On Wed, 13 Jul 2011 09:21:17 -0500, Jason Kincl <jkincl1@xxxxxxx> wrote:
>
> On Jul 13, 2011, at 9:13 AM, Tim Bielawa wrote:
>
> > On Tue, 12 Jul 2011 16:27:51 -0500, Jason Kincl <jkincl1@xxxxxxx> wrote:
> >> Okay, I hope this is not as obvious as the last:
> >>
> >> The CentOS6 box is showing a different sub_hash than the CentOS5 boxes I have. What could that mean?
> >>
> >> --------------------
> >> Jason Kincl
> >>
> >
> > Between RHEL5 and RHEL6 the shipped OpenSSL version went from 0.9
> > something to 1.0. The OpenSSL people changed how hashes are generated in
> > 1.0.
> >
> > There's no real good work around for this. In my job we use puppet and
> > generate our minion ACLs that way. We just check the OS release version
> > and include the correct hash based on that.
> >
> > :-\
> >
> > --
> > Tim Bielawa
>
>
> Hah well I do the same and can include a second acl for 'new' hash.
>
> Thanks!
>
> --------------------
> Jason Kincl
The actual (modified) snippet, for those interested, looks like this:
> class func_stuff {
> $func_m2m_rhel_hash = $operatingsystemrelease ? {
> '6' => "rhel-6-hash-here",
> default => "rhel-5-hash-here",
> }
>
> $func_m2m_hash = $func_m2m_hash ? {
> '' => "myminion.domain.tld-$func_m2m_rhel_hash",
> default => $func_m2m_hash,
> }
> }
Seth also suggested once that if you're not too concerned about the
actual hash value (trusted network and all) you can use globbing in the
ACL lines. So your ACL really would only have to be (for everything):
> myminion.domain.tld-* = *
--
Tim Bielawa
Attachment:
pgpsA04VRlC1W.pgp
Description: PGP signature
_______________________________________________ Func-list mailing list Func-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/func-list
