Ubuntu Mirror Charm

Merge ~hloeung/ubuntu-mirror-charm:master into ubuntu-mirror-charm:master

  1. Git
  2. lp:~hloeung/ubuntu-mirror-charm
  3. master
  4. Merge into master
Proposed by Haw Loeung
Status: Merged
Approved by: Haw Loeung
Approved revision: 1e64cf71639963e8cb9efea250758d99ba7165b8
Merged at revision: e21885a114a20cac4d7d81499c22775cc9f00a2c
Proposed branch: ~hloeung/ubuntu-mirror-charm:master
Merge into: ubuntu-mirror-charm:master
Diff against target: 105 lines (+44/-2)
5 files modified
config.yaml (+4/-0)
files/rsyncd-systemd.service (+10/-0)
hooks/Config.py (+3/-0)
hooks/hooks.py (+15/-2)
templates/rsyncd-systemd-socket.tmpl (+12/-0)
Reviewer Review Type Date Requested Status
Joel Sing (community) +1 Approve
Canonical IS Reviewers Pending
Review via email: mp+389699@code.launchpad.net

Commit message

Allow limiting rsync connections by source/IP (via systemd sockets)

To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
Joel Sing (jsing) wrote :

LGTM, see minor comments inline.

review: Approve (+1)
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision e21885a114a20cac4d7d81499c22775cc9f00a2c

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/config.yaml b/config.yaml
index 8a5039e..d5ce15e 100644
--- a/config.yaml
+++ b/config.yaml
@@ -431,6 +431,10 @@ options:
431 default: 65431 default: 65
432 type: int432 type: int
433 description: "Maximum number of rsync connections allowed"433 description: "Maximum number of rsync connections allowed"
434 rsync_max_connections_per_source:
435 default: 5
436 type: int
437 description: "Maximum number of rsync connections allowed per source/IP"
434 rsync_motdfile:438 rsync_motdfile:
435 default: "/etc/rsyncd/motd"439 default: "/etc/rsyncd/motd"
436 type: string440 type: string
diff --git a/files/rsyncd-systemd.service b/files/rsyncd-systemd.service
437new file mode 100644441new file mode 100644
index 0000000..8ef2ff6
--- /dev/null
+++ b/files/rsyncd-systemd.service
@@ -0,0 +1,10 @@
1[Unit]
2Description=fast remote file copy program daemon
3ConditionPathExists=/etc/rsyncd.conf
4
5[Service]
6ExecStart=/usr/bin/rsync --daemon
7StandardInput=socket
8
9[Install]
10WantedBy=multi-user.target
diff --git a/hooks/Config.py b/hooks/Config.py
index eb77b87..2543be7 100755
--- a/hooks/Config.py
+++ b/hooks/Config.py
@@ -247,6 +247,9 @@ class Config:
247 def rsync_max_connections(self):247 def rsync_max_connections(self):
248 return int(config("rsync_max_connections"))248 return int(config("rsync_max_connections"))
249249
250 def rsync_max_connections_per_source(self):
251 return int(config("rsync_max_connections_per_source"))
252
250 def rsync_motd(self):253 def rsync_motd(self):
251 try:254 try:
252 motd = str(base64.b64decode(config("rsync_motd")))255 motd = str(base64.b64decode(config("rsync_motd")))
diff --git a/hooks/hooks.py b/hooks/hooks.py
index 6c9870b..0b80434 100755
--- a/hooks/hooks.py
+++ b/hooks/hooks.py
@@ -262,6 +262,7 @@ def configure_rsync_server(conf, hostname):
262262
263 roles = conf.roles()263 roles = conf.roles()
264 if hostname not in roles:264 if hostname not in roles:
265 log("CHARM: hostname {} not found in role_map - not configuring rsync".format(hostname))
265 return266 return
266267
267 targets = {}268 targets = {}
@@ -279,6 +280,7 @@ def configure_rsync_server(conf, hostname):
279 motdfile = conf.rsync_motdfile()280 motdfile = conf.rsync_motdfile()
280 tmpl_data = {}281 tmpl_data = {}
281 tmpl_data["max_connections"] = conf.rsync_max_connections()282 tmpl_data["max_connections"] = conf.rsync_max_connections()
283 tmpl_data["max_connections_per_source"] = conf.rsync_max_connections_per_source()
282 tmpl_data["motdfile"] = motdfile284 tmpl_data["motdfile"] = motdfile
283 tmpl_data["logdir"] = conf.logdir("rsync")285 tmpl_data["logdir"] = conf.logdir("rsync")
284 tmpl_data["targets"] = targets286 tmpl_data["targets"] = targets
@@ -303,8 +305,19 @@ def configure_rsync_server(conf, hostname):
303 # Need to tell systemd to enable rsync and then start it305 # Need to tell systemd to enable rsync and then start it
304 # but only in 15.04 or greater per https://wiki.ubuntu.com/SystemdForUpstartUsers306 # but only in 15.04 or greater per https://wiki.ubuntu.com/SystemdForUpstartUsers
305 if float(platform.linux_distribution()[1]) >= 15.04:307 if float(platform.linux_distribution()[1]) >= 15.04:
306 check_call('systemctl enable rsync'.split())308 # We disable rsync and run rsync over systemd sockets to allow limiting
307 check_call('systemctl start rsync'.split())309 # connections per source/IP
310 check_call('systemctl disable rsync'.split())
311 check_call('systemctl stop rsync'.split())
312
313 log("CHARM: Installing rsyncd system socket service files")
314 src = os.path.join(charm_dir(), "files", "rsyncd-systemd.service")
315 shutil.copyfile(src, "/etc/systemd/system/rsyncd@.service")
316 file_from_template("rsyncd-systemd-socket.tmpl", "/etc/systemd/system/rsyncd.socket", tmpl_data)
317 log("CHARM: Starting up / reloading rsyncd.socket")
318 check_call('systemctl daemon-reload'.split())
319 check_call('systemctl enable rsyncd.socket'.split())
320 check_call('systemctl start rsyncd.socket'.split())
308321
309 log("CHARM: Finished configuring rsync server")322 log("CHARM: Finished configuring rsync server")
310323
diff --git a/templates/rsyncd-systemd-socket.tmpl b/templates/rsyncd-systemd-socket.tmpl
311new file mode 100644324new file mode 100644
index 0000000..33c8676
--- /dev/null
+++ b/templates/rsyncd-systemd-socket.tmpl
@@ -0,0 +1,12 @@
1[Unit]
2Description=fast remote file copy program daemon (Rsync Server Socket)
3Conflicts=rsyncd.service
4
5[Socket]
6ListenStream=873
7Accept=yes
8MaxConnections=${max_connections}
9MaxConnectionsPerSource=${max_connections_per_source}
10
11[Install]
12WantedBy=sockets.target

Subscribers

People subscribed via source and target branches