Add per client pools, storages, devices, mediatypes

[mirror/dsa-puppet.git] / modules / bacula / templates / bacula-sd.conf.erb

diff --git a/modules/bacula/templates/bacula-sd.conf.erb b/modules/bacula/templates/bacula-sd.conf.erb
index 0559ed6..c6d9973 100644 (file)
--- a/modules/bacula/templates/bacula-sd.conf.erb
+++ b/modules/bacula/templates/bacula-sd.conf.erb
@@ -12,6 +12,15 @@ Storage {
   Maximum Concurrent Jobs = 21
   SDAddress = <%= bacula_storage_address %>
   Heartbeat Interval = 180
+
+  TLS Enable = yes
+  TLS Require = yes
+  TLS Verify Peer = yes
+  # TLS Allowed CN = "clientcerts/<%= bacula_director_address %>"
+  TLS CA Certificate File = "<%= bacula_ca_path %>"
+  # This is a server certificate, used for incoming connections.
+  TLS Certificate = "<%= bacula_ssl_server_cert %>"
+  TLS Key = "<%= bacula_ssl_server_key %>"
 }
 
 # List Directors who are permitted to contact Storage daemon
@@ -19,6 +28,15 @@ Storage {
 Director {
   Name = <%= bacula_director_name %>
   Password = "<%= bacula_storage_secret %>"
+
+  TLS Enable = yes
+  TLS Require = yes
+  TLS Verify Peer = yes
+  TLS Allowed CN = "clientcerts/<%= bacula_director_address %>"
+  TLS CA Certificate File = "<%= bacula_ca_path %>"
+  # This is a server certificate, used for incoming director connections.
+  TLS Certificate = "<%= bacula_ssl_server_cert %>"
+  TLS Key = "<%= bacula_ssl_server_key %>"
 }
 
 
@@ -44,3 +62,4 @@ Messages {
   Name = Standard
   director = <%= bacula_director_name %> = all
 }
+@|"sh -c 'for f in /etc/bacula/storage-conf.d/*.conf ; do echo @${f} ; done'"