Skip to content

Commit 422ccc7

Browse files
5Ub-Z3r05Ub-Z3r0
5Ub-Z3r0
authored and
5Ub-Z3r0
committed
First commit
0 parents  commit 422ccc7

23 files changed

+1541
-0
lines changed

Modulefile

+19
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
name 'puppet-pureftpd'
2+
version '1.0.2'
3+
4+
author '5Ub-Z3r0'
5+
license 'GPL v3'
6+
project_page 'https://github.com/5Ub-Z3r0/puppet-pureftpd'
7+
source 'https://github.com/5Ub-Z3r0/puppet-pureftpd.git'
8+
summary 'Pure-FTPd module'
9+
description 'This module manages Pure-FTPd via Puppet.
10+
11+
It currently supports only RHEL, altough it should be easy to modify it to manage Debian-like systems.
12+
13+
Requirements:
14+
15+
* [Facter](http://www.puppetlabs.com/puppet/related-projects/facter/) 1.6.1 or greater (versions that support the osfamily fact)
16+
17+
Todo:
18+
- complete the config_mysql and config_pgsql defines
19+
'

README.md

+39
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
# puppet-pureftpd
2+
3+
Manage Pure-FTPd via Puppet on RHEL systems
4+
5+
## How to use
6+
7+
### Unix authentication with default configuration
8+
9+
```
10+
class { 'pureftpd': }
11+
```
12+
13+
### Different authentication type
14+
15+
```
16+
pureftpd::config{ 'ftp':
17+
auth_type => mysql,
18+
}
19+
```
20+
21+
```
22+
pureftpd::config_ldap { 'ftp-server':
23+
ldap_server => '192.168.100.10',
24+
ldap_basedn => 'ou=Users,dc=company,dc=com',
25+
ldap_filter => '(&(objectClass=posixAccount)(uid=\L))',
26+
ldap_authmethod => 'BIND'
27+
user_bandwidth => '1800:1800'
28+
}
29+
```
30+
```
31+
pureftpd::config_pgsql { 'ftp-server':
32+
user_bandwidth => '1800:1800'
33+
}
34+
```
35+
36+
### TODO
37+
- add a configuration switch for the pem certificate file, in case TLS is used
38+
- Implement configuration variables for postgresql-based authentication
39+
- Implement configuration variables for MySQL-based authentication

manifests/config.pp

+107
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,107 @@
1+
# == Define: pureftpd::config
2+
#
3+
# This module manages the pure-ftpd server configuration file
4+
#
5+
# === Parameters
6+
#
7+
# [*use_selinux*]
8+
# Optional, defaults to false.
9+
# Manages whether or not to enable selinux extensions.
10+
#
11+
# [*allow_anonymous*]
12+
# Optional, defaults to false.
13+
# Manages whether or not to allow anonymous users.
14+
#
15+
# [*allow_fxp*]
16+
# Optional, defaults to false.
17+
# Manages whether or not to allow the fxp protocol
18+
#
19+
# [*user_bandwidth*]
20+
# Optional, defaults to undef.
21+
# Defines the maximum bandwidth that the can be used, in the form
22+
# $kb_download:$kb_upload (e.g., 1800:1800).
23+
#
24+
# [*max_clients_number*]
25+
# Optional, defaults to 50.
26+
# Maximum number of simultaneous users that the server can manage.
27+
#
28+
# [*max_clients_per_ip*]
29+
# Optional, defaults to 8.
30+
# Maximum number of different clients that can come from a single IP
31+
#
32+
# [*umask*]
33+
# Optional, defaults to 133:022.
34+
# Specifies the user mask of the uploaded files/directories, in the form
35+
# $file_umask:$dir_umask (e.g., 177:077).
36+
#
37+
# [*min_uid*]
38+
# Optional, defaults to 500.
39+
# The minimum user id that can be accepted as an ftp user.
40+
#
41+
# [*allow_chmod*]
42+
# Optional, defaults to false.
43+
# Whether or not users are allowed to change ownerships of their files.
44+
#
45+
# [*use_tls*]
46+
# Optional, defaults to false.
47+
# Whether or not to accept tls connections in addition to normal ones.
48+
# TODO: Remember to place your server certificate in /etc/ssl/private/pure-ftpd.pem
49+
#
50+
# [*force_passive_ip*]
51+
# Optional, defaults to undef (not set)
52+
# Force an IP address in PASV/EPSV/SPSV replies
53+
#
54+
# [*motd_file*]
55+
# Optional, defaults to undef (use the dynamic provided file).
56+
# Manages the location of the server motd file, if any.
57+
#
58+
# === Examples
59+
#
60+
# pureftpd::config { 'ftp-server':
61+
# user_bandwidth => '1800:1800'
62+
# }
63+
#
64+
# === Authors
65+
#
66+
# 5Ub-Z3r0
67+
#
68+
define pureftpd::config(
69+
$use_selinux = false,
70+
$allow_anonymous = false,
71+
$allow_fxp = false,
72+
$user_bandwidth = undef,
73+
$max_clients_number = '50',
74+
$max_clients_per_ip = '8',
75+
$umask = '133:022',
76+
$min_uid = '500',
77+
$allow_chmod = false,
78+
$use_tls = false,
79+
$force_passive_ip = undef,
80+
$motd_file = undef
81+
){
82+
83+
class { 'pureftpd':
84+
use_selinux => $use_selinux
85+
}
86+
87+
$default_auth = 'unix'
88+
89+
if ($motd_file != undef) {
90+
file { '/etc/motd.pureftpd':
91+
ensure => file,
92+
source => $motd_file,
93+
owner => 'root',
94+
group => 'root',
95+
mode => '0644'
96+
}
97+
}
98+
99+
file { "${pureftpd::params::config_dir}/pure-ftpd.conf":
100+
ensure => file,
101+
content => template("${module_name}/${::osfamily}/pure-ftpd.conf.erb"),
102+
owner => 'root',
103+
group => 'root',
104+
mode => '0644',
105+
notify => Service[$pureftpd::params::service_name]
106+
}
107+
}

manifests/config_ldap.pp

+161
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,161 @@
1+
# == Define: pureftpd::config
2+
#
3+
# This module manages the pure-ftpd configuration files with LDAP authentication
4+
#
5+
# === Parameters
6+
#
7+
# [*ldap_server*]
8+
# Mandatory, is the IP or FQDN of the LDAP server
9+
#
10+
# [*ldap_basedn*]
11+
# Mandatory, is the base DN of the LDAP tree where the users are stored
12+
# (e.g.: ou=People,dc=company,dc=com)
13+
#
14+
# [*ldap_filter*]
15+
# Mandatory, specifies a filter that can be used to filter out users
16+
# (e.g.: '(&(objectClass=posixAccount)(uid=\L))')
17+
#
18+
# [*ldap_port*]
19+
# Optional, defaults to 389
20+
# The server port where the ldap service listens
21+
#
22+
# [*ldap_authmethod*]
23+
# Mandatory, can either be BIND or password
24+
# Manages the authentication methof for the LDAP users.
25+
#
26+
# [*$ldap_binddn*]
27+
# Optional, defaults to "".
28+
# the binddn that will be used to connect to the tree; leave blank if LDAP
29+
# supports anonymous bind.
30+
#
31+
# [*ldap_bindpw*]
32+
# Optional, defaults to "".
33+
# the binddn pass that will be used to connect to the tree; leave blank if LDAP
34+
# supports anonymous bind.
35+
#
36+
# [*ldap_usetls*]
37+
# Optional, defaults to false.
38+
# Defines whether or not to use a TLS connection to the LDAP service.
39+
#
40+
# [*use_selinux*]
41+
# Optional, defaults to false.
42+
# Manages whether or not to enable selinux extensions.
43+
#
44+
# [*allow_anonymous*]
45+
# Optional, defaults to false.
46+
# Manages whether or not to allow anonymous users.
47+
#
48+
# [*allow_fxp*]
49+
# Optional, defaults to false.
50+
# Manages whether or not to allow the fxp protocol
51+
#
52+
# [*user_bandwidth*]
53+
# Optional, defaults to undef.
54+
# Defines the maximum bandwidth that the can be used, in the form
55+
# $kb_download:$kb_upload (e.g., 1800:1800).
56+
#
57+
# [*max_clients_number*]
58+
# Optional, defaults to 50.
59+
# Maximum number of simultaneous users that the server can manage.
60+
#
61+
# [*max_clients_per_ip*]
62+
# Optional, defaults to 8.
63+
# Maximum number of different clients that can come from a single IP
64+
#
65+
# [*umask*]
66+
# Optional, defaults to 133:022.
67+
# Specifies the user mask of the uploaded files/directories, in the form
68+
# $file_umask:$dir_umask (e.g., 177:077).
69+
#
70+
# [*min_uid*]
71+
# Optional, defaults to 500.
72+
# The minimum user id that can be accepted as an ftp user.
73+
#
74+
# [*allow_chmod*]
75+
# Optional, defaults to false.
76+
# Whether or not users are allowed to change ownerships of their files.
77+
#
78+
# [*use_tls*]
79+
# Optional, defaults to false.
80+
# Whether or not to accept tls connections in addition to normal ones.
81+
# TODO: Remember to place your server certificate in /etc/ssl/private/pure-ftpd.pem
82+
#
83+
# [*force_passive_ip*]
84+
# Optional, defaults to undef (not set)
85+
# Force an IP address in PASV/EPSV/SPSV replies
86+
#
87+
# [*motd_file*]
88+
# Optional, defaults to undef (use the dynamic provided file).
89+
# Manages the location of the server motd file, if any.
90+
#
91+
# === Examples
92+
#
93+
# pureftpd::config_ldap { 'ftp-server':
94+
# ldap_server => '192.168.100.10',
95+
# ldap_basedn => 'ou=Users,dc=company,dc=com',
96+
# ldap_filter => '(&(objectClass=posixAccount)(uid=\L))',
97+
# ldap_authmethod => 'BIND'
98+
# user_bandwidth => '1800:1800'
99+
# }
100+
#
101+
# === Authors
102+
#
103+
# 5Ub-Z3r0
104+
#
105+
define pureftpd::config_ldap(
106+
$use_selinux = false,
107+
$allow_anonymous = false,
108+
$allow_fxp = false,
109+
$user_bandwidth = undef,
110+
$max_clients_number = '50',
111+
$max_clients_per_ip = '8',
112+
$umask = '133:022',
113+
$min_uid = '500',
114+
$allow_chmod = false,
115+
$use_tls = false,
116+
$force_passive_ip = undef,
117+
$motd_file = undef,
118+
$ldap_port = '389',
119+
$ldap_usetls = false,
120+
$ldap_server,
121+
$ldap_basedn,
122+
$ldap_binddn = '',
123+
$ldap_bindpw = '',
124+
$ldap_filter,
125+
$ldap_authmethod
126+
){
127+
128+
class { 'pureftpd':
129+
use_selinux => $use_selinux
130+
}
131+
132+
$default_auth = 'ldap'
133+
134+
if ($motd_file != undef) {
135+
file { '/etc/motd.pureftpd':
136+
ensure => file,
137+
source => $motd_file,
138+
owner => 'root',
139+
group => 'root',
140+
mode => '0644'
141+
}
142+
}
143+
144+
file { "${pureftpd::params::config_dir}/pure-ftpd.conf":
145+
ensure => file,
146+
content => template("${module_name}/${::osfamily}/pure-ftpd.conf.erb"),
147+
owner => 'root',
148+
group => 'root',
149+
mode => '0644',
150+
notify => Service[$pureftpd::params::service_name]
151+
}
152+
153+
file { "${pureftpd::params::config_dir}/pureftpd-ldap.conf":
154+
ensure => file,
155+
content => template("${module_name}/${::osfamily}/pureftpd-ldap.conf.erb"),
156+
owner => 'root',
157+
group => 'root',
158+
mode => '0644',
159+
notify => Service[$pureftpd::params::service_name]
160+
}
161+
}

0 commit comments

Comments
 (0)