[rsyncd]

2021-06-01 17:50:58 +02:00 · 2021-06-01 17:50:58 +02:00 · 0c3e15852d
parent 3fa8c60c6d
commit 0c3e15852d
5 changed files with 53 additions and 63 deletions
--- a/group_vars/rsyncd.yml
+++ b/group_vars/rsyncd.yml
@ -0,0 +1,12 @@
+---
+glob_rsyncd:
+  modules:
+    - name: ftp
+      path: /pool/mirror/pub/
+      comment: CRANS FTP
+      hosts_allow: "*"
+    - name: videolan
+      path: /pool/memorial/videolan
+      comment: VideoLAN repository
+      hosts_allow: "*"
+
--- a/4
+++ b/4
@ -193,6 +193,10 @@ roundcube.adm.crans.org
 routeur-sam.adm.crans.org
 routeur-gulp.cachan-adm.crans.org

+[rsyncd]
+charybde.adm.crans.org
+eclat.adm.crans.org
+
 [rsyslog_server]
 gulp.cachan-adm.crans.org
 tealc.adm.crans.org
--- a/roles/rsync-client/templates/rsyncd.conf.j2
+++ b/roles/rsync-client/templates/rsyncd.conf.j2
@ -1,53 +0,0 @@
-{{ ansible_header | comment }}
-
-# GLOBAL OPTIONS
-log file=/var/log/rsyncd
-# for pid file, dont' use /var/run/rsync.pid unless you're not going to run
-# rsync out of the init.d script. The /var/run/rsyncd.pid below is OK.
-pid file=/var/run/rsyncd.pid
-syslog facility=daemon
-
-uid = root
-gid = root
-use chroot = no
-read only = yes
-# On ne liste pas les modules
-list = no
-#max connections=2
-ignore errors = no
-ignore nonreadable = yes
-# ne loggue pas tous les fichiers
-transfer logging = no 
-dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz
-# verifie les droits de /etc/rsyncd.secrets
-strict modes = yes
-# personne n'accede aux modules par defaut
-hosts deny = *
-
-# Listen only on adm
-address = {{ hostvars[inventory_hostname]['ansible_' + adm_iface.stdout].ipv4.address }}
-
-# MODULE OPTIONS
-
-{# Liste des dossiers a sauvegarder par serveur, en plus de la racine. #}
-{% for partition in to_backup %}
-
-[{{ partition.name }}]
-path = {{ partition.path }}
-{% if partition.comment is defined %}
-comment = {{ partition.comment }}
-{% endif %}
-{% if partition.uid is defined %}
-uid = {{ partition.uid }}
-gid = {{ partition.gid }}
-{% endif %}
-{% if partition.auth_users is defined %}
-auth users = {{ partition.auth_users }}
-secrets file = {{ partition.secrets_file }}
-{% endif %}
-hosts allow = {{ partition.hosts_allow | join(" ") }}
-{% if partition.read_only is defined %}
-read only = {{ partition.read_only }}
-{% endif %}
-
-{% endfor %}
--- a/roles/rsync-client/tasks/main.yml
+++ b/roles/rsync-client/tasks/main.yml
@ -19,18 +19,8 @@
    dest: /etc/rsyncd.conf
    mode: 0644

- name: Copy rsyncd secrets
-  copy:
-    content: "backupcrans:{{ backuppc_rsyncd_passwd }}\n"
-    dest: /etc/rsyncd.secrets
-    mode: 0600
-
 - name: Start rsync service
  systemd:
    name: rsync
    enabled: true
    state: started
-
- name: TODO
-  debug:
-    msg: Make use of the lookup plugin to avoid hardcoding things ?
--- a/roles/rsyncd/templates/rsyncd.conf.j2
+++ b/roles/rsyncd/templates/rsyncd.conf.j2
@ -0,0 +1,37 @@
+{{ ansible_header | comment }}
+
+# GLOBAL OPTIONS
+log file=/var/log/rsyncd
+# for pid file, dont' use /var/run/rsync.pid unless you're not going to run
+# rsync out of the init.d script. The /var/run/rsyncd.pid below is OK.
+pid file=/var/run/rsyncd.pid
+syslog facility=daemon
+
+uid = root
+gid = root
+use chroot = no
+read only = yes
+# On ne liste pas les modules
+list = no
+#max connections=2
+ignore errors = no
+ignore nonreadable = yes
+# ne loggue pas tous les fichiers
+transfer logging = no 
+dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz
+# verifie les droits de /etc/rsyncd.secrets
+strict modes = yes
+# personne n'accede aux modules par defaut
+hosts deny = *
+
+# MODULE OPTIONS
+{% for module in rsyncd.modules -%}
+[{{ module.name }}]
+path = {{ module.path }}
+comment = {{ module.comment }}
+uid = nobody
+gid = nogroup
+hosts allow = {{ module.hosts_allow }}
+read only = yes
+
+{% endfor %}