# bacula class -- defines all the variables we care about in our bacula deployment
+#
+# @param ssl_ca_path full path and filename specifying a PEM encoded TLS CA certificate(s)
+# @param ssl_client_cert path to TLS client certificate
+# @param ssl_client_key path to TLS client certificate key
+# @param ssl_server_cert path to TLS server certificate
+# @param ssl_server_key path to TLS server certificate key
+# @param email_all email address for all reports
+# @param email_error email address for errors
+# @param email_operator email address for the operator (to mount tapes etc)
+# @param email_daemon email address for messages from the daemon
+# @param public_addresses this host's public IP addresses. The ones it connects out from and is reachable from outsite.
+# @param has_ipv4 daemons should listen on ipv4
+# @param has_ipv6 daemons should listen on ipv6
class bacula (
- String $bacula_operator_email = 'bacula-reports@admin.debian.org',
- String $bacula_director_name = 'debian-dir',
- String $bacula_storage_name = 'debian-sd',
- String $bacula_client_name = "${::fqdn}-fd",
- String $bacula_monitor_name = 'debian-mon',
- String $bacula_filestor_name = 'File',
- String $bacula_filestor_device = 'FileStorage',
- String $bacula_pool_name = 'debian',
+ String $ssl_ca_path,
+ String $ssl_client_cert,
+ String $ssl_client_key,
+ String $ssl_server_cert,
+ String $ssl_server_key,
- # use IP address for ferm.
- String $bacula_director_ip_addrs = '5.153.231.19 2001:41c8:1000:21::21:19',
- String $bacula_director_address = 'dinis.debian.org',
- Integer $bacula_director_port = 9101,
- String $bacula_storage_address = 'storace.debian.org',
- Integer $bacula_storage_port = 9103,
- Integer $bacula_client_port = 9102,
- String $bacula_db_address = 'danzi.debian.org',
- Integer $bacula_db_port = 5433,
-
- String $bacula_backup_path = '/srv/bacula',
-
- String $bacula_director_secret = hkdf('/etc/puppet/secret', "bacula-dir-${::hostname}"),
- String $bacula_db_secret = hkdf('/etc/puppet/secret', "bacula-db-${::hostname}"),
- String $bacula_storage_secret = hkdf('/etc/puppet/secret', "bacula-sd-${bacula_storage_name}"),
- String $bacula_client_secret = hkdf('/etc/puppet/secret', "bacula-fd-${::fqdn}"),
- String $bacula_monitor_secret = hkdf('/etc/puppet/secret', "bacula-monitor-${bacula_director_name}"),
+ Optional[String] $email_all = undef,
+ String $email_error = $email_all ? { true => $email_all, default => 'root@localhost' },
+ String $email_operator = $email_error,
+ String $email_daemon = $email_error,
+ Array[Stdlib::IP::Address] $public_addresses = $base::public_addresses,
+ Boolean $has_ipv4 = $bacula::public_addresses.any |$addr| { $addr =~ Stdlib::IP::Address::V4 },
+ Boolean $has_ipv6 = $bacula::public_addresses.any |$addr| { $addr =~ Stdlib::IP::Address::V6 },
+) {
+ # This file is used by our helper scripts on the director
+ $bacula_dsa_client_list = '/etc/bacula/dsa-clients'
+ $tag_bacula_dsa_client_list = 'bacula::dsa::clientlist'
- String $bacula_ca_path = '/etc/ssl/debian/certs/ca.crt',
- String $bacula_ssl_client_cert = '/etc/ssl/debian/certs/thishost.crt',
- String $bacula_ssl_client_key = '/etc/ssl/private/thishost.key',
- String $bacula_ssl_server_cert = '/etc/ssl/debian/certs/thishost-server.crt',
- String $bacula_ssl_server_key = '/etc/ssl/private/thishost-server.key',
+ $bacula_tls_ca_certificate_file = "TLS CA Certificate File = \"${ssl_ca_path}\""
+ $bacula_tls_client_certificate = "TLS Certificate = \"${ssl_client_cert}\""
+ $bacula_tls_client_key = "TLS Key = \"${ssl_client_key}\""
+ $bacula_tls_server_certificate = "TLS Certificate = \"${ssl_server_cert}\""
+ $bacula_tls_server_key = "TLS Key = \"${ssl_server_key}\""
- String $bacula_dsa_client_list = '/etc/bacula/dsa-clients',
- String $tag_bacula_dsa_client_list = 'bacula::dsa::clientlist',
-) {
file { '/usr/local/sbin/bacula-idle-restart':
- mode => '0555',
- content => template('bacula/bacula-idle-restart.erb'),
+ mode => '0555',
+ source => 'puppet:///modules/bacula/bacula-idle-restart',
}
}
projects / mirror / dsa-puppet.git / blobdiff