From 9fba5edd93635fec6bfc2f00ecc4c6c132b3ebdd Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Wed, 8 May 2024 10:02:35 +0200 Subject: [PATCH] drop rsync from web --- puppet/Puppetfile | 3 -- puppet/modules/foreman_debug_rsync/Modulefile | 12 ------- puppet/modules/foreman_debug_rsync/README | 3 -- .../foreman_debug_rsync/files/rsync_debug.te | 14 -------- .../foreman_debug_rsync/manifests/config.pp | 32 ------------------- .../foreman_debug_rsync/manifests/cron.pp | 10 ------ .../foreman_debug_rsync/manifests/init.pp | 15 --------- puppet/modules/freight/manifests/uploader.pp | 2 -- puppet/modules/freight/manifests/user.pp | 12 ------- .../jenkins_node/manifests/packaging/rpm.pp | 3 +- puppet/modules/profiles/manifests/web.pp | 15 ++------- puppet/modules/utility/manifests/init.pp | 2 +- .../modules/web/manifests/vhost/downloads.pp | 12 ------- puppet/modules/web/manifests/vhost/yum.pp | 12 ------- 14 files changed, 4 insertions(+), 143 deletions(-) delete mode 100644 puppet/modules/foreman_debug_rsync/Modulefile delete mode 100644 puppet/modules/foreman_debug_rsync/README delete mode 100644 puppet/modules/foreman_debug_rsync/files/rsync_debug.te delete mode 100644 puppet/modules/foreman_debug_rsync/manifests/config.pp delete mode 100644 puppet/modules/foreman_debug_rsync/manifests/cron.pp delete mode 100644 puppet/modules/foreman_debug_rsync/manifests/init.pp diff --git a/puppet/Puppetfile b/puppet/Puppetfile index 9bc2e9195..32d77aa38 100644 --- a/puppet/Puppetfile +++ b/puppet/Puppetfile @@ -28,11 +28,8 @@ mod 'puppetlabs/mailalias_core', '1.2.0' mod 'puppetlabs/mount_providers', '2.0.1' mod 'puppetlabs/ntp', '10.1.0' mod 'puppetlabs/postgresql', '10.3.0' -# released version doesn't allow puppetlabs/concat 9.x & puppetlabs/stdlib 9.x -mod 'puppetlabs/rsync', :git => 'https://github.com/ekohl/puppetlabs-rsync', :branch => 'compatible-with-latest' mod 'puppetlabs/stdlib', '9.6.0' mod 'puppetlabs/vcsrepo', '6.1.0' -mod 'puppetlabs/xinetd', '3.4.1' mod 'richardc/datacat', '0.6.2' mod 'saz/sudo', '8.0.0' mod 'theforeman/foreman', '25.0.0' diff --git a/puppet/modules/foreman_debug_rsync/Modulefile b/puppet/modules/foreman_debug_rsync/Modulefile deleted file mode 100644 index 3cf392f8a..000000000 --- a/puppet/modules/foreman_debug_rsync/Modulefile +++ /dev/null @@ -1,12 +0,0 @@ -name 'lzap/foreman_debug_rsync' -version '0.1.0' -source 'UNKNOWN' -author 'lzap' -license 'Apache License, Version 2.0' -summary 'Configures rsync to accept foreman-debug tarballs' -description 'Configures rsync to accept foreman-debug tarballs' -project_page 'UNKNOWN' - -dependency 'puppetlabs/stdlib', '>= 4.1.0' -dependency 'puppetlabs/rsync', '>= 0.1.0' -dependency 'puppetlabs/xinetd', '>= 1.2.0' diff --git a/puppet/modules/foreman_debug_rsync/README b/puppet/modules/foreman_debug_rsync/README deleted file mode 100644 index 5b3fbbf6a..000000000 --- a/puppet/modules/foreman_debug_rsync/README +++ /dev/null @@ -1,3 +0,0 @@ -This is the foreman_debug_rsync module. - -Configures rsync to accept foreman-debug tarballs. diff --git a/puppet/modules/foreman_debug_rsync/files/rsync_debug.te b/puppet/modules/foreman_debug_rsync/files/rsync_debug.te deleted file mode 100644 index 5965f603f..000000000 --- a/puppet/modules/foreman_debug_rsync/files/rsync_debug.te +++ /dev/null @@ -1,14 +0,0 @@ -policy_module(rsync_debug, 1.0) - -optional_policy(` - require { - type public_content_t; - type rsync_t; - } - - # rsync creates temporary name during upload and then renames - create_files_pattern(rsync_t, public_content_t, public_content_t) - write_files_pattern(rsync_t, public_content_t, public_content_t) - rename_files_pattern(rsync_t, public_content_t, public_content_t) - setattr_files_pattern(rsync_t, public_content_t, public_content_t) -') diff --git a/puppet/modules/foreman_debug_rsync/manifests/config.pp b/puppet/modules/foreman_debug_rsync/manifests/config.pp deleted file mode 100644 index 88dd82f3a..000000000 --- a/puppet/modules/foreman_debug_rsync/manifests/config.pp +++ /dev/null @@ -1,32 +0,0 @@ -# @summary The configuration of the rsync server -# @api private -class foreman_debug_rsync::config { - include 'rsync' - include 'rsync::server' - - rsync::server::module { 'debug-incoming': - path => $foreman_debug_rsync::base, - require => File[$foreman_debug_rsync::base], - comment => 'Write-only place for foreman-debug', - max_connections => 15, - read_only => 'no', - write_only => 'yes', - list => 'no', - uid => 'nobody', - gid => 'nobody', - incoming_chmod => 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r', - outgoing_chmod => 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r', - } - - if $facts['os']['selinux']['enabled'] { - include selinux - - selinux::boolean { 'allow_rsync_anon_write': } - - selinux::module { 'rsync_debug': - ensure => 'present', - source_te => 'puppet:///modules/foreman_debug_rsync/rsync_debug.te', - builder => 'refpolicy', - } - } -} diff --git a/puppet/modules/foreman_debug_rsync/manifests/cron.pp b/puppet/modules/foreman_debug_rsync/manifests/cron.pp deleted file mode 100644 index 24f5223b3..000000000 --- a/puppet/modules/foreman_debug_rsync/manifests/cron.pp +++ /dev/null @@ -1,10 +0,0 @@ -# @summary Clean out old tarballs -# @api private -class foreman_debug_rsync::cron { - cron { 'remove-old-tarballs': - command => "/usr/bin/find ${foreman_debug_rsync::base} -type f -mtime +90 -exec rm {} \\;", - user => 'nobody', - hour => 3, - minute => 0, - } -} diff --git a/puppet/modules/foreman_debug_rsync/manifests/init.pp b/puppet/modules/foreman_debug_rsync/manifests/init.pp deleted file mode 100644 index 446568bb2..000000000 --- a/puppet/modules/foreman_debug_rsync/manifests/init.pp +++ /dev/null @@ -1,15 +0,0 @@ -# @summary Manage the debug rsync setup -# -# Users can upload their debugs using foreman-debug. -# This sets up the receiver part of that. -# -# @param base -# The base directory where rsync data is stored -class foreman_debug_rsync ( - Stdlib::Absolutepath $base = '/var/www/vhosts/debugs/htdocs', -) { - contain foreman_debug_rsync::config - contain foreman_debug_rsync::cron - - Class['foreman_debug_rsync::config'] -> Class['foreman_debug_rsync::cron'] -} diff --git a/puppet/modules/freight/manifests/uploader.pp b/puppet/modules/freight/manifests/uploader.pp index c138de846..56437bf14 100644 --- a/puppet/modules/freight/manifests/uploader.pp +++ b/puppet/modules/freight/manifests/uploader.pp @@ -9,8 +9,6 @@ String $user, Stdlib::Absolutepath $workspace, ) { - include rsync - secure_ssh::rsync::uploader_key { 'freight': user => $user, dir => "${workspace}/deb_key", diff --git a/puppet/modules/freight/manifests/user.pp b/puppet/modules/freight/manifests/user.pp index ed1db412e..2da929197 100644 --- a/puppet/modules/freight/manifests/user.pp +++ b/puppet/modules/freight/manifests/user.pp @@ -68,18 +68,6 @@ directories => $directory_config, } - include rsync::server - rsync::server::module { $vhost: - path => $webdir, - list => true, - read_only => true, - comment => "${vhost}.theforeman.org", - require => File[$webdir], - uid => 'nobody', - gid => 'nobody', - max_connections => 5, - exclude => ['/dists/*/.refs/'], - } file { "${webdir}/HEADER.html": ensure => file, owner => 'root', diff --git a/puppet/modules/jenkins_node/manifests/packaging/rpm.pp b/puppet/modules/jenkins_node/manifests/packaging/rpm.pp index c4a473a8e..dcccb94b7 100644 --- a/puppet/modules/jenkins_node/manifests/packaging/rpm.pp +++ b/puppet/modules/jenkins_node/manifests/packaging/rpm.pp @@ -28,6 +28,7 @@ ] $foreman_rel_eng_packages = [ 'python3-pyyaml', + 'rsync', ] stdlib::ensure_packages($obal_packages + $foreman_rel_eng_packages) @@ -47,8 +48,6 @@ manage_dir => true, } - include rsync - secure_ssh::rsync::uploader_key { 'yumstage': ensure => 'absent', user => $user, diff --git a/puppet/modules/profiles/manifests/web.pp b/puppet/modules/profiles/manifests/web.pp index 4b4dd9ccc..190e7d4bb 100644 --- a/puppet/modules/profiles/manifests/web.pp +++ b/puppet/modules/profiles/manifests/web.pp @@ -10,20 +10,13 @@ # Whether to enable HTTPS. This is typically wanted but can only be enabled # in a 2 pass setup. First Apache needs to run for Letsencrypt to function. # Then Letsencrypt can be enabled. Also useful to turn off in test setups. -# -# @param rsync_max_connections -# Maximum connection per rsync target. Using a small value to try and reduce -# server load class profiles::web ( String[1] $stable = '3.10', Hash[String, Hash] $debugs_htpasswds = {}, Boolean $https = true, - Integer[0] $rsync_max_connections = 10, ) { contain awstats - contain foreman_debug_rsync - class { 'web': https => $https, } @@ -34,13 +27,10 @@ contain web::vhost::deb class { 'web::vhost::debugs': - htpasswds => $debugs_htpasswds, + htpasswds => $debugs_htpasswds, } contain web::vhost::debugs - class { 'web::vhost::downloads': - rsync_max_connections => $rsync_max_connections, - } contain web::vhost::downloads contain web::vhost::stagingdeb @@ -51,8 +41,7 @@ contain web::vhost::web class { 'web::vhost::yum': - stable => $stable, - rsync_max_connections => $rsync_max_connections, + stable => $stable, } contain web::vhost::yum diff --git a/puppet/modules/utility/manifests/init.pp b/puppet/modules/utility/manifests/init.pp index f17b44810..75c8c11b4 100644 --- a/puppet/modules/utility/manifests/init.pp +++ b/puppet/modules/utility/manifests/init.pp @@ -11,7 +11,7 @@ stdlib::ensure_packages(['htop', 'iftop', 'screen']) } - # TODO: rsync package is managed by puppetlabs-rsync + ensure_packages(['rsync']) mailalias { 'sysadmins': ensure => present, diff --git a/puppet/modules/web/manifests/vhost/downloads.pp b/puppet/modules/web/manifests/vhost/downloads.pp index f44e0e8b7..0b0ee1b95 100644 --- a/puppet/modules/web/manifests/vhost/downloads.pp +++ b/puppet/modules/web/manifests/vhost/downloads.pp @@ -2,7 +2,6 @@ # @api private class web::vhost::downloads ( Stdlib::Absolutepath $downloads_directory = '/var/www/vhosts/downloads/htdocs', - Integer[0] $rsync_max_connections = 5, String $user = 'downloads', ) { $downloads_directory_config = [ @@ -32,17 +31,6 @@ directories => $downloads_directory_config, } - include rsync::server - rsync::server::module { 'downloads': - path => $downloads_directory, - list => true, - read_only => true, - comment => 'downloads.theforeman.org', - uid => 'nobody', - gid => 'nobody', - max_connections => $rsync_max_connections, - } - file { "${downloads_directory}/HEADER.html": ensure => file, owner => 'root', diff --git a/puppet/modules/web/manifests/vhost/yum.pp b/puppet/modules/web/manifests/vhost/yum.pp index 612518e9c..a44e4631a 100644 --- a/puppet/modules/web/manifests/vhost/yum.pp +++ b/puppet/modules/web/manifests/vhost/yum.pp @@ -2,7 +2,6 @@ # @api private class web::vhost::yum ( String[1] $stable, - Integer[0] $rsync_max_connections = 5, Stdlib::Fqdn $servername = 'yum.theforeman.org', Stdlib::Absolutepath $yum_directory = '/var/www/vhosts/yum/htdocs', String $user = 'yumrepo', @@ -43,17 +42,6 @@ directories => $yum_directory_config, } - include rsync::server - rsync::server::module { 'yum': - path => $yum_directory, - list => true, - read_only => true, - comment => $servername, - uid => 'nobody', - gid => 'nobody', - max_connections => $rsync_max_connections, - } - if $facts['os']['family'] == 'RedHat' { package { 'createrepo': ensure => present,