ftp-server with puppet

===========================================================
[root@server ~]# puppet module search ftp
Notice: Searching https://forgeapi.puppetlabs.com
NAME DESCRIPTION AUTHOR KEYWORDS
thias-vsftpd vsftpd FTP server @thias rhel ftp debian ubuntu centos

[root@server ~]# puppet module install thias-vsftpd
Notice: Preparing to install into /etc/puppet/modules …
Notice: Downloading from https://forgeapi.puppetlabs.com
Notice: Installing — do not interrupt …
/etc/puppet/modules
└── thias-vsftpd (v0.2.1)
=============================================================
[root@server ~]# cat /etc/puppet/modules/vsftpd/manifests/init.pp
# Class: vsftpd
#
# Install, enable and configure a vsftpd FTP server instance.
#
# Parameters:
# see vsftpd.conf(5) for details about what the available parameters do.
# Sample Usage :
# include vsftpd
# class { ‘vsftpd’:
# anonymous_enable => ‘NO’,
# write_enable => ‘YES’,
# ftpd_banner => ‘Marmotte FTP Server’,
# chroot_local_user => ‘YES’,
# }
#
class vsftpd (
$confdir = $::vsftpd::params::confdir,
$package_name = $::vsftpd::params::package_name,
$service_name = $::vsftpd::params::service_name,
$template = ‘vsftpd/vsftpd.conf.erb’,
# vsftpd.conf options
$anonymous_enable = ‘YES’,
$local_enable = ‘YES’,
$write_enable = ‘YES’,
$local_umask = ‘022’,
$anon_upload_enable = ‘NO’,
$anon_mkdir_write_enable = ‘NO’,
$dirmessage_enable = ‘YES’,
$xferlog_enable = ‘YES’,
$connect_from_port_20 = ‘YES’,
$chown_uploads = ‘NO’,
$chown_username = undef,
$xferlog_file = ‘/var/log/vsftpd.log’,
$xferlog_std_format = ‘YES’,
$idle_session_timeout = ‘600’,
$data_connection_timeout = ‘120’,
$nopriv_user = undef,
$async_abor_enable = ‘NO’,
$ascii_upload_enable = ‘NO’,
$ascii_download_enable = ‘NO’,
$ftpd_banner = undef,
$chroot_local_user = ‘NO’,
$chroot_list_enable = ‘NO’,
$chroot_list_file = ‘/etc/vsftpd/chroot_list’,
$ls_recurse_enable = ‘NO’,
$listen = ‘YES’,
$listen_port = undef,
$pam_service_name = ‘vsftpd’,
$userlist_enable = ‘YES’,
$userlist_deny = undef,
$tcp_wrappers = ‘YES’,
$hide_file = undef,
$hide_ids = ‘NO’,
$setproctitle_enable = ‘NO’,
$text_userdb_names = ‘NO’,
$max_clients = undef,
$max_per_ip = undef,
$pasv_min_port = undef,
$pasv_max_port = undef,
$ftp_username = undef,
$banner_file = undef,
$allow_writeable_chroot = undef,
$directives = {},
) inherits ::vsftpd::params {

package { $package_name: ensure => installed }

service { $service_name:
require => Package[$package_name],
enable => true,
ensure => running,
hasstatus => true,
}

file { “${confdir}/vsftpd.conf”:
require => Package[$package_name],
content => template($template),
notify => Service[$service_name],
}

}
=============================================================
[root@server ~]# cat /etc/puppet/modules/vsftpd/manifests/params.pp
# Class: vsftpd::params
#
class vsftpd::params {

$package_name = ‘vsftpd’
$service_name = ‘vsftpd’

case $::operatingsystem {
‘RedHat’,
‘CentOS’,
‘Amazon’: {
$confdir = ‘/etc/vsftpd’
}
‘Debian’,
‘Ubuntu’: {
$confdir = ‘/etc’
}
default: {
$confdir = ‘/etc/vsftpd’
}
}

}
=============================================================
[root@server ~]# vim /etc/puppet/manifests/site.pp
hiera_include(“classes”)

node default {
include role
}

#### writing role for user creation #####

case $role { ‘users’ : {
include users
}
}
###### writing role for ftpserver #######

case $role { ‘ftpserver’ : {
include vsftpd
}
}

===================== Agent Side====================

[root@agent ~]# hostnamectl set-hostname agent.server.com

[root@agent ~]# yum install http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm

[root@agent ~]# yum install puppet -y

[root@agent ~]# vim /etc/puppet/puppet.conf
server = server.puppet.com
[main]
# The Puppet log directory.
# The default value is ‘$vardir/log’.
logdir = /var/log/puppet

# Where Puppet PID files are kept.
# The default value is ‘$vardir/run’.
rundir = /var/run/puppet

# Where SSL certificates are kept.
# The default value is ‘$confdir/ssl’.
ssldir = $vardir/ssl

[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate “puppet“ executable using the “–loadclasses“
# option.
# The default value is ‘$confdir/classes.txt’.
classfile = $vardir/classes.txt

# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is ‘$confdir/localconfig’.
localconfig = $vardir/localconfig

[root@agent ~]# vim /etc/hosts
#127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
#::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.43.143 agent.puppet.com
192.168.43.133 server.puppet.com
[root@agent ~]# telnet server.puppet.com 8140
Trying 192.168.43.133…
Connected to server.puppet.com.
Escape character is ‘^]’.
^CConnection closed by foreign host.

[root@agent ~]# puppet agent -t

[root@agent ~]# mkdir -p /etc/facter/facts.d/

[root@agent ~]# vim /etc/facter/facts.d/role.txt
role=ftpserver

[root@agent ~]# netstat -tlpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 947/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1826/master
tcp6 0 0 :::22 :::* LISTEN 947/sshd

[root@agent ~]# rpm -qa vsftpd

[root@agent ~]# service vsftpd status
Redirecting to /bin/systemctl status vsftpd.service
● vsftpd.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)

[root@agent ~]# puppet agent -t –noop
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for agent.puppet.com
Info: Applying configuration version ‘1478692700’
Notice: /Stage[main]/Vsftpd/Package[vsftpd]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Vsftpd/File[/etc/vsftpd/vsftpd.conf]/ensure: current_value absent, should be file (noop)
Info: /Stage[main]/Vsftpd/File[/etc/vsftpd/vsftpd.conf]: Scheduling refresh of Service[vsftpd]
Notice: /Stage[main]/Vsftpd/Service[vsftpd]/ensure: current_value stopped, should be running (noop)
Info: /Stage[main]/Vsftpd/Service[vsftpd]: Unscheduling refresh on Service[vsftpd]
Notice: Class[Vsftpd]: Would have triggered ‘refresh’ from 3 events
Notice: Stage[main]: Would have triggered ‘refresh’ from 1 events
Notice: Finished catalog run in 0.66 seconds
[
[root@agent ~]# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for agent.puppet.com
Info: Applying configuration version ‘1478692700’
Notice: /Stage[main]/Vsftpd/Package[vsftpd]/ensure: created
Notice: /Stage[main]/Vsftpd/File[/etc/vsftpd/vsftpd.conf]/content:
— /etc/vsftpd/vsftpd.conf 2016-03-31 11:12:03.000000000 -0400
+++ /tmp/puppet-file20161109-2289-11uqyv5 2016-11-09 06:59:28.517980121 -0500
@@ -12,7 +12,6 @@
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
-# When SELinux is enforcing check for SE bool ftp_home_dir
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
@@ -25,7 +24,6 @@
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
-# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
@@ -50,7 +48,7 @@
#
# You may override where the log file goes if you like. The default is shown
# below.
-#xferlog_file=/var/log/xferlog
+xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
@@ -94,11 +92,8 @@
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
-# (Warning! chroot’ing can be very dangerous. If using chroot, make sure that
-# the user does not have write access to the top level directory within the
-# chroot)
-#chroot_local_user=YES
-#chroot_list_enable=YES
+chroot_local_user=NO
+chroot_list_enable=NO
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
@@ -111,17 +106,16 @@
# When “listen” directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
-listen=NO
+listen=YES
#
-# This directive enables listening on IPv6 sockets. By default, listening
-# on the IPv6 “any” address (::) will accept connections from both IPv6
-# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
-# sockets. If you want that (perhaps because you want to listen on specific
-# addresses) then you must run two copies of vsftpd with two configuration
-# files.
+# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
+# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
-listen_ipv6=YES
+#listen_ipv6=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
+hide_ids=NO
+setproctitle_enable=NO
+text_userdb_names=NO

Info: Computing checksum on file /etc/vsftpd/vsftpd.conf
Info: /Stage[main]/Vsftpd/File[/etc/vsftpd/vsftpd.conf]: Filebucketed /etc/vsftpd/vsftpd.conf to puppet with sum c4072ca90053a6e86cf86850c343346d
Notice: /Stage[main]/Vsftpd/File[/etc/vsftpd/vsftpd.conf]/content: content changed ‘{md5}c4072ca90053a6e86cf86850c343346d’ to ‘{md5}3231dd64620c205175c6c01a6cc04dc5’
Info: /Stage[main]/Vsftpd/File[/etc/vsftpd/vsftpd.conf]: Scheduling refresh of Service[vsftpd]
Notice: /Stage[main]/Vsftpd/Service[vsftpd]/ensure: ensure changed ‘stopped’ to ‘running’
Info: /Stage[main]/Vsftpd/Service[vsftpd]: Unscheduling refresh on Service[vsftpd]
Notice: Finished catalog run in 38.94 seconds

=====================================================
[root@agent ~]# netstat -tlpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2498/vsftpd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 947/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1826/master
tcp6 0 0 :::22 :::* LISTEN 947/sshd
[root@agent ~]# rpm -qa vsftpd
vsftpd-3.0.2-11.el7_2.x86_64
[root@agent ~]# service vsftpd status
Redirecting to /bin/systemctl status vsftpd.service
● vsftpd.service – Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2016-11-09 06:59:28 EST; 38s ago
Main PID: 2498 (vsftpd)
CGroup: /system.slice/vsftpd.service
└─2498 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

Nov 09 06:59:28 agent.puppet.com systemd[1]: Starting Vsftpd ftp daemon…
Nov 09 06:59:28 agent.puppet.com systemd[1]: Started Vsftpd ftp daemon.
=========================================================

If you would like to change any code plz follow by passing data through hiera with out modifying existing code

=============== Server-side ================================================

Say if you want to change umask value from 022 ===> 033

[root@server ~]# vim /etc/puppet/modules/role/manifests/ftpserver.pp
class role::ftpserver {
include profile::ftpserver
}

root@server ~]# puppet apply /etc/puppet/modules/role/manifests/ftpserver.pp –noop
Notice: Compiled catalog for server.puppet.com in environment production in 0.03 seconds
Notice: Finished catalog run in 0.15 seconds

[root@server ~]# vim /etc/puppet/modules/profile/manifests/ftpserver.pp
class profile::ftpserver {
class {‘vsftpd’:
local_umask => ‘033’
}
}
[root@server ~]# puppet apply /etc/puppet/modules/profile/manifests/ftpserver.pp –noop
Notice: Compiled catalog for server.puppet.com in environment production in 0.02 seconds
Notice: Finished catalog run in 0.03 seconds

[root@server ~]# vim /etc/puppet/hieradata/roles/ftpserver.yaml

classes:
– ‘profile::ftpserver’

================== Agent-Side================
[root@agent ~]# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for agent.puppet.com
Info: Applying configuration version ‘1478692700’
Notice: /Stage[main]/Vsftpd/File[/etc/vsftpd/vsftpd.conf]/content:
— /etc/vsftpd/vsftpd.conf 2016-11-09 06:59:28.603980118 -0500
+++ /tmp/puppet-file20161109-3534-1p6pdo6 2016-11-09 07:28:31.431928178 -0500
@@ -19,7 +19,7 @@
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd’s)
-local_umask=022
+local_umask=033
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will

Info: Computing checksum on file /etc/vsftpd/vsftpd.conf
Info: /Stage[main]/Vsftpd/File[/etc/vsftpd/vsftpd.conf]: Filebucketed /etc/vsftpd/vsftpd.conf to puppet with sum 3231dd64620c205175c6c01a6cc04dc5
Notice: /Stage[main]/Vsftpd/File[/etc/vsftpd/vsftpd.conf]/content: content changed ‘{md5}3231dd64620c205175c6c01a6cc04dc5’ to ‘{md5}e06c0f52c48f4778cb8245d373a5b7bf’
Info: /Stage[main]/Vsftpd/File[/etc/vsftpd/vsftpd.conf]: Scheduling refresh of Service[vsftpd]
Notice: /Stage[main]/Vsftpd/Service[vsftpd]: Triggered ‘refresh’ from 1 events
Notice: Finished catalog run in 0.39 seconds

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s