modules/bacula/manifests/storage.pp

   1 class bacula::storage inherits bacula {
   2
   3         package { 'bacula-sd':
   4                 ensure => installed
   5         }
   6
   7         service { 'bacula-sd':
   8                 ensure    => running,
   9                 enable    => true,
  10                 hasstatus => true,
  11         }
  12         systemd::override { 'bacula-sd':
  13                 content => @(EOT)
  14                         [Service]
  15                         Group=bacula
  16                         SupplementaryGroups=ssl-cert
  17                         | EOT
  18         }
  19
  20         exec { 'bacula-sd restart-when-idle':
  21                 path        => '/usr/bin:/usr/sbin:/bin:/sbin',
  22                 command     => 'sh -c "setsid /usr/local/sbin/bacula-idle-restart sd &"',
  23                 refreshonly => true,
  24                 subscribe   => File[$bacula_ssl_server_cert],
  25                 require     => File['/usr/local/sbin/bacula-idle-restart'],
  26         }
  27
  28
  29         file { '/etc/bacula/bacula-sd.conf':
  30                 content => template('bacula/bacula-sd.conf.erb'),
  31                 mode    => '0640',
  32                 group   => bacula,
  33                 notify  => Exec['bacula-sd restart-when-idle']
  34         }
  35
  36         file { '/etc/bacula/storage-conf.d':
  37                 ensure  => directory,
  38                 mode    => '0755',
  39                 group   => bacula,
  40                 purge   => true,
  41                 force   => true,
  42                 recurse => true,
  43                 source  => 'puppet:///files/empty/',
  44                 notify  => Exec['bacula-sd restart-when-idle']
  45         }
  46
  47         @ferm::rule { 'dsa-bacula-sd-v4':
  48                 domain      => '(ip)',
  49                 description => 'Allow bacula-sd access from director and clients',
  50                 rule        => 'proto tcp mod state state (NEW) dport (bacula-sd) @subchain \'bacula-sd\' { saddr ($HOST_DEBIAN_V4 5.153.231.125 5.153.231.126) ACCEPT; }',
  51                 notarule    => true,
  52         }
  53
  54         @ferm::rule { 'dsa-bacula-sd-v6':
  55                 domain      => '(ip6)',
  56                 description => 'Allow bacula-sd access from director and clients',
  57                 rule        => 'proto tcp mod state state (NEW) dport (bacula-sd) @subchain \'bacula-sd\' { saddr ($HOST_DEBIAN_V6) ACCEPT; }',
  58                 notarule    => true,
  59         }
  60
  61         file { '/etc/bacula/storage-conf.d/empty.conf':
  62                 content => '',
  63                 mode    => '0440',
  64                 group   => bacula,
  65                 notify  => Exec['bacula-sd restart-when-idle']
  66         }
  67
  68         file { "${bacula_backup_path}/Catalog":
  69                 ensure  => directory,
  70                 mode    => '0755',
  71                 owner   => bacula,
  72                 group   => bacula,
  73                 ;
  74         }
  75
  76         package { 'python3-psycopg2': ensure => installed }
  77         file { '/usr/local/bin/bacula-unlink-removed-volumes':
  78                 source  => 'puppet:///modules/bacula/bacula-unlink-removed-volumes',
  79                 mode    => '0555',
  80         }
  81         file { "/etc/cron.d/puppet-bacula-storage-stuff": ensure => absent, }
  82         concat::fragment { 'dsa-puppet-stuff--bacula-storage':
  83                 target => '/etc/cron.d/dsa-puppet-stuff',
  84                 content  => @(EOF)
  85                         @daily bacula chronic /usr/local/bin/bacula-unlink-removed-volumes -v
  86                         | EOF
  87         }
  88
  89         Bacula::Storage_per_node<<| |>>
  90 }