From: Bastian Blank Date: Tue, 11 Apr 2017 12:35:56 +0000 (+0200) Subject: Drop xinetd support in rsync X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=9f88565cb9882258e5033b3c349a50f9732eecbd;p=mirror%2Fdsa-puppet.git Drop xinetd support in rsync --- diff --git a/modules/rsync/manifests/site.pp b/modules/rsync/manifests/site.pp deleted file mode 100644 index 04c1e20e9..000000000 --- a/modules/rsync/manifests/site.pp +++ /dev/null @@ -1,111 +0,0 @@ -define rsync::site ( - $bind='', - $bind6='', - $source=undef, - $content=undef, - $max_clients=200, - $ensure=present, - $sslname=undef, - $sslport=1873 -){ - - include rsync - - $fname_real = "/etc/rsyncd-${name}.conf" - case $ensure { - present,absent: {} - default: { fail ( "Invald ensure `${ensure}' for ${name}" ) } - } - - if ($source and $content) { - fail ( "Can't define both source and content for ${name}" ) - } - - if $source { - file { $fname_real: - ensure => $ensure, - source => $source - } - } elsif $content { - file { $fname_real: - ensure => $ensure, - content => $content, - } - } else { - fail ( "Can't find config for ${name}" ) - } - - xinetd::service { "rsync-${name}": - bind => $bind, - id => "${name}-rsync", - server => '/usr/bin/rsync', - service => 'rsync', - server_args => "--daemon --config=${fname_real}", - ferm => false, - instances => $max_clients, - require => File[$fname_real] - } - - if $bind6 != '' { - if $bind == '' { - fail("Cannot listen on * and a specific ipv6 address") - } - xinetd::service { "rsync-${name}6": - bind => $bind6, - id => "${name}-rsync6", - server => '/usr/bin/rsync', - service => 'rsync', - server_args => "--daemon --config=${fname_real}", - ferm => false, - instances => $max_clients, - require => File[$fname_real] - } - } - - if $sslname { - file { "/etc/rsyncd-${name}-stunnel.conf": - content => template('rsync/rsyncd-stunnel.conf.erb'), - require => File["/etc/ssl/debian/certs/${sslname}.crt-chained"], - } - @ferm::rule { "rsync-${name}-ssl": - domain => '(ip ip6)', - description => 'Allow rsync access', - rule => "&SERVICE(tcp, $sslport)", - } - xinetd::service { "rsync-${name}-ssl": - bind => $bind, - id => "rsync-${name}-ssl", - server => '/usr/bin/stunnel4', - server_args => "/etc/rsyncd-${name}-stunnel.conf", - service => "rsync-ssl", - type => 'UNLISTED', - port => "$sslport", - ferm => true, - instances => $max_clients, - require => File["/etc/rsyncd-${name}-stunnel.conf"], - } - if $bind6 != '' { - xinetd::service { "rsync-${name}-ssl6": - bind => $bind6, - id => "rsync-${name}-ssl6", - server => '/usr/bin/stunnel4', - server_args => "/etc/rsyncd-${name}-stunnel.conf", - service => "rsync-ssl", - type => 'UNLISTED', - port => "$sslport", - ferm => true, - instances => $max_clients, - require => File["/etc/rsyncd-${name}-stunnel.conf"], - } - } - - dnsextras::tlsa_record{ "tlsa-${sslname}-${sslport}": - zone => 'debian.org', - certfile => [ "/etc/puppet/modules/ssl/files/servicecerts/${sslname}.crt", "/etc/puppet/modules/ssl/files/from-letsencrypt/${sslname}.crt" ], - port => $sslport, - hostname => "$sslname", - } - } - - Service['rsync']->Service['xinetd'] -} diff --git a/modules/rsync/manifests/site_systemd.pp b/modules/rsync/manifests/site_systemd.pp index f063ccb71..aa3748ad2 100644 --- a/modules/rsync/manifests/site_systemd.pp +++ b/modules/rsync/manifests/site_systemd.pp @@ -64,7 +64,6 @@ define rsync::site_systemd ( Exec['systemctl daemon-reload'], File["/etc/systemd/system/rsyncd-${name}@.service"], File["/etc/systemd/system/rsyncd-${name}.socket"], - Service['xinetd'], ], provider => systemd, } @@ -109,7 +108,6 @@ define rsync::site_systemd ( File["/etc/systemd/system/rsyncd-${name}-stunnel@.service"], File["/etc/systemd/system/rsyncd-${name}-stunnel.socket"], Service["rsyncd-${name}.socket"], - Service['xinetd'], ], provider => systemd, } @@ -130,13 +128,4 @@ define rsync::site_systemd ( hostname => $sslname, } } - - xinetd::service { [ "rsync-${name}", "rsync-${name}6", "rsync-${name}-ssl", "rsync-${name}-ssl6" ]: - ensure => absent, - id => 'unused', - server => 'unused', - service => 'unused', - ferm => false, - before => Service["rsyncd-${name}.socket"], - } }