From: Stephen Gran Date: Sun, 22 Apr 2012 19:48:10 +0000 (+0100) Subject: this is probably more like it X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=commitdiff_plain;h=a8faece43f89960c6686321309b3082c7a531cac this is probably more like it Signed-off-by: Stephen Gran --- diff --git a/manifests/site.pp b/manifests/site.pp index 54ed6528..77007e10 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -148,7 +148,7 @@ node default { munin::check { 'spamassassin': } } - if $::hostname in [chopin,franck,gluck,kassia,klecker,lobos,morricone,ravel,saens,schein,santoro,steffani,villa,wieck,bizet] { + if $::hostname in [chopin,franck,kassia,klecker,morricone,ravel,bizet] { include vsftpd } } diff --git a/modules/roles/files/security_mirror/vsftpd.conf b/modules/roles/files/security_mirror/vsftpd.conf new file mode 100644 index 00000000..2cbe373d --- /dev/null +++ b/modules/roles/files/security_mirror/vsftpd.conf @@ -0,0 +1,14 @@ +anonymous_enable=YES +connect_from_port_20=NO +connect_from_port_20=YES +dirmessage_enable=NO +dirmessage_enable=YES +ftpd_banner=security.debian.org FTP server (vsftpd) +listen=YES +ls_recurse_enable=YES +pam_service_name=vsftpd +rsa_cert_file=/etc/ssl/certs/vsftpd.pem +secure_chroot_dir=/var/run/vsftpd +setproctitle_enable=YES +xferlog_enable=YES +xferlog_file=/var/log/vsftpd.log diff --git a/modules/roles/manifests/security_mirror.pp b/modules/roles/manifests/security_mirror.pp index 46f9b5f9..9b9ec2d2 100644 --- a/modules/roles/manifests/security_mirror.pp +++ b/modules/roles/manifests/security_mirror.pp @@ -5,4 +5,7 @@ class roles::security_mirror { config => 'puppet:///modules/roles/security_mirror/security.debian.org' } + class { 'vsftpd::site': + source => 'puppet:///modules/roles/security_mirror/vsftpd.conf' + } } diff --git a/modules/vsftpd/manifests/site.pp b/modules/vsftpd/manifests/site.pp new file mode 100644 index 00000000..bc66c95d --- /dev/null +++ b/modules/vsftpd/manifests/site.pp @@ -0,0 +1,34 @@ +class vsftpd::site ( + $source='', + $content='', + $ensure=present, +){ + + include vsftpd + + if ($source and $content) { + fail ( "Can't have both source and content for $name" ) + } + + case $ensure { + present,absent: {} + default: { fail ( "Invald ensure `$ensure' for $name" ) } + } + + if $source { + file { '/etc/vsftpd.conf': + ensure => $ensure, + source => $source, + notify => Service['vsftpd'] + } + } elsif $content { + file { '/etc/vsftpd.conf': + ensure => $ensure, + content => $content, + notify => Service['vsftpd'] + } + } else { + fail ( "Need one of source or content for $name" ) + } + +}