From: Stephen Gran Date: Wed, 16 May 2012 17:42:10 +0000 (+0100) Subject: try an rsync class X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=b98544412fd3916437b2250481b8a77c5edef40e;p=mirror%2Fdsa-puppet.git try an rsync class Signed-off-by: Stephen Gran --- diff --git a/manifests/site.pp b/manifests/site.pp index c3a3657c3..cadc12ed4 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -65,10 +65,6 @@ node default { include apache2 } - if $::rsyncd { - include rsyncd-log - } - if $::hostname in [ravel,senfl,orff,draghi,diamond] { include named::authoritative } elsif $::hostname in [geo1,geo2,geo3] { diff --git a/modules/debian-org/lib/facter/software.rb b/modules/debian-org/lib/facter/software.rb index 2bcc0a63c..33f1c422b 100644 --- a/modules/debian-org/lib/facter/software.rb +++ b/modules/debian-org/lib/facter/software.rb @@ -131,15 +131,6 @@ Facter.add("syslogversion") do %x{dpkg-query -W -f='${Version}\n' syslog-ng | cut -b1-3}.chomp end end -Facter.add("rsyncd") do - setcode do - if FileTest.exist?("/etc/rsyncd.conf") - true - else - '' - end - end -end Facter.add("unbound") do unbound=FileTest.exist?("/usr/sbin/unbound") and FileTest.exist?("/var/lib/unbound/root.key") diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp index 169ae7d8a..0da0d248a 100644 --- a/modules/ferm/manifests/per-host.pp +++ b/modules/ferm/manifests/per-host.pp @@ -214,7 +214,4 @@ REJECT reject-with icmp-admin-prohibited default: {} } - if $::rsyncd { - include ferm::rsync - } } diff --git a/modules/ferm/manifests/rsync.pp b/modules/ferm/manifests/rsync.pp deleted file mode 100644 index 44feab65e..000000000 --- a/modules/ferm/manifests/rsync.pp +++ /dev/null @@ -1,8 +0,0 @@ -class ferm::rsync { - @ferm::rule { 'dsa-rsync': - domain => '(ip ip6)', - description => 'Allow rsync access', - rule => '&SERVICE(tcp, 873)' - } -} - diff --git a/modules/roles/files/security_mirror/rsyncd.conf b/modules/roles/files/security_mirror/rsyncd.conf new file mode 100644 index 000000000..d419156fc --- /dev/null +++ b/modules/roles/files/security_mirror/rsyncd.conf @@ -0,0 +1,15 @@ +uid = nobody +gid = nogroup +max connections = 20 +syslog facility = daemon +socket options = SO_KEEPALIVE +timeout = 1200 + +# weasel 2007-11-19 +log file = /var/log/rsyncd/rsyncd.log + +[debian-security] + path = /org/ftp.root/debian-security + comment = Debian security archive + read only = true + diff --git a/modules/roles/manifests/security_mirror.pp b/modules/roles/manifests/security_mirror.pp index 4608f6d5d..9b85cb5f6 100644 --- a/modules/roles/manifests/security_mirror.pp +++ b/modules/roles/manifests/security_mirror.pp @@ -11,4 +11,9 @@ class roles::security_mirror { max_clients => 200, root => '/srv/ftp.root/', } + + rsync::site { 'security': + source => 'puppet:///modules/roles/security_mirror/rsyncd.conf', + max_clients => 100, + } } diff --git a/modules/rsync/files/logrotate.d-dsa-rsyncd b/modules/rsync/files/logrotate.d-dsa-rsyncd new file mode 100644 index 000000000..405039d6c --- /dev/null +++ b/modules/rsync/files/logrotate.d-dsa-rsyncd @@ -0,0 +1,14 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +/var/log/rsyncd/*.log { + daily + missingok + rotate 56 + compress + delaycompress + notifempty + create 644 root root +} diff --git a/modules/rsync/manifests/init.pp b/modules/rsync/manifests/init.pp new file mode 100644 index 000000000..7671c6f2d --- /dev/null +++ b/modules/rsync/manifests/init.pp @@ -0,0 +1,31 @@ +class rsync { + + package { 'rsync': + ensure => installed, + noop => true, + } + + service { 'rsync': + ensure => stopped, + noop => true, + require => Package['rsync'], + } + + file { '/etc/logrotate.d/dsa-rsyncd': + source => 'puppet:///modules/rsyncd-log/logrotate.d-dsa-rsyncd', + noop => true, + require => Package['debian.org'], + } + file { '/var/log/rsyncd': + ensure => directory, + noop => true, + mode => '0755', + } + + @ferm::rule { 'dsa-rsync': + domain => '(ip ip6)', + description => 'Allow rsync access', + rule => '&SERVICE(tcp, 873)' + } + +} diff --git a/modules/rsync/manifests/site.pp b/modules/rsync/manifests/site.pp new file mode 100644 index 000000000..13d90dc7f --- /dev/null +++ b/modules/rsync/manifests/site.pp @@ -0,0 +1,47 @@ +define rsync::site ( + $bind='', + $source='', + $content='', + $fname='/etc/rsyncd.conf', + $max_clients=200, + $ensure=present +){ + + include rsync + + case $ensure { + present,absent: {} + default: { fail ( "Invald ensure `${ensure}' for ${name}" ) } + } + + if ($source and $content) { + fail ( "Can't define both source and content for ${name}" ) + } + + if $source { + file { $fname: + ensure => $ensure, + source => $source + } + } elsif $content { + file { $fname: + ensure => $ensure, + content => $content, + } + } else { + fail ( "Can't find config for ${name}" ) + } + + xinetd::service { "rsync-${name}": + bind => $bind, + id => "${name}-rsync", + server => '/usr/sbin/rsyncd', + port => 'rsync', + server_args => $fname, + ferm => false, + instances => $max_clients, + require => File[$fname] + } + + Service['rsync']->Service['xinetd'] +} diff --git a/modules/rsyncd-log/files/logrotate.d-dsa-rsyncd b/modules/rsyncd-log/files/logrotate.d-dsa-rsyncd deleted file mode 100644 index 405039d6c..000000000 --- a/modules/rsyncd-log/files/logrotate.d-dsa-rsyncd +++ /dev/null @@ -1,14 +0,0 @@ -## -## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -## - -/var/log/rsyncd/*.log { - daily - missingok - rotate 56 - compress - delaycompress - notifempty - create 644 root root -} diff --git a/modules/rsyncd-log/manifests/init.pp b/modules/rsyncd-log/manifests/init.pp deleted file mode 100644 index 0ae5951d6..000000000 --- a/modules/rsyncd-log/manifests/init.pp +++ /dev/null @@ -1,10 +0,0 @@ -class rsyncd-log { - file { '/etc/logrotate.d/dsa-rsyncd': - source => 'puppet:///modules/rsyncd-log/logrotate.d-dsa-rsyncd', - require => Package['debian.org'], - } - file { '/var/log/rsyncd': - ensure => directory, - mode => '0755', - } -}