include roles::backports_mirror
- $bind = $::hostname ? {
- default => '',
- }
-
- $bind6 = $::hostname ? {
- default => '',
- }
-
- $logfile = '/var/log/ftp/vsftpd-backports-master.debian.org.log'
-
vsftpd::site { 'backports':
- content => template('roles/backports_master/vsftpd.conf.erb'),
- logfile => $logfile,
- bind => $bind,
- }
-
- if $bind6 {
- vsftpd::site { 'backports-v6':
- content => template('roles/backports_mirror/vsftpd.conf.erb'),
- logfile => $logfile,
- bind => $bind6,
- }
+ banner => 'backports-master.debian.org FTP server',
+ logfile => '/var/log/ftp/vsftpd-backports-master.debian.org.log',
+ writable => true,
+ chown_user => dak,
+ root => '/srv/backports-upload',
}
-
}
default => '',
}
- $logfile = '/var/log/ftp/vsftpd-ftp.debian.org.log'
-
vsftpd::site { 'ftp':
- content => template('roles/ftp/vsftpd.conf.erb'),
- logfile => $logfile,
- bind => $bind,
+ banner => 'ftp.debian.org FTP server',
+ logfile => '/var/log/ftp/vsftpd-ftp.debian.org.log',
+ bind => $bind,
+ max_clients => 200,
+ root => '/srv/ftp.debian.org/ftp.root',
}
if $bind6 {
vsftpd::site { 'ftp-v6':
- content => template('roles/ftp/vsftpd.conf.erb'),
- logfile => $logfile,
- bind => $bind6,
+ banner => 'ftp.debian.org FTP server',
+ logfile => '/var/log/ftp/vsftpd-ftp.debian.org.log',
+ bind => $bind6,
+ max_clients => 200,
+ root => '/srv/ftp.debian.org/ftp.root',
}
}
}
default => '',
}
- $logfile = '/var/log/ftp/vsftpd-ftp.upload.debian.org.log'
-
vsftpd::site { 'ftp-upload':
- content => template('roles/ftp_upload/vsftpd.conf.erb'),
- logfile => $logfile,
- bind => $bind,
+ banner => 'ftp.upload.debian.org FTP server',
+ logfile => '/var/log/ftp/vsftpd-ftp.upload.debian.org.log',
+ writable => true,
+ chown_user => dak,
+ bind => $bind,
+ root => '/srv/upload.debian.org/ftp',
}
if $bind6 {
vsftpd::site { 'ftp-upload-v6':
- content => template('roles/ftp_upload/vsftpd.conf.erb'),
- logfile => $logfile,
- bind => $bind6,
+ banner => 'ftp.upload.debian.org FTP server',
+ logfile => '/var/log/ftp/vsftpd-ftp.upload.debian.org.log',
+ writable => true,
+ chown_user => dak,
+ bind => $bind6,
+ root => '/srv/upload.debian.org/ftp',
}
}
}
class roles::security_master {
- $bind = $::hostname ? {
- default => '',
- }
-
- $bind6 = $::hostname ? {
- default => '',
- }
-
- $logfile = '/var/log/ftp/vsftpd-security-master.debian.org.log'
-
vsftpd::site { 'security':
- content => template('roles/security_master/vsftpd.conf.erb'),
- logfile => $logfile,
- bind => $bind,
- }
-
- if $bind6 {
- vsftpd::site { 'security-v6':
- content => template('roles/security_master/vsftpd.conf.erb'),
- logfile => $logfile,
- bind => $bind6,
- }
+ banner => 'security-master.debian.org FTP server (vsftpd)',
+ logfile => '/var/log/ftp/vsftpd-security-master.debian.org.log',
+ writable => true,
+ chown_user => dak,
+ root => '/srv/ftp.root/',
}
}
config => 'puppet:///modules/roles/security_mirror/security.debian.org'
}
- $bind = $::hostname ? {
- default => '',
- }
-
- $bind6 = $::hostname ? {
- default => '',
- }
-
- $logfile = '/var/log/ftp/vsftpd-security.debian.org.log'
-
vsftpd::site { 'security':
- content => template('roles/security_mirror/vsftpd.conf.erb'),
- logfile => $logfile,
- bind => $bind,
- }
-
- if $bind6 {
- vsftpd::site { 'security-v6':
- content => template('roles/security_mirror/vsftpd.conf.erb'),
- logfile => $logfile,
- bind => $bind6,
- }
+ banner => 'security.debian.org FTP server (vsftpd)',
+ logfile => '/var/log/ftp/vsftpd-security.debian.org.log',
+ max_clients => 200,
+ root => '/srv/ftp.root/',
}
-
}
+++ /dev/null
-anonymous_enable=YES
-write_enable=YES
-anon_root=/srv/backports-upload
-anon_umask=027
-anon_upload_enable=YES
-chown_uploads=YES
-chown_username=dak
-
-xferlog_enable=YES
-xferlog_file=<%= scope.lookupvar('logfile') %>
-
-ftpd_banner=backports-master.debian.org FTP server
-secure_chroot_dir=/var/run/vsftpd
-pam_service_name=vsftpd
-setproctitle_enable=YES
-dirmessage_enable=YES
-ls_recurse_enable=NO
-connect_from_port_20=NO
-max_clients=100
+++ /dev/null
-ftpd_banner=ftp.debian.org FTP server
-
-anonymous_enable=YES
-dirmessage_enable=YES
-connect_from_port_20=NO
-setproctitle_enable=YES
-ls_recurse_enable=NO
-xferlog_enable=YES
-xferlog_file=<%= scope.lookupvar('logfile') %>
-
-secure_chroot_dir=/var/run/vsftpd
-pam_service_name=vsftpd
-
-anon_root=/srv/ftp.debian.org/ftp.root
-
+++ /dev/null
-ftpd_banner=ftp.upload.debian.org FTP server
-
-max_clients=100
-
-anonymous_enable=YES
-dirmessage_enable=YES
-connect_from_port_20=NO
-setproctitle_enable=YES
-ls_recurse_enable=NO
-xferlog_enable=YES
-
-secure_chroot_dir=/var/run/vsftpd
-xferlog_file=<%= scope.lookupvar('logfile') %>
-pam_service_name=vsftpd
-
-anon_root=/srv/upload.debian.org/ftp
-write_enable=YES
-anon_umask=027
-anon_upload_enable=YES
-chown_uploads=YES
-chown_username=dak
-
+++ /dev/null
-max_clients=100
-
-# from default package config
-secure_chroot_dir=/var/run/vsftpd
-pam_service_name=vsftpd
-
-anonymous_enable=YES
-one_process_model=YES
-setproctitle_enable=YES
-dirmessage_enable=NO
-xferlog_enable=YES
-connect_from_port_20=NO
-xferlog_file=<%= scope.lookupvar('logfile') %>
-ls_recurse_enable=NO
-ftpd_banner=security-master.debian.org FTP server (vsftpd)
-
-#
-# Queue daemon needs anon uploads
-#
-write_enable=YES
-anon_umask=027
-anon_upload_enable=YES
-chown_uploads=YES
-chown_username=dak
+++ /dev/null
-anonymous_enable=YES
-xferlog_enable=YES
-secure_chroot_dir=/var/run/vsftpd
-pam_service_name=vsftpd
-rsa_cert_file=/etc/ssl/certs/vsftpd.pem
-
-setproctitle_enable=YES
-dirmessage_enable=NO
-connect_from_port_20=NO
-xferlog_file=/var/log/ftp/vsftpd-security.debian.org.log
-xferlog_file=<%= scope.lookupvar('logfile') %>
-ls_recurse_enable=YES
-ftpd_banner=security.debian.org FTP server (vsftpd)
define vsftpd::site (
- $source='',
- $content='',
+ $root,
$bind='',
+ $chown_user='',
+ $writable=false,
+ $banner="${name} FTP Server",
+ $max_clients=100,
$logfile="/var/log/ftp/vsftpd-${name}.debian.org.log",
$ensure=present
){
include vsftpd::nolisten
- if ($source and $content) {
- fail ( "Can't have both source and content for $name" )
- }
-
case $ensure {
present,absent: {}
default: { fail ( "Invald ensure `$ensure' for $name" ) }
$fname = "/etc/vsftpd-${name}.conf"
- if $source {
- file { $fname:
- ensure => $ensure,
- source => $source,
- }
- } elsif $content {
- file { $fname:
- ensure => $ensure,
- content => $content,
- }
- } else {
- fail ( "Need one of source or content for $name" )
+ file { $fname:
+ ensure => $ensure,
+ noop => true,
+ content => template('vsftpd/vsftpd.conf.erb')
}
file { "/etc/logrotate.d/vsftpd-${name}":
port => 'ftp',
server_args => $fname,
ferm => false,
- instances => 200,
+ instances => $max_clients,
require => File[$fname]
}
--- /dev/null
+anonymous_enable=YES
+anon_root=<%= scope.lookupvar('root') %>
+<%- if scope.lookupvar('writable') -%>
+anon_umask=027
+write_enable=YES
+anon_upload_enable=YES
+chown_uploads=YES
+chown_username=scope.lookupvar('chown_user')
+<%- end -%>
+
+xferlog_enable=YES
+xferlog_file=<%= scope.lookupvar('logfile') %>
+
+ftpd_banner=<%= scope.lookupvar('banner') %>
+secure_chroot_dir=/var/run/vsftpd
+pam_service_name=vsftpd
+setproctitle_enable=YES
+dirmessage_enable=NO
+ls_recurse_enable=NO
+connect_from_port_20=NO
+max_clients=<%= scope.lookupvar('max_clients') %>
+
projects / mirror / dsa-puppet.git / commitdiff