+ # used by e.g. bconsole
+ $director_secret = hkdf('/etc/puppet/secret', "bacula-dir-${::fqdn}")
+ # the RestoreFiles Job needs a Pool and a client. Any valid pool and client.
+ $some_pool_name = "poolfull-${pool_name}-${director_address}"
+ $some_client_name = "${director_address}-fd"
+
+ # let the SD know we exist
+ @@bacula::storage::director{ $::fqdn:
+ tag => 'bacula::to-storage',
+ director_name => $director_name,
+ director_address => $director_address,
+ messages_name => $messages_name,
+ }
+ # let FDs know we exist
+ @@bacula::client::director{ $::fqdn:
+ tag => "bacula::to-fd::${director_address}",
+ director_name => $director_name,
+ director_address => $director_address,
+ messages_name => $messages_name,
+ }
+
+ ensure_packages ( [
+ 'bacula-director-pgsql',
+ 'bacula-common',
+ 'bacula-common-pgsql'
+ ], {
+ ensure => 'installed',
+ })
+
+ service { 'bacula-director':
+ ensure => running,
+ enable => true,
+ hasstatus => true,
+ require => Package['bacula-director-pgsql']
+ }
+ dsa_systemd::override { 'bacula-director':
+ content => @(EOT)
+ [Unit]
+ After=unbound.service
+ | EOT
+ }
+
+ exec { 'bacula-director reload':
+ path => '/usr/bin:/usr/sbin:/bin:/sbin',
+ command => 'service bacula-director reload',
+ refreshonly => true,
+ }
+
+ file { '/etc/bacula/conf.d':
+ ensure => directory,
+ mode => '0755',
+ group => bacula,
+ purge => true,
+ force => true,
+ recurse => true,
+ notify => Exec['bacula-director reload']
+ }
+
+ file { '/etc/bacula/bacula-dir.conf':
+ content => template('bacula/bacula-dir.conf.erb'),
+ mode => '0440',
+ group => bacula,
+ require => Package['bacula-director-pgsql'],
+ notify => Exec['bacula-director reload']
+ }
+
+ file { '/etc/bacula/conf.d/empty.conf':
+ content => '',
+ mode => '0440',
+ group => bacula,
+ require => Package['bacula-director-pgsql'],
+ notify => Exec['bacula-director reload']
+ }
+
+ Bacula::Director::Client <<| tag == "bacula::to-director::${::fqdn}" |>>
+ Bacula::Director::Client_from_storage<<| tag == "bacula::to-director::${::fqdn}" |>>
+
+ package { 'bacula-console':
+ ensure => installed;
+ }
+
+ file { '/etc/bacula/bconsole.conf':
+ content => template('bacula/bconsole.conf.erb'),
+ mode => '0640',
+ group => bacula,
+ require => Package['bacula-console']
+ }
+
+ package { 'python3-psycopg2': ensure => installed }
+ file { '/etc/bacula/scripts/volume-purge-action':
+ mode => '0555',
+ source => 'puppet:///modules/bacula/volume-purge-action',
+ ;
+ }
+ file { '/etc/bacula/scripts/volumes-delete-old':
+ mode => '0555',
+ source => 'puppet:///modules/bacula/volumes-delete-old',
+ ;
+ }
+ file { '/etc/bacula/storages-list.d':
+ ensure => directory,
+ mode => '0755',
+ group => bacula,
+ purge => true,
+ force => true,
+ recurse => true,
+ }
+ file { '/usr/local/sbin/dsa-bacula-scheduler':
+ source => 'puppet:///modules/bacula/dsa-bacula-scheduler',
+ mode => '0555',
+ }
+
+ file { '/etc/cron.d/puppet-bacula-stuff': ensure => absent, }
+ concat::fragment { 'puppet-crontab--bacula-director':
+ target => '/etc/cron.d/puppet-crontab',
+ content => @("EOF"/$)
+ @daily root chronic /etc/bacula/scripts/volume-purge-action -v
+ @daily root chronic /etc/bacula/scripts/volumes-delete-old -v --token '${pool_name}'
+ */3 * * * * root sleep $(( \$RANDOM \\% 60 )); flock -w 0 -e /usr/local/sbin/dsa-bacula-scheduler /usr/local/sbin/dsa-bacula-scheduler
+ | EOF
+ }
+
+ concat { $bacula::bacula_dsa_client_list:
+ ensure_newline => true,
+ }
+ Concat::Fragment <<| tag == $bacula::tag_bacula_dsa_client_list |>>
+
+ @@ferm::rule::simple { "bacula::director-to-fd::${::fqdn}":
+ tag => "bacula::director-to-fd::${::fqdn}",
+ description => 'Allow bacula-fd from the bacula-director',
+ port => '7', # overridden on collecting
+ saddr => $bacula::public_addresses,
+ }
+ @@ferm::rule::simple { "bacula::director-to-storage::${::fqdn}":
+ tag => 'bacula::director-to-storage',
+ description => 'Allow bacula-storage access from the bacula-director',
+ chain => 'bacula-sd',
+ saddr => $bacula::public_addresses,
+ }