# this mostly configures the file daemon, but also firewall rules and
# fragments to sent to the other servers.
#
-# @param director_server The director server that controls this client's backups
-# @param storage_server The storage server to use for this client
-# @param port_fd Port that bacula-fd listens on
-# @param ensure present or absent
+# @param director_server director server that controls this client's backups
+# @param storage_server storage server to use for this client
+# @param port_fd port that bacula-fd listens on
+# @param client_name bacula client name for this instance
+# @param ensure present or absent
class bacula::client(
String $director_server,
String $storage_server,
Integer $port_fd = 9102,
+ String $client_name = "${::fqdn}-fd",
Enum['present', 'absent'] $ensure = defined(Class['bacula::not_a_client']) ? { true => 'absent', default => 'present' },
) inherits bacula {
$package_ensure = $ensure ? { 'present' => 'installed', 'absent' => 'purged' }
$service_enable = $ensure ? { 'present' => true, 'absent' => false }
$reverse_ensure = $ensure ? { 'present' => 'absent', 'absent' => 'present' }
+ $client = $::fqdn
+ $client_secret = hkdf('/etc/puppet/secret', "bacula::director<->fd::${director_server}<->${client}")
+
if $ensure == 'present' {
- @@bacula::director::client { $::fqdn:
- port_fd => $port_fd,
- client => $::fqdn,
- tag => "bacula::to-director::${director_server}",
+ @@bacula::director::client { $client:
+ port_fd => $port_fd,
+ client => $client,
+ client_name => $client_name,
+ client_secret => $client_name,
+ tag => "bacula::to-director::${director_server}",
}
- @@bacula::storage::client { $::fqdn:
+ @@bacula::storage::client { $client:
tag => "bacula::to-storage::${storage_server}",
- client => $::fqdn,
+ client => $client,
director_server => $director_server,
}
- @@concat::fragment { "bacula-dsa-client-list::${::fqdn}":
+ @@concat::fragment { "bacula-dsa-client-list::${client}":
target => $bacula::bacula_dsa_client_list ,
content => @("EOF"),
- ${::fqdn}
+ ${client}
| EOF
tag => $bacula::tag_bacula_dsa_client_list,
}
}
# get access to the storage
- @@ferm::rule::simple { "bacula::fd-to-storage::${::fqdn}":
+ @@ferm::rule::simple { "bacula::fd-to-storage::${client}":
tag => "bacula::fd-to-storage::${storage_server}",
description => 'Allow bacula-fd access to the bacula-storage',
chain => 'bacula-sd',