# bacula, on Debian 9 (stretch), does not resolve a single name
# to both v4 and v6 addresses. Se we can't just say
# ip = { addr = <hostname> }. Boo.
- <%- if scope.lookupvar('deprecated::nodeinfo')['misc']['has_v4_ldap'] -%>
+ <%- if @has_ipv4 -%>
ipv4 = {
# use the hostname rather than the IP address from LDAP,
# as /etc/hosts might have a better answer in case of natted hosts.
port = <%= @port_sd %>
}
<%- end -%>
- <%- if scope.lookupvar('deprecated::nodeinfo')['misc']['has_v6_ldap'] -%>
+ <%- if @has_ipv6 -%>
ipv6 = {
addr = <%= @storage_address %>
port = <%= @port_sd %>
TLS Enable = yes
TLS Require = yes
TLS Verify Peer = yes
- TLS CA Certificate File = "<%= @bacula_ca_path %>"
- # This is a server certificate, used for incoming connections.
- TLS Certificate = "<%= @bacula_ssl_server_cert %>"
- TLS Key = "<%= @bacula_ssl_server_key %>"
-}
-
-# List Directors who are permitted to contact Storage daemon
-#
-Director {
- Name = <%= @bacula_director_name %>
- Password = "<%= @storage_secret %>"
-
- TLS Enable = yes
- TLS Require = yes
- TLS Verify Peer = yes
- TLS Allowed CN = "clientcerts/<%= @bacula_director_address %>"
- TLS CA Certificate File = "<%= @bacula_ca_path %>"
- # This is a server certificate, used for incoming director connections.
- TLS Certificate = "<%= @bacula_ssl_server_cert %>"
- TLS Key = "<%= @bacula_ssl_server_key %>"
-}
-
-# Send all messages to the Director,
-# mount messages also are sent to the email address
-#
-Messages {
- Name = Standard
- director = <%= @bacula_director_name %> = all
+ <%= scope['bacula::bacula_tls_ca_certificate_file'] %>
+ <%= scope['bacula::bacula_tls_server_certificate'] %>
+ <%= scope['bacula::bacula_tls_server_key'] %>
}
@|"sh -c 'for f in /etc/bacula/storage-conf.d/*.conf ; do echo @${f} ; done'"
projects / mirror / dsa-puppet.git / blobdiff