Puppet Class: rsync::server

Defined in:
modules/rsync/manifests/server.pp

Overview

Parameters:

  • address (Variant[ Stdlib::IP::Address, Enum[''] ]) (defaults to: '0.0.0.0')
  • timeout (Integer) (defaults to: 300)
  • use_chroot (Stdlib::Yes_no) (defaults to: 'yes')
  • rsync_opts (Array) (defaults to: [])
  • rsyncd_conf (Hash) (defaults to: {})
  • wrap_with_stunnel (Boolean) (defaults to: false)
  • ensure_service (Stdlib::Ensure::Service) (defaults to: 'running')
  • log_file (Optional[Stdlib::Unixpath]) (defaults to: undef) 


12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
 
# File 'modules/rsync/manifests/server.pp', line 12

class rsync::server(
    Variant[
        Stdlib::IP::Address,
        Enum['']
    ]                          $address           = '0.0.0.0',
    Integer                    $timeout           = 300,
    Stdlib::Yes_no             $use_chroot        = 'yes',
    Array                      $rsync_opts        = [],
    Hash                       $rsyncd_conf       = {},
    Boolean                    $wrap_with_stunnel = false,
    Stdlib::Ensure::Service    $ensure_service    = 'running',
    Optional[Stdlib::Unixpath] $log_file          = undef,
) {
    ensure_packages(['rsync'])

    $rsync_fragments = '/etc/rsync.d'
    $rsync_conf      = '/etc/rsyncd.conf'
    $rsync_pid       = '/var/run/rsync.pid'

    # rsync daemon defaults file
    file { '/etc/default/rsync':
        ensure  => present,
        mode    => '0444',
        owner   => 'root',
        group   => 'root',
        content => template('rsync/rsync.default.erb'),
    }

    if $wrap_with_stunnel {
        ensure_packages(['stunnel4'])
        file { '/etc/stunnel/rsync.conf':
            ensure  => present,
            mode    => '0444',
            owner   => 'root',
            group   => 'root',
            content => template('rsync/stunnel.conf.erb'),
        }
        file_line { 'enable_stunnel':
            ensure   => present,
            path     => '/etc/default/stunnel4',
            line     => 'ENABLED=1  # Managed by puppet',
            match    => '^ENABLED=',
            multiple => false,
        }
        service { 'stunnel4':
            ensure    => $ensure_service,
            enable    => true,
            subscribe => [
                Exec['compile fragments'],
                File['/etc/default/rsync', '/etc/stunnel/rsync.conf'],
                File_line['enable_stunnel'],
                Package['stunnel4'],
            ],
        }
    }

    # TODO: When we have migrated all rsync usage off of cleartext and to use $wrap_with_stunnel,
    # we can ensure => stopped this.  https://phabricator.wikimedia.org/T237424
    service { 'rsync':
        ensure    => $ensure_service,
        enable    => true,
        subscribe => [Exec['compile fragments'], File['/etc/default/rsync']],
    }

    file { $rsync_fragments:
        ensure  => directory,
        recurse => true,
        purge   => true,
    }

    file { "${rsync_fragments}/header":
        content => template('rsync/header.erb'),
    }

    # perhaps this should be a script
    # this allows you to only have a header and no fragments, which happens
    # by default if you have an rsync::server but not an rsync::repo on a host
    # which happens with cobbler systems by default
    $command = @("COMMAND"/L)
    ls ${rsync_fragments}/frag-* 1>/dev/null 2>/dev/null && \
    if [ $? -eq 0 ]; then cat ${rsync_fragments}/header ${rsync_fragments}/frag-* > ${rsync_conf}; \
    else cat ${rsync_fragments}/header > ${rsync_conf}; fi; $(exit 0) \
    | COMMAND
    exec { 'compile fragments':
        refreshonly => true,
        command     => $command,
        subscribe   => File["${rsync_fragments}/header"],
        path        => '/bin:/usr/bin',
    }
}