--- /dev/null
+class vsftpd::nolisten {
+
+ Service['vsftpd'] {
+ ensure => stopped
+ }
+
+ file { '/etc/vsftpd.conf':
+ content => 'listen=NO'
+ notify => Service['vsftpd']
+ }
+}
class vsftpd::site (
$source='',
$content='',
+ $bind=$::ipaddress,
$ensure=present
){
include vsftpd
+ include vsftpd::nolisten
if ($source and $content) {
fail ( "Can't have both source and content for $name" )
default: { fail ( "Invald ensure `$ensure' for $name" ) }
}
+ $fname = "/etc/vsftpd-${name}.conf"
+
if $source {
- file { '/etc/vsftpd.conf':
+ file { $fname:
ensure => $ensure,
source => $source,
- notify => Service['vsftpd']
}
} elsif $content {
- file { '/etc/vsftpd.conf':
+ file { $fname:
ensure => $ensure,
content => $content,
- notify => Service['vsftpd']
}
} else {
fail ( "Need one of source or content for $name" )
}
+ # We don't need a firewall rule because it's added in vsftp.pp
+ xinetd::service { "vsftpd-${name}":
+ bind => $bind,
+ id => $name,
+ server => '/usr/sbin/vsftpd',
+ port => 'ftp',
+ server_args => $fname,
+ ferm => false,
+ }
+
}
--- /dev/null
+class xinetd {
+ package { 'xinetd':
+ ensure => installed
+ }
+
+ service { 'xinetd':
+ ensure => running
+ }
+}
--- /dev/null
+define xinetd::service (
+ $bind,
+ $id,
+ $server,
+ $port,
+ $socket_type=stream,
+ $protocol=tcp,
+ $flags=IPv6,
+ $wait=no,
+ $user=root,
+ $server_args='',
+ $nice=10,
+ $instances=100,
+ $per_source=3,
+ $cps='0 0',
+ $ensure=present,
+ $ferm=true
+) {
+ include xinetd
+
+ case $ensure {
+ present,absent,file: {}
+ default: { fail("Invalid ensure for '$name'") }
+ }
+
+ if $ferm {
+ @ferm::rule { "dsa-xinetd-${name}":
+ description => "Allow traffic to ${port}",
+ rule => "&SERVICE(${protocol}, ${port})"
+ }
+ }
+
+ file { "/etc/xinetd.d/${name}.conf":
+ ensure => $ensure,
+ content => template('xinetd/service.erb'),
+ notify => Service['xinetd'],
+ require => Package['xinetd'],
+ }
+}
--- /dev/null
+service <%= scope.lookupvar('port') %>
+{
+ bind = <%= scope.lookupvar('bind') %>
+ id = <%= scope.lookupvar('id') %>
+
+ socket_type = <%= scope.lookupvar('stream') %>
+ protocol = <%= scope.lookupvar('protocol') %>
+ flags = <%= scope.lookupvar('flags') %>
+ wait = <%= scope.lookupvar('wait') %>
+ user = <%= scope.lookupvar('user') %>
+ server = <%= scope.lookupvar('server') %>
+ server_args = <%= scope.lookupvar('server_args') %>
+ nice = <%= scope.lookupvar('nice') %>
+ instances = <%= scope.lookupvar('instances') %>
+ per_source = <%= scope.lookupvar('per_source') %>
+ cps = <%= scope.lookupvar('cps') %>
+}