Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
- Puppet >= 6.22.1 < 8.0.0
- , ,
Start using this module
Add this module to your Puppetfile:
mod 'simp-rsync', '6.5.0'
Learn more about managing modules with a PuppetfileDocumentation
This is a SIMP module
This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.
If you find any issues, they can be submitted to our JIRA.
Please read our Contribution Guide.
Module Description
This module configures rsync for sharing large files that would be problematic to share using the native Puppet fileserving type.
Setup
Configuring Host as Server and Client
By default, in the 'simp' configuration scenario, an rsync server is configured on the primary Puppet server. In some configurations, it may be necessary to have supplemental rsync servers to sync files to clients (one example: PE MoM and Compile Master architecture).
To configure a Compile Master (or other node) to function as both a server and a client (of the primary server), setup hiera for the node:
rsync::server::global::port: 8873
rsync::server::trusted_nets:
- <client_net>
- <client_net>
This will configure an rsync server that utilizes stunnel for connections from the client_nets listed. To configure clients to utilize this new server, set their hieradata:
simp_options::rsync: 'fqdn.rsync.server'
to override the standard 'true' boolean value.
NOTE: If not using stunnel for the server/client connections, both values for
rsync::server::trusted_nets
and rsync::server::global::trusted_nets
will
need to match, as well as the trusted_nets
values for any rsync::server::section
resources. These all default to '127.0.0.1' for stunnel usage.
Reference
Please refer to the REFERENCE.md.
Limitations
SIMP Puppet modules are generally intended for use on Red Hat Enterprise
Linux and compatible distributions, such as CentOS. Please see the
metadata.json
file for the most up-to-date list of
supported operating systems, Puppet versions, and module dependencies.
Development
Please read our Contribution Guide.
Visit the project homepage on GitHub, and look at our issues on JIRA.
Reference
Table of Contents
Classes
rsync
: Provides an rsync client library with a stub exec for certain edge casesrsync::selinux
: This will configure selinux for rsyncrsync::server
: Sets up a fully functioning rsync server.rsync::server::global
: Setup the global section of /etc/rsyncd.conf. Seersyncd.conf(5)
for details of parameters not listed below.
Defined types
rsync::push
: This is simply a call to rsync::retrieve with $pull set to false. It's present for clarity and hopefully won't break any dependency chains ifrsync::retrieve
: Retrieve a file over the rsync protocolrsync::server::section
: Set up a 'section' of /etc/rsyncd.conf pertaining to a particular rsync share. Seersyncd.conf(5)
for descriptions of most variables.
Resource types
rsync
: Run an rsync command; almost all options are directly from the rsync man page. Though we've done what we can to mimize SELinux impact. If yo
Classes
rsync
Provides an rsync client library with a stub exec for certain edge cases
Parameters
The following parameters are available in the rsync
class.
sebool_anon_write
Data type: Boolean
Allow anonymous rsync users to write to shares
- Share spaces must be labeled as
public_content_rw_t
- Only functional if
selinux
is not disabled
Default value: false
sebool_client
Data type: Boolean
Allow rsync to act as a client
- Only functional if
selinux
is not disabled
Default value: true
sebool_export_all_ro
Data type: Boolean
Allow rsync to export of anything on the system as read only
- Only functional if
selinux
is not disabled
Default value: true
sebool_full_access
Data type: Boolean
Allow rsync management of ALL files on the system
- Only functional if
selinux
is not disabled
Default value: false
sebool_use_nfs
Data type: Boolean
Allow rsync servers to share nfs files systems
- Only functional if
selinux
is not disabled - Only applies to El6
- WARNING: Will be removed in version 7 of this module
Default value: false
sebool_use_cifs
Data type: Boolean
Allow rsync servers to share cifs files systems
- Only functional if
selinux
is not disabled - Only applies to El6
- WARNING: Will be removed in version 7 of this module
Default value: false
package_ensure
Data type: String
The ensure status of the package to be managed
Default value: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' })
rsync::selinux
This will configure selinux for rsync
rsync::server
The main idea behind this was to work around limitations of the native Puppet fileserving type.
Most usual options are supported, but there are far too many to tackle all of them at once.
This mainly daemonizes rsync and keeps it running. It will also subscribe it to the stunnel service if it has been declared.
Parameters
The following parameters are available in the rsync::server
class.
stunnel
Data type: Boolean
Use Stunnel to encrypt this connection. It is highly recommended to leave this enabled.
Default value: simplib::lookup('simp_options::stunnel', { default_value => true })
stunnel_port
Data type: Simplib::Port
The port upon which Stunnel should listen for connections.
Default value: 8730
listen_address
Data type: Simplib::IP
The IP Address upon which to listen. Set to 0.0.0.0 to listen on all addresses.
Default value: '0.0.0.0'
drop_rsyslog_noise
Data type: Boolean
Ensure that any noise from rsync is dropped. The only items that will be retained will be startup, shutdown, and remote connection activities. Anything from 127.0.0.1 will be dropped as useless.
Default value: true
firewall
Data type: Boolean
If true, use the SIMP iptables class to manage firewall rules for this module.
Default value: simplib::lookup('simp_options::firewall', { default_value => false })
trusted_nets
Data type: Simplib::Netlist
A list of networks and/or hostnames that are allowed to connect to this service.
Default value: simplib::lookup('simp_options::trusted_nets', { default_value => ['127.0.0.1'] })
package_ensure
Data type: String
The ensure status of the package to be managed
Default value: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' })
package
Data type: String
The rsync daemon package
rsync::server::global
Setup the global section of /etc/rsyncd.conf.
See rsyncd.conf(5)
for details of parameters not listed below.
Parameters
The following parameters are available in the rsync::server::global
class.
motd_file
Data type: Optional[Stdlib::Absolutepath]
The path to the default MOTD file that should be displayed upon connection
Default value: undef
pid_file
Data type: Stdlib::Absolutepath
The path to the service PID file
Default value: '/var/run/rsyncd.pid'
syslog_facility
Data type: String
A valid syslog facility
to use for logging
Default value: 'daemon'
port
Data type: Simplib::Port
The port upon which to listen for client connections
Default value: 873
address
Data type: Simplib::IP
The IP address upon which to listen for connections
- Leave this at
127.0.0.1
if using stunnel
Default value: '127.0.0.1'
trusted_nets
Data type: Simplib::Netlist
The networks to allow to connect to this service
Default value: simplib::lookup('simp_options::trusted_nets', { default_value => ['127.0.0.1'] })
tcpwrappers
Data type: Boolean
Use tcpwrappers to secure the rsync service
Default value: simplib::lookup('simp_options::tcpwrappers', { default_value => false })
Defined types
rsync::push
This is simply a call to rsync::retrieve with $pull set to false. It's present for clarity and hopefully won't break any dependency chains if you use it.
See the documentation for rsync::retrieve
for details.
Parameters
The following parameters are available in the rsync::push
defined type.
source_path
Data type: String
target_path
Data type: String
rsync_server
Data type: Simplib::Host
proto
Data type: String
Default value: 'rsync'
rsync_path
Data type: Stdlib::Absolutepath
Default value: '/usr/bin/rsync'
preserve_perms
Data type: Boolean
Default value: true
preserve_acl
Data type: Boolean
Default value: true
preserve_xattrs
Data type: Boolean
Default value: true
preserve_owner
Data type: Boolean
Default value: true
preserve_group
Data type: Boolean
Default value: true
preserve_devices
Data type: Boolean
Default value: false
exclude
Data type: Array[String]
Default value: ['.svn/','.git/']
rsync_timeout
Data type: Integer[0]
Default value: 2
logoutput
Data type: Variant[Boolean,String]
Default value: 'on_failure'
delete
Data type: Boolean
Default value: false
bwlimit
Data type: Optional[Integer[0]]
Default value: undef
copy_links
Data type: Boolean
Default value: false
size_only
Data type: Boolean
Default value: false
no_implied_dirs
Data type: Boolean
Default value: true
user
Data type: Optional[String]
Default value: undef
pass
Data type: Optional[String]
Default value: undef
rsubscribe
Data type: Optional[Catalogentry]
Default value: undef
rnotify
Data type: Optional[Catalogentry]
Default value: undef
rsync::retrieve
Retrieve a file over the rsync protocol
- See also
- rsync(1)
Parameters
The following parameters are available in the rsync::retrieve
defined type.
source_path
Data type: String
The path on the rsync server from which to retrieve files
- This will, most likely, not start with a forward slash
target_path
Data type: String
The path to which to write on the client system
rsync_server
Data type: Variant[Simplib::Host, Simplib::Host::Port]
The host to which to connect
Default value: simplib::lookup('simp_options::rsync::server')
proto
Data type: String
The protocol to use
- This will go before the
://
in the rsync connection string - You probably won't change this
Default value: 'rsync'
rsync_path
Data type: Stdlib::Absolutepath
The path to the 'rsync' command
Default value: '/usr/bin/rsync'
preserve_perms
Data type: Boolean
Preserve the file permissions from the server
Default value: true
preserve_acl
Data type: Boolean
Preserve the file ACLs from the server
Default value: true
preserve_xattrs
Data type: Boolean
Preserve the extended attributes from the server
Default value: true
preserve_owner
Data type: Boolean
Preserve the file owner from the server
Default value: true
preserve_group
Data type: Boolean
Preserve the file group from the server
Default value: true
preserve_devices
Data type: Boolean
Preserve device special IDs from the server
Default value: false
exclude
Data type: Array[String]
Paths and globs to exclude from transfers
Default value: ['.svn/','.git/']
rsync_timeout
Data type: Integer[0]
The number of seconds to wait for a transfer to begin before timing out
Default value: 2
logoutput
Data type: String
Log the output of the rsync run at the provided trigger
Default value: 'on_failure'
delete
Data type: Boolean
Delete local files that do not exist on the remote server
Default value: false
bwlimit
Data type: Optional[String]
The bandwidth limit for the connection
Default value: simplib::lookup('rsync::bwlimit', { 'default_value' => undef })
copy_links
Data type: Boolean
Preserve symlinks during the transfer
Default value: false
size_only
Data type: Boolean
Only compare files by size to determine if they need a transfer
Default value: false
no_implied_dirs
Data type: Boolean
Don't send implied directories with relative pathnames
Default value: true
user
Data type: Optional[String]
The username to use when connecting to the server
Default value: undef
pass
Data type: Optional[String]
The password to use when connecting to the server
- If left blank, and a username is provided, the
simplib::passgen()
function will be used to look up the password
Default value: undef
pull
Data type: Boolean
Pull files from the remote server
- If set to
false
, will push files to the server instead of pulling them from the server
Default value: true
rnotify
Data type: Optional[Catalogentry]
Wrap a notify
so that this process will send a Puppet notification to a
resource after completion
- Use like the regular Puppet
notify
meta-parameter
Default value: undef
rsubscribe
Data type: Optional[Catalogentry]
Wrap a subscribe
so that this process will subscribe to a Puppet
resource after completion
- Use like the regular Puppet
subscribe
meta-parameter
Default value: undef
rsync::server::section
Set up a 'section' of /etc/rsyncd.conf pertaining to a particular rsync share.
See rsyncd.conf(5)
for descriptions of most variables.
Parameters
The following parameters are available in the rsync::server::section
defined type.
name
The arbitrary name of this configuration section
path
Data type: Stdlib::Absolutepath
The directory to make available to clients
auth_users
Data type: Optional[Array[String]]
A list of usernames that are allowed to connect to this section
simplib::passgen()
will be used to generated random passwords for these users, if they do not already exist in the system- Ignored if
user_pass
is set.
Default value: undef
user_pass
Data type: Optional[Array[String]]
An optional array of username:password
combinations to be added to the
secrets file
- Not recommended. Instead, use
auth_users
to let thesimplib::passgen()
function generate your passwords - Entries in this Array should be of the following form:
username:password
Default value: undef
comment
Data type: Optional[String]
A comment for the section
Default value: undef
use_chroot
Data type: Boolean
Use a chroot
for this service
Default value: false
max_connections
Data type: Integer[0]
The maximum number of connections allowed
Default value: 0
max_verbosity
Data type: Integer[0]
The logging verbosity that the daemon should use for connections to this service
Default value: 1
lock_file
Data type: Stdlib::Absolutepath
The path to the lock file for this service
Default value: '/var/run/rsyncd.lock'
read_only
Data type: Boolean
Do not allow clients to write to this share
Default value: true
write_only
Data type: Boolean
Only allow clients to write to this share
Default value: false
list
Data type: Boolean
List this share when clients ask for a list of available modules
Default value: false
uid
Data type: String
The user ID that transfers should take place as
- This user must have access to all of the relevant files
Default value: 'root'
gid
Data type: String
The group ID that transfers should take place as
- Must have access to all of the relevant files
Default value: 'root'
outgoing_chmod
Data type: String
A symbolic chmod
that will be applied to files that are transferred
outbound
Default value: 'o-w'
ignore_nonreadable
Data type: Boolean
Completely ignore any file that is not readable by the user
Default value: true
transfer_logging
Data type: Boolean
Enable per-file logging of transfers
Default value: true
log_format
Data type: String
Format used for logging file transfers when transfer logging is enabled
Default value: "'%o %h [%a] %m (%u) %f %l'"
dont_compress
Data type: Array[String]
Filenames and globs that should not be compressed upon transfer
Default value: [ '*.gz', '*.tgz', '*.zip', '*.z', '*.rpm', '*.deb', '*.iso', '*.bz2', '*.tbz', '*.rar', '*.jar', '*.pdf', '*.sar', '*.war' ]
hosts_allow
Data type: Variant[Enum['*'], Simplib::Netlist]
Hosts that should be allowed to connect to this share
- Set to
['127.0.0.1']
if usingstunnel
for the overall system - May also be set to the String
*
to allow all hosts
Default value: simplib::lookup('simp_options::trusted_nets', { 'default_value' => ['127.0.0.1'] })
hosts_deny
Data type: Variant[Enum['*'], Simplib::Netlist]
Hosts to explicitly deny from connection to this share
- Should be set to the String
*
as it is overridden by$hosts_allow
Default value: '*'
Resource types
rsync
Run an rsync command; almost all options are directly from the rsync man page.
Though we've done what we can to mimize SELinux impact. If you have the situation where your Puppet server's rsync space does not have SELinux attributes but your client is Permissive or Enforcing. Then you will most certainly see error messages of the type that extended attributes have changed.
Your best bet is to ensure that your Puppet server runs in at least Permissive mode. If you need to refresh your rsync data attributes, then running 'fixfiles -R simp-rsync restore'.
Properties
The following properties are available in the rsync
type.
action
Valid values: push
, pull
Whether to push or pull from rsync server. Defaults to pull
Default value: pull
Parameters
The following parameters are available in the rsync
type.
bwlimit
KB/s to limit I/O bandwidth to
compress
Valid values: true
, false
Whether or not to compress content prior to transfer. Defaults to true.
Default value: true
contimeout
Connection timeout in seconds.
copy_links
Valid values: true
, false
Whether to copy links as symlinks. Defaults to false
Default value: false
delete
Valid values: true
, false
Whether to delete files that do not exist on server. Defaults to false
Default value: false
exclude
Exclude files matching PATTERN. Multiple values may be specified as an array. Defaults to ['.svn/','.git/']
Default value: ['.svn/','.git/']
hard_links
Valid values: true
, false
Preserve hard links. Defaults to true.
Default value: true
ignore_selinux
Valid values: true
, false
If this is set to 'true' then this type will ignore SELinux errors. If set to false, then an SELinux permissions copy error is a complete failure state.
Default value: true
iotimeout
I/O timeout in seconds.
logoutput
Valid values: true
, false
, on_failure
Whether to log output. Defaults to logging output at the loglevel for
the exec
resource. Use on_failure to only log the output when the
command reports an error. Values are true, false, on_failure,
and any legal log level.
Default value: on_failure
name
namevar
The globally unique name of the resource. Has no effect on provider functionality.
no_implied_dirs
Valid values: true
, false
Do not send implied dirs. Defaults to true
Default value: true
pass
The password to use. Only used if a username is specified If you want the password to be auto-generated, you can use the SIMP 'simplib::passgen' function.
$user = 'foo'
rsync::retrieve { \"foo\": source => 'bar', target => '/tmp/foo', server => 'puppet', user => $user, password => simplib::passgen($user) }
password
The password to use. Only used if a username is specified If you want the password to be auto-generated, you can use the SIMP 'simplib::passgen' function.
$user = 'foo'
rsync::retrieve { \"foo\": source => 'bar', target => '/tmp/foo', server => 'puppet', user => $user, password => simplib::passgen($user) }
path
The fully qualified path to the rsync executable
preserve_acl
Valid values: true
, false
Whether or not to preserve ACL. Defaults to true.
Default value: true
preserve_devices
Valid values: true
, false
Whether or not to preserve device files. Defaults to false.
Default value: false
preserve_group
Valid values: true
, false
Whether or not to preserve group. Defaults to true.
Default value: true
preserve_owner
Valid values: true
, false
Whether or not to preserve owner. Defaults to true.
Default value: true
preserve_perms
Valid values: true
, false
Whether or not to preserve permissions. Defaults to true.
Default value: true
preserve_xattrs
Valid values: true
, false
Whether or not to preserve extended attributes. Defaults to true.
Default value: true
proto
The protocol to use in connecting to the rsync server. Defaults to "rsync"
protocol
The protocol to use in connecting to the rsync server. Defaults to "rsync"
provider
The specific backend to use for this rsync
resource. You will seldom need to specify this --- Puppet will usually
discover the appropriate provider for your platform.
recurse
Valid values: true
, false
Whether or not to recursively copy. Defaults to true.
Default value: true
rsync_path
The fully qualified path to the rsync executable
rsync_server
The hostname or IP of the rsync server
rsync_timeout
Alias for :timeout
server
The hostname or IP of the rsync server
size_only
Valid values: true
, false
Whether to skip files that match in size. Defaults to true
Default value: false
source
The fully qualified source path on the rsync server
source_path
The fully qualified source path on the rsync server
target
The fully qualified target path on the rsync client
target_path
The fully qualified target path on the rsync client
timeout
Connection timeout in seconds. Note: This is different from what the man page states due to backward compatibility issues. Use iotimeout for the man page compatible timeout value.
user
The username to use
- Wed Jun 16 2021 Chris Tessmer chris.tessmer@onyxpoint.com - 6.5.0
- Removed support for Puppet 5
- Ensured support for Puppet 7 in requirements and stdlib
- Wed Feb 03 2021 Liz Nemsick lnemsick.simp@gmail.com - 6.4.2
- Expanded simp/rsyslog dependendency range to < 9.0.0.
- Tue Jan 12 2021 Trevor Vaughan tvaughan@onyxpoint.com - 6.4.2
- Fix REFERENCE.md documentation
- Note sebool_use_nfs and sebool_cifs upcoming deprecation
- Tue Jan 12 2021 Chris Tessmer chris.tessmer@onyxpoint.com - 6.4.2
- Removed EL6 support
- Wed Jul 29 2020 Jeanne Greulich jeanne.greulich@onyxpoint.com - 6.4.1-0
- Update upper bound for vox_selinux to < 4.0.0
- Fri Jan 10 2020 Liz Nemsick lnemsick.simp@gmail.com - 6.4.0-0
- Add EL8 support
- Update the upper bound of simp-simplib to < 5.0.0
- Fri Aug 02 2019 Robert Vincent pillarsdotnet@gmail.com - 6.4.0-0
- Support puppetlabs/concat 6.x.
- Thu Aug 01 2019 Mike Renfro renfro@tntech.edu - 6.3.0-0
- Add 'preserve_perms' attribute to allow users to disable the preservation of server-side permissions.
- If this flag is set to
false
, setschmod
tou=rwX,g=rwX,o-rwx
- Thu Jun 06 2019 Steven Pritchard steven.pritchard@onyxpoint.com - 6.2.0-0
- Add v2 compliance_markup data
- Remove puppet 4 support
- Add puppet 6 support
- Add puppetlabs-stdlib 6 support
- Mon Mar 04 2019 Liz Nemsick lnemsick.simp@gmail.com - 6.1.1-0
- Expanded the upper limit of the concat and stdlib Puppet module versions
- Updated a URL in the README.md
- Wed Feb 20 2019 Adam Yohring adam.yohrling@onyxpoint.com - 6.1.1-0
- Modified class to support configuring SIMP rsync server and SIMP rsync client for same machine
- Combine
rsync::server::global
withrsync::server
- Add ability to use ports in rsync_server parameter
- Tue Feb 12 2019 Liz Nemsick lnemsick.simp@gmail.com - 6.1.1-0
- Fixed a template bug that prevented catalogue compilation when rsync::server::section::user_pass was set
- Use simplib::passgen() in lieu of passgen(), a deprecated simplib Puppet 3 function.
- Thu Oct 11 2018 Nick Miller nick.miller@onyxpoint.com - 6.1.0-0
- Added $package_ensure parameter
- Changed the package from 'latest' to 'installed'
- It will also respect
simp_options::package_ensure
- Update badges and contribution guide URL in README.md
- Fri Sep 07 2018 Liz Nemsick lnemsick.simp@gmail.com - 6.1.0-0
- Drop Hiera 4 support
- Tue May 08 2018 Adam Yohrling adam.yohrling@onyxpoint.com - 6.0.6-0
- Add
order => 'numeric'
setting to concat for rsyncd.conf - Add support for Puppet 5
- Add support for and OEL
- Mon Feb 12 2018 Liz Nemsick lnemsick.simp@gmail.com - 6.0.5-0
- Update upperbound on puppetlabs/concat version to < 5.0.0
- Fri Aug 18 2017 Liz Nemsick lnemsick.simp@gmail.com - 6.0.4-0
- Update concat version in metadata.json & build/rpm_metadata/requires
- Thu Jul 06 2017 Liz Nemsick lnemsick.simp@gmail.com - 6.0.3-0
- Update puppet dependency in metadata.json
- Wed Mar 29 2017 Trevor Vaughan tvaughan@onyxpoint.com - 6.0.2-0
- Ensure that rsync password files are not echoed to the Puppet log
- Thu Mar 17 2017 Liz Nemsick lnemsick.simp@gmail.com - 6.0.1-0
- Remove OBE 'pe' requirement from metadata.json
- Update puppet version in .travis.yaml
- Wed Mar 8 2017 Dylan Cochran heliocentric@gmail.com - 6.0.1-0
- Wire down rsync's beaker acceptance tests
- Fri Feb 10 2017 Liz Nemsick lnemsick.simp@gmail.com - 6.0.0-0
- Fixed minor bug in rsync provider that caused 'Unknown failure using insync_values?' Puppet message to be generated.
- Sun Jan 22 2017 Trevor Vaughan tvaughan@onyxpoint.com - 6.0.0-0
- Switched to using puppetlabs/concat
- Fixed the startup script for EL6
- Fixed minor ordering issues
- Renamed the service to 'rsyncd' to match the service name in EL7
- Cleaned up rsyslog calls to remove logic
- Mon Jan 09 2017 Nick Markowski nmarkowski@keywcorp.com - 6.0.0-0
- Updated to use new pki scheme.
- Tue Nov 22 2016 Chris Tessmer chris.tessmer@onyxpoint.com - 5.0.0-0
- Minor cleanup
- Fri Sep 30 2016 Trevor Vaughan tvaughan@onyxpoint.com - 5.0.0-0
- Updated to use the version of 'simpcat' that does not conflict with 'puppetlabs/concat'.
- Thu Jul 07 2016 Nicholas Hughes nicholasmhughes@gmail.com - 4.2.2-0
- Updated the client_nets parameters to pull from global prior to using Hiera and to fall back to the safety of 127.0.0.1.
- Wed Apr 13 2016 Kendall Moore kendall.moore@onyxpoint.com - 4.2.1-0
- Changed the default provider for the rsync service to be redhat
- Thu Feb 25 2016 Ralph Wright ralph.wright@onyxpoint.com - 4.2.0-5
- Added compliance function support
- Wed Jan 27 2016 Chris Tessmer chris.tessmer@onypoint.com - 4.2.0-4
- Normalized common static module assets
- Mon Nov 09 2015 Chris Tessmer chris.tessmer@onypoint.com - 4.2.0-3
- migration to simplib and simpcat (lib/ only)
- Sat Aug 01 2015 Trevor Vaughan tvaughan@onyxpoint.com - 4.2.0-2
- Fixed a bug in the rsync provider that was not properly outputting the exit code on a failure.
- Fri Jul 31 2015 Kendall Moore kmoore@keywcorp.com - 4.2.0-2
- Updated to use new rsyslog module.
- Wed May 06 2015 Chris Tessmer chris.tessmer@onyxpoint.com - 4.2.0-1
- Prevent file syncs during --noop runs.
- Thu Apr 02 2015 Trevor Vaughan tvaughan@onyxpoint.com - 4.2.0-0
- Made several changes, including one potentially breaking change, to make
things consistent with modern types and providers.
- Confine to Linux systems and systems with the command 'rsync'
- Remove methods from the type and place them into the provider where possible.
- Change 'do' to 'action' since 'do' is a reserved word in Ruby
- Make 'password/pass' a provider for action on the system in the password files
- No longer create custom resources in the type. This was causing issues with an invalid catalog when using PuppetDB
- Pushed the management of /etc/rsync/secrets and /etc/rsync to server.pp
- Moved server files to /etc/rsync/secrets and left client files in /etc/rsync so that we could properly use 'tidy'. This is currently noisy and we may need to pull in external Puppet patches to fix it.
- Client-side passwords are no longer permanently housed on the system. If you need to troubleshoot the rsync connection, run Puppet in 'debug' mode and it will output the password in the log.
- Thu Feb 19 2015 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-6
- Migrated to the new 'simp' environment.
- Wed Oct 22 2014 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-5
- Update to account for the stunnel module updates in 4.2.0-0
- Mon Jul 28 2014 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-4
- Eliminated spurious 'to_a' call that may cause issues in Ruby 2
- Mon Jun 23 2014 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-3
- Fixed SELinux check for when selinux_current_mode is not found.
- Fixed validation for $rsync::server::section::auth_user and $rsync::server::section::auth_pass.
- Sun Jun 22 2014 Kendall Moore kmoore@keywcorp.com - 4.1.0-3
- Removed MD5 file checksums for FIPS compliance.
- Tue Jun 03 2014 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-2
- Added a boolean to turn off the useless rsyslog noise by default.
- Sat Apr 19 2014 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-1
- Converted rsync::server::global to a class.
- Fri Apr 04 2014 Nick Markowski nmarkowski@keywcorp.com - 4.1.0-0
- Selinux booleans now set if mode != disabled
- Wed Mar 26 2014 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-0
- Added native support for Stunnel
- Refactored the code to work well with Hiera
- Added spec tests
- Thu Jan 30 2014 Trevor Vaughan tvaughan@onyxpoint.com - 4.0.0-14
- Converted all string booleans to booleans.
- The rsync type required a call to 'to_a' on the existing tags to be able to update them within the type when using Puppet >= 3.4.
- Mon Oct 07 2013 Kendall Moore kmoore@keywcorp.com - 4.0.0-13
- Updated all erb templates to properly scope variables.
- Wed Sep 25 2013 Trevor Vaughan tvaughan@onyxpoint.com - 4.0.0-12
- Modified the 'timeout' variable to connect to the 'contimeout' variable in rsync.
- Added an 'iotimeout' variable to set the 'timeout' variable in rsync.
- This is not intuitive but meets what most users expect the variables to actually do. This is noted in the documentation and will be fully modified during a later rewrite.
- Tue Sep 24 2013 Kendall Moore kmoore@keywcorp.com 4.0-12
- Require puppet 3.X and puppet-server 3.X because of an upgrade to use hiera instead of extdata.
- Tue Aug 06 2013 Trevor Vaughan tvaughan@onyxpoint.com - 4.0-11
- No longer fail on SELinux specific errors. This handles the case where the Puppet server does not have any attributes in /srv/rsync but the clients are in Permissive or Enforcing mode.
- Thu Jun 27 2013 Kendall Moore kmoore@keywcorp.com - 4.0-10
- Set the rsync_export_all_ro boolean to true on both the server and client nodes to address an issue with backuppc initial setup on the backuppc server.
- Thu Jun 27 2013 Trevor Vaughan tvaughan@onyxpoint.com - 4.0-10
- Set the rsync_client and rsync_export_all_ro booleans for rsync to function properly.
- Added an if block around the user password resource in the rsync type to avoid conflicts.
- Added a statement autorequiring the rsync_client selinux boolean to the rsync type prior to doing anything with rsync so that rsync can actually function properly.
- Mon Feb 25 2013 Maintenance 4.0-9
- The 'timeout' parameter is now a required value.
- Added extlookup('rsync_server',"$::rsync_server") as the default for the rsync_server variable so that it would work in a reasonable manner in most cases.
- Cleaned up some of the code in the rsync native type.
- Mon Jan 07 2013 Maintenance 4.0.0-8
- Created a Cucumber test to install and configure and rsync server and check to ensure the rsync service runs and its configuration file exists.
- Fri Aug 17 2012 Maintenance 4.0.0-7
- Moved all dynamic resource creation and checking to 'finish' instead of 'initialize' in the custom type.
- Wed Jul 25 2012 Maintenance 4.0.0-6
- Updated the native type to create resources instead of munging files directly. This fixes repeated tidies that had been happening.
- Thu Jun 07 2012 Maintenance 4.0.0-5
- Ensure that Arrays in templates are flattened.
- Call facts as instance variables.
- Made compression, recusion, and hard link copying optional.
- Moved mit-tests to /usr/share/simp...
- Updated pp files to better meet Puppet's recommended style guide.
- Fri Mar 02 2012 Maintenance 4.0.0-4
- Improved test stubs.
- Mon Dec 26 2011 Maintenance 4.0-3
- Updated the spec file to not require a separate file list.
- Scoped all of the top level variables.
- Mon Dec 05 2011 Maintenance 4.0-2
- Updated to not use 'size_only' by default since that loses one character changes in DNS, etc...
- Wed Nov 16 2011 Maintenance 4.0-1
- Updated the rsync type so that it gracefully handles the case where a password prompt is presented but no password has been provided.
- Tue Oct 25 2011 Maintenance 4.0-0
- Added a call to the tcpwrappers module with a default of ALL.
- Updated the rsync::server::section to add $client_nets to $hosts_allow
- Mon Oct 10 2011 Maintenance 2.0.0-3
- Updated to put quotes around everything that need it in a comparison statement so that puppet > 2.5 doesn't explode with an undef error.
- Fri Aug 12 2011 Maintenance 2.0.0-2
- Fixed a bug whereby the 'push' method passed through rsync::retrieve would not work.
- Added an rsync init script.
- Enhanced the custom type to ensure that all rsync items are called after the rsync and stunnel services if they exist.
- Tue Mar 29 2011 Maintenance - 2.0.0-1
- Rsync is now killed with a -9
- Thu Mar 24 2011 Maintenance - 1.0-6
- Several bugs were fixed in the rsync type that caused the type to fail when managing spaces with password protection.
- Removed the ability to set $pull in rsync::push
- Added rsync native type
- Fixed typos in rsync command and test command templates
- Updated to use concat_build and concat_fragment types
- Tue Jan 11 2011 Maintenance 2.0.0-0
- Refactored for SIMP-2.0.0-alpha release
- Mon Jan 10 2011 Maintenance - 1-3
- Added the ability to push to the rsync server. Simply set $pull to 'false' on rsync::retrieve.
- Tue Oct 26 2010 Maintenance - 1-2
- Converting all spec files to check for directories prior to copy.
- Wed Jul 14 2010 Maintenance 1.0-0
- Update to support password protected rsync spaces. Passwords are auto-generated if required.
- Mon May 24 2010 Maintenance 1.0-0
- Doc update and code refactor.
- Thu May 13 2010 Maintenance 0.1-14
- Updated the 'exclude' param to match the man page. It works both with and without the '=' but not using '=' may be deprecated in the future.
- Wed Mar 17 2010 Maintenance 0.1-13
- Now supports --no-implied-dirs by default. This prevents errors when doing things like copying symlinks over directories, etc... It is a $no_implied_dirs variable and can be turned off by assigning it to 'false'.
- Mon Nov 02 2009 Maintenance 0.1-12
- Made this more flexible and hopefully faster by default.
- The define now supports the copy_links and size_only options.
Dependencies
- puppetlabs/concat (>= 6.4.0 < 8.0.0)
- puppetlabs/stdlib (>= 6.6.0 < 8.0.0)
- simp/rsyslog (>= 7.0.0 < 9.0.0)
- simp/simplib (>= 3.5.0 < 5.0.0)
- simp/stunnel (>= 6.0.0 < 7.0.0)
- simp/vox_selinux (>= 1.5.2 < 4.0.0)
pupmod-simp-rsync - A Puppet Module for managing rsync -- Per Section 105 of the Copyright Act of 1976, these works are not entitled to domestic copyright protection under US Federal law. The US Government retains the right to pursue copyright protections outside of the United States. The United States Government has unlimited rights in this software and all derivatives thereof, pursuant to the contracts under which it was developed and the License under which it falls. Some parts of this module derived from other works: Copyright (C) 2011 Onyx Point, Inc. --- Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.