From b98544412fd3916437b2250481b8a77c5edef40e Mon Sep 17 00:00:00 2001 From: Stephen Gran Date: Wed, 16 May 2012 18:42:10 +0100 Subject: [PATCH] try an rsync class Signed-off-by: Stephen Gran --- manifests/site.pp | 4 -- modules/debian-org/lib/facter/software.rb | 9 ---- modules/ferm/manifests/per-host.pp | 3 -- modules/ferm/manifests/rsync.pp | 8 ---- .../roles/files/security_mirror/rsyncd.conf | 15 ++++++ modules/roles/manifests/security_mirror.pp | 5 ++ .../files/logrotate.d-dsa-rsyncd | 0 modules/rsync/manifests/init.pp | 31 ++++++++++++ modules/rsync/manifests/site.pp | 47 +++++++++++++++++++ modules/rsyncd-log/manifests/init.pp | 10 ---- 10 files changed, 98 insertions(+), 34 deletions(-) delete mode 100644 modules/ferm/manifests/rsync.pp create mode 100644 modules/roles/files/security_mirror/rsyncd.conf rename modules/{rsyncd-log => rsync}/files/logrotate.d-dsa-rsyncd (100%) create mode 100644 modules/rsync/manifests/init.pp create mode 100644 modules/rsync/manifests/site.pp delete mode 100644 modules/rsyncd-log/manifests/init.pp diff --git a/manifests/site.pp b/manifests/site.pp index c3a3657c..cadc12ed 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -65,10 +65,6 @@ node default { include apache2 } - if $::rsyncd { - include rsyncd-log - } - if $::hostname in [ravel,senfl,orff,draghi,diamond] { include named::authoritative } elsif $::hostname in [geo1,geo2,geo3] { diff --git a/modules/debian-org/lib/facter/software.rb b/modules/debian-org/lib/facter/software.rb index 2bcc0a63..33f1c422 100644 --- a/modules/debian-org/lib/facter/software.rb +++ b/modules/debian-org/lib/facter/software.rb @@ -131,15 +131,6 @@ Facter.add("syslogversion") do %x{dpkg-query -W -f='${Version}\n' syslog-ng | cut -b1-3}.chomp end end -Facter.add("rsyncd") do - setcode do - if FileTest.exist?("/etc/rsyncd.conf") - true - else - '' - end - end -end Facter.add("unbound") do unbound=FileTest.exist?("/usr/sbin/unbound") and FileTest.exist?("/var/lib/unbound/root.key") diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp index 169ae7d8..0da0d248 100644 --- a/modules/ferm/manifests/per-host.pp +++ b/modules/ferm/manifests/per-host.pp @@ -214,7 +214,4 @@ REJECT reject-with icmp-admin-prohibited default: {} } - if $::rsyncd { - include ferm::rsync - } } diff --git a/modules/ferm/manifests/rsync.pp b/modules/ferm/manifests/rsync.pp deleted file mode 100644 index 44feab65..00000000 --- a/modules/ferm/manifests/rsync.pp +++ /dev/null @@ -1,8 +0,0 @@ -class ferm::rsync { - @ferm::rule { 'dsa-rsync': - domain => '(ip ip6)', - description => 'Allow rsync access', - rule => '&SERVICE(tcp, 873)' - } -} - diff --git a/modules/roles/files/security_mirror/rsyncd.conf b/modules/roles/files/security_mirror/rsyncd.conf new file mode 100644 index 00000000..d419156f --- /dev/null +++ b/modules/roles/files/security_mirror/rsyncd.conf @@ -0,0 +1,15 @@ +uid = nobody +gid = nogroup +max connections = 20 +syslog facility = daemon +socket options = SO_KEEPALIVE +timeout = 1200 + +# weasel 2007-11-19 +log file = /var/log/rsyncd/rsyncd.log + +[debian-security] + path = /org/ftp.root/debian-security + comment = Debian security archive + read only = true + diff --git a/modules/roles/manifests/security_mirror.pp b/modules/roles/manifests/security_mirror.pp index 4608f6d5..9b85cb5f 100644 --- a/modules/roles/manifests/security_mirror.pp +++ b/modules/roles/manifests/security_mirror.pp @@ -11,4 +11,9 @@ class roles::security_mirror { max_clients => 200, root => '/srv/ftp.root/', } + + rsync::site { 'security': + source => 'puppet:///modules/roles/security_mirror/rsyncd.conf', + max_clients => 100, + } } diff --git a/modules/rsyncd-log/files/logrotate.d-dsa-rsyncd b/modules/rsync/files/logrotate.d-dsa-rsyncd similarity index 100% rename from modules/rsyncd-log/files/logrotate.d-dsa-rsyncd rename to modules/rsync/files/logrotate.d-dsa-rsyncd diff --git a/modules/rsync/manifests/init.pp b/modules/rsync/manifests/init.pp new file mode 100644 index 00000000..7671c6f2 --- /dev/null +++ b/modules/rsync/manifests/init.pp @@ -0,0 +1,31 @@ +class rsync { + + package { 'rsync': + ensure => installed, + noop => true, + } + + service { 'rsync': + ensure => stopped, + noop => true, + require => Package['rsync'], + } + + file { '/etc/logrotate.d/dsa-rsyncd': + source => 'puppet:///modules/rsyncd-log/logrotate.d-dsa-rsyncd', + noop => true, + require => Package['debian.org'], + } + file { '/var/log/rsyncd': + ensure => directory, + noop => true, + mode => '0755', + } + + @ferm::rule { 'dsa-rsync': + domain => '(ip ip6)', + description => 'Allow rsync access', + rule => '&SERVICE(tcp, 873)' + } + +} diff --git a/modules/rsync/manifests/site.pp b/modules/rsync/manifests/site.pp new file mode 100644 index 00000000..13d90dc7 --- /dev/null +++ b/modules/rsync/manifests/site.pp @@ -0,0 +1,47 @@ +define rsync::site ( + $bind='', + $source='', + $content='', + $fname='/etc/rsyncd.conf', + $max_clients=200, + $ensure=present +){ + + include rsync + + case $ensure { + present,absent: {} + default: { fail ( "Invald ensure `${ensure}' for ${name}" ) } + } + + if ($source and $content) { + fail ( "Can't define both source and content for ${name}" ) + } + + if $source { + file { $fname: + ensure => $ensure, + source => $source + } + } elsif $content { + file { $fname: + ensure => $ensure, + content => $content, + } + } else { + fail ( "Can't find config for ${name}" ) + } + + xinetd::service { "rsync-${name}": + bind => $bind, + id => "${name}-rsync", + server => '/usr/sbin/rsyncd', + port => 'rsync', + server_args => $fname, + ferm => false, + instances => $max_clients, + require => File[$fname] + } + + Service['rsync']->Service['xinetd'] +} diff --git a/modules/rsyncd-log/manifests/init.pp b/modules/rsyncd-log/manifests/init.pp deleted file mode 100644 index 0ae5951d..00000000 --- a/modules/rsyncd-log/manifests/init.pp +++ /dev/null @@ -1,10 +0,0 @@ -class rsyncd-log { - file { '/etc/logrotate.d/dsa-rsyncd': - source => 'puppet:///modules/rsyncd-log/logrotate.d-dsa-rsyncd', - require => Package['debian.org'], - } - file { '/var/log/rsyncd': - ensure => directory, - mode => '0755', - } -} -- 2.39.2