remove obsolete comment

[mirror/dsa-puppet.git] / modules / bacula / manifests / storage.pp

diff --git a/modules/bacula/manifests/storage.pp b/modules/bacula/manifests/storage.pp
index 09f0d0d..3d9ac3b 100644 (file)
--- a/modules/bacula/manifests/storage.pp
+++ b/modules/bacula/manifests/storage.pp
@@ -21,7 +21,7 @@ class bacula::storage inherits bacula {
     path        => '/usr/bin:/usr/sbin:/bin:/sbin',
     command     => 'sh -c "setsid /usr/local/sbin/bacula-idle-restart sd &"',
     refreshonly => true,
-    subscribe   => File[$bacula_ssl_server_cert],
+    subscribe   => File[$bacula::bacula_ssl_server_cert],
     require     => File['/usr/local/sbin/bacula-idle-restart'],
   }
 
@@ -44,12 +44,14 @@ class bacula::storage inherits bacula {
     notify  => Exec['bacula-sd restart-when-idle']
   }
 
-  ferm::rule { 'dsa-bacula-sd':
-    domain      => '(ip ip6)',
-    description => 'Allow bacula-sd access from director and clients (i.e. all of Debian)',
-    rule        => 'proto tcp mod state state (NEW) dport (bacula-sd) @subchain \'bacula-sd\' { saddr ($HOST_DEBIAN) ACCEPT; }',
-    notarule    => true,
+  # allow access from director and fds
+  ferm::rule::simple { 'dsa-bacula-sd':
+    description => 'Access to the bacula-storage',
+    port        => $bacula::bacula_storage_port,
+    target      => 'bacula-sd',
   }
+  Ferm::Rule::Simple <<| tag == "bacula::director-to-storage::${bacula::bacula_director_address}" |>>;
+  Ferm::Rule::Simple <<| tag == "bacula::fd-to-storage::${::fqdn}" |>>;
 
   file { '/etc/bacula/storage-conf.d/empty.conf':
     content => '',
@@ -58,7 +60,7 @@ class bacula::storage inherits bacula {
     notify  => Exec['bacula-sd restart-when-idle']
   }
 
-  file { "${bacula_backup_path}/Catalog":
+  file { "${bacula::bacula_backup_path}/Catalog":
     ensure => directory,
     mode   => '0755',
     owner  => bacula,