Puppet Class: rsync::server::global

Defined in:
manifests/server/global.pp

Overview

Setup the global section of /etc/rsyncd.conf.

See “rsyncd.conf(5)“ for details of parameters not listed below.

Parameters:

  • motd_file (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    The path to the default MOTD file that should be displayed upon connection

  • pid_file (Stdlib::Absolutepath) (defaults to: '/var/run/rsyncd.pid')

    The path to the service PID file

  • syslog_facility (String) (defaults to: 'daemon')

    A valid syslog “facility“ to use for logging

  • port (Simplib::Port) (defaults to: 873)

    The port upon which to listen for client connections

  • address (Simplib::IP) (defaults to: '127.0.0.1')

    The IP address upon which to listen for connections

    • Leave this at “127.0.0.1“ if using stunnel

  • trusted_nets (Simplib::Netlist) (defaults to: simplib::lookup('simp_options::trusted_nets', { default_value => ['127.0.0.1'] }))

    The networks to allow to connect to this service

  • tcpwrappers (Boolean) (defaults to: simplib::lookup('simp_options::tcpwrappers', { default_value => false }))

    Use tcpwrappers to secure the rsync service

Author:

  • Trevor Vaughan <tvaughan@onyxpoint.com>



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# File 'manifests/server/global.pp', line 31

class rsync::server::global (
  Optional[Stdlib::Absolutepath] $motd_file       = undef,
  Stdlib::Absolutepath           $pid_file        = '/var/run/rsyncd.pid',
  String                         $syslog_facility = 'daemon',
  Simplib::Port                  $port            = 873,
  Simplib::IP                    $address         = '127.0.0.1',
  Simplib::Netlist               $trusted_nets    = simplib::lookup('simp_options::trusted_nets', { default_value => ['127.0.0.1'] }),
  Boolean                        $tcpwrappers     = simplib::lookup('simp_options::tcpwrappers', { default_value => false })
) {
  assert_private()

  include '::rsync::server'

  if $tcpwrappers {
    include '::tcpwrappers'

    $_tcp_wrappers_name = $::rsync::server::stunnel ? {
      true    => 'rsync_server',
      default => 'rsync',
    }

    tcpwrappers::allow { $_tcp_wrappers_name: pattern => $trusted_nets }
  }

  if $facts['os']['selinux']['current_mode'] and $facts['os']['selinux']['current_mode'] != 'disabled' {
    vox_selinux::port { "allow_rsync_port_${port}":
      ensure   => 'present',
      seltype  => 'rsync_port_t',
      protocol => 'tcp',
      port     => $port,
    }
  }

  concat::fragment { 'rsync_global':
    order   => 5,
    target  => '/etc/rsyncd.conf',
    content => template("${module_name}/rsyncd.conf.global.erb")
  }
}