From: Stephen Gran Date: Sun, 29 Apr 2012 09:19:39 +0000 (+0100) Subject: reorganize vsftp::site X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=commitdiff_plain;h=6a02cbaab2c9399fb86b883037fad6e894b2d790 reorganize vsftp::site Signed-off-by: Stephen Gran --- diff --git a/modules/roles/manifests/backports_master.pp b/modules/roles/manifests/backports_master.pp index f9443b0e..44c5d449 100644 --- a/modules/roles/manifests/backports_master.pp +++ b/modules/roles/manifests/backports_master.pp @@ -2,28 +2,11 @@ class roles::backports_master { include roles::backports_mirror - $bind = $::hostname ? { - default => '', - } - - $bind6 = $::hostname ? { - default => '', - } - - $logfile = '/var/log/ftp/vsftpd-backports-master.debian.org.log' - vsftpd::site { 'backports': - content => template('roles/backports_master/vsftpd.conf.erb'), - logfile => $logfile, - bind => $bind, - } - - if $bind6 { - vsftpd::site { 'backports-v6': - content => template('roles/backports_mirror/vsftpd.conf.erb'), - logfile => $logfile, - bind => $bind6, - } + banner => 'backports-master.debian.org FTP server', + logfile => '/var/log/ftp/vsftpd-backports-master.debian.org.log', + writable => true, + chown_user => dak, + root => '/srv/backports-upload', } - } diff --git a/modules/roles/manifests/ftp.pp b/modules/roles/manifests/ftp.pp index febecf6e..0ae4254e 100644 --- a/modules/roles/manifests/ftp.pp +++ b/modules/roles/manifests/ftp.pp @@ -12,19 +12,21 @@ class roles::ftp { default => '', } - $logfile = '/var/log/ftp/vsftpd-ftp.debian.org.log' - vsftpd::site { 'ftp': - content => template('roles/ftp/vsftpd.conf.erb'), - logfile => $logfile, - bind => $bind, + banner => 'ftp.debian.org FTP server', + logfile => '/var/log/ftp/vsftpd-ftp.debian.org.log', + bind => $bind, + max_clients => 200, + root => '/srv/ftp.debian.org/ftp.root', } if $bind6 { vsftpd::site { 'ftp-v6': - content => template('roles/ftp/vsftpd.conf.erb'), - logfile => $logfile, - bind => $bind6, + banner => 'ftp.debian.org FTP server', + logfile => '/var/log/ftp/vsftpd-ftp.debian.org.log', + bind => $bind6, + max_clients => 200, + root => '/srv/ftp.debian.org/ftp.root', } } } diff --git a/modules/roles/manifests/ftp_upload.pp b/modules/roles/manifests/ftp_upload.pp index 5846d149..682d314c 100644 --- a/modules/roles/manifests/ftp_upload.pp +++ b/modules/roles/manifests/ftp_upload.pp @@ -10,19 +10,23 @@ class roles::ftp_upload { default => '', } - $logfile = '/var/log/ftp/vsftpd-ftp.upload.debian.org.log' - vsftpd::site { 'ftp-upload': - content => template('roles/ftp_upload/vsftpd.conf.erb'), - logfile => $logfile, - bind => $bind, + banner => 'ftp.upload.debian.org FTP server', + logfile => '/var/log/ftp/vsftpd-ftp.upload.debian.org.log', + writable => true, + chown_user => dak, + bind => $bind, + root => '/srv/upload.debian.org/ftp', } if $bind6 { vsftpd::site { 'ftp-upload-v6': - content => template('roles/ftp_upload/vsftpd.conf.erb'), - logfile => $logfile, - bind => $bind6, + banner => 'ftp.upload.debian.org FTP server', + logfile => '/var/log/ftp/vsftpd-ftp.upload.debian.org.log', + writable => true, + chown_user => dak, + bind => $bind6, + root => '/srv/upload.debian.org/ftp', } } } diff --git a/modules/roles/manifests/security_master.pp b/modules/roles/manifests/security_master.pp index 6992537d..3f1b70ce 100644 --- a/modules/roles/manifests/security_master.pp +++ b/modules/roles/manifests/security_master.pp @@ -1,26 +1,10 @@ class roles::security_master { - $bind = $::hostname ? { - default => '', - } - - $bind6 = $::hostname ? { - default => '', - } - - $logfile = '/var/log/ftp/vsftpd-security-master.debian.org.log' - vsftpd::site { 'security': - content => template('roles/security_master/vsftpd.conf.erb'), - logfile => $logfile, - bind => $bind, - } - - if $bind6 { - vsftpd::site { 'security-v6': - content => template('roles/security_master/vsftpd.conf.erb'), - logfile => $logfile, - bind => $bind6, - } + banner => 'security-master.debian.org FTP server (vsftpd)', + logfile => '/var/log/ftp/vsftpd-security-master.debian.org.log', + writable => true, + chown_user => dak, + root => '/srv/ftp.root/', } } diff --git a/modules/roles/manifests/security_mirror.pp b/modules/roles/manifests/security_mirror.pp index fc19e41a..9ed98409 100644 --- a/modules/roles/manifests/security_mirror.pp +++ b/modules/roles/manifests/security_mirror.pp @@ -5,28 +5,10 @@ class roles::security_mirror { config => 'puppet:///modules/roles/security_mirror/security.debian.org' } - $bind = $::hostname ? { - default => '', - } - - $bind6 = $::hostname ? { - default => '', - } - - $logfile = '/var/log/ftp/vsftpd-security.debian.org.log' - vsftpd::site { 'security': - content => template('roles/security_mirror/vsftpd.conf.erb'), - logfile => $logfile, - bind => $bind, - } - - if $bind6 { - vsftpd::site { 'security-v6': - content => template('roles/security_mirror/vsftpd.conf.erb'), - logfile => $logfile, - bind => $bind6, - } + banner => 'security.debian.org FTP server (vsftpd)', + logfile => '/var/log/ftp/vsftpd-security.debian.org.log', + max_clients => 200, + root => '/srv/ftp.root/', } - } diff --git a/modules/roles/templates/backports_master/vsftpd.conf.erb b/modules/roles/templates/backports_master/vsftpd.conf.erb deleted file mode 100644 index 02979ed9..00000000 --- a/modules/roles/templates/backports_master/vsftpd.conf.erb +++ /dev/null @@ -1,19 +0,0 @@ -anonymous_enable=YES -write_enable=YES -anon_root=/srv/backports-upload -anon_umask=027 -anon_upload_enable=YES -chown_uploads=YES -chown_username=dak - -xferlog_enable=YES -xferlog_file=<%= scope.lookupvar('logfile') %> - -ftpd_banner=backports-master.debian.org FTP server -secure_chroot_dir=/var/run/vsftpd -pam_service_name=vsftpd -setproctitle_enable=YES -dirmessage_enable=YES -ls_recurse_enable=NO -connect_from_port_20=NO -max_clients=100 diff --git a/modules/roles/templates/ftp/vsftpd.conf.erb b/modules/roles/templates/ftp/vsftpd.conf.erb deleted file mode 100644 index 60ac366a..00000000 --- a/modules/roles/templates/ftp/vsftpd.conf.erb +++ /dev/null @@ -1,15 +0,0 @@ -ftpd_banner=ftp.debian.org FTP server - -anonymous_enable=YES -dirmessage_enable=YES -connect_from_port_20=NO -setproctitle_enable=YES -ls_recurse_enable=NO -xferlog_enable=YES -xferlog_file=<%= scope.lookupvar('logfile') %> - -secure_chroot_dir=/var/run/vsftpd -pam_service_name=vsftpd - -anon_root=/srv/ftp.debian.org/ftp.root - diff --git a/modules/roles/templates/ftp_upload/vsftpd.conf.erb b/modules/roles/templates/ftp_upload/vsftpd.conf.erb deleted file mode 100644 index 30612b09..00000000 --- a/modules/roles/templates/ftp_upload/vsftpd.conf.erb +++ /dev/null @@ -1,22 +0,0 @@ -ftpd_banner=ftp.upload.debian.org FTP server - -max_clients=100 - -anonymous_enable=YES -dirmessage_enable=YES -connect_from_port_20=NO -setproctitle_enable=YES -ls_recurse_enable=NO -xferlog_enable=YES - -secure_chroot_dir=/var/run/vsftpd -xferlog_file=<%= scope.lookupvar('logfile') %> -pam_service_name=vsftpd - -anon_root=/srv/upload.debian.org/ftp -write_enable=YES -anon_umask=027 -anon_upload_enable=YES -chown_uploads=YES -chown_username=dak - diff --git a/modules/roles/templates/security_master/vsftpd.conf.erb b/modules/roles/templates/security_master/vsftpd.conf.erb deleted file mode 100644 index 7f382fa8..00000000 --- a/modules/roles/templates/security_master/vsftpd.conf.erb +++ /dev/null @@ -1,24 +0,0 @@ -max_clients=100 - -# from default package config -secure_chroot_dir=/var/run/vsftpd -pam_service_name=vsftpd - -anonymous_enable=YES -one_process_model=YES -setproctitle_enable=YES -dirmessage_enable=NO -xferlog_enable=YES -connect_from_port_20=NO -xferlog_file=<%= scope.lookupvar('logfile') %> -ls_recurse_enable=NO -ftpd_banner=security-master.debian.org FTP server (vsftpd) - -# -# Queue daemon needs anon uploads -# -write_enable=YES -anon_umask=027 -anon_upload_enable=YES -chown_uploads=YES -chown_username=dak diff --git a/modules/roles/templates/security_mirror/vsftpd.conf.erb b/modules/roles/templates/security_mirror/vsftpd.conf.erb deleted file mode 100644 index f75a9660..00000000 --- a/modules/roles/templates/security_mirror/vsftpd.conf.erb +++ /dev/null @@ -1,13 +0,0 @@ -anonymous_enable=YES -xferlog_enable=YES -secure_chroot_dir=/var/run/vsftpd -pam_service_name=vsftpd -rsa_cert_file=/etc/ssl/certs/vsftpd.pem - -setproctitle_enable=YES -dirmessage_enable=NO -connect_from_port_20=NO -xferlog_file=/var/log/ftp/vsftpd-security.debian.org.log -xferlog_file=<%= scope.lookupvar('logfile') %> -ls_recurse_enable=YES -ftpd_banner=security.debian.org FTP server (vsftpd) diff --git a/modules/vsftpd/manifests/site.pp b/modules/vsftpd/manifests/site.pp index d0129e1d..f6538758 100644 --- a/modules/vsftpd/manifests/site.pp +++ b/modules/vsftpd/manifests/site.pp @@ -1,17 +1,16 @@ define vsftpd::site ( - $source='', - $content='', + $root, $bind='', + $chown_user='', + $writable=false, + $banner="${name} FTP Server", + $max_clients=100, $logfile="/var/log/ftp/vsftpd-${name}.debian.org.log", $ensure=present ){ include vsftpd::nolisten - if ($source and $content) { - fail ( "Can't have both source and content for $name" ) - } - case $ensure { present,absent: {} default: { fail ( "Invald ensure `$ensure' for $name" ) } @@ -19,18 +18,10 @@ define vsftpd::site ( $fname = "/etc/vsftpd-${name}.conf" - if $source { - file { $fname: - ensure => $ensure, - source => $source, - } - } elsif $content { - file { $fname: - ensure => $ensure, - content => $content, - } - } else { - fail ( "Need one of source or content for $name" ) + file { $fname: + ensure => $ensure, + noop => true, + content => template('vsftpd/vsftpd.conf.erb') } file { "/etc/logrotate.d/vsftpd-${name}": @@ -46,7 +37,7 @@ define vsftpd::site ( port => 'ftp', server_args => $fname, ferm => false, - instances => 200, + instances => $max_clients, require => File[$fname] } diff --git a/modules/vsftpd/templates/vsftpd.conf.erb b/modules/vsftpd/templates/vsftpd.conf.erb new file mode 100644 index 00000000..5d7081b6 --- /dev/null +++ b/modules/vsftpd/templates/vsftpd.conf.erb @@ -0,0 +1,22 @@ +anonymous_enable=YES +anon_root=<%= scope.lookupvar('root') %> +<%- if scope.lookupvar('writable') -%> +anon_umask=027 +write_enable=YES +anon_upload_enable=YES +chown_uploads=YES +chown_username=scope.lookupvar('chown_user') +<%- end -%> + +xferlog_enable=YES +xferlog_file=<%= scope.lookupvar('logfile') %> + +ftpd_banner=<%= scope.lookupvar('banner') %> +secure_chroot_dir=/var/run/vsftpd +pam_service_name=vsftpd +setproctitle_enable=YES +dirmessage_enable=NO +ls_recurse_enable=NO +connect_from_port_20=NO +max_clients=<%= scope.lookupvar('max_clients') %> +