rsync: Provides an rsync client library with a stub exec for certain edge casesrsync::selinux: This will configure selinux for rsyncrsync::server: Sets up a fully functioning rsync server.rsync::server::global: Setup the global section of /etc/rsyncd.conf. Seersyncd.conf(5)for details of parameters not listed below.
rsync::push: This is simply a call to rsync::retrieve with $pull set to false. It's present for clarity and hopefully won't break any dependency chains ifrsync::retrieve: Retrieve a file over the rsync protocolrsync::server::section: Set up a 'section' of /etc/rsyncd.conf pertaining to a particular rsync share. Seersyncd.conf(5)for descriptions of most variables.
rsync: Run an rsync command; almost all options are directly from the rsync man page. Though we've done what we can to mimize SELinux impact. If yo
Provides an rsync client library with a stub exec for certain edge cases
The following parameters are available in the rsync class:
sebool_anon_writesebool_clientsebool_export_all_rosebool_full_accesssebool_use_nfssebool_use_cifspackage_ensure
Data type: Boolean
Allow anonymous rsync users to write to shares
- Share spaces must be labeled as
public_content_rw_t - Only functional if
selinuxis not disabled
Default value: false
Data type: Boolean
Allow rsync to act as a client
- Only functional if
selinuxis not disabled
Default value: true
Data type: Boolean
Allow rsync to export of anything on the system as read only
- Only functional if
selinuxis not disabled
Default value: true
Data type: Boolean
Allow rsync management of ALL files on the system
- Only functional if
selinuxis not disabled
Default value: false
Data type: Boolean
Allow rsync servers to share nfs files systems
- Only functional if
selinuxis not disabled - Only applies to El6
- WARNING: Will be removed in version 7 of this module
Default value: false
Data type: Boolean
Allow rsync servers to share cifs files systems
- Only functional if
selinuxis not disabled - Only applies to El6
- WARNING: Will be removed in version 7 of this module
Default value: false
Data type: String
The ensure status of the package to be managed
Default value: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' })
This will configure selinux for rsync
The main idea behind this was to work around limitations of the native Puppet fileserving type.
Most usual options are supported, but there are far too many to tackle all of them at once.
This mainly daemonizes rsync and keeps it running. It will also subscribe it to the stunnel service if it has been declared.
The following parameters are available in the rsync::server class:
Data type: Boolean
Use Stunnel to encrypt this connection. It is highly recommended to leave this enabled.
Default value: simplib::lookup('simp_options::stunnel', { default_value => true })
Data type: Simplib::Port
The port upon which Stunnel should listen for connections.
Default value: 8730
Data type: Simplib::IP
The IP Address upon which to listen. Set to 0.0.0.0 to listen on all addresses.
Default value: '0.0.0.0'
Data type: Boolean
Ensure that any noise from rsync is dropped. The only items that will be retained will be startup, shutdown, and remote connection activities. Anything from 127.0.0.1 will be dropped as useless.
Default value: true
Data type: Boolean
If true, use the SIMP iptables class to manage firewall rules for this module.
Default value: simplib::lookup('simp_options::firewall', { default_value => false })
Data type: Simplib::Netlist
A list of networks and/or hostnames that are allowed to connect to this service.
Default value: simplib::lookup('simp_options::trusted_nets', { default_value => ['127.0.0.1'] })
Data type: String
The ensure status of the package to be managed
Default value: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' })
Data type: String
The rsync daemon package
Setup the global section of /etc/rsyncd.conf.
See rsyncd.conf(5) for details of parameters not listed below.
The following parameters are available in the rsync::server::global class:
Data type: Optional[Stdlib::Absolutepath]
The path to the default MOTD file that should be displayed upon connection
Default value: undef
Data type: Stdlib::Absolutepath
The path to the service PID file
Default value: '/var/run/rsyncd.pid'
Data type: String
A valid syslog facility to use for logging
Default value: 'daemon'
Data type: Simplib::Port
The port upon which to listen for client connections
Default value: 873
Data type: Simplib::IP
The IP address upon which to listen for connections
- Leave this at
127.0.0.1if using stunnel
Default value: '127.0.0.1'
Data type: Simplib::Netlist
The networks to allow to connect to this service
Default value: simplib::lookup('simp_options::trusted_nets', { default_value => ['127.0.0.1'] })
Data type: Boolean
Use tcpwrappers to secure the rsync service
Default value: simplib::lookup('simp_options::tcpwrappers', { default_value => false })
This is simply a call to rsync::retrieve with $pull set to false. It's present for clarity and hopefully won't break any dependency chains if you use it.
See the documentation for rsync::retrieve for details.
The following parameters are available in the rsync::push defined type:
source_pathtarget_pathrsync_serverprotorsync_pathpreserve_permspreserve_aclpreserve_xattrspreserve_ownerpreserve_grouppreserve_devicesexcludersync_timeoutlogoutputdeletebwlimitcopy_linkssize_onlyno_implied_dirsuserpassrsubscribernotify
Data type: String
Data type: String
Data type: Simplib::Host
Data type: String
Default value: 'rsync'
Data type: Stdlib::Absolutepath
Default value: '/usr/bin/rsync'
Data type: Boolean
Default value: true
Data type: Boolean
Default value: true
Data type: Boolean
Default value: true
Data type: Boolean
Default value: true
Data type: Boolean
Default value: true
Data type: Boolean
Default value: false
Data type: Array[String]
Default value: ['.svn/','.git/']
Data type: Integer[0]
Default value: 2
Data type: Variant[Boolean,String]
Default value: 'on_failure'
Data type: Boolean
Default value: false
Data type: Optional[Integer[0]]
Default value: undef
Data type: Boolean
Default value: false
Data type: Boolean
Default value: false
Data type: Boolean
Default value: true
Data type: Optional[String]
Default value: undef
Data type: Optional[String]
Default value: undef
Data type: Optional[Catalogentry]
Default value: undef
Data type: Optional[Catalogentry]
Default value: undef
Retrieve a file over the rsync protocol
- See also
- rsync(1)
The following parameters are available in the rsync::retrieve defined type:
source_pathtarget_pathrsync_serverprotorsync_pathpreserve_permspreserve_aclpreserve_xattrspreserve_ownerpreserve_grouppreserve_devicesexcludersync_timeoutlogoutputdeletebwlimitcopy_linkssize_onlyno_implied_dirsuserpasspullrnotifyrsubscribe
Data type: String
The path on the rsync server from which to retrieve files
- This will, most likely, not start with a forward slash
Data type: String
The path to which to write on the client system
Data type: Variant[Simplib::Host, Simplib::Host::Port]
The host to which to connect
Default value: simplib::lookup('simp_options::rsync::server')
Data type: String
The protocol to use
- This will go before the
://in the rsync connection string - You probably won't change this
Default value: 'rsync'
Data type: Stdlib::Absolutepath
The path to the 'rsync' command
Default value: '/usr/bin/rsync'
Data type: Boolean
Preserve the file permissions from the server
Default value: true
Data type: Boolean
Preserve the file ACLs from the server
Default value: true
Data type: Boolean
Preserve the extended attributes from the server
Default value: true
Data type: Boolean
Preserve the file owner from the server
Default value: true
Data type: Boolean
Preserve the file group from the server
Default value: true
Data type: Boolean
Preserve device special IDs from the server
Default value: false
Data type: Array[String]
Paths and globs to exclude from transfers
Default value: ['.svn/','.git/']
Data type: Integer[0]
The number of seconds to wait for a transfer to begin before timing out
Default value: 2
Data type: String
Log the output of the rsync run at the provided trigger
Default value: 'on_failure'
Data type: Boolean
Delete local files that do not exist on the remote server
Default value: false
Data type: Optional[String]
The bandwidth limit for the connection
Default value: simplib::lookup('rsync::bwlimit', { 'default_value' => undef })
Data type: Boolean
Preserve symlinks during the transfer
Default value: false
Data type: Boolean
Only compare files by size to determine if they need a transfer
Default value: false
Data type: Boolean
Don't send implied directories with relative pathnames
Default value: true
Data type: Optional[String]
The username to use when connecting to the server
Default value: undef
Data type: Optional[String]
The password to use when connecting to the server
- If left blank, and a username is provided, the
simplib::passgen()function will be used to look up the password
Default value: undef
Data type: Boolean
Pull files from the remote server
- If set to
false, will push files to the server instead of pulling them from the server
Default value: true
Data type: Optional[Catalogentry]
Wrap a notify so that this process will send a Puppet notification to a
resource after completion
- Use like the regular Puppet
notifymeta-parameter
Default value: undef
Data type: Optional[Catalogentry]
Wrap a subscribe so that this process will subscribe to a Puppet
resource after completion
- Use like the regular Puppet
subscribemeta-parameter
Default value: undef
Set up a 'section' of /etc/rsyncd.conf pertaining to a particular rsync share.
See rsyncd.conf(5) for descriptions of most variables.
The following parameters are available in the rsync::server::section defined type:
namepathauth_usersuser_passcommentuse_chrootmax_connectionsmax_verbositylock_fileread_onlywrite_onlylistuidgidoutgoing_chmodignore_nonreadabletransfer_logginglog_formatdont_compresshosts_allowhosts_deny
The arbitrary name of this configuration section
Data type: Stdlib::Absolutepath
The directory to make available to clients
Data type: Optional[Array[String]]
A list of usernames that are allowed to connect to this section
simplib::passgen()will be used to generated random passwords for these users, if they do not already exist in the system- Ignored if
user_passis set.
Default value: undef
Data type: Optional[Array[String]]
An optional array of username:password combinations to be added to the
secrets file
- Not recommended. Instead, use
auth_usersto let thesimplib::passgen()function generate your passwords - Entries in this Array should be of the following form:
username:password
Default value: undef
Data type: Optional[String]
A comment for the section
Default value: undef
Data type: Boolean
Use a chroot for this service
Default value: false
Data type: Integer[0]
The maximum number of connections allowed
Default value: 0
Data type: Integer[0]
The logging verbosity that the daemon should use for connections to this service
Default value: 1
Data type: Stdlib::Absolutepath
The path to the lock file for this service
Default value: '/var/run/rsyncd.lock'
Data type: Boolean
Do not allow clients to write to this share
Default value: true
Data type: Boolean
Only allow clients to write to this share
Default value: false
Data type: Boolean
List this share when clients ask for a list of available modules
Default value: false
Data type: String
The user ID that transfers should take place as
- This user must have access to all of the relevant files
Default value: 'root'
Data type: String
The group ID that transfers should take place as
- Must have access to all of the relevant files
Default value: 'root'
Data type: String
A symbolic chmod that will be applied to files that are transferred
outbound
Default value: 'o-w'
Data type: Boolean
Completely ignore any file that is not readable by the user
Default value: true
Data type: Boolean
Enable per-file logging of transfers
Default value: true
Data type: String
Format used for logging file transfers when transfer logging is enabled
Default value: "'%o %h [%a] %m (%u) %f %l'"
Data type: Array[String]
Filenames and globs that should not be compressed upon transfer
Default value:
[
'*.gz',
'*.tgz',
'*.zip',
'*.z',
'*.rpm',
'*.deb',
'*.iso',
'*.bz2',
'*.tbz',
'*.rar',
'*.jar',
'*.pdf',
'*.sar',
'*.war'
]Data type: Variant[Enum['*'], Simplib::Netlist]
Hosts that should be allowed to connect to this share
- Set to
['127.0.0.1']if usingstunnelfor the overall system - May also be set to the String
*to allow all hosts
Default value: simplib::lookup('simp_options::trusted_nets', { 'default_value' => ['127.0.0.1'] })
Data type: Variant[Enum['*'], Simplib::Netlist]
Hosts to explicitly deny from connection to this share
- Should be set to the String
*as it is overridden by$hosts_allow
Default value: '*'
Run an rsync command; almost all options are directly from the rsync man page.
Though we've done what we can to mimize SELinux impact. If you have the situation where your Puppet server's rsync space does not have SELinux attributes but your client is Permissive or Enforcing. Then you will most certainly see error messages of the type that extended attributes have changed.
Your best bet is to ensure that your Puppet server runs in at least Permissive mode. If you need to refresh your rsync data attributes, then running 'fixfiles -R simp-rsync restore'.
The following properties are available in the rsync type.
Valid values: push, pull
Whether to push or pull from rsync server. Defaults to pull
Default value: pull
The following parameters are available in the rsync type.
bwlimitcompresscontimeoutcopy_linksdeleteexcludehard_linksignore_selinuxiotimeoutlogoutputnameno_implied_dirspasspasswordpathpreserve_aclpreserve_devicespreserve_grouppreserve_ownerpreserve_permspreserve_xattrsprotoprotocolproviderrecursersync_pathrsync_serverrsync_timeoutserversize_onlysourcesource_pathtargettarget_pathtimeoutuser
KB/s to limit I/O bandwidth to
Valid values: true, false
Whether or not to compress content prior to transfer. Defaults to true.
Default value: true
Connection timeout in seconds.
Valid values: true, false
Whether to copy links as symlinks. Defaults to false
Default value: false
Valid values: true, false
Whether to delete files that do not exist on server. Defaults to false
Default value: false
Exclude files matching PATTERN. Multiple values may be specified as an array. Defaults to ['.svn/','.git/']
Default value: ['.svn/','.git/']
Valid values: true, false
Preserve hard links. Defaults to true.
Default value: true
Valid values: true, false
If this is set to 'true' then this type will ignore SELinux errors. If set to false, then an SELinux permissions copy error is a complete failure state.
Default value: true
I/O timeout in seconds.
Valid values: true, false, on_failure
Whether to log output. Defaults to logging output at the loglevel for
the exec resource. Use on_failure to only log the output when the
command reports an error. Values are true, false, on_failure,
and any legal log level.
Default value: on_failure
namevar
The globally unique name of the resource. Has no effect on provider functionality.
Valid values: true, false
Do not send implied dirs. Defaults to true
Default value: true
The password to use. Only used if a username is specified If you want the password to be auto-generated, you can use the SIMP 'simplib::passgen' function.
$user = 'foo'
rsync::retrieve { "foo": source => 'bar', target => '/tmp/foo', server => 'puppet', user => $user, password => simplib::passgen($user) }
The password to use. Only used if a username is specified If you want the password to be auto-generated, you can use the SIMP 'simplib::passgen' function.
$user = 'foo'
rsync::retrieve { "foo": source => 'bar', target => '/tmp/foo', server => 'puppet', user => $user, password => simplib::passgen($user) }
The fully qualified path to the rsync executable
Valid values: true, false
Whether or not to preserve ACL. Defaults to true.
Default value: true
Valid values: true, false
Whether or not to preserve device files. Defaults to false.
Default value: false
Valid values: true, false
Whether or not to preserve group. Defaults to true.
Default value: true
Valid values: true, false
Whether or not to preserve owner. Defaults to true.
Default value: true
Valid values: true, false
Whether or not to preserve permissions. Defaults to true.
Default value: true
Valid values: true, false
Whether or not to preserve extended attributes. Defaults to true.
Default value: true
The protocol to use in connecting to the rsync server. Defaults to "rsync"
The protocol to use in connecting to the rsync server. Defaults to "rsync"
The specific backend to use for this rsync resource. You will seldom need to specify this --- Puppet will usually
discover the appropriate provider for your platform.
Valid values: true, false
Whether or not to recursively copy. Defaults to true.
Default value: true
The fully qualified path to the rsync executable
The hostname or IP of the rsync server
Alias for :timeout
The hostname or IP of the rsync server
Valid values: true, false
Whether to skip files that match in size. Defaults to true
Default value: false
The fully qualified source path on the rsync server
The fully qualified source path on the rsync server
The fully qualified target path on the rsync client
The fully qualified target path on the rsync client
Connection timeout in seconds. Note: This is different from what the man page states due to backward compatibility issues. Use iotimeout for the man page compatible timeout value.
The username to use