Create client name and secret in the fd and ship

[mirror/dsa-puppet.git] / modules / bacula / manifests / client.pp

diff --git a/modules/bacula/manifests/client.pp b/modules/bacula/manifests/client.pp
index 6091786..5e7f337 100644 (file)
--- a/modules/bacula/manifests/client.pp
+++ b/modules/bacula/manifests/client.pp
@@ -3,14 +3,16 @@
 # this mostly configures the file daemon, but also firewall rules and
 # fragments to sent to the other servers.
 #
-# @param director_server The director server that controls this client's backups
-# @param storage_server The storage server to use for this client
-# @param port_fd Port that bacula-fd listens on
-# @param ensure  present or absent
+# @param director_server  director server that controls this client's backups
+# @param storage_server   storage server to use for this client
+# @param port_fd          port that bacula-fd listens on
+# @param client_name      bacula client name for this instance
+# @param ensure           present or absent
 class bacula::client(
   String $director_server,
   String $storage_server,
   Integer $port_fd = 9102,
+  String $client_name = "${::fqdn}-fd",
   Enum['present', 'absent'] $ensure = defined(Class['bacula::not_a_client']) ? { true => 'absent', default => 'present' },
 ) inherits bacula {
   $package_ensure = $ensure ? { 'present' => 'installed', 'absent' => 'purged' }
@@ -18,23 +20,28 @@ class bacula::client(
   $service_enable = $ensure ? { 'present' => true, 'absent' => false }
   $reverse_ensure = $ensure ? { 'present' => 'absent', 'absent' => 'present' }
 
+  $client = $::fqdn
+  $client_secret = hkdf('/etc/puppet/secret', "bacula::director<->fd::${director_server}<->${client}")
+
   if $ensure == 'present' {
-    @@bacula::director::client { $::fqdn:
-      port_fd => $port_fd,
-      client  => $::fqdn,
-      tag     => "bacula::to-director::${director_server}",
+    @@bacula::director::client { $client:
+      port_fd       => $port_fd,
+      client        => $client,
+      client_name   => $client_name,
+      client_secret => $client_name,
+      tag           => "bacula::to-director::${director_server}",
     }
 
-    @@bacula::storage::client { $::fqdn:
+    @@bacula::storage::client { $client:
       tag             => "bacula::to-storage::${storage_server}",
-      client          => $::fqdn,
+      client          => $client,
       director_server => $director_server,
     }
 
-    @@concat::fragment { "bacula-dsa-client-list::${::fqdn}":
+    @@concat::fragment { "bacula-dsa-client-list::${client}":
       target  => $bacula::bacula_dsa_client_list ,
       content => @("EOF"),
-          ${::fqdn}
+          ${client}
           | EOF
       tag     => $bacula::tag_bacula_dsa_client_list,
     }
@@ -45,7 +52,7 @@ class bacula::client(
     }
 
     # get access to the storage
-    @@ferm::rule::simple { "bacula::fd-to-storage::${::fqdn}":
+    @@ferm::rule::simple { "bacula::fd-to-storage::${client}":
       tag         => "bacula::fd-to-storage::${storage_server}",
       description => 'Allow bacula-fd access to the bacula-storage',
       chain       => 'bacula-sd',