From ca0302fc180922a0843bd5f25fae104f14dff374 Mon Sep 17 00:00:00 2001 From: Stephen Gran Date: Sat, 28 Apr 2012 16:09:00 +0100 Subject: [PATCH] we probably want to logrotate these files Signed-off-by: Stephen Gran --- modules/roles/manifests/backports_master.pp | 10 ++++--- modules/roles/manifests/dakmaster.pp | 2 +- modules/roles/manifests/ftp.pp | 10 ++++--- modules/roles/manifests/ftp_upload.pp | 10 ++++--- modules/roles/manifests/security_mirror.pp | 10 ++++--- .../backports_master/vsftpd.conf | 2 +- modules/roles/templates/conf-builddlist.erb | 26 ------------------ .../{files => templates}/ftp/vsftpd.conf | 2 +- .../ftp_upload/vsftpd.conf | 2 +- .../security_mirror/.vsftpd.conf.swp | Bin 0 -> 12288 bytes .../security_mirror/vsftpd.conf | 0 modules/vsftpd/manifests/site.pp | 6 ++++ modules/vsftpd/templates/logrotate.erb | 10 +++++++ 13 files changed, 44 insertions(+), 46 deletions(-) rename modules/roles/{files => templates}/backports_master/vsftpd.conf (85%) delete mode 100644 modules/roles/templates/conf-builddlist.erb rename modules/roles/{files => templates}/ftp/vsftpd.conf (83%) rename modules/roles/{files => templates}/ftp_upload/vsftpd.conf (86%) create mode 100644 modules/roles/templates/security_mirror/.vsftpd.conf.swp rename modules/roles/{files => templates}/security_mirror/vsftpd.conf (100%) create mode 100644 modules/vsftpd/templates/logrotate.erb diff --git a/modules/roles/manifests/backports_master.pp b/modules/roles/manifests/backports_master.pp index 1e437250e..68ac31404 100644 --- a/modules/roles/manifests/backports_master.pp +++ b/modules/roles/manifests/backports_master.pp @@ -11,14 +11,16 @@ class roles::backports_master { } vsftpd::site { 'backports': - source => 'puppet:///modules/roles/backports_master/vsftpd.conf', - bind => $bind, + source => 'puppet:///modules/roles/backports_master/vsftpd.conf', + logfile => '/var/log/ftp/vsftpd-backports-master.debian.org.log', + bind => $bind, } if $bind6 { vsftpd::site { 'backports-v6': - source => 'puppet:///modules/roles/security_mirror/vsftpd.conf', - bind => $bind6, + source => 'puppet:///modules/roles/security_mirror/vsftpd.conf', + logfile => '/var/log/ftp/vsftpd-backports-master.debian.org.log', + bind => $bind6, } } diff --git a/modules/roles/manifests/dakmaster.pp b/modules/roles/manifests/dakmaster.pp index 08a148192..0cf923ad1 100644 --- a/modules/roles/manifests/dakmaster.pp +++ b/modules/roles/manifests/dakmaster.pp @@ -7,7 +7,7 @@ class roles::dakmaster { apache2::module { 'macro': } apache2::config { 'puppet-builddlist': - template => 'roles/conf-builddlist.erb', + template => 'roles/dakmaster/conf-builddlist.erb', } } diff --git a/modules/roles/manifests/ftp.pp b/modules/roles/manifests/ftp.pp index 41eecf084..754b98edc 100644 --- a/modules/roles/manifests/ftp.pp +++ b/modules/roles/manifests/ftp.pp @@ -13,14 +13,16 @@ class roles::ftp { } vsftpd::site { 'ftp': - source => 'puppet:///modules/roles/ftp/vsftpd.conf', - bind => $bind, + source => 'puppet:///modules/roles/ftp/vsftpd.conf', + logfile => '/var/log/ftp/vsftpd-ftp.debian.org.log', + bind => $bind, } if $bind6 { vsftpd::site { 'ftp-v6': - source => 'puppet:///modules/roles/security_mirror/vsftpd.conf', - bind => $bind6, + source => 'puppet:///modules/roles/security_mirror/vsftpd.conf', + logfile => '/var/log/ftp/vsftpd-ftp.debian.org.log', + bind => $bind6, } } } diff --git a/modules/roles/manifests/ftp_upload.pp b/modules/roles/manifests/ftp_upload.pp index 326ff5b3d..abcc6bbd2 100644 --- a/modules/roles/manifests/ftp_upload.pp +++ b/modules/roles/manifests/ftp_upload.pp @@ -9,14 +9,16 @@ class roles::ftp_upload { } vsftpd::site { 'ftp-upload': - source => 'puppet:///modules/roles/ftp_upload/vsftpd.conf', - bind => $bind, + source => 'puppet:///modules/roles/ftp_upload/vsftpd.conf', + logfile => '/var/log/ftp/vsftpd-ftp.upload.debian.org.log', + bind => $bind, } if $bind6 { vsftpd::site { 'ftp-upload-v6': - source => 'puppet:///modules/roles/security_mirror/vsftpd.conf', - bind => $bind6, + source => 'puppet:///modules/roles/security_mirror/vsftpd.conf', + logfile => '/var/log/ftp/vsftpd-ftp.upload.debian.org.log', + bind => $bind6, } } } diff --git a/modules/roles/manifests/security_mirror.pp b/modules/roles/manifests/security_mirror.pp index 5f59d26b1..5e3ee78fb 100644 --- a/modules/roles/manifests/security_mirror.pp +++ b/modules/roles/manifests/security_mirror.pp @@ -14,14 +14,16 @@ class roles::security_mirror { } vsftpd::site { 'security': - source => 'puppet:///modules/roles/security_mirror/vsftpd.conf', - bind => $bind, + source => 'puppet:///modules/roles/security_mirror/vsftpd.conf', + logfile => '/var/log/ftp/vsftpd-security.debian.org.log', + bind => $bind, } if $bind6 { vsftpd::site { 'security-v6': - source => 'puppet:///modules/roles/security_mirror/vsftpd.conf', - bind => $bind6, + source => 'puppet:///modules/roles/security_mirror/vsftpd.conf', + logfile => '/var/log/ftp/vsftpd-security.debian.org.log', + bind => $bind6, } } diff --git a/modules/roles/files/backports_master/vsftpd.conf b/modules/roles/templates/backports_master/vsftpd.conf similarity index 85% rename from modules/roles/files/backports_master/vsftpd.conf rename to modules/roles/templates/backports_master/vsftpd.conf index 683b983fe..02979ed99 100644 --- a/modules/roles/files/backports_master/vsftpd.conf +++ b/modules/roles/templates/backports_master/vsftpd.conf @@ -7,7 +7,7 @@ chown_uploads=YES chown_username=dak xferlog_enable=YES -xferlog_file=/var/log/ftp/vsftpd-backports-master.debian.org.log +xferlog_file=<%= scope.lookupvar('logfile') %> ftpd_banner=backports-master.debian.org FTP server secure_chroot_dir=/var/run/vsftpd diff --git a/modules/roles/templates/conf-builddlist.erb b/modules/roles/templates/conf-builddlist.erb deleted file mode 100644 index d216cdc9a..000000000 --- a/modules/roles/templates/conf-builddlist.erb +++ /dev/null @@ -1,26 +0,0 @@ -## -## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -## - - - -<%= - lines = [] - - scope.lookupvar('site::allnodeinfo').keys.sort.each do |node| - next unless scope.lookupvar('site::allnodeinfo')[node]['purpose'] - if scope.lookupvar('site::allnodeinfo')[node]['purpose'].include?('buildd') - lines << " # #{scope.lookupvar('site::allnodeinfo')[node]['hostname'].to_s}" - scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].each do |addr| - lines << " allow from #{addr}" - end - end - end - - lines.join("\n") -# vim:set et: -# vim:set sts=2 ts=2: -# vim:set shiftwidth=2: -%> - diff --git a/modules/roles/files/ftp/vsftpd.conf b/modules/roles/templates/ftp/vsftpd.conf similarity index 83% rename from modules/roles/files/ftp/vsftpd.conf rename to modules/roles/templates/ftp/vsftpd.conf index d5c6bf2cf..60ac366ad 100644 --- a/modules/roles/files/ftp/vsftpd.conf +++ b/modules/roles/templates/ftp/vsftpd.conf @@ -6,7 +6,7 @@ connect_from_port_20=NO setproctitle_enable=YES ls_recurse_enable=NO xferlog_enable=YES -xferlog_file=/var/log/ftp/vsftpd-ftp.debian.org.log +xferlog_file=<%= scope.lookupvar('logfile') %> secure_chroot_dir=/var/run/vsftpd pam_service_name=vsftpd diff --git a/modules/roles/files/ftp_upload/vsftpd.conf b/modules/roles/templates/ftp_upload/vsftpd.conf similarity index 86% rename from modules/roles/files/ftp_upload/vsftpd.conf rename to modules/roles/templates/ftp_upload/vsftpd.conf index a30f6fb41..30612b09d 100644 --- a/modules/roles/files/ftp_upload/vsftpd.conf +++ b/modules/roles/templates/ftp_upload/vsftpd.conf @@ -10,7 +10,7 @@ ls_recurse_enable=NO xferlog_enable=YES secure_chroot_dir=/var/run/vsftpd -xferlog_file=/var/log/ftp/vsftpd-ftp.upload.debian.org.log +xferlog_file=<%= scope.lookupvar('logfile') %> pam_service_name=vsftpd anon_root=/srv/upload.debian.org/ftp diff --git a/modules/roles/templates/security_mirror/.vsftpd.conf.swp b/modules/roles/templates/security_mirror/.vsftpd.conf.swp new file mode 100644 index 0000000000000000000000000000000000000000..bf1c1d3c82d41afc88655bac315b387ef44214f8 GIT binary patch literal 12288 zcmeI&O^Vb&6bJAcaXTt{fv5~KgLJBG7rHPm1VtA*f{x%qit6Mg29v6ysuG-ydJypt zEqT@d2y*$)SI-(M5o z`94G%DfMr-M(tbE>J77mc)Qq820QqYWYb1j1)XBz2InZs-d00LL3*2hBlWJ+k?#VP zgKy)J>Ra!vmt&}-tMbyCdgDVe0Rj*ZVu3&OF8`u|00bZa0SG_<0uX=z1Rwwb2teQz3g}9R z{2YIq=SbiGSMUEn&I|F4<1@!cj*(;Fc**gAW6JT9*L>mlv|4`(^T&}P009U<00Izz z00bZa0SG|gUkIc!ZZ+4&kS|t6-g!myR-4@VCcFRaNfyYDlwqVIjt1?5vccpyba z&pRq!+Pdw<maGK5a1uCS_Zchn1~dzJEUOHxMnR2(Dl#tcBJeC4f;il1F9a`1y$u3jg2f=C-{ Lj(R(UlWxBNzlh2( literal 0 HcmV?d00001 diff --git a/modules/roles/files/security_mirror/vsftpd.conf b/modules/roles/templates/security_mirror/vsftpd.conf similarity index 100% rename from modules/roles/files/security_mirror/vsftpd.conf rename to modules/roles/templates/security_mirror/vsftpd.conf diff --git a/modules/vsftpd/manifests/site.pp b/modules/vsftpd/manifests/site.pp index 3d61e7b32..a2ca6cb29 100644 --- a/modules/vsftpd/manifests/site.pp +++ b/modules/vsftpd/manifests/site.pp @@ -2,6 +2,7 @@ define vsftpd::site ( $source='', $content='', $bind='', + $logfile="/var/log/ftp/vsftpd-${name}.debian.org.log", $ensure=present ){ @@ -52,6 +53,11 @@ define vsftpd::site ( fail ( "Need one of source or content for $name" ) } + file { "/etc/logrotate.d/vsftpd-${name}": + ensure => $ensure, + content => template('vsftpd/logrotate.erb') + } + # We don't need a firewall rule because it's added in vsftp.pp xinetd::service { "vsftpd-${name}": bind => $bind, diff --git a/modules/vsftpd/templates/logrotate.erb b/modules/vsftpd/templates/logrotate.erb new file mode 100644 index 000000000..82222378a --- /dev/null +++ b/modules/vsftpd/templates/logrotate.erb @@ -0,0 +1,10 @@ +<%= scope.lookupvar('logfile') %> +{ + create 640 root adm + + # ftpd doesn't handle SIGHUP properly + missingok + notifempty + rotate 4 + weekly +} -- 2.20.1