# bacula class -- defines all the variables we care about in our bacula deployment
#
# @param operator_email email address for reports
+# @param do_ssl use TLS between systems
+# @param ssl_ca_path full path and filename specifying a PEM encoded TLS CA certificate(s)
# @param public_addresses this host's public IP addresses. The ones it connects out from and is reachable from outsite.
# @param has_ipv4 daemons should listen on ipv4
# @param has_ipv6 daemons should listen on ipv6
class bacula (
String $operator_email = 'root@localhost',
-
- String $bacula_ssl_ca_path = '/etc/ssl/debian/certs/ca.crt',
+ Boolean $do_ssl = true,
+ Optional[String] $ssl_ca_path,
String $bacula_ssl_client_cert = '/etc/ssl/debian/certs/thishost.crt',
String $bacula_ssl_client_key = '/etc/ssl/private/thishost.key',
String $bacula_ssl_server_cert = '/etc/ssl/debian/certs/thishost-server.crt',
$bacula_dsa_client_list = '/etc/bacula/dsa-clients'
$tag_bacula_dsa_client_list = 'bacula::dsa::clientlist'
+ if $do_ssl {
+ if !$ssl_ca_path { fail('Need ssl_ca_path with do_ssl') }
+
+ $bacula_tls_ca_certificate_file = "TLS CA Certificate File = \"${ssl_ca_path}\""
+ } else {
+ $bacula_tls_ca_certificate_file = ''
+ }
+
+
file { '/usr/local/sbin/bacula-idle-restart':
mode => '0555',
source => 'puppet:///modules/bacula/bacula-idle-restart',