projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
limit -sd access to bacula clients and the director
[mirror/dsa-puppet.git] / modules / bacula / manifests / client.pp
diff --git a/modules/bacula/manifests/client.pp b/modules/bacula/manifests/client.pp
index 4172224..dfeb176 100644 (file)
--- a/modules/bacula/manifests/client.pp
+++ b/modules/bacula/manifests/client.pp
@@ -29,6 +29,14 @@ class bacula::client(
     Ferm::Rule::Simple <<| tag == "bacula::director-to-fd::${bacula::bacula_director_address}" |>> {
       port => $bacula::bacula_client_port,
     }
+
+    # get access to the storage
+    @@ferm::rule::simple { "bacula::fd-to-storage::${::fqdn}":
+      tag         => "bacula::director-to-storage::${bacula::bacula_storage_address}",
+      description => 'Allow bacula-fd access to the bacula-storage',
+      chain       => 'bacula-sd',
+      saddr       => $bacula::public_addresses,
+    }
   } elsif $ensure == 'absent' {
     file { '/etc/bacula':
       ensure  => absent,
Unnamed repository; edit this file 'description' to name the repository.