X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fvsftpd%2Fmanifests%2Fsite.pp;h=352ca688cc506dc367c5a4e8e1ef8b83c3b5fb73;hb=598ef097f4c8f6b50b61dde7fc4bd011e955b754;hp=3d61e7b3283361269dbca9413a791fa586ab6561;hpb=931577998ec34638de1cca5b072ef374d5c11d7f;p=mirror%2Fdsa-puppet.git diff --git a/modules/vsftpd/manifests/site.pp b/modules/vsftpd/manifests/site.pp index 3d61e7b32..352ca688c 100644 --- a/modules/vsftpd/manifests/site.pp +++ b/modules/vsftpd/manifests/site.pp @@ -1,67 +1,89 @@ define vsftpd::site ( - $source='', - $content='', - $bind='', - $ensure=present -){ - - include vsftpd::nolisten - - if ($source and $content) { - fail ( "Can't have both source and content for $name" ) - } + $root, + $binds=['[::]'], + $chown_user='', + $writable=false, + $writable_other=false, + $readable=true, + $listable=true, + $banner="${name} FTP Server", + $max_clients=100, + $logfile="/var/log/ftp/vsftpd-${name}.debian.org.log", + $ensure=present, +) { + include vsftpd + include ferm::ftp_conntrack case $ensure { present,absent: {} default: { fail ( "Invald ensure `$ensure' for $name" ) } } + $ensure_service = $ensure ? { + present => running, + absent => stopped, + } + + $ensure_enable = $ensure ? { + present => true, + absent => false, + } + + $ftpsite = $name + $fname = "/etc/vsftpd-${name}.conf" - $noop = $::hostname ? { - bizet => false, - franck => false, - gluck => false, - lobos => false, - kassia => false, - klecker => false, - ravel => false, - saens => false, - santoro => false, - schein => false, - steffani => false, - villa => false, - wieck => false, - morricone => false, - default => true + file { $fname: + ensure => $ensure, + content => template('vsftpd/vsftpd.conf.erb'), + owner => 'root', + group => 'root', + mode => '0444', + } + + file { "/etc/logrotate.d/vsftpd-${name}": + ensure => absent } - if $source { - file { $fname: - ensure => $ensure, - noop => $noop, - source => $source, - } - } elsif $content { - file { $fname: - ensure => $ensure, - noop => $noop, - content => $content, - } - } else { - fail ( "Need one of source or content for $name" ) + file { "/etc/systemd/system/vsftpd-${name}@.service": + ensure => $ensure, + content => template('vsftpd/systemd-vsftpd.service.erb'), + owner => 'root', + group => 'root', + mode => '0444', + require => File[$fname], + notify => Exec['systemctl daemon-reload'], } - # We don't need a firewall rule because it's added in vsftp.pp - xinetd::service { "vsftpd-${name}": - bind => $bind, - id => "${name}-ftp", - server => '/usr/sbin/vsftpd', - port => 'ftp', - server_args => $fname, - ferm => false, - instances => 200, - require => File[$fname] + file { "/etc/systemd/system/vsftpd-${name}.socket": + ensure => $ensure, + content => template('vsftpd/systemd-vsftpd.socket.erb'), + owner => 'root', + group => 'root', + mode => '0444', + notify => [ + Exec['systemctl daemon-reload'], + Service["vsftpd-${name}.socket"], + ], } + service { "vsftpd-${name}.socket": + ensure => $ensure_service, + enable => $ensure_enable, + require => [ + Exec['systemctl daemon-reload'], + File["/etc/systemd/system/vsftpd-${name}@.service"], + File["/etc/systemd/system/vsftpd-${name}.socket"], + ], + provider => systemd, + } + + munin::check { "vsftpd-${name}": + ensure => $ensure, + script => 'vsftpd' + } + munin::conf { "vsftpd-${name}": + ensure => $ensure, + content => template('vsftpd/munin.erb') + } }