1 # our bacula client configuration
3 # this mostly configures the file daemon, but also firewall rules and
4 # fragments to sent to the other servers.
6 # @param director_server director server that controls this client's backups
7 # @param storage_server storage server to use for this client
8 # @param port_fd port that bacula-fd listens on
9 # @param client_name bacula client name for this instance
10 # @param ensure present or absent
12 Stdlib::Host $director_server,
13 Stdlib::Host $storage_server,
14 Integer $port_fd = 9102,
15 String $client_name = "${::fqdn}-fd",
16 Enum['present', 'absent'] $ensure = defined(Class['bacula::not_a_client']) ? { true => 'absent', default => 'present' },
18 $package_ensure = $ensure ? { 'present' => 'installed', 'absent' => 'purged' }
19 $service_ensure = $ensure ? { 'present' => 'running', 'absent' => 'stopped' }
20 $service_enable = $ensure ? { 'present' => true, 'absent' => false }
21 $reverse_ensure = $ensure ? { 'present' => 'absent', 'absent' => 'present' }
24 $client_secret = hkdf('/etc/puppet/secret', "bacula::director<->fd::${director_server}<->${client}")
26 if $ensure == 'present' {
27 @@bacula::director::client { $client:
30 client_name => $client_name,
31 client_secret => $client_secret,
32 tag => "bacula::to-director::${director_server}",
35 @@bacula::storage::client { $client:
36 tag => "bacula::to-storage::${storage_server}",
38 director_server => $director_server,
41 @@concat::fragment { "bacula-dsa-client-list::${client}":
42 target => $bacula::bacula_dsa_client_list ,
46 tag => $bacula::tag_bacula_dsa_client_list,
49 # allow access from director
50 Ferm::Rule::Simple <<| tag == "bacula::director-to-fd::${director_server}" |>> {
54 # get access to the storage
55 @@ferm::rule::simple { "bacula::fd-to-storage::${client}":
56 tag => "bacula::fd-to-storage::${storage_server}",
57 description => 'Allow bacula-fd access to the bacula-storage',
59 saddr => $bacula::public_addresses,
61 } elsif $ensure == 'absent' {
74 ensure => $package_ensure
77 service { 'bacula-fd':
78 ensure => $service_ensure,
79 enable => $service_enable,
81 require => Package['bacula-fd']
84 exec { 'bacula-fd restart-when-idle':
85 path => '/usr/bin:/usr/sbin:/bin:/sbin',
86 command => "sh -c 'setsid /usr/local/sbin/bacula-idle-restart ${port_fd} bacula-fd &'",
88 subscribe => [ File[$bacula::bacula_ssl_server_cert], File[$bacula::bacula_ssl_client_cert] ],
89 require => File['/usr/local/sbin/bacula-idle-restart'],
92 file { '/etc/bacula/bacula-fd.conf':
94 content => template('bacula/bacula-fd.conf.erb'),
98 require => Package['bacula-fd'],
99 notify => Exec['bacula-fd restart-when-idle'],
101 file { '/usr/local/sbin/bacula-backup-dirs':
104 source => 'puppet:///modules/bacula/bacula-backup-dirs',
106 file { '/usr/local/sbin/postbaculajob':
109 source => 'puppet:///modules/bacula/postbaculajob',
111 file { '/etc/default/bacula-fd':
113 content => template('bacula/default.bacula-fd.erb'),
117 require => Package['bacula-fd'],
118 notify => Service['bacula-fd'],
120 if (versioncmp($::lsbmajdistrelease, '9') >= 0 and $facts['systemd']) {
121 dsa_systemd::override { 'bacula-fd':
125 ExecStart=/usr/sbin/bacula-fd -c $CONFIG -f -u bacula -k
129 dsa_systemd::override { 'bacula-fd':
projects / mirror / dsa-puppet.git / blob