Puppet Class: rsync::server

Inherits:
rsync
Defined in:
modules/rsync/manifests/server.pp

Overview

Parameters:

  • address (Any) (defaults to: '0.0.0.0')
  • timeout (Any) (defaults to: '300')
  • motd_file (Any) (defaults to: 'UNSET')
  • log_file (Any) (defaults to: 'UNSET')
  • use_chroot (Any) (defaults to: 'yes')
  • use_ipv6 (Any) (defaults to: false)
  • rsync_opts (Any) (defaults to: [])
  • rsyncd_conf (Any) (defaults to: {})
  • wrap_with_stunnel (Boolean) (defaults to: false)
  • ensure_service (Enum['running', 'stopped']) (defaults to: 'running') 


13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
 
# File 'modules/rsync/manifests/server.pp', line 13

class rsync::server(
  $address    = '0.0.0.0',
  $timeout    = '300',
  $motd_file  = 'UNSET',
  $log_file   = 'UNSET',
  $use_chroot = 'yes',
  $use_ipv6   = false,
  $rsync_opts = [],
  $rsyncd_conf = {},
  Boolean $wrap_with_stunnel = false,
  Enum['running', 'stopped'] $ensure_service = 'running',
) inherits rsync {

  $rsync_fragments = '/etc/rsync.d'
  $rsync_conf      = '/etc/rsyncd.conf'
  $rsync_pid       = '/var/run/rsync.pid'

  # rsync daemon defaults file
  file { '/etc/default/rsync':
    ensure  => present,
    mode    => '0444',
    owner   => 'root',
    group   => 'root',
    content => template('rsync/rsync.default.erb'),
  }

  if($use_ipv6) {
      # If address is left blank, rsync will listen
      #  on :::873 in addition to 0.0.0.0:873.
      $address = ''
  }

  if $wrap_with_stunnel {
    package { 'stunnel4':
      ensure => present,
      before => Service['stunnel4'],
    }
    file { '/etc/stunnel/rsync.conf':
      ensure  => present,
      mode    => '0444',
      owner   => 'root',
      group   => 'root',
      content => template('rsync/stunnel.conf.erb'),
    }
    file_line { 'enable_stunnel':
      ensure   => present,
      path     => '/etc/default/stunnel4',
      line     => 'ENABLED=1  # Managed by puppet',
      match    => '^ENABLED=',
      multiple => false,
    }
    service { 'stunnel4':
      ensure    => $ensure_service,
      enable    => true,
      subscribe => [ Exec['compile fragments'], File['/etc/default/rsync'], File['/etc/stunnel/rsync.conf'], File_line['enable_stunnel'] ],
    }
  }

  # TODO: When we have migrated all rsync usage off of cleartext and to use $wrap_with_stunnel,
  # we can ensure => stopped this.  https://phabricator.wikimedia.org/T237424
  service { 'rsync':
    ensure    => $ensure_service,
    enable    => true,
    subscribe => [ Exec['compile fragments'], File['/etc/default/rsync'] ],
  }

  if $motd_file != 'UNSET' {
    file { '/etc/rsync-motd':
      source => 'puppet:///modules/rsync/motd',
    }
  }

  file { $rsync_fragments:
    ensure  => directory,
    recurse => true,
    purge   => true,
  }

  file { "${rsync_fragments}/header":
    content => template('rsync/header.erb'),
  }

  # perhaps this should be a script
  # this allows you to only have a header and no fragments, which happens
  # by default if you have an rsync::server but not an rsync::repo on a host
  # which happens with cobbler systems by default
  exec { 'compile fragments':
    refreshonly => true,
    command     => "ls ${rsync_fragments}/frag-* 1>/dev/null 2>/dev/null && if [ $? -eq 0 ]; then cat ${rsync_fragments}/header ${rsync_fragments}/frag-* > ${rsync_conf}; else cat ${rsync_fragments}/header > ${rsync_conf}; fi; $(exit 0)",
    subscribe   => File["${rsync_fragments}/header"],
    path        => '/bin:/usr/bin',
  }
}