Skip to content

Latest commit

 

History

History
178 lines (127 loc) · 10.2 KB

README.md

File metadata and controls

178 lines (127 loc) · 10.2 KB

rsync Cookbook

Cookbook Version CI State OpenCollective OpenCollective License

Rsync cookbook with rsyncd LWRP. More info on ryncd options can be found in the Docs.

Requirements

Platforms

  • Debian/Ubuntu
  • RHEL/CentOS/Scientific/Amazon/Oracle

Chef

  • Chef >= 15.3

Cookbooks

  • none

Attributes

node['rsyncd']['config'] (Hash) default: "/etc/rsyncd.conf"

Path to the rsyncd config file. This is the default, but the serve resource can write config files to arbitrary paths independant of this.

node['rsyncd']['globals'] (Hash) default: {}

This is where you can store key-value pairs that coincide with rsyncd globals.

node['rsyncd']['options'] (String) default: ''

Additional daemon arguments.

  • motd file: This parameter allows you to specify a "message of the day" to display to clients on each connect. This usually contains site information and any legal notices. The default is no motd file.
  • pid file: This parameter tells the rsync daemon to write its process ID to that file. If the file already exists, the rsync daemon will abort rather than overwrite the file.
  • port: You can override the default port the daemon will listen on by specifying this value (defaults to 873). This is ignored if the daemon is being run by inetd, and is superseded by the --port command-line option.
  • address: You can override the default IP address the daemon will listen on by specifying this value. This is ignored if the daemon is being run by inetd, and is superseded by the --address command-line option.
  • socket options: This parameter can provide endless fun for people who like to tune their systems to the utmost degree. You can set all sorts of socket options which may make transfers faster (or slower!). Read the man page for the setsockopt() system call for details on some of the options you may be able to set. By default no special socket options are set. These settings can also be specified via the --sockopts command-line option.

Refer to the documentation for rsyncd for more info.

Recipes

default

This recipe simply installs the rsync package, nothing more.

Resources/Providers

serve

This LWRP implements a rsync server module. The folowing params are chef-only, the rest implement the feature as described in the [rsyncd docs][1]

Parameters

Required
  • path - Path which this module should server
Optional

Unless specified these paramaters use the rsyncd default values as refed in the [Rsyncd docs][1]. Params are Strings unless specified otherwise.

  • name - The name of this module that will be refrenced by rsync://foo/NAME. Defaults to the resource name.
  • config_path - Path to write the rsyncd config Defaults to `node['rsyncd']['config']
  • comment - Comment when rsync gets the list of modules from the server.
  • read_only - Boolean - Serve this as a read-only module.
  • write_only- Boolean - Serve this as a write-only module.
  • list - Boolean - Add this module the the rsync modules list
  • uid - String - This parameter specifies the user name or user ID that file transfers to and from that module should take place as when the daemon was run as root.
  • gid - String - This parameter specifies the group name or group ID that file transfers to and from that module should take place as when the daemon was run as root.
  • auth_users - This parameter specifies a comma and space-separated list of usernames that will be allowed to connect to this module. [more info][1]
  • secrets_file - This parameter specifies the name of a file that contains the username:password pairs used for authenticating this module. [more info][1]
  • hosts_allow - This parameter allows you to specify a list of patterns that are matched against a connecting clients hostname and IP address. If none of the patterns match then the connection is rejected. [more info][1]
  • hosts_deny - This parameter allows you to specify a list of patterns that are matched against a connecting clients hostname and IP address. If the pattern matches then the connection is rejected. [more info][1]
  • max_connections - Fixnum - *Default: 0 - The maximum number of simultaneous connections you will allow.
  • munge_symlinks - Boolean - *Default: true - This parameter tells rsync to modify all incoming symlinks in a way that makes them unusable but recoverable. [more info][1]
  • use_chroot - Boolean - the rsync daemon will chroot to the "path" before starting the file transfer with the client.
  • nemeric_ids - Boolean - *Default: true - Enabling this parameter disables the mapping of users and groups by name for the current daemon module.
  • fake_super - Boolean - This allows the full attributes of a file to be stored without having to have the daemon actually running as root.
  • exclude_from - This parameter specifies the name of a file on the daemon that contains daemon exclude patterns. [more info][1]
  • exclude - This parameter specifies the name of a file on the daemon that contains daemon exclude patterns. [more info][1]
  • include_from - Analogue of exclude_from
  • include - Analogue of exclude
  • strict_modes - Boolean - If true, then the secrets file must not be readable by any user ID other than the one that the rsync daemon is running under.
  • log_file - Path where you should store this modules log file.
  • log_format - The format is a text string containing embedded single-character escape sequences prefixed with a percent (%) character. An optional numeric field width may also be specified between the percent and the escape letter (e.g. "%-50n %8l %07p"). [more info][1]
  • transfer_logging - This parameter enables per-file logging of downloads and uploads in a format somewhat similar to that used by ftp daemons. The daemon always logs the transfer at the end, so if a transfer is aborted, no mention will be made in the log file.
  • timeout - Fixnum - Default: 600 - Using this parameter you can ensure that rsync won't wait on a dead client forever. The timeout is specified in seconds. A value of zero means no timeout.
  • dont_compress - This parameter allows you to select filenames based on wildcard patterns that should not be compressed when pulling files from the daemon
  • lock_file - This parameter specifies the file to use to support the "max connections" parameter. The rsync daemon uses record locking on this file to ensure that the max connections limit is not exceeded for the modules sharing the lock file. The default is /var/run/rsyncd.lock
  • refuse_options - This parameter allows you to specify a space-separated list of rsync command line options that will be refused by your rsync daemon.
  • prexfer_exec - A command to run before each transfer to or from this module. If this command fails, the transfer will be aborted.
  • postxfer_exec - A command to run after each transfer to or from this module.

Usage

After loading the rsync cookbook you have access to the rsync_serve resource for serving up a generic rsyncd module with many options.

You must include the rsync::server recipe before you can use the LWRP as shown in the examples below.

Examples

Serve a directory:

include_recipe 'rsync::server'

rsync_serve 'tmp' do
  path '/tmp'
end

Serve a directory with read only and specify uids:

include_recipe 'rsync::server'

rsync_serve 'tmp' do
  path      '/tmp'
  uid       'nobody'
  gid       'nobody'
  read_only true
end

A more complex example with networking:

include_recipe 'rsync::server'

rsync_serve 'centos-prod' do
  path             '/data/repos/prod/centos'
  comment          'CentOS prod mirror'
  read_only        true
  use_chroot       true
  list             true
  uid              'nobody'
  gid              'nobody'
  hosts_allow      '127.0.0.1, 10.4.1.0/24, 192.168.4.0/24'
  hosts_deny       '0.0.0.0/0'
  max_connections  10
  transfer_logging true
  log_file         '/tmp/centos-sync'
  postxfer_exec    '/usr/local/bin/collect_things.sh'
end

Contributors

This project exists thanks to all the people who contribute.

Backers

Thank you to all our backers!

https://opencollective.com/sous-chefs#backers

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website.

https://opencollective.com/sous-chefs/sponsor/0/website https://opencollective.com/sous-chefs/sponsor/1/website https://opencollective.com/sous-chefs/sponsor/2/website https://opencollective.com/sous-chefs/sponsor/3/website https://opencollective.com/sous-chefs/sponsor/4/website https://opencollective.com/sous-chefs/sponsor/5/website https://opencollective.com/sous-chefs/sponsor/6/website https://opencollective.com/sous-chefs/sponsor/7/website https://opencollective.com/sous-chefs/sponsor/8/website https://opencollective.com/sous-chefs/sponsor/9/website