Puppet Class: rsync::server

Defined in:
manifests/server.pp

Summary

Sets up a fully functioning rsync server.

Overview

The main idea behind this was to work around limitations of the native Puppet fileserving type.

Most usual options are supported, but there are far too many to tackle all of them at once.

This mainly daemonizes rsync and keeps it running. It will also subscribe it to the stunnel service if it has been declared.

Parameters:

  • stunnel (Boolean) (defaults to: simplib::lookup('simp_options::stunnel', { default_value => true }))

    Use Stunnel to encrypt this connection. It is highly recommended to leave this enabled.

  • stunnel_port (Simplib::Port) (defaults to: 8730)

    The port upon which Stunnel should listen for connections.

  • listen_address (Simplib::IP) (defaults to: '0.0.0.0')

    The IP Address upon which to listen. Set to 0.0.0.0 to listen on all addresses.

  • drop_rsyslog_noise (Boolean) (defaults to: true)

    Ensure that any noise from rsync is dropped. The only items that will be retained will be startup, shutdown, and remote connection activities. Anything from 127.0.0.1 will be dropped as useless.

  • firewall (Boolean) (defaults to: simplib::lookup('simp_options::firewall', { default_value => false }))

    If true, use the SIMP iptables class to manage firewall rules for this module.

  • trusted_nets (Simplib::Netlist) (defaults to: simplib::lookup('simp_options::trusted_nets', { default_value => ['127.0.0.1'] }))

    A list of networks and/or hostnames that are allowed to connect to this service.

  • package_ensure (String) (defaults to: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' }))

    The ensure status of the package to be managed

  • package (String)

    The rsync daemon package

Author:



44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
 
# File 'manifests/server.pp', line 44

class rsync::server (
  Boolean          $stunnel            = simplib::lookup('simp_options::stunnel', { default_value => true }),
  Simplib::Port    $stunnel_port       = 8730,
  Simplib::IP      $listen_address     = '0.0.0.0',
  Boolean          $drop_rsyslog_noise = true,
  Boolean          $firewall           = simplib::lookup('simp_options::firewall', { default_value => false }),
  Simplib::Netlist $trusted_nets       = simplib::lookup('simp_options::trusted_nets', { default_value => ['127.0.0.1'] }),
  String           $package_ensure     = simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' }),
  String           $package            # module data
) {
  include '::rsync'
  include '::rsync::server::global'

  # ensure_resource instead of package resource, because for some OS versions,
  # the client package managed by the rsync class also contains the rsync
  # daemon files.
  ensure_resource('package', $package , { ensure => $package_ensure })

  $_subscribe  = $stunnel ? {
    true    => Service['stunnel'],
    default => undef
  }

  if $stunnel {
    include '::stunnel'

    stunnel::connection { 'rsync_server':
      connect      => [$::rsync::server::global::port],
      accept       => "${listen_address}:${stunnel_port}",
      client       => false,
      trusted_nets => $trusted_nets
    }
  } else {
    if $firewall {
      iptables::listen::tcp_stateful { 'allow_rsync_server':
        order        => 11,
        trusted_nets => $trusted_nets,
        dports       => [$::rsync::server::global::port],
      }
    }
  }

  concat { '/etc/rsyncd.conf':
    owner          => 'root',
    group          => 'root',
    mode           => '0400',
    order          => 'numeric',
    ensure_newline => true,
    warn           => true,
    require        => Package[$package]
  }

  if 'systemd' in $facts['init_systems'] {
    service { 'rsyncd':
      ensure     => 'running',
      enable     => true,
      hasstatus  => true,
      hasrestart => true,
      require    => Package[$package],
      subscribe  => $_subscribe
    }
  }
  else {
    file { '/etc/init.d/rsyncd':
      ensure  => 'file',
      owner   => 'root',
      group   => 'root',
      mode    => '0750',
      content => file("${module_name}/rsync.init")
    }

    service { 'rsyncd':
      ensure     => 'running',
      enable     => true,
      hasstatus  => true,
      hasrestart => true,
      require    => Package[$package],
      provider   => 'redhat',
      subscribe  => $_subscribe
    }
    File['/etc/init.d/rsyncd'] ~> Service['rsyncd']
  }

  Concat['/etc/rsyncd.conf'] ~> Service['rsyncd']

  if $drop_rsyslog_noise {
    include '::rsyslog'

    rsyslog::rule::drop { '00_rsyncd':
      rule => '$programname == \'rsyncd\' and not ($msg contains \'rsync on\' or $msg contains \'SIG\' or $msg contains \'listening\')'
    }
    rsyslog::rule::drop { '00_rsync_localhost':
      rule => '$programname == \'rsyncd\' and $msg contains \'127.0.0.1\''
    }
  }
}