Defined Type: rsync::server::module

Defined in:
modules/rsync/manifests/server/module.pp

Summary

sets up a rsync server

Overview

Parameters:

Examples:

rsync::server::module { 'repo':
  path    => $base,
  require => File[$base],
}

Parameters:

  • path (Stdlib::Unixpath)

    path to data

  • ensure (Wmflib::Ensure) (defaults to: present)

    ensurable parameter

  • comment (Optional[String[1]]) (defaults to: undef)

    rsync comment

  • read_only (Stdlib::Yes_no) (defaults to: 'yes')

    yes||no, defaults to yes

  • write_only (Stdlib::Yes_no) (defaults to: 'no')

    yes||no, defaults to no

  • list (Stdlib::Yes_no) (defaults to: 'yes')

    yes||no, defaults to yes

  • uid (String[1]) (defaults to: '0')

    uid of rsync server, defaults to 0

  • gid (String[1]) (defaults to: '0')

    gid of rsync server, defaults to 0

  • incoming_chmod (Optional[String[4]]) (defaults to: undef)

    incoming file mode, defaults to undef

  • outgoing_chmod (Optional[String[4]]) (defaults to: undef)

    outgoing file mode, defaults to undef

  • max_connections (Variant[Integer, String[1]]) (defaults to: '0')

    maximum number of simultaneous connections allowed, defaults to 0

  • lock_file (Stdlib::Unixpath) (defaults to: '/var/run/rsyncd.lock')

    file used to support the max connections parameter, defaults to /var/run/rsyncd.lock only needed if max_connections > 0

  • secrets_file (Optional[Stdlib::Unixpath]) (defaults to: undef)

    path to the file that contains the username:password pairs used for authenticating this module

  • auth_users (Optional[Array[String]]) (defaults to: undef)

    list of usernames that will be allowed to connect to this module (must be undef or an array)

  • hosts_allow (Optional[Variant[String,Array[String]]]) (defaults to: undef)

    list of patterns allowed to connect to this module (man 5 rsyncd.conf for details, must be undef or an array)

  • hosts_deny (Optional[Variant[String,Array[String]]]) (defaults to: undef)

    list of patterns allowed to connect to this module (man 5 rsyncd.conf for details, must be undef or an array)

  • chroot (Boolean) (defaults to: true)

    chroot to the destination before starting the rsync. enabled by default.

  • auto_firewall (Boolean) (defaults to: false)

    If enabled and if $hosts_allow is set, generate a firewall service which restricts access to the allowed hosts. This enables access via ipv4 and ipv6



53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# File 'modules/rsync/manifests/server/module.pp', line 53

define rsync::server::module (
  Stdlib::Unixpath                        $path,
  Wmflib::Ensure                          $ensure          = present,
  Stdlib::Yes_no                          $read_only       = 'yes',
  Stdlib::Yes_no                          $write_only      = 'no',
  Stdlib::Yes_no                          $list            = 'yes',
  String[1]                               $uid             = '0',
  String[1]                               $gid             = '0',
  Variant[Integer, String[1]]             $max_connections = '0',
  Stdlib::Unixpath                        $lock_file       = '/var/run/rsyncd.lock',
  Boolean                                 $chroot          = true,
  Boolean                                 $auto_firewall   = false,
  Optional[Stdlib::Unixpath]              $secrets_file    = undef,
  Optional[String[1]]                     $comment         = undef,
  Optional[String[4]]                     $incoming_chmod  = undef,
  Optional[String[4]]                     $outgoing_chmod  = undef,
  Optional[Array[String]]                 $auth_users      = undef,
  Optional[Variant[String,Array[String]]] $hosts_allow     = undef,
  Optional[Variant[String,Array[String]]] $hosts_deny      = undef,
){
  include rsync::server

  if $hosts_allow {
    $hosts_allow_as_array = $hosts_allow ? {
      Array  => $hosts_allow,
      String => split($hosts_allow, /\s+/),
    }
    # To support stunnel, always accept from localhost.
    $frag_hosts_allow = ('localhost' in $hosts_allow_as_array) ? {
      false => $hosts_allow_as_array + 'localhost',
      true  => $hosts_allow_as_array,
    }
  }

  if $ensure == 'present' {
    concat::fragment { "${rsync::server::rsync_conf}-${name}":
      target  => $::rsync::server::rsync_conf,
      content => template('rsync/module.erb'),
    }
  }

  if $auto_firewall and $hosts_allow {
      firewall::service { "rsyncd_access_${name}":
          ensure => $ensure,
          proto  => 'tcp',
          port   => [873, 1873],
          srange => $hosts_allow,
      }
  }
}