Ubuntu Mirror Charm

Merge ~hloeung/ubuntu-mirror-charm:master into ubuntu-mirror-charm:master

  1. Git
  2. lp:~hloeung/ubuntu-mirror-charm
  3. master
  4. Merge into master
Proposed by Haw Loeung
Status: Merged
Approved by: Haw Loeung
Approved revision: 1e64cf71639963e8cb9efea250758d99ba7165b8
Merged at revision: e21885a114a20cac4d7d81499c22775cc9f00a2c
Proposed branch: ~hloeung/ubuntu-mirror-charm:master
Merge into: ubuntu-mirror-charm:master
Diff against target: 105 lines (+44/-2)
5 files modified
config.yaml (+4/-0)
files/rsyncd-systemd.service (+10/-0)
hooks/Config.py (+3/-0)
hooks/hooks.py (+15/-2)
templates/rsyncd-systemd-socket.tmpl (+12/-0)
Reviewer Review Type Date Requested Status
Joel Sing (community) +1 Approve
Canonical IS Reviewers Pending
Review via email: mp+389699@code.launchpad.net

Commit message

Allow limiting rsync connections by source/IP (via systemd sockets)

To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
Joel Sing (jsing) wrote :

LGTM, see minor comments inline.

review: Approve (+1)
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision e21885a114a20cac4d7d81499c22775cc9f00a2c

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/config.yaml b/config.yaml
2index 8a5039e..d5ce15e 100644
3--- a/config.yaml
4+++ b/config.yaml
5@@ -431,6 +431,10 @@ options:
6 default: 65
7 type: int
8 description: "Maximum number of rsync connections allowed"
9+ rsync_max_connections_per_source:
10+ default: 5
11+ type: int
12+ description: "Maximum number of rsync connections allowed per source/IP"
13 rsync_motdfile:
14 default: "/etc/rsyncd/motd"
15 type: string
16diff --git a/files/rsyncd-systemd.service b/files/rsyncd-systemd.service
17new file mode 100644
18index 0000000..8ef2ff6
19--- /dev/null
20+++ b/files/rsyncd-systemd.service
21@@ -0,0 +1,10 @@
22+[Unit]
23+Description=fast remote file copy program daemon
24+ConditionPathExists=/etc/rsyncd.conf
25+
26+[Service]
27+ExecStart=/usr/bin/rsync --daemon
28+StandardInput=socket
29+
30+[Install]
31+WantedBy=multi-user.target
32diff --git a/hooks/Config.py b/hooks/Config.py
33index eb77b87..2543be7 100755
34--- a/hooks/Config.py
35+++ b/hooks/Config.py
36@@ -247,6 +247,9 @@ class Config:
37 def rsync_max_connections(self):
38 return int(config("rsync_max_connections"))
39
40+ def rsync_max_connections_per_source(self):
41+ return int(config("rsync_max_connections_per_source"))
42+
43 def rsync_motd(self):
44 try:
45 motd = str(base64.b64decode(config("rsync_motd")))
46diff --git a/hooks/hooks.py b/hooks/hooks.py
47index 6c9870b..0b80434 100755
48--- a/hooks/hooks.py
49+++ b/hooks/hooks.py
50@@ -262,6 +262,7 @@ def configure_rsync_server(conf, hostname):
51
52 roles = conf.roles()
53 if hostname not in roles:
54+ log("CHARM: hostname {} not found in role_map - not configuring rsync".format(hostname))
55 return
56
57 targets = {}
58@@ -279,6 +280,7 @@ def configure_rsync_server(conf, hostname):
59 motdfile = conf.rsync_motdfile()
60 tmpl_data = {}
61 tmpl_data["max_connections"] = conf.rsync_max_connections()
62+ tmpl_data["max_connections_per_source"] = conf.rsync_max_connections_per_source()
63 tmpl_data["motdfile"] = motdfile
64 tmpl_data["logdir"] = conf.logdir("rsync")
65 tmpl_data["targets"] = targets
66@@ -303,8 +305,19 @@ def configure_rsync_server(conf, hostname):
67 # Need to tell systemd to enable rsync and then start it
68 # but only in 15.04 or greater per https://wiki.ubuntu.com/SystemdForUpstartUsers
69 if float(platform.linux_distribution()[1]) >= 15.04:
70- check_call('systemctl enable rsync'.split())
71- check_call('systemctl start rsync'.split())
72+ # We disable rsync and run rsync over systemd sockets to allow limiting
73+ # connections per source/IP
74+ check_call('systemctl disable rsync'.split())
75+ check_call('systemctl stop rsync'.split())
76+
77+ log("CHARM: Installing rsyncd system socket service files")
78+ src = os.path.join(charm_dir(), "files", "rsyncd-systemd.service")
79+ shutil.copyfile(src, "/etc/systemd/system/rsyncd@.service")
80+ file_from_template("rsyncd-systemd-socket.tmpl", "/etc/systemd/system/rsyncd.socket", tmpl_data)
81+ log("CHARM: Starting up / reloading rsyncd.socket")
82+ check_call('systemctl daemon-reload'.split())
83+ check_call('systemctl enable rsyncd.socket'.split())
84+ check_call('systemctl start rsyncd.socket'.split())
85
86 log("CHARM: Finished configuring rsync server")
87
88diff --git a/templates/rsyncd-systemd-socket.tmpl b/templates/rsyncd-systemd-socket.tmpl
89new file mode 100644
90index 0000000..33c8676
91--- /dev/null
92+++ b/templates/rsyncd-systemd-socket.tmpl
93@@ -0,0 +1,12 @@
94+[Unit]
95+Description=fast remote file copy program daemon (Rsync Server Socket)
96+Conflicts=rsyncd.service
97+
98+[Socket]
99+ListenStream=873
100+Accept=yes
101+MaxConnections=${max_connections}
102+MaxConnectionsPerSource=${max_connections_per_source}
103+
104+[Install]
105+WantedBy=sockets.target

Subscribers

People subscribed via source and target branches