_digest)/.",
$(sys.policy_hub)),
depth_search => recurse(inf);
}
#+end_src
Now you can have a directory for each host in /srv/cfengine3/ named for the
public key sha of the host. Each host is only allowed to access its own
directory since you have mapped the directory to the admit_keys in a 1:1
relationship.
For reference, here is what my srv directory looks like:
[root@hub masterfiles]# find /srv/cfengine3/
/srv/cfengine3/
/srv/cfengine3/SHA=008647e169b06b93c52f4d0f0517ecd4eec893ee150d8f6ab842e2040160a7bb
/srv/cfengine3/SHA=008647e169b06b93c52f4d0f0517ecd4eec893ee150d8f6ab842e2040160a7bb/hostname.txt
/srv/cfengine3/SHA=ee29780b3c86d486699f97e30c5924431475b1b06e02c2724dd925c1524afef6
/srv/cfengine3/SHA=ee29780b3c86d486699f97e30c5924431475b1b06e02c2724dd925c1524afef6/hostname.txt
/SHA=ee29780b3c86d486699f97e30c5924431475b1b06e02c2724dd925c1524afef6/another_file.txt
And the directories that it copied down:
[root@hub masterfiles]# find /tmp/myfiles/
/tmp/myfiles/
/tmp/myfiles/another_file.txt
/tmp/myfiles/hostname.txt
You have new mail in /var/spool/mail/root
[root@hub masterfiles]# find /tmp/another_myfiles
/tmp/another_myfiles
/tmp/another_myfiles/another_file.txt
/tmp/another_myfiles/hostname.txt
I hope this helps.