-class bacula::director inherits bacula {
+# our bacula director
+#
+# @param pool_name A token to be used in pool names
+# @param db_address hostname of the postgres server for the catalog DB
+# @param db_port port of the postgres server for the catalog DB
+# @param db_name DB name for the catalog DB
+# @param db_user username for the postgres server for the catalog DB
+# @param db_password password for the postgres server for the catalog DB
+# @param port_dir Port that the director should listen on
+# @param db_sslca SSL CA store for DB access
+# @param director_name bacula name of this dir instance
+# @param director_address address of this dir instance that other instances should connect to (dns name)
+# @param messages_name name of the Messages Resource
+class bacula::director(
+ String $db_address = 'localhost',
+ Integer $db_port = 5432,
+ String $db_name = 'bacula',
+ String $db_user = 'bacula',
+ String $db_password = hkdf('/etc/puppet/secret', "bacula-db-${::hostname}"),
+ String $pool_name = 'bacula',
+ Integer $port_dir = 9101,
+ Optional[String] $db_sslca = undef,
+ String $director_name = "${::fqdn}-dir",
+ Stdlib::Host $director_address = $::fqdn,
+ String $messages_name = "Msg-${::fqdn}",
+) inherits bacula {
- package {
- "bacula-director-pgsql": ensure => installed;
- "bacula-common": ensure => installed;
- "bacula-common-pgsql": ensure => installed;
+ # used by e.g. bconsole
+ $director_secret = hkdf('/etc/puppet/secret', "bacula-dir-${::fqdn}")
+ # the RestoreFiles Job needs a Pool and a client. Any valid pool and client.
+ $some_pool_name = "poolfull-${pool_name}-${director_address}"
+ $some_client_name = "${director_address}-fd"
+
+ # let the SD know we exist
+ @@bacula::storage::director{ $::fqdn:
+ tag => 'bacula::to-storage',
+ director_name => $director_name,
+ director_address => $director_address,
+ messages_name => $messages_name,
+ }
+ # let FDs know we exist
+ @@bacula::client::director{ $::fqdn:
+ tag => "bacula::to-fd::${director_address}",
+ director_name => $director_name,
+ director_address => $director_address,
+ messages_name => $messages_name,
+ }
+
+ ensure_packages ( [
+ 'bacula-director-pgsql',
+ 'bacula-common',
+ 'bacula-common-pgsql'
+ ], {
+ ensure => 'installed',
+ })
+
+ service { 'bacula-director':
+ ensure => running,
+ enable => true,
+ hasstatus => true,
+ require => Package['bacula-director-pgsql']
+ }
+ dsa_systemd::override { 'bacula-director':
+ content => @(EOT)
+ [Unit]
+ After=network-online.target unbound.service
+ | EOT
+ }
+
+ exec { 'bacula-director reload':
+ path => '/usr/bin:/usr/sbin:/bin:/sbin',
+ command => 'service bacula-director reload',
+ refreshonly => true,
+ }
+
+ file { '/etc/bacula/conf.d':
+ ensure => directory,
+ mode => '0755',
+ group => bacula,
+ purge => true,
+ force => true,
+ recurse => true,
+ notify => Exec['bacula-director reload']
+ }
+
+ file { '/etc/bacula/bacula-dir.conf':
+ content => template('bacula/bacula-dir.conf.erb'),
+ mode => '0440',
+ group => bacula,
+ require => Package['bacula-director-pgsql'],
+ notify => Exec['bacula-director reload']
}
- service {
- "bacula-director":
- ensure => running,
- enable => true,
- hasstatus => true,
- require => Package["bacula-director-pgsql"];
- }
- file {
- "/etc/bacula/conf.d":
- ensure => directory,
- mode => 755,
- group => bacula,
- purge => true,
- notify => Exec["bacula-director restart"]
- ;
- "/etc/bacula/bacula-dir.conf":
- content => template("bacula/bacula-dir.conf.erb"),
- mode => 440,
- group => bacula,
- require => Package["bacula-director-pgsql"],
- notify => Exec["bacula-director restart"]
- ;
+ file { '/etc/bacula/conf.d/empty.conf':
+ content => '',
+ mode => '0440',
+ group => bacula,
+ require => Package['bacula-director-pgsql'],
+ notify => Exec['bacula-director reload']
}
- exec {
- "bacula-director restart":
- path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
- refreshonly => true;
+ Bacula::Director::Client_from_storage<<| tag == "bacula::to-director::${::fqdn}" |>>
+ Bacula::Director::Client <<| tag == "bacula::to-director::${::fqdn}" |>>
+
+ package { 'bacula-console':
+ ensure => installed;
}
- define bacula_client() {
- # These must be kept in sync with the settings in bacula.pp
- $bacula_client_name = "${name}-fd"
- $bacula_client_secret = hmac("/etc/puppet/secret", "bacula-fd-${name}")
- $client = $name
+ file { '/etc/bacula/bconsole.conf':
+ content => template('bacula/bconsole.conf.erb'),
+ mode => '0640',
+ group => bacula,
+ require => Package['bacula-console']
+ }
- file {
- "/etc/bacula/conf.d/${name}.conf":
- content => template("bacula/per-client.conf.erb"),
- mode => 440,
- group => bacula,
- notify => Exec["bacula-director restart"]
- ;
- }
- }
-# $allhosts = keys($site::allnodeinfo)
- $allhosts = [ "berlioz.debian.org", "biber.debian.org", "draghi.debian.org" ]
- bacula_client { $allhosts: }
+ package { 'python3-psycopg2': ensure => installed }
+ file { '/etc/bacula/scripts/volume-purge-action':
+ mode => '0555',
+ source => 'puppet:///modules/bacula/volume-purge-action',
+ ;
+ }
+ file { '/etc/bacula/scripts/volumes-delete-old':
+ mode => '0555',
+ source => 'puppet:///modules/bacula/volumes-delete-old',
+ ;
+ }
+ file { '/etc/bacula/storages-list.d':
+ ensure => directory,
+ mode => '0755',
+ group => bacula,
+ purge => true,
+ force => true,
+ recurse => true,
+ }
+ file { '/usr/local/sbin/dsa-bacula-scheduler':
+ source => 'puppet:///modules/bacula/dsa-bacula-scheduler',
+ mode => '0555',
+ }
+
+ file { '/etc/cron.d/puppet-bacula-stuff': ensure => absent, }
+ concat::fragment { 'puppet-crontab--bacula-director':
+ target => '/etc/cron.d/puppet-crontab',
+ content => @("EOF"/$)
+ @daily root chronic /etc/bacula/scripts/volume-purge-action -v
+ @daily root chronic /etc/bacula/scripts/volumes-delete-old -v --token '${pool_name}'
+ */3 * * * * root sleep $(( \$RANDOM \\% 60 )); flock -w 0 -e /usr/local/sbin/dsa-bacula-scheduler /usr/local/sbin/dsa-bacula-scheduler
+ | EOF
+ }
- @ferm::rule { 'dsa-bacula-dir':
- domain => '(ip ip6)',
- description => 'Allow bacula access from localhost',
- rule => "proto tcp mod state state (NEW) dport (bacula-dir) saddr ($bacula_director_address localhost) ACCEPT",
+ concat { $bacula::bacula_dsa_client_list:
+ ensure_newline => true,
}
+ Concat::Fragment <<| tag == $bacula::tag_bacula_dsa_client_list |>>
+ @@ferm::rule::simple { "bacula::director-to-fd::${::fqdn}":
+ tag => "bacula::director-to-fd::${::fqdn}",
+ description => 'Allow bacula-fd from the bacula-director',
+ port => '7', # overridden on collecting
+ saddr => $bacula::public_addresses,
+ }
+ @@ferm::rule::simple { "bacula::director-to-storage::${::fqdn}":
+ tag => 'bacula::director-to-storage',
+ description => 'Allow bacula-storage access from the bacula-director',
+ chain => 'bacula-sd',
+ saddr => $bacula::public_addresses,
+ }
}
projects / mirror / dsa-puppet.git / blobdiff