Defined Type: rsync::server::section

Defined in:
manifests/server/section.pp

Overview

Set up a ‘section’ of /etc/rsyncd.conf pertaining to a particular rsync share.

See “rsyncd.conf(5)“ for descriptions of most variables.

Parameters:

  • name

    The arbitrary name of this configuration section

  • path (Stdlib::Absolutepath)

    The directory to make available to clients

  • auth_users (Optional[Array[String]]) (defaults to: undef)

    A list of usernames that are allowed to connect to this section

    • “simplib::passgen()“ will be used to generated random passwords for these users, if they do not already exist in the system

    • Ignored if “user_pass“ is set.

  • user_pass (Optional[Array[String]]) (defaults to: undef)

    An optional array of “username:password“ combinations to be added to the secrets file

    • Not recommended. Instead, use “auth_users“ to let the “simplib::passgen()“ function generate your passwords

    • Entries in this Array should be of the following form: “username:password“

  • comment (Optional[String]) (defaults to: undef)

    A comment for the section

  • use_chroot (Boolean) (defaults to: false)

    Use a “chroot“ for this service

  • max_connections (Integer[0]) (defaults to: 0)

    The maximum number of connections allowed

  • max_verbosity (Integer[0]) (defaults to: 1)

    The logging verbosity that the daemon should use for connections to this service

  • lock_file (Stdlib::Absolutepath) (defaults to: '/var/run/rsyncd.lock')

    The path to the lock file for this service

  • read_only (Boolean) (defaults to: true)

    Do not allow clients to write to this share

  • write_only (Boolean) (defaults to: false)

    Only allow clients to write to this share

  • list (Boolean) (defaults to: false)

    List this share when clients ask for a list of available modules

  • uid (String) (defaults to: 'root')

    The user ID that transfers should take place as

    • This user must have access to all of the relevant files

  • gid (String) (defaults to: 'root')

    The group ID that transfers should take place as

    • Must have access to all of the relevant files

  • outgoing_chmod (String) (defaults to: 'o-w')

    A symbolic “chmod“ that will be applied to files that are transferred outbound

  • ignore_nonreadable (Boolean) (defaults to: true)

    Completely ignore any file that is not readable by the user

  • transfer_logging (Boolean) (defaults to: true)

    Enable per-file logging of transfers

  • log_format (String) (defaults to: "'%o %h [%a] %m (%u) %f %l'")

    Format used for logging file transfers when transfer logging is enabled

  • dont_compress (Array[String]) (defaults to: [ '*.gz', '*.tgz', '*.zip', '*.z', '*.rpm', '*.deb', '*.iso', '*.bz2', '*.tbz', '*.rar', '*.jar', '*.pdf', '*.sar', '*.war' ])

    Filenames and globs that should not be compressed upon transfer

  • hosts_allow (Variant[Enum['*'], Simplib::Netlist]) (defaults to: simplib::lookup('simp_options::trusted_nets', { 'default_value' => ['127.0.0.1'] }))

    Hosts that should be allowed to connect to this share

    • Set to “[‘127.0.0.1’]“ if using “stunnel“ for the overall system

    • May also be set to the String “*“ to allow all hosts

  • hosts_deny (Variant[Enum['*'], Simplib::Netlist]) (defaults to: '*')

    Hosts to explicitly deny from connection to this share

    • Should be set to the String “*“ as it is overridden by “$hosts_allow“



89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
 
# File 'manifests/server/section.pp', line 89

define rsync::server::section (
  Stdlib::Absolutepath                 $path,
  Optional[Array[String]]              $auth_users         = undef,
  Optional[Array[String]]              $user_pass          = undef,
  Optional[String]                     $comment            = undef,
  Boolean                              $use_chroot         = false,
  Integer[0]                           $max_connections    = 0,
  Integer[0]                           $max_verbosity      = 1,
  Stdlib::Absolutepath                 $lock_file          = '/var/run/rsyncd.lock',
  Boolean                              $read_only          = true,
  Boolean                              $write_only         = false,
  Boolean                              $list               = false,
  String                               $uid                = 'root',
  String                               $gid                = 'root',
  String                               $outgoing_chmod     = 'o-w',
  Boolean                              $ignore_nonreadable = true,
  Boolean                              $transfer_logging   = true,
  String                               $log_format         = "'%o %h [%a] %m (%u) %f %l'",
  Array[String]                        $dont_compress      = [
    '*.gz',
    '*.tgz',
    '*.zip',
    '*.z',
    '*.rpm',
    '*.deb',
    '*.iso',
    '*.bz2',
    '*.tbz',
    '*.rar',
    '*.jar',
    '*.pdf',
    '*.sar',
    '*.war'
  ],
  Variant[Enum['*'], Simplib::Netlist] $hosts_allow        = simplib::lookup('simp_options::trusted_nets', { 'default_value' => ['127.0.0.1'] }),
  Variant[Enum['*'], Simplib::Netlist] $hosts_deny         = '*'
) {
  include '::rsync::server'

  concat::fragment { "rsync_${name}.section":
    order   => 10,
    target  => '/etc/rsyncd.conf',
    content => template('rsync/rsyncd.conf.section.erb')
  }

  if !empty($auth_users) or !empty($user_pass) {
    file { "/etc/rsync/${name}.rsyncd.secrets":
      ensure    => 'file',
      owner     => $uid,
      group     => $gid,
      mode      => '0600',
      content   => template('rsync/secrets.erb'),
      show_diff => false,
      require   => File['/etc/rsync']
    }
  }
}