stop using virtual resources for ferm::rule

[mirror/dsa-puppet.git] / modules / bacula / manifests / client.pp

diff --git a/modules/bacula/manifests/client.pp b/modules/bacula/manifests/client.pp
index c75a376..3027930 100644 (file)
--- a/modules/bacula/manifests/client.pp
+++ b/modules/bacula/manifests/client.pp
@@ -1,8 +1,18 @@
 class bacula::client inherits bacula {
-       @@bacula::storage-per-node { $::fqdn: }
+       @@bacula::storage_per_node { $::fqdn: }
 
-       if $::hostname in [beethoven, berlioz, biber, diabelli, dinis, draghi, geo3, kaufmann, lully, master, picconi, pejacevic, reger, schumann, soler, vento, vieuxtemps, wilder, wolkenstein] {
-               @@bacula::node { $::fqdn: }
+       if ! getfromhash($site::nodeinfo, 'not-bacula-client') {
+               @@bacula::node { $::fqdn:
+                       bacula_client_port => $bacula::bacula_client_port,
+               }
+
+               @@concat::fragment { "bacula-dsa-client-list::$fqdn":
+                       target => $bacula::bacula_dsa_client_list ,
+                       content  => @("EOF"),
+                                       ${fqdn}
+                                       | EOF
+                       tag     => $bacula::tag_bacula_dsa_client_list,
+               }
        }
 
        package { ['bacula-fd']:
@@ -20,7 +30,7 @@ class bacula::client inherits bacula {
                path        => '/usr/bin:/usr/sbin:/bin:/sbin',
                command     => 'sh -c "setsid /usr/local/sbin/bacula-idle-restart fd &"',
                refreshonly => true,
-               subscribe   => File['/etc/ssl/debian/certs/thishost.crt'],
+               subscribe   => [ File[$bacula_ssl_server_cert], File[$bacula_ssl_client_cert] ],
                require     => File['/usr/local/sbin/bacula-idle-restart'],
        }
 
@@ -30,7 +40,11 @@ class bacula::client inherits bacula {
                owner   => root,
                group   => bacula,
                require => Package['bacula-fd'],
-               notify  => Service['bacula-fd'],
+               notify  => Exec['bacula-fd restart-when-idle'],
+       }
+       file { '/usr/local/sbin/bacula-backup-dirs':
+               mode    => '0775',
+               source  => 'puppet:///modules/bacula/bacula-backup-dirs',
        }
        file { '/usr/local/sbin/postbaculajob':
                mode    => '0775',
@@ -44,28 +58,30 @@ class bacula::client inherits bacula {
                require => Package['bacula-fd'],
                notify  => Service['bacula-fd'],
        }
-       if $::lsbmajdistrelease < 7 {
-               file { '/etc/apt/preferences.d/dsa-bacula-client':
-                       content => template('bacula/apt.preferences.bacula-client.erb'),
-                       mode    => '0444',
-                       owner   => root,
-                       group   => root,
+       if (versioncmp($::lsbmajdistrelease, '9') >= 0 and $systemd) {
+               # old name for the override content
+               file { '/etc/systemd/system/bacula-fd.service.d/user.conf':
+                       ensure  => absent,
+               }
+               dsa_systemd::override { 'bacula-fd':
+                       content => @(EOT)
+                               [Service]
+                               ExecStart=
+                               ExecStart=/usr/sbin/bacula-fd -c $CONFIG -f -u bacula -k
+                               | EOT
                }
        } else {
-               file { '/etc/apt/preferences.d/dsa-bacula-client':
-                       ensure => absent
+               file { '/etc/systemd/system/bacula-fd.service.d/user.conf':
+                       ensure  => absent,
+               }
+               dsa_systemd::override { 'bacula-fd':
+                       ensure  => absent,
                }
        }
 
-       @ferm::rule { 'dsa-bacula-fd-v4':
-               domain      => '(ip)',
+       ferm::rule { 'dsa-bacula-fd':
+               domain      => '(ip ip6)',
                description => 'Allow bacula access from storage and director',
-               rule        => "proto tcp mod state state (NEW) dport (bacula-fd) saddr (${bacula_director_ip}) ACCEPT",
+               rule        => "proto tcp mod state state (NEW) dport (${bacula_client_port}) saddr (${bacula_director_ip_addrs}) ACCEPT",
        }
-
-       #@ferm::rule { 'dsa-bacula-fd-v6':
-       #       domain      => '(ip6)',
-       #       description => 'Allow bacula access from storage and director',
-       #       rule        => "proto tcp mod state state (NEW) dport (bacula-fd) saddr (${bacula_director_ip6}) ACCEPT",
-       #}
 }