include apache2
}
- if $::rsyncd {
- include rsyncd-log
- }
-
if $::hostname in [ravel,senfl,orff,draghi,diamond] {
include named::authoritative
} elsif $::hostname in [geo1,geo2,geo3] {
%x{dpkg-query -W -f='${Version}\n' syslog-ng | cut -b1-3}.chomp
end
end
-Facter.add("rsyncd") do
- setcode do
- if FileTest.exist?("/etc/rsyncd.conf")
- true
- else
- ''
- end
- end
-end
Facter.add("unbound") do
unbound=FileTest.exist?("/usr/sbin/unbound") and
FileTest.exist?("/var/lib/unbound/root.key")
default: {}
}
- if $::rsyncd {
- include ferm::rsync
- }
}
+++ /dev/null
-class ferm::rsync {
- @ferm::rule { 'dsa-rsync':
- domain => '(ip ip6)',
- description => 'Allow rsync access',
- rule => '&SERVICE(tcp, 873)'
- }
-}
-
--- /dev/null
+uid = nobody
+gid = nogroup
+max connections = 20
+syslog facility = daemon
+socket options = SO_KEEPALIVE
+timeout = 1200
+
+# weasel 2007-11-19
+log file = /var/log/rsyncd/rsyncd.log
+
+[debian-security]
+ path = /org/ftp.root/debian-security
+ comment = Debian security archive
+ read only = true
+
max_clients => 200,
root => '/srv/ftp.root/',
}
+
+ rsync::site { 'security':
+ source => 'puppet:///modules/roles/security_mirror/rsyncd.conf',
+ max_clients => 100,
+ }
}
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+/var/log/rsyncd/*.log {
+ daily
+ missingok
+ rotate 56
+ compress
+ delaycompress
+ notifempty
+ create 644 root root
+}
--- /dev/null
+class rsync {
+
+ package { 'rsync':
+ ensure => installed,
+ noop => true,
+ }
+
+ service { 'rsync':
+ ensure => stopped,
+ noop => true,
+ require => Package['rsync'],
+ }
+
+ file { '/etc/logrotate.d/dsa-rsyncd':
+ source => 'puppet:///modules/rsyncd-log/logrotate.d-dsa-rsyncd',
+ noop => true,
+ require => Package['debian.org'],
+ }
+ file { '/var/log/rsyncd':
+ ensure => directory,
+ noop => true,
+ mode => '0755',
+ }
+
+ @ferm::rule { 'dsa-rsync':
+ domain => '(ip ip6)',
+ description => 'Allow rsync access',
+ rule => '&SERVICE(tcp, 873)'
+ }
+
+}
--- /dev/null
+define rsync::site (
+ $bind='',
+ $source='',
+ $content='',
+ $fname='/etc/rsyncd.conf',
+ $max_clients=200,
+ $ensure=present
+){
+
+ include rsync
+
+ case $ensure {
+ present,absent: {}
+ default: { fail ( "Invald ensure `${ensure}' for ${name}" ) }
+ }
+
+ if ($source and $content) {
+ fail ( "Can't define both source and content for ${name}" )
+ }
+
+ if $source {
+ file { $fname:
+ ensure => $ensure,
+ source => $source
+ }
+ } elsif $content {
+ file { $fname:
+ ensure => $ensure,
+ content => $content,
+ }
+ } else {
+ fail ( "Can't find config for ${name}" )
+ }
+
+ xinetd::service { "rsync-${name}":
+ bind => $bind,
+ id => "${name}-rsync",
+ server => '/usr/sbin/rsyncd',
+ port => 'rsync',
+ server_args => $fname,
+ ferm => false,
+ instances => $max_clients,
+ require => File[$fname]
+ }
+
+ Service['rsync']->Service['xinetd']
+}
+++ /dev/null
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-/var/log/rsyncd/*.log {
- daily
- missingok
- rotate 56
- compress
- delaycompress
- notifempty
- create 644 root root
-}
+++ /dev/null
-class rsyncd-log {
- file { '/etc/logrotate.d/dsa-rsyncd':
- source => 'puppet:///modules/rsyncd-log/logrotate.d-dsa-rsyncd',
- require => Package['debian.org'],
- }
- file { '/var/log/rsyncd':
- ensure => directory,
- mode => '0755',
- }
-}
projects / mirror / dsa-puppet.git / commitdiff