Make bacula DB a parameter and template variable again

[mirror/dsa-puppet.git] / modules / bacula / manifests / director.pp

diff --git a/modules/bacula/manifests/director.pp b/modules/bacula/manifests/director.pp
index 880d105..daa0d6b 100644 (file)
--- a/modules/bacula/manifests/director.pp
+++ b/modules/bacula/manifests/director.pp
@@ -1,64 +1,133 @@
-class bacula::director inherits bacula {
+# our bacula director
+#
+# @param bacula_db_address hostname of the postgres server for the catalog DB
+# @param bacula_db_port    port of the postgres server for the catalog DB
+class bacula::director(
+  String  $bacula_db_address = 'postgresql-manda-01.debian.org',
+  Integer $bacula_db_port    = 5432,
+) inherits bacula {
 
-  package {
-    "bacula-director-pgsql": ensure => installed;
-    "bacula-common": ensure => installed;
-    "bacula-common-pgsql": ensure => installed;
+  ensure_packages ( [
+    'bacula-director-pgsql',
+    'bacula-common',
+    'bacula-common-pgsql'
+  ], {
+    ensure => 'installed',
+  })
+
+  service { 'bacula-director':
+    ensure    => running,
+    enable    => true,
+    hasstatus => true,
+    require   => Package['bacula-director-pgsql']
+  }
+  dsa_systemd::override { 'bacula-director':
+    content => @(EOT)
+      [Unit]
+      After=unbound.service
+      | EOT
   }
 
-  service {
-    "bacula-director":
-      ensure => running,
-      enable => true,
-      hasstatus => true,
-      require => Package["bacula-director-pgsql"];
-  }
-  file {
-    "/etc/bacula/conf.d":
-      ensure  => directory,
-      mode => 755,
-      group => bacula,
-      purge => true
-      notify  => Exec["bacula-director restart"]
-      ;
-    "/etc/bacula/bacula-dir.conf":
-      content => template("bacula/bacula-dir.conf.erb"),
-      mode => 440,
-      group => bacula,
-      require => Package["bacula-director-pgsql"],
-      notify  => Exec["bacula-director restart"]
-      ;
+  exec { 'bacula-director reload':
+    path        => '/usr/bin:/usr/sbin:/bin:/sbin',
+    command     => 'service bacula-director reload',
+    refreshonly => true,
   }
 
-  exec {
-    "bacula-director restart":
-      path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
-      refreshonly => true;
+  file { '/etc/bacula/conf.d':
+    ensure  => directory,
+    mode    => '0755',
+    group   => bacula,
+    purge   => true,
+    force   => true,
+    recurse => true,
+    source  => 'puppet:///files/empty/',
+    notify  => Exec['bacula-director reload']
+  }
+
+  file { '/etc/bacula/bacula-dir.conf':
+    content => template('bacula/bacula-dir.conf.erb'),
+    mode    => '0440',
+    group   => bacula,
+    require => Package['bacula-director-pgsql'],
+    notify  => Exec['bacula-director reload']
+  }
+
+  file { '/etc/bacula/conf.d/empty.conf':
+    content => '',
+    mode    => '0440',
+    group   => bacula,
+    require => Package['bacula-director-pgsql'],
+    notify  => Exec['bacula-director reload']
+  }
+
+  Bacula::Node<<| |>>
+
+  package { 'bacula-console':
+    ensure => installed;
   }
 
-  define bacula_client() {
-    # These must be kept in sync with the settings in bacula.pp
-    $bacula_client_name       = "${name}-fd"
-    $bacula_client_secret     = hmac("/etc/puppet/secret", "bacula-fd-${name}")
-    $client = $name
+  file { '/etc/bacula/bconsole.conf':
+    content => template('bacula/bconsole.conf.erb'),
+    mode    => '0640',
+    group   => bacula,
+    require => Package['bacula-console']
+  }
 
-    file {
-      "/etc/bacula/conf.d/${name}.conf":
-      content => template("bacula/per-client.conf.erb"),
-      mode => 440,
-      group => bacula,
-      notify  => Exec["bacula-director restart"]
-      ;
-    }
-  }
-  $allhosts = keys($site::allnodeinfo)
+  package { 'python3-psycopg2': ensure => installed }
+  file { '/etc/bacula/scripts/volume-purge-action':
+    mode   => '0555',
+    source => 'puppet:///modules/bacula/volume-purge-action',
+    ;
+  }
+  file { '/etc/bacula/scripts/volumes-delete-old':
+    mode   => '0555',
+    source => 'puppet:///modules/bacula/volumes-delete-old',
+    ;
+  }
+  file { '/etc/bacula/storages-list.d':
+    ensure  => directory,
+    mode    => '0755',
+    group   => bacula,
+    purge   => true,
+    force   => true,
+    recurse => true,
+    source  => 'puppet:///files/empty/',
+  }
+  file { '/usr/local/sbin/dsa-bacula-scheduler':
+    source => 'puppet:///modules/bacula/dsa-bacula-scheduler',
+    mode   => '0555',
+  }
 
-  bacula_client { $allhosts: }
+  file { '/etc/cron.d/puppet-bacula-stuff': ensure => absent, }
+  concat::fragment { 'puppet-crontab--bacula-director':
+    target  => '/etc/cron.d/puppet-crontab',
+    content => @(EOF)
+      @daily root chronic /etc/bacula/scripts/volume-purge-action -v
+      @daily root chronic /etc/bacula/scripts/volumes-delete-old -v
+      */3 * * * * root sleep $(( $RANDOM \% 60 )); flock -w 0 -e /usr/local/sbin/dsa-bacula-scheduler /usr/local/sbin/dsa-bacula-scheduler
+      | EOF
+  }
 
-  @ferm::rule { 'dsa-bacula-dir':
-    domain      => '(ip ip6)',
-    description => 'Allow bacula access from localhost',
-    rule        => "proto tcp mod state state (NEW) dport (bacula-dir) saddr ($bacula_director_address localhost) ACCEPT",
+  concat { $bacula::bacula_dsa_client_list:
+  }
+  concat::fragment { 'bacula-dsa-client-list::header' :
+    target  => $bacula::bacula_dsa_client_list,
+    content => '',
+    order   => '00',
   }
+  Concat::Fragment <<| tag == $bacula::tag_bacula_dsa_client_list |>>
 
+  @@ferm::rule::simple { "bacula::director-to-fd::${::fqdn}":
+    tag         => "bacula::director-to-fd::${::fqdn}",
+    description => 'Allow bacula-fd from the bacula-director',
+    port        => '7', # overridden on collecting
+    saddr       => $bacula::public_addresses,
+  }
+  @@ferm::rule::simple { "bacula::director-to-storage::${::fqdn}":
+    tag         => "bacula::director-to-storage::${::fqdn}",
+    description => 'Allow bacula-storage access from the bacula-director',
+    chain       => 'bacula-sd',
+    saddr       => $bacula::public_addresses,
+  }
 }