s/bacula_ca_path/bacula_ssl_ca_path/

[mirror/dsa-puppet.git] / modules / bacula / templates / bacula-fd.conf.erb

diff --git a/modules/bacula/templates/bacula-fd.conf.erb b/modules/bacula/templates/bacula-fd.conf.erb
index 51624af..2f9acda 100644 (file)
--- a/modules/bacula/templates/bacula-fd.conf.erb
+++ b/modules/bacula/templates/bacula-fd.conf.erb
@@ -4,21 +4,6 @@
 ##
 #  For Bacula release 5.0.1 (24 February 2010) -- debian 5.0.4
 
-# List Directors who are permitted to contact this File daemon
-Director {
-  Name = <%= @bacula_director_name %>
-  Password = "<%= @client_secret %>"
-
-  TLS Enable = yes
-  TLS Require = yes
-  TLS Verify Peer = yes
-  TLS Allowed CN = "clientcerts/<%= @director_server %>"
-  TLS CA Certificate File = "<%= @bacula_ca_path %>"
-  # This is a server certificate, used for incoming director connections.
-  TLS Certificate = "<%= @bacula_ssl_server_cert %>"
-  TLS Key = "<%= @bacula_ssl_server_key %>"
-}
-
 # "Global" File daemon configuration specifications
 FileDaemon {
   Name = <%= @client_name %>
@@ -26,17 +11,17 @@ FileDaemon {
     # bacula, on Debian 9 (stretch), does not resolve a single name
     # to both v4 and v6 addresses.  Se we can't just say
     # ip = { addr = <hostname> }.  Boo.
-    <%- if scope.lookupvar('deprecated::nodeinfo')['misc']['has_v4_ldap'] -%>
+    <%- if @has_ipv4 -%>
     ipv4 = {
       # use the hostname rather than the IP address from LDAP,
       # as /etc/hosts might have a better answer in case of natted hosts.
-      addr = <%= @fqdn %>
+      addr = <%= @client %>
       port = <%= @port_fd %>
     }
     <%- end -%>
-    <%- scope.lookupvar('deprecated::nodeinfo')['misc']['v6_ldap'].each do |addr| -%>
+    <%- if @has_ipv6 -%>
     ipv6 = {
-      addr = <%= addr %>
+      addr = <%= @client %>
       port = <%= @port_fd %>
     }
     <%- end -%>
@@ -52,19 +37,12 @@ FileDaemon {
 
   TLS Enable = yes
   TLS Require = yes
-  TLS CA Certificate File = "<%= @bacula_ca_path %>"
+  TLS CA Certificate File = "<%= @bacula_ssl_ca_path %>"
   # This is a client certificate, used by the client to connect to the storage daemon
   TLS Certificate = "<%= @bacula_ssl_client_cert %>"
   TLS Key = "<%= @bacula_ssl_client_key %>"
 
-<%- if scope.lookupvar('deprecated::nodeinfo')['hoster']['name'] == "brown" -%>
-  # broken firewall
   Heartbeat Interval = 60
-<%- end -%>
 }
 
-# Send all messages except skipped files back to Director
-Messages {
-  Name = Standard
-  director = <%= @bacula_director_name %> = all, !skipped, !restored
-}
+@|"sh -c 'for f in /etc/bacula/fd-conf.d/*.conf ; do echo @${f} ; done'"