add chopin as security-master

author Stephen Gran <steve@lobefin.net>

Sun, 29 Apr 2012 08:16:02 +0000 (09:16 +0100)

committer Stephen Gran <steve@lobefin.net>

Sun, 29 Apr 2012 08:16:02 +0000 (09:16 +0100)
author Stephen Gran <steve@lobefin.net>
Sun, 29 Apr 2012 08:16:02 +0000 (09:16 +0100)
committer Stephen Gran <steve@lobefin.net>
Sun, 29 Apr 2012 08:16:02 +0000 (09:16 +0100)
diff --git a/modules/debian-org/misc/local.yaml b/modules/debian-org/misc/local.yaml

index 368a278..10aef91 100644 (file)
--- a/modules/debian-org/misc/local.yaml
+++ b/modules/debian-org/misc/local.yaml
@@ -167,6 +167,8 @@ services:
    puppetmaster: handel.debian.org
    rtmaster:
      - reger.debian.org
+  security_master:
+    - chopin.debian.org
  host_settings:
    heavy_exim:
      - bellini.debian.org
diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp

index 137cd75..601e144 100644 (file)
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -44,6 +44,10 @@ class roles {
                 include roles::backports_master
         }
  
+       if getfromhash($site::nodeinfo, 'security_master') {
+               include roles::security_master
+       }
+
         if getfromhash($site::nodeinfo, 'apache2_ftp-upcoming_mirror') {
                 include roles::ftp-upcoming_mirror
         }
diff --git a/modules/roles/manifests/security_master.pp b/modules/roles/manifests/security_master.pp

new file mode 100644 (file)

index 0000000..6992537
--- /dev/null
+++ b/modules/roles/manifests/security_master.pp
@@ -0,0 +1,26 @@
+class roles::security_master {
+
+       $bind = $::hostname ? {
+               default => '',
+       }
+
+       $bind6 = $::hostname ? {
+               default => '',
+       }
+
+       $logfile = '/var/log/ftp/vsftpd-security-master.debian.org.log'
+
+       vsftpd::site { 'security':
+               content => template('roles/security_master/vsftpd.conf.erb'),
+               logfile => $logfile,
+               bind    => $bind,
+       }
+
+       if $bind6 {
+               vsftpd::site { 'security-v6':
+                       content => template('roles/security_master/vsftpd.conf.erb'),
+                       logfile => $logfile,
+                       bind    => $bind6,
+               }
+       }
+}
diff --git a/modules/roles/templates/security_master/vsftpd.conf.erb b/modules/roles/templates/security_master/vsftpd.conf.erb

new file mode 100644 (file)

index 0000000..7f382fa
--- /dev/null
+++ b/modules/roles/templates/security_master/vsftpd.conf.erb
@@ -0,0 +1,24 @@
+max_clients=100
+
+# from default package config
+secure_chroot_dir=/var/run/vsftpd
+pam_service_name=vsftpd
+
+anonymous_enable=YES
+one_process_model=YES
+setproctitle_enable=YES
+dirmessage_enable=NO
+xferlog_enable=YES
+connect_from_port_20=NO
+xferlog_file=<%= scope.lookupvar('logfile') %>
+ls_recurse_enable=NO
+ftpd_banner=security-master.debian.org FTP server (vsftpd)
+
+#
+# Queue daemon needs anon uploads
+#
+write_enable=YES
+anon_umask=027
+anon_upload_enable=YES
+chown_uploads=YES
+chown_username=dak
author	Stephen Gran <steve@lobefin.net>
	Sun, 29 Apr 2012 08:16:02 +0000 (09:16 +0100)
committer	Stephen Gran <steve@lobefin.net>
	Sun, 29 Apr 2012 08:16:02 +0000 (09:16 +0100)
modules/debian-org/misc/local.yaml		patch \| blob \| history
modules/roles/manifests/init.pp		patch \| blob \| history
modules/roles/manifests/security_master.pp	[new file with mode: 0644]	patch \| blob
modules/roles/templates/security_master/vsftpd.conf.erb	[new file with mode: 0644]	patch \| blob