From: Stephen Gran <steve@lobefin.net>
Date: Sat, 28 Apr 2012 15:09:00 +0000 (+0100)
Subject: we probably want to logrotate these files
X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=commitdiff_plain;h=ca0302fc180922a0843bd5f25fae104f14dff374

we probably want to logrotate these files

Signed-off-by: Stephen Gran <steve@lobefin.net>
---

diff --git a/modules/roles/files/backports_master/vsftpd.conf b/modules/roles/files/backports_master/vsftpd.conf
deleted file mode 100644
index 683b983f..00000000
--- a/modules/roles/files/backports_master/vsftpd.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-anonymous_enable=YES
-write_enable=YES
-anon_root=/srv/backports-upload
-anon_umask=027
-anon_upload_enable=YES
-chown_uploads=YES
-chown_username=dak
-
-xferlog_enable=YES
-xferlog_file=/var/log/ftp/vsftpd-backports-master.debian.org.log
-
-ftpd_banner=backports-master.debian.org FTP server
-secure_chroot_dir=/var/run/vsftpd
-pam_service_name=vsftpd
-setproctitle_enable=YES
-dirmessage_enable=YES
-ls_recurse_enable=NO
-connect_from_port_20=NO
-max_clients=100
diff --git a/modules/roles/files/ftp/vsftpd.conf b/modules/roles/files/ftp/vsftpd.conf
deleted file mode 100644
index d5c6bf2c..00000000
--- a/modules/roles/files/ftp/vsftpd.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-ftpd_banner=ftp.debian.org FTP server
-
-anonymous_enable=YES
-dirmessage_enable=YES
-connect_from_port_20=NO
-setproctitle_enable=YES
-ls_recurse_enable=NO
-xferlog_enable=YES
-xferlog_file=/var/log/ftp/vsftpd-ftp.debian.org.log
-
-secure_chroot_dir=/var/run/vsftpd
-pam_service_name=vsftpd
-
-anon_root=/srv/ftp.debian.org/ftp.root
-
diff --git a/modules/roles/files/ftp_upload/vsftpd.conf b/modules/roles/files/ftp_upload/vsftpd.conf
deleted file mode 100644
index a30f6fb4..00000000
--- a/modules/roles/files/ftp_upload/vsftpd.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-ftpd_banner=ftp.upload.debian.org FTP server
-
-max_clients=100
-
-anonymous_enable=YES
-dirmessage_enable=YES
-connect_from_port_20=NO
-setproctitle_enable=YES
-ls_recurse_enable=NO
-xferlog_enable=YES
-
-secure_chroot_dir=/var/run/vsftpd
-xferlog_file=/var/log/ftp/vsftpd-ftp.upload.debian.org.log
-pam_service_name=vsftpd
-
-anon_root=/srv/upload.debian.org/ftp
-write_enable=YES
-anon_umask=027
-anon_upload_enable=YES
-chown_uploads=YES
-chown_username=dak
-
diff --git a/modules/roles/files/security_mirror/vsftpd.conf b/modules/roles/files/security_mirror/vsftpd.conf
deleted file mode 100644
index e68fe195..00000000
--- a/modules/roles/files/security_mirror/vsftpd.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-anonymous_enable=YES
-xferlog_enable=YES
-secure_chroot_dir=/var/run/vsftpd
-pam_service_name=vsftpd
-rsa_cert_file=/etc/ssl/certs/vsftpd.pem
-
-setproctitle_enable=YES
-dirmessage_enable=NO
-connect_from_port_20=NO
-xferlog_file=/var/log/ftp/vsftpd-security.debian.org.log
-ls_recurse_enable=YES
-ftpd_banner=security.debian.org FTP server (vsftpd)
diff --git a/modules/roles/manifests/backports_master.pp b/modules/roles/manifests/backports_master.pp
index 1e437250..68ac3140 100644
--- a/modules/roles/manifests/backports_master.pp
+++ b/modules/roles/manifests/backports_master.pp
@@ -11,14 +11,16 @@ class roles::backports_master {
 	}
 
 	vsftpd::site { 'backports':
-		source => 'puppet:///modules/roles/backports_master/vsftpd.conf',
-		bind   => $bind,
+		source  => 'puppet:///modules/roles/backports_master/vsftpd.conf',
+		logfile => '/var/log/ftp/vsftpd-backports-master.debian.org.log',
+		bind    => $bind,
 	}
 
 	if $bind6 {
 		vsftpd::site { 'backports-v6':
-			source => 'puppet:///modules/roles/security_mirror/vsftpd.conf',
-			bind   => $bind6,
+			source  => 'puppet:///modules/roles/security_mirror/vsftpd.conf',
+			logfile => '/var/log/ftp/vsftpd-backports-master.debian.org.log',
+			bind    => $bind6,
 		}
 	}
 
diff --git a/modules/roles/manifests/dakmaster.pp b/modules/roles/manifests/dakmaster.pp
index 08a14819..0cf923ad 100644
--- a/modules/roles/manifests/dakmaster.pp
+++ b/modules/roles/manifests/dakmaster.pp
@@ -7,7 +7,7 @@ class roles::dakmaster {
 	apache2::module { 'macro': }
 
 	apache2::config { 'puppet-builddlist':
-		template => 'roles/conf-builddlist.erb',
+		template => 'roles/dakmaster/conf-builddlist.erb',
 	}
 
 }
diff --git a/modules/roles/manifests/ftp.pp b/modules/roles/manifests/ftp.pp
index 41eecf08..754b98ed 100644
--- a/modules/roles/manifests/ftp.pp
+++ b/modules/roles/manifests/ftp.pp
@@ -13,14 +13,16 @@ class roles::ftp {
 	}
 
 	vsftpd::site { 'ftp':
-		source => 'puppet:///modules/roles/ftp/vsftpd.conf',
-		bind   => $bind,
+		source  => 'puppet:///modules/roles/ftp/vsftpd.conf',
+		logfile => '/var/log/ftp/vsftpd-ftp.debian.org.log',
+		bind    => $bind,
 	}
 
 	if $bind6 {
 		vsftpd::site { 'ftp-v6':
-			source => 'puppet:///modules/roles/security_mirror/vsftpd.conf',
-			bind   => $bind6,
+			source  => 'puppet:///modules/roles/security_mirror/vsftpd.conf',
+			logfile => '/var/log/ftp/vsftpd-ftp.debian.org.log',
+			bind    => $bind6,
 		}
 	}
 }
diff --git a/modules/roles/manifests/ftp_upload.pp b/modules/roles/manifests/ftp_upload.pp
index 326ff5b3..abcc6bbd 100644
--- a/modules/roles/manifests/ftp_upload.pp
+++ b/modules/roles/manifests/ftp_upload.pp
@@ -9,14 +9,16 @@ class roles::ftp_upload {
 	}
 
 	vsftpd::site { 'ftp-upload':
-		source => 'puppet:///modules/roles/ftp_upload/vsftpd.conf',
-		bind   => $bind,
+		source  => 'puppet:///modules/roles/ftp_upload/vsftpd.conf',
+		logfile => '/var/log/ftp/vsftpd-ftp.upload.debian.org.log',
+		bind    => $bind,
 	}
 
 	if $bind6 {
 		vsftpd::site { 'ftp-upload-v6':
-			source => 'puppet:///modules/roles/security_mirror/vsftpd.conf',
-			bind   => $bind6,
+			source  => 'puppet:///modules/roles/security_mirror/vsftpd.conf',
+			logfile => '/var/log/ftp/vsftpd-ftp.upload.debian.org.log',
+			bind    => $bind6,
 		}
 	}
 }
diff --git a/modules/roles/manifests/security_mirror.pp b/modules/roles/manifests/security_mirror.pp
index 5f59d26b..5e3ee78f 100644
--- a/modules/roles/manifests/security_mirror.pp
+++ b/modules/roles/manifests/security_mirror.pp
@@ -14,14 +14,16 @@ class roles::security_mirror {
 	}
 
 	vsftpd::site { 'security':
-		source => 'puppet:///modules/roles/security_mirror/vsftpd.conf',
-		bind   => $bind,
+		source  => 'puppet:///modules/roles/security_mirror/vsftpd.conf',
+		logfile => '/var/log/ftp/vsftpd-security.debian.org.log',
+		bind    => $bind,
 	}
 
 	if $bind6 {
 		vsftpd::site { 'security-v6':
-			source => 'puppet:///modules/roles/security_mirror/vsftpd.conf',
-			bind   => $bind6,
+			source  => 'puppet:///modules/roles/security_mirror/vsftpd.conf',
+			logfile => '/var/log/ftp/vsftpd-security.debian.org.log',
+			bind    => $bind6,
 		}
 	}
 
diff --git a/modules/roles/templates/backports_master/vsftpd.conf b/modules/roles/templates/backports_master/vsftpd.conf
new file mode 100644
index 00000000..02979ed9
--- /dev/null
+++ b/modules/roles/templates/backports_master/vsftpd.conf
@@ -0,0 +1,19 @@
+anonymous_enable=YES
+write_enable=YES
+anon_root=/srv/backports-upload
+anon_umask=027
+anon_upload_enable=YES
+chown_uploads=YES
+chown_username=dak
+
+xferlog_enable=YES
+xferlog_file=<%= scope.lookupvar('logfile') %>
+
+ftpd_banner=backports-master.debian.org FTP server
+secure_chroot_dir=/var/run/vsftpd
+pam_service_name=vsftpd
+setproctitle_enable=YES
+dirmessage_enable=YES
+ls_recurse_enable=NO
+connect_from_port_20=NO
+max_clients=100
diff --git a/modules/roles/templates/conf-builddlist.erb b/modules/roles/templates/conf-builddlist.erb
deleted file mode 100644
index d216cdc9..00000000
--- a/modules/roles/templates/conf-builddlist.erb
+++ /dev/null
@@ -1,26 +0,0 @@
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-<Macro DebianBuilddHostList>
-
-<%=
-  lines = []
-
-  scope.lookupvar('site::allnodeinfo').keys.sort.each do |node|
-    next unless scope.lookupvar('site::allnodeinfo')[node]['purpose']
-    if scope.lookupvar('site::allnodeinfo')[node]['purpose'].include?('buildd')
-      lines << "  # #{scope.lookupvar('site::allnodeinfo')[node]['hostname'].to_s}"
-      scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].each do |addr|
-        lines << "  allow from #{addr}"
-      end
-    end
-  end
-
-  lines.join("\n")
-# vim:set et:
-# vim:set sts=2 ts=2:
-# vim:set shiftwidth=2:
-%>
-</Macro>
diff --git a/modules/roles/templates/ftp/vsftpd.conf b/modules/roles/templates/ftp/vsftpd.conf
new file mode 100644
index 00000000..60ac366a
--- /dev/null
+++ b/modules/roles/templates/ftp/vsftpd.conf
@@ -0,0 +1,15 @@
+ftpd_banner=ftp.debian.org FTP server
+
+anonymous_enable=YES
+dirmessage_enable=YES
+connect_from_port_20=NO
+setproctitle_enable=YES
+ls_recurse_enable=NO
+xferlog_enable=YES
+xferlog_file=<%= scope.lookupvar('logfile') %>
+
+secure_chroot_dir=/var/run/vsftpd
+pam_service_name=vsftpd
+
+anon_root=/srv/ftp.debian.org/ftp.root
+
diff --git a/modules/roles/templates/ftp_upload/vsftpd.conf b/modules/roles/templates/ftp_upload/vsftpd.conf
new file mode 100644
index 00000000..30612b09
--- /dev/null
+++ b/modules/roles/templates/ftp_upload/vsftpd.conf
@@ -0,0 +1,22 @@
+ftpd_banner=ftp.upload.debian.org FTP server
+
+max_clients=100
+
+anonymous_enable=YES
+dirmessage_enable=YES
+connect_from_port_20=NO
+setproctitle_enable=YES
+ls_recurse_enable=NO
+xferlog_enable=YES
+
+secure_chroot_dir=/var/run/vsftpd
+xferlog_file=<%= scope.lookupvar('logfile') %>
+pam_service_name=vsftpd
+
+anon_root=/srv/upload.debian.org/ftp
+write_enable=YES
+anon_umask=027
+anon_upload_enable=YES
+chown_uploads=YES
+chown_username=dak
+
diff --git a/modules/roles/templates/security_mirror/.vsftpd.conf.swp b/modules/roles/templates/security_mirror/.vsftpd.conf.swp
new file mode 100644
index 00000000..bf1c1d3c
Binary files /dev/null and b/modules/roles/templates/security_mirror/.vsftpd.conf.swp differ
diff --git a/modules/roles/templates/security_mirror/vsftpd.conf b/modules/roles/templates/security_mirror/vsftpd.conf
new file mode 100644
index 00000000..e68fe195
--- /dev/null
+++ b/modules/roles/templates/security_mirror/vsftpd.conf
@@ -0,0 +1,12 @@
+anonymous_enable=YES
+xferlog_enable=YES
+secure_chroot_dir=/var/run/vsftpd
+pam_service_name=vsftpd
+rsa_cert_file=/etc/ssl/certs/vsftpd.pem
+
+setproctitle_enable=YES
+dirmessage_enable=NO
+connect_from_port_20=NO
+xferlog_file=/var/log/ftp/vsftpd-security.debian.org.log
+ls_recurse_enable=YES
+ftpd_banner=security.debian.org FTP server (vsftpd)
diff --git a/modules/vsftpd/manifests/site.pp b/modules/vsftpd/manifests/site.pp
index 3d61e7b3..a2ca6cb2 100644
--- a/modules/vsftpd/manifests/site.pp
+++ b/modules/vsftpd/manifests/site.pp
@@ -2,6 +2,7 @@ define vsftpd::site (
 	$source='',
 	$content='',
 	$bind='',
+	$logfile="/var/log/ftp/vsftpd-${name}.debian.org.log",
 	$ensure=present
 ){
 
@@ -52,6 +53,11 @@ define vsftpd::site (
 		fail ( "Need one of source or content for $name" )
 	}
 
+	file { "/etc/logrotate.d/vsftpd-${name}":
+		ensure  => $ensure,
+		content => template('vsftpd/logrotate.erb')
+	}
+
 	# We don't need a firewall rule because it's added in vsftp.pp
 	xinetd::service { "vsftpd-${name}":
 		bind        => $bind,
diff --git a/modules/vsftpd/templates/logrotate.erb b/modules/vsftpd/templates/logrotate.erb
new file mode 100644
index 00000000..82222378
--- /dev/null
+++ b/modules/vsftpd/templates/logrotate.erb
@@ -0,0 +1,10 @@
+<%= scope.lookupvar('logfile') %>
+{
+	create 640 root adm
+
+	# ftpd doesn't handle SIGHUP properly
+	missingok
+	notifempty
+	rotate 4
+	weekly
+}