From 34ffa51d586aa81dd7223483a6ab282fdd27b5b1 Mon Sep 17 00:00:00 2001 From: Stephen Gran Date: Tue, 24 Apr 2012 21:01:25 +0100 Subject: [PATCH] Allow more than one vsftpd::site This turns it into an xinetd::service, so I made one of those while I'm here. Signed-off-by: Stephen Gran --- modules/vsftpd/manifests/nolisten.pp | 11 ++++++++ modules/vsftpd/manifests/site.pp | 20 +++++++++++--- modules/xinetd/manifests/init.pp | 9 +++++++ modules/xinetd/manifests/service.pp | 39 ++++++++++++++++++++++++++++ modules/xinetd/templates/service.erb | 17 ++++++++++++ 5 files changed, 92 insertions(+), 4 deletions(-) create mode 100644 modules/vsftpd/manifests/nolisten.pp create mode 100644 modules/xinetd/manifests/init.pp create mode 100644 modules/xinetd/manifests/service.pp create mode 100644 modules/xinetd/templates/service.erb diff --git a/modules/vsftpd/manifests/nolisten.pp b/modules/vsftpd/manifests/nolisten.pp new file mode 100644 index 00000000..38e6d8cc --- /dev/null +++ b/modules/vsftpd/manifests/nolisten.pp @@ -0,0 +1,11 @@ +class vsftpd::nolisten { + + Service['vsftpd'] { + ensure => stopped + } + + file { '/etc/vsftpd.conf': + content => 'listen=NO' + notify => Service['vsftpd'] + } +} diff --git a/modules/vsftpd/manifests/site.pp b/modules/vsftpd/manifests/site.pp index 7897c8fc..565dcdb2 100644 --- a/modules/vsftpd/manifests/site.pp +++ b/modules/vsftpd/manifests/site.pp @@ -1,10 +1,12 @@ class vsftpd::site ( $source='', $content='', + $bind=$::ipaddress, $ensure=present ){ include vsftpd + include vsftpd::nolisten if ($source and $content) { fail ( "Can't have both source and content for $name" ) @@ -15,20 +17,30 @@ class vsftpd::site ( default: { fail ( "Invald ensure `$ensure' for $name" ) } } + $fname = "/etc/vsftpd-${name}.conf" + if $source { - file { '/etc/vsftpd.conf': + file { $fname: ensure => $ensure, source => $source, - notify => Service['vsftpd'] } } elsif $content { - file { '/etc/vsftpd.conf': + file { $fname: ensure => $ensure, content => $content, - notify => Service['vsftpd'] } } else { fail ( "Need one of source or content for $name" ) } + # We don't need a firewall rule because it's added in vsftp.pp + xinetd::service { "vsftpd-${name}": + bind => $bind, + id => $name, + server => '/usr/sbin/vsftpd', + port => 'ftp', + server_args => $fname, + ferm => false, + } + } diff --git a/modules/xinetd/manifests/init.pp b/modules/xinetd/manifests/init.pp new file mode 100644 index 00000000..e2178bd9 --- /dev/null +++ b/modules/xinetd/manifests/init.pp @@ -0,0 +1,9 @@ +class xinetd { + package { 'xinetd': + ensure => installed + } + + service { 'xinetd': + ensure => running + } +} diff --git a/modules/xinetd/manifests/service.pp b/modules/xinetd/manifests/service.pp new file mode 100644 index 00000000..2ad6338b --- /dev/null +++ b/modules/xinetd/manifests/service.pp @@ -0,0 +1,39 @@ +define xinetd::service ( + $bind, + $id, + $server, + $port, + $socket_type=stream, + $protocol=tcp, + $flags=IPv6, + $wait=no, + $user=root, + $server_args='', + $nice=10, + $instances=100, + $per_source=3, + $cps='0 0', + $ensure=present, + $ferm=true +) { + include xinetd + + case $ensure { + present,absent,file: {} + default: { fail("Invalid ensure for '$name'") } + } + + if $ferm { + @ferm::rule { "dsa-xinetd-${name}": + description => "Allow traffic to ${port}", + rule => "&SERVICE(${protocol}, ${port})" + } + } + + file { "/etc/xinetd.d/${name}.conf": + ensure => $ensure, + content => template('xinetd/service.erb'), + notify => Service['xinetd'], + require => Package['xinetd'], + } +} diff --git a/modules/xinetd/templates/service.erb b/modules/xinetd/templates/service.erb new file mode 100644 index 00000000..bb71850e --- /dev/null +++ b/modules/xinetd/templates/service.erb @@ -0,0 +1,17 @@ +service <%= scope.lookupvar('port') %> +{ + bind = <%= scope.lookupvar('bind') %> + id = <%= scope.lookupvar('id') %> + + socket_type = <%= scope.lookupvar('stream') %> + protocol = <%= scope.lookupvar('protocol') %> + flags = <%= scope.lookupvar('flags') %> + wait = <%= scope.lookupvar('wait') %> + user = <%= scope.lookupvar('user') %> + server = <%= scope.lookupvar('server') %> + server_args = <%= scope.lookupvar('server_args') %> + nice = <%= scope.lookupvar('nice') %> + instances = <%= scope.lookupvar('instances') %> + per_source = <%= scope.lookupvar('per_source') %> + cps = <%= scope.lookupvar('cps') %> +} -- 2.39.2