From 6a02cbaab2c9399fb86b883037fad6e894b2d790 Mon Sep 17 00:00:00 2001 From: Stephen Gran Date: Sun, 29 Apr 2012 10:19:39 +0100 Subject: [PATCH] reorganize vsftp::site Signed-off-by: Stephen Gran --- modules/roles/manifests/backports_master.pp | 27 +++------------- modules/roles/manifests/ftp.pp | 18 ++++++----- modules/roles/manifests/ftp_upload.pp | 20 +++++++----- modules/roles/manifests/security_master.pp | 26 +++------------ modules/roles/manifests/security_mirror.pp | 26 +++------------ .../backports_master/vsftpd.conf.erb | 19 ----------- modules/roles/templates/ftp/vsftpd.conf.erb | 15 --------- .../templates/ftp_upload/vsftpd.conf.erb | 22 ------------- .../templates/security_mirror/vsftpd.conf.erb | 13 -------- modules/vsftpd/manifests/site.pp | 29 ++++++----------- .../templates}/vsftpd.conf.erb | 32 +++++++++---------- 11 files changed, 61 insertions(+), 186 deletions(-) delete mode 100644 modules/roles/templates/backports_master/vsftpd.conf.erb delete mode 100644 modules/roles/templates/ftp/vsftpd.conf.erb delete mode 100644 modules/roles/templates/ftp_upload/vsftpd.conf.erb delete mode 100644 modules/roles/templates/security_mirror/vsftpd.conf.erb rename modules/{roles/templates/security_master => vsftpd/templates}/vsftpd.conf.erb (57%) diff --git a/modules/roles/manifests/backports_master.pp b/modules/roles/manifests/backports_master.pp index f9443b0ee..44c5d4496 100644 --- a/modules/roles/manifests/backports_master.pp +++ b/modules/roles/manifests/backports_master.pp @@ -2,28 +2,11 @@ class roles::backports_master { include roles::backports_mirror - $bind = $::hostname ? { - default => '', - } - - $bind6 = $::hostname ? { - default => '', - } - - $logfile = '/var/log/ftp/vsftpd-backports-master.debian.org.log' - vsftpd::site { 'backports': - content => template('roles/backports_master/vsftpd.conf.erb'), - logfile => $logfile, - bind => $bind, - } - - if $bind6 { - vsftpd::site { 'backports-v6': - content => template('roles/backports_mirror/vsftpd.conf.erb'), - logfile => $logfile, - bind => $bind6, - } + banner => 'backports-master.debian.org FTP server', + logfile => '/var/log/ftp/vsftpd-backports-master.debian.org.log', + writable => true, + chown_user => dak, + root => '/srv/backports-upload', } - } diff --git a/modules/roles/manifests/ftp.pp b/modules/roles/manifests/ftp.pp index febecf6ef..0ae4254e5 100644 --- a/modules/roles/manifests/ftp.pp +++ b/modules/roles/manifests/ftp.pp @@ -12,19 +12,21 @@ class roles::ftp { default => '', } - $logfile = '/var/log/ftp/vsftpd-ftp.debian.org.log' - vsftpd::site { 'ftp': - content => template('roles/ftp/vsftpd.conf.erb'), - logfile => $logfile, - bind => $bind, + banner => 'ftp.debian.org FTP server', + logfile => '/var/log/ftp/vsftpd-ftp.debian.org.log', + bind => $bind, + max_clients => 200, + root => '/srv/ftp.debian.org/ftp.root', } if $bind6 { vsftpd::site { 'ftp-v6': - content => template('roles/ftp/vsftpd.conf.erb'), - logfile => $logfile, - bind => $bind6, + banner => 'ftp.debian.org FTP server', + logfile => '/var/log/ftp/vsftpd-ftp.debian.org.log', + bind => $bind6, + max_clients => 200, + root => '/srv/ftp.debian.org/ftp.root', } } } diff --git a/modules/roles/manifests/ftp_upload.pp b/modules/roles/manifests/ftp_upload.pp index 5846d149d..682d314ce 100644 --- a/modules/roles/manifests/ftp_upload.pp +++ b/modules/roles/manifests/ftp_upload.pp @@ -10,19 +10,23 @@ class roles::ftp_upload { default => '', } - $logfile = '/var/log/ftp/vsftpd-ftp.upload.debian.org.log' - vsftpd::site { 'ftp-upload': - content => template('roles/ftp_upload/vsftpd.conf.erb'), - logfile => $logfile, - bind => $bind, + banner => 'ftp.upload.debian.org FTP server', + logfile => '/var/log/ftp/vsftpd-ftp.upload.debian.org.log', + writable => true, + chown_user => dak, + bind => $bind, + root => '/srv/upload.debian.org/ftp', } if $bind6 { vsftpd::site { 'ftp-upload-v6': - content => template('roles/ftp_upload/vsftpd.conf.erb'), - logfile => $logfile, - bind => $bind6, + banner => 'ftp.upload.debian.org FTP server', + logfile => '/var/log/ftp/vsftpd-ftp.upload.debian.org.log', + writable => true, + chown_user => dak, + bind => $bind6, + root => '/srv/upload.debian.org/ftp', } } } diff --git a/modules/roles/manifests/security_master.pp b/modules/roles/manifests/security_master.pp index 6992537d7..3f1b70ceb 100644 --- a/modules/roles/manifests/security_master.pp +++ b/modules/roles/manifests/security_master.pp @@ -1,26 +1,10 @@ class roles::security_master { - $bind = $::hostname ? { - default => '', - } - - $bind6 = $::hostname ? { - default => '', - } - - $logfile = '/var/log/ftp/vsftpd-security-master.debian.org.log' - vsftpd::site { 'security': - content => template('roles/security_master/vsftpd.conf.erb'), - logfile => $logfile, - bind => $bind, - } - - if $bind6 { - vsftpd::site { 'security-v6': - content => template('roles/security_master/vsftpd.conf.erb'), - logfile => $logfile, - bind => $bind6, - } + banner => 'security-master.debian.org FTP server (vsftpd)', + logfile => '/var/log/ftp/vsftpd-security-master.debian.org.log', + writable => true, + chown_user => dak, + root => '/srv/ftp.root/', } } diff --git a/modules/roles/manifests/security_mirror.pp b/modules/roles/manifests/security_mirror.pp index fc19e41a1..9ed98409d 100644 --- a/modules/roles/manifests/security_mirror.pp +++ b/modules/roles/manifests/security_mirror.pp @@ -5,28 +5,10 @@ class roles::security_mirror { config => 'puppet:///modules/roles/security_mirror/security.debian.org' } - $bind = $::hostname ? { - default => '', - } - - $bind6 = $::hostname ? { - default => '', - } - - $logfile = '/var/log/ftp/vsftpd-security.debian.org.log' - vsftpd::site { 'security': - content => template('roles/security_mirror/vsftpd.conf.erb'), - logfile => $logfile, - bind => $bind, - } - - if $bind6 { - vsftpd::site { 'security-v6': - content => template('roles/security_mirror/vsftpd.conf.erb'), - logfile => $logfile, - bind => $bind6, - } + banner => 'security.debian.org FTP server (vsftpd)', + logfile => '/var/log/ftp/vsftpd-security.debian.org.log', + max_clients => 200, + root => '/srv/ftp.root/', } - } diff --git a/modules/roles/templates/backports_master/vsftpd.conf.erb b/modules/roles/templates/backports_master/vsftpd.conf.erb deleted file mode 100644 index 02979ed99..000000000 --- a/modules/roles/templates/backports_master/vsftpd.conf.erb +++ /dev/null @@ -1,19 +0,0 @@ -anonymous_enable=YES -write_enable=YES -anon_root=/srv/backports-upload -anon_umask=027 -anon_upload_enable=YES -chown_uploads=YES -chown_username=dak - -xferlog_enable=YES -xferlog_file=<%= scope.lookupvar('logfile') %> - -ftpd_banner=backports-master.debian.org FTP server -secure_chroot_dir=/var/run/vsftpd -pam_service_name=vsftpd -setproctitle_enable=YES -dirmessage_enable=YES -ls_recurse_enable=NO -connect_from_port_20=NO -max_clients=100 diff --git a/modules/roles/templates/ftp/vsftpd.conf.erb b/modules/roles/templates/ftp/vsftpd.conf.erb deleted file mode 100644 index 60ac366ad..000000000 --- a/modules/roles/templates/ftp/vsftpd.conf.erb +++ /dev/null @@ -1,15 +0,0 @@ -ftpd_banner=ftp.debian.org FTP server - -anonymous_enable=YES -dirmessage_enable=YES -connect_from_port_20=NO -setproctitle_enable=YES -ls_recurse_enable=NO -xferlog_enable=YES -xferlog_file=<%= scope.lookupvar('logfile') %> - -secure_chroot_dir=/var/run/vsftpd -pam_service_name=vsftpd - -anon_root=/srv/ftp.debian.org/ftp.root - diff --git a/modules/roles/templates/ftp_upload/vsftpd.conf.erb b/modules/roles/templates/ftp_upload/vsftpd.conf.erb deleted file mode 100644 index 30612b09d..000000000 --- a/modules/roles/templates/ftp_upload/vsftpd.conf.erb +++ /dev/null @@ -1,22 +0,0 @@ -ftpd_banner=ftp.upload.debian.org FTP server - -max_clients=100 - -anonymous_enable=YES -dirmessage_enable=YES -connect_from_port_20=NO -setproctitle_enable=YES -ls_recurse_enable=NO -xferlog_enable=YES - -secure_chroot_dir=/var/run/vsftpd -xferlog_file=<%= scope.lookupvar('logfile') %> -pam_service_name=vsftpd - -anon_root=/srv/upload.debian.org/ftp -write_enable=YES -anon_umask=027 -anon_upload_enable=YES -chown_uploads=YES -chown_username=dak - diff --git a/modules/roles/templates/security_mirror/vsftpd.conf.erb b/modules/roles/templates/security_mirror/vsftpd.conf.erb deleted file mode 100644 index f75a96601..000000000 --- a/modules/roles/templates/security_mirror/vsftpd.conf.erb +++ /dev/null @@ -1,13 +0,0 @@ -anonymous_enable=YES -xferlog_enable=YES -secure_chroot_dir=/var/run/vsftpd -pam_service_name=vsftpd -rsa_cert_file=/etc/ssl/certs/vsftpd.pem - -setproctitle_enable=YES -dirmessage_enable=NO -connect_from_port_20=NO -xferlog_file=/var/log/ftp/vsftpd-security.debian.org.log -xferlog_file=<%= scope.lookupvar('logfile') %> -ls_recurse_enable=YES -ftpd_banner=security.debian.org FTP server (vsftpd) diff --git a/modules/vsftpd/manifests/site.pp b/modules/vsftpd/manifests/site.pp index d0129e1df..f65387588 100644 --- a/modules/vsftpd/manifests/site.pp +++ b/modules/vsftpd/manifests/site.pp @@ -1,17 +1,16 @@ define vsftpd::site ( - $source='', - $content='', + $root, $bind='', + $chown_user='', + $writable=false, + $banner="${name} FTP Server", + $max_clients=100, $logfile="/var/log/ftp/vsftpd-${name}.debian.org.log", $ensure=present ){ include vsftpd::nolisten - if ($source and $content) { - fail ( "Can't have both source and content for $name" ) - } - case $ensure { present,absent: {} default: { fail ( "Invald ensure `$ensure' for $name" ) } @@ -19,18 +18,10 @@ define vsftpd::site ( $fname = "/etc/vsftpd-${name}.conf" - if $source { - file { $fname: - ensure => $ensure, - source => $source, - } - } elsif $content { - file { $fname: - ensure => $ensure, - content => $content, - } - } else { - fail ( "Need one of source or content for $name" ) + file { $fname: + ensure => $ensure, + noop => true, + content => template('vsftpd/vsftpd.conf.erb') } file { "/etc/logrotate.d/vsftpd-${name}": @@ -46,7 +37,7 @@ define vsftpd::site ( port => 'ftp', server_args => $fname, ferm => false, - instances => 200, + instances => $max_clients, require => File[$fname] } diff --git a/modules/roles/templates/security_master/vsftpd.conf.erb b/modules/vsftpd/templates/vsftpd.conf.erb similarity index 57% rename from modules/roles/templates/security_master/vsftpd.conf.erb rename to modules/vsftpd/templates/vsftpd.conf.erb index 7f382fa89..5d7081b6b 100644 --- a/modules/roles/templates/security_master/vsftpd.conf.erb +++ b/modules/vsftpd/templates/vsftpd.conf.erb @@ -1,24 +1,22 @@ -max_clients=100 +anonymous_enable=YES +anon_root=<%= scope.lookupvar('root') %> +<%- if scope.lookupvar('writable') -%> +anon_umask=027 +write_enable=YES +anon_upload_enable=YES +chown_uploads=YES +chown_username=scope.lookupvar('chown_user') +<%- end -%> -# from default package config +xferlog_enable=YES +xferlog_file=<%= scope.lookupvar('logfile') %> + +ftpd_banner=<%= scope.lookupvar('banner') %> secure_chroot_dir=/var/run/vsftpd pam_service_name=vsftpd - -anonymous_enable=YES -one_process_model=YES setproctitle_enable=YES dirmessage_enable=NO -xferlog_enable=YES -connect_from_port_20=NO -xferlog_file=<%= scope.lookupvar('logfile') %> ls_recurse_enable=NO -ftpd_banner=security-master.debian.org FTP server (vsftpd) +connect_from_port_20=NO +max_clients=<%= scope.lookupvar('max_clients') %> -# -# Queue daemon needs anon uploads -# -write_enable=YES -anon_umask=027 -anon_upload_enable=YES -chown_uploads=YES -chown_username=dak -- 2.20.1