Project

General

Profile

« Previous | Next » 

Revision 8f19d772

Added by Alexis Mousset over 7 years ago

Fixes #9990: Broken remote run in 4.1

View differences:

techniques/system/common/1.0/cf-served.st
# Allow server to remotely run the agent
# Using ${sys.cf_agent} fails, as cf-serverd cannot canonize its path
linux::
"${sys.workdir}/bin/cf-agent"
admit => { host2ip("${server_info.cfserved}"), string_downcase(escape("${server_info.cfserved}")) };
windows::
"${sys.workdir}\bin\cf-agent.exe"
admit => { host2ip("${server_info.cfserved}"), string_downcase(escape("${server_info.cfserved}")) };
!windows::
"${def.cf_runagent_shell}"
admit => { host2ip("${server_info.cfserved}"), string_downcase(escape("${server_info.cfserved}")) };
roles:
# Allow user root to set any class
".*" authorize => { "root" };
......
"rudder"),
comment => "IP address or hostname to locate your policy host.";
!windows::
"cf_runagent_shell"
string => "/bin/sh",
comment => "Define path to shell used by cf-runagent";
any::
"dir_masterfiles" string => translatepath("${sys.workdir}/masterfiles");
......
maxconnections => "1000";
logallconnections => "true";
cfruncommand => "${sys.workdir}/bin/cf-agent -f failsafe.cf \&\& ${sys.workdir}/bin/cf-agent";
windows::
cfruncommand => "${sys.cf_agent} -I -D cfruncommand -f \"failsafe.cf\" &
${sys.cf_agent} -I -D cfruncommand";
!windows::
# last single quote in cfruncommand is left open, so that
# arguments (like -K and --remote-bundles) are properly appended.
cfruncommand => "${def.cf_runagent_shell} -c \'
${sys.cf_agent} -I -D cfruncommand -f failsafe.cf \&\&
${sys.cf_agent} -I -D cfruncommand";
allowusers => {
"&POLICYSERVER_ADMIN&",
&MANAGED_NODES_ADMIN : {admin | "&admin&" };separator=", "&

Also available in: Unified diff