Make bacula DB a parameter and template variable again

[mirror/dsa-puppet.git] / modules / bacula / manifests / director.pp

diff --git a/modules/bacula/manifests/director.pp b/modules/bacula/manifests/director.pp
index 1f04407..daa0d6b 100644 (file)
--- a/modules/bacula/manifests/director.pp
+++ b/modules/bacula/manifests/director.pp
@@ -1,9 +1,19 @@
 # our bacula director
-class bacula::director inherits bacula {
+#
+# @param bacula_db_address hostname of the postgres server for the catalog DB
+# @param bacula_db_port    port of the postgres server for the catalog DB
+class bacula::director(
+  String  $bacula_db_address = 'postgresql-manda-01.debian.org',
+  Integer $bacula_db_port    = 5432,
+) inherits bacula {
 
-  package { ['bacula-director-pgsql', 'bacula-common', 'bacula-common-pgsql']:
-    ensure => installed
-  }
+  ensure_packages ( [
+    'bacula-director-pgsql',
+    'bacula-common',
+    'bacula-common-pgsql'
+  ], {
+    ensure => 'installed',
+  })
 
   service { 'bacula-director':
     ensure    => running,
@@ -66,13 +76,13 @@ class bacula::director inherits bacula {
 
   package { 'python3-psycopg2': ensure => installed }
   file { '/etc/bacula/scripts/volume-purge-action':
-    mode    => '0555',
-    source  => 'puppet:///modules/bacula/volume-purge-action',
+    mode   => '0555',
+    source => 'puppet:///modules/bacula/volume-purge-action',
     ;
   }
   file { '/etc/bacula/scripts/volumes-delete-old':
-    mode    => '0555',
-    source  => 'puppet:///modules/bacula/volumes-delete-old',
+    mode   => '0555',
+    source => 'puppet:///modules/bacula/volumes-delete-old',
     ;
   }
   file { '/etc/bacula/storages-list.d':
@@ -85,14 +95,14 @@ class bacula::director inherits bacula {
     source  => 'puppet:///files/empty/',
   }
   file { '/usr/local/sbin/dsa-bacula-scheduler':
-    source  => 'puppet:///modules/bacula/dsa-bacula-scheduler',
-    mode    => '0555',
+    source => 'puppet:///modules/bacula/dsa-bacula-scheduler',
+    mode   => '0555',
   }
 
-  file { "/etc/cron.d/puppet-bacula-stuff": ensure => absent, }
-  concat::fragment { 'dsa-puppet-stuff--bacula-director':
-    target => '/etc/cron.d/dsa-puppet-stuff',
-    content  => @(EOF)
+  file { '/etc/cron.d/puppet-bacula-stuff': ensure => absent, }
+  concat::fragment { 'puppet-crontab--bacula-director':
+    target  => '/etc/cron.d/puppet-crontab',
+    content => @(EOF)
       @daily root chronic /etc/bacula/scripts/volume-purge-action -v
       @daily root chronic /etc/bacula/scripts/volumes-delete-old -v
       */3 * * * * root sleep $(( $RANDOM \% 60 )); flock -w 0 -e /usr/local/sbin/dsa-bacula-scheduler /usr/local/sbin/dsa-bacula-scheduler
@@ -102,9 +112,22 @@ class bacula::director inherits bacula {
   concat { $bacula::bacula_dsa_client_list:
   }
   concat::fragment { 'bacula-dsa-client-list::header' :
-    target => $bacula::bacula_dsa_client_list,
-    content  => "",
-    order  => '00',
+    target  => $bacula::bacula_dsa_client_list,
+    content => '',
+    order   => '00',
   }
   Concat::Fragment <<| tag == $bacula::tag_bacula_dsa_client_list |>>
+
+  @@ferm::rule::simple { "bacula::director-to-fd::${::fqdn}":
+    tag         => "bacula::director-to-fd::${::fqdn}",
+    description => 'Allow bacula-fd from the bacula-director',
+    port        => '7', # overridden on collecting
+    saddr       => $bacula::public_addresses,
+  }
+  @@ferm::rule::simple { "bacula::director-to-storage::${::fqdn}":
+    tag         => "bacula::director-to-storage::${::fqdn}",
+    description => 'Allow bacula-storage access from the bacula-director',
+    chain       => 'bacula-sd',
+    saddr       => $bacula::public_addresses,
+  }
 }