/ - Diff - Rudder - Issue Tracker

« Previous | Next »

Revision 43340778

Added by Benoît PECCATTE over 6 years ago

ID 43340778a4ce303bf6a3ff8167598498394998ea
Parent d949e2d9
Child 511d5e58

Fixes #11226: Allowed network 0.0.0.0/0 is not currently supported by Apache

           "policy_server_ip" string => host2ip("${def.policy_server}");
           "policy_server_acl" slist => { "127.0.0.0/8", "::1",  "${policy_server_ip}" };
           "nodes_generate_22"  string => join("${const.n}Allow from ","def.acl");
           "nodes_generate_24"  string => join("${const.n}Require ip ","def.acl");
           "policy_server_generate_22"  string => join("${const.n}Allow from ","policy_server_acl");
           "defacl" slist => filter("0.0.0.0/0", "def.acl", "false", "true", "99999");
           "nodes_acl_22" slist => maplist("Allow from ${this}", "defacl");
           "nodes_acl_24" slist => maplist("Require ip ${this}", "defacl");
           "policy_server_acl_22" slist => maplist("Allow from ${this}", "policy_server_acl");
           "nodes_generate_22"  string => join("${const.n}","nodes_acl_22");
           "nodes_generate_24"  string => join("${const.n}","nodes_acl_24");
           "policy_server_generate_22"  string => join("${const.n}","policy_server_acl_22");
           "network_file[nodes_22]" string => "${g.rudder_base}/etc/rudder-networks.conf";
           "network_acl[nodes_22]"  string => "Allow from ${nodes_generate_22}";
           "network_file[nodes_24]" string => "${g.rudder_base}/etc/rudder-networks-24.conf";
           "network_acl[nodes_24]"  string => "Require ip ${nodes_generate_24}";
           "network_file[policy_server_22]" string => "${g.rudder_base}/etc/rudder-networks-policy-server.conf";
           "network_acl[policy_server_22]"  string => "Allow from ${policy_server_generate_22}";
-...
           "index"             slist => getindices("network_file");
         has_all_granted::
           "network_acl[nodes_22]"  string => "Allow from all";
           "network_acl[nodes_24]"  string => "Require all granted";
         !has_all_granted::
           "network_acl[nodes_22]"  string => "${nodes_generate_22}";
           "network_acl[nodes_24]"  string => "${nodes_generate_24}";
         redhat::
           "apache_service" string => "httpd";
-...
           "pass2" expression => "pass1";
           "pass1" expression => "any";
           "has_all_granted" expression => some("0.0.0.0/0", "def.acl");
       files:
           "${network_file[${index}]}"

Also available in: Unified diff

Project

General

Profile

Rudder

Revision 43340778

Added by Benoît PECCATTE over 6 years ago

Project

General

Profile

Rudder

Revision 43340778

Added by Benoît PECCATTE over 6 years ago

Related issues