Puppet Class: incron

Defined in:
manifests/init.pp

Overview

This class manages /etc/incron.allow and /etc/incron.deny and the incrond service.

Parameters:

  • package_ensure (String) (defaults to: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' }))

    The “ensure“ parameter of “Package“ resources in the “incron“ namespace.

  • users (Array[String[1]]) (defaults to: [])

    An Array of additional incron users, using the defined type incron::user.

  • max_open_files (Variant[Enum['unlimited'],Integer[0]]) (defaults to: 'unlimited')

    The maximum open files limit that should be set for incrond

    • This should generally be left as unlimited since incrond could be watching a great number of events. However, you may need to lower this if you find that it is simply overwhelming your system (and analyze your incrond rules).

  • system_table (Hash) (defaults to: {})

    Create incron::system_table resources with hiera

  • purge (Boolean) (defaults to: false)

    Whether or not to purge unknown incron tables



26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
 
# File 'manifests/init.pp', line 26

class incron (
  Array[String[1]]                      $users          = [],
  Hash                                  $system_table   = {},
  Variant[Enum['unlimited'],Integer[0]] $max_open_files = 'unlimited',
  Boolean                               $purge          = false,
  String                                $package_ensure = simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' })
) {
  package { 'incron': ensure => $package_ensure }

  include incron::service

  Package['incron'] ~> Class['incron::service']

  $system_table.each |String $name, Hash $values| {
    incron::system_table { $name: * => $values }
  }

  $users.each |String $user| {
    incron::user { $user: }
  }
  incron::user { 'root': }

  concat { '/etc/incron.allow':
    owner          => 'root',
    group          => 'root',
    mode           => '0400',
    ensure_newline => true,
    warn           => true
  }

  file { '/etc/incron.deny':
    ensure  => 'absent',
    require => Package['incron']
  }

  file { '/etc/incron.d':
    ensure  => 'directory',
    owner   => 'root',
    group   => 'root',
    mode    => '0755',
    purge   => $purge,
    recurse => $purge
  }

  init_ulimit { 'mod_open_files_incrond':
    target  => 'incrond',
    item    => 'max_open_files',
    value   => $max_open_files,
    notify  => Class['incron::service'],
    require => Package['incron']
  }
}