path => '/usr/bin:/usr/sbin:/bin:/sbin',
command => 'sh -c "setsid /usr/local/sbin/bacula-idle-restart sd &"',
refreshonly => true,
- subscribe => File[$bacula_ssl_server_cert],
+ subscribe => File[$bacula::bacula_ssl_server_cert],
require => File['/usr/local/sbin/bacula-idle-restart'],
}
notify => Exec['bacula-sd restart-when-idle']
}
- ferm::rule { 'dsa-bacula-sd':
- domain => '(ip ip6)',
- description => 'Allow bacula-sd access from director and clients (i.e. all of Debian)',
- rule => 'proto tcp mod state state (NEW) dport (bacula-sd) @subchain \'bacula-sd\' { saddr ($HOST_DEBIAN) ACCEPT; }',
- notarule => true,
+ # allow access from director and fds
+ ferm::rule::simple { 'dsa-bacula-sd':
+ description => 'Access to the bacula-storage',
+ port => $bacula::bacula_storage_port,
+ target => 'bacula-sd',
}
+ Ferm::Rule::Simple <<| tag == "bacula::director-to-storage::${bacula::bacula_director_address}" |>>;
+ Ferm::Rule::Simple <<| tag == "bacula::fd-to-storage::${::fqdn}" |>>;
file { '/etc/bacula/storage-conf.d/empty.conf':
content => '',
notify => Exec['bacula-sd restart-when-idle']
}
- file { "${bacula_backup_path}/Catalog":
+ file { "${bacula::bacula_backup_path}/Catalog":
ensure => directory,
mode => '0755',
owner => bacula,