Allow more than one vsftpd::site

author Stephen Gran <steve@lobefin.net>

Tue, 24 Apr 2012 20:01:25 +0000 (21:01 +0100)

committer Stephen Gran <steve@lobefin.net>

Tue, 24 Apr 2012 20:01:25 +0000 (21:01 +0100)
author Stephen Gran <steve@lobefin.net>
Tue, 24 Apr 2012 20:01:25 +0000 (21:01 +0100)
committer Stephen Gran <steve@lobefin.net>
Tue, 24 Apr 2012 20:01:25 +0000 (21:01 +0100)
diff --git a/modules/vsftpd/manifests/nolisten.pp b/modules/vsftpd/manifests/nolisten.pp

new file mode 100644 (file)

index 0000000..38e6d8c
--- /dev/null
+++ b/modules/vsftpd/manifests/nolisten.pp
@@ -0,0 +1,11 @@
+class vsftpd::nolisten {
+
+       Service['vsftpd'] {
+               ensure => stopped
+       }
+
+       file { '/etc/vsftpd.conf':
+               content => 'listen=NO'
+               notify  => Service['vsftpd']
+       }
+}
diff --git a/modules/vsftpd/manifests/site.pp b/modules/vsftpd/manifests/site.pp

index 7897c8fc4e2e21657f705beb5aa13476a92384ee..565dcdb249d3950855da350884131191f86095dd 100644 (file)
--- a/modules/vsftpd/manifests/site.pp
+++ b/modules/vsftpd/manifests/site.pp
@@ -1,10 +1,12 @@
  class vsftpd::site (
         $source='',
         $content='',
+       $bind=$::ipaddress,
         $ensure=present
  ){
  
         include vsftpd
+       include vsftpd::nolisten
  
         if ($source and $content) {
                 fail ( "Can't have both source and content for $name" )
@@ -15,20 +17,30 @@ class vsftpd::site (
                 default: { fail ( "Invald ensure `$ensure' for $name" ) }
         }
  
+       $fname = "/etc/vsftpd-${name}.conf"
+
         if $source {
-               file { '/etc/vsftpd.conf':
+               file { $fname:
                         ensure => $ensure,
                         source => $source,
-                       notify => Service['vsftpd']
                 }
         } elsif $content {
-               file { '/etc/vsftpd.conf':
+               file { $fname:
                         ensure  => $ensure,
                         content => $content,
-                       notify  => Service['vsftpd']
                 }
         } else {
                 fail ( "Need one of source or content for $name" )
         }
  
+       # We don't need a firewall rule because it's added in vsftp.pp
+       xinetd::service { "vsftpd-${name}":
+               bind        => $bind,
+               id          => $name,
+               server      => '/usr/sbin/vsftpd',
+               port        => 'ftp',
+               server_args => $fname,
+               ferm        => false,
+       }
+
  }
diff --git a/modules/xinetd/manifests/init.pp b/modules/xinetd/manifests/init.pp

new file mode 100644 (file)

index 0000000..e2178bd
--- /dev/null
+++ b/modules/xinetd/manifests/init.pp
@@ -0,0 +1,9 @@
+class xinetd {
+       package { 'xinetd':
+               ensure => installed
+       }
+
+       service { 'xinetd':
+               ensure => running
+       }
+}
diff --git a/modules/xinetd/manifests/service.pp b/modules/xinetd/manifests/service.pp

new file mode 100644 (file)

index 0000000..2ad6338
--- /dev/null
+++ b/modules/xinetd/manifests/service.pp
@@ -0,0 +1,39 @@
+define xinetd::service (
+       $bind,
+       $id,
+       $server,
+       $port,
+       $socket_type=stream,
+       $protocol=tcp,
+       $flags=IPv6,
+       $wait=no,
+       $user=root,
+       $server_args='',
+       $nice=10,
+       $instances=100,
+       $per_source=3,
+       $cps='0 0',
+       $ensure=present,
+       $ferm=true
+) {
+       include xinetd
+
+       case $ensure {
+               present,absent,file: {}
+               default: { fail("Invalid ensure for '$name'") }
+       }
+
+       if $ferm {
+               @ferm::rule { "dsa-xinetd-${name}":
+                       description => "Allow traffic to ${port}",
+                       rule        => "&SERVICE(${protocol}, ${port})"
+               }
+       }
+
+       file { "/etc/xinetd.d/${name}.conf":
+               ensure  => $ensure,
+               content => template('xinetd/service.erb'),
+               notify  => Service['xinetd'],
+               require => Package['xinetd'],
+       }
+}
diff --git a/modules/xinetd/templates/service.erb b/modules/xinetd/templates/service.erb

new file mode 100644 (file)

index 0000000..bb71850
--- /dev/null
+++ b/modules/xinetd/templates/service.erb
@@ -0,0 +1,17 @@
+service <%= scope.lookupvar('port') %>
+{
+       bind            = <%= scope.lookupvar('bind') %>
+       id              = <%= scope.lookupvar('id') %>
+
+       socket_type     = <%= scope.lookupvar('stream') %>
+       protocol        = <%= scope.lookupvar('protocol') %>
+       flags           = <%= scope.lookupvar('flags') %>
+       wait            = <%= scope.lookupvar('wait') %>
+       user            = <%= scope.lookupvar('user') %>
+       server          = <%= scope.lookupvar('server') %>
+       server_args     = <%= scope.lookupvar('server_args') %>
+       nice            = <%= scope.lookupvar('nice') %>
+       instances       = <%= scope.lookupvar('instances') %>
+       per_source      = <%= scope.lookupvar('per_source') %>
+       cps             = <%= scope.lookupvar('cps') %>
+}
author	Stephen Gran <steve@lobefin.net>
	Tue, 24 Apr 2012 20:01:25 +0000 (21:01 +0100)
committer	Stephen Gran <steve@lobefin.net>
	Tue, 24 Apr 2012 20:01:25 +0000 (21:01 +0100)
modules/vsftpd/manifests/nolisten.pp	[new file with mode: 0644]	patch \| blob
modules/vsftpd/manifests/site.pp		patch \| blob \| history
modules/xinetd/manifests/init.pp	[new file with mode: 0644]	patch \| blob
modules/xinetd/manifests/service.pp	[new file with mode: 0644]	patch \| blob
modules/xinetd/templates/service.erb	[new file with mode: 0644]	patch \| blob