X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fbacula%2Fmanifests%2Finit.pp;h=d82255904609a170461a81237229b7dba8732c98;hb=b00db688588f052e860f0ff461c0b787f9c5227b;hp=eb98084b35119a54c6ec70cc735ced43255d0299;hpb=a71546a712323043fe4d725037df00e18db57e36;p=mirror%2Fdsa-puppet.git

diff --git a/modules/bacula/manifests/init.pp b/modules/bacula/manifests/init.pp
index eb98084b3..d82255904 100644
--- a/modules/bacula/manifests/init.pp
+++ b/modules/bacula/manifests/init.pp
@@ -1,13 +1,15 @@
 # bacula class -- defines all the variables we care about in our bacula deployment
 #
 # @param operator_email   email address for reports
+# @param do_ssl           use TLS between systems
+# @param ssl_ca_path      full path and filename specifying a PEM encoded TLS CA certificate(s)
 # @param public_addresses this host's public IP addresses.  The ones it connects out from and is reachable from outsite.
 # @param has_ipv4         daemons should listen on ipv4
 # @param has_ipv6         daemons should listen on ipv6
 class bacula (
   String  $operator_email          = 'root@localhost',
-
-  String  $bacula_ssl_ca_path      = '/etc/ssl/debian/certs/ca.crt',
+  Boolean $do_ssl                  = true,
+  Optional[String] $ssl_ca_path,
   String  $bacula_ssl_client_cert  = '/etc/ssl/debian/certs/thishost.crt',
   String  $bacula_ssl_client_key   = '/etc/ssl/private/thishost.key',
   String  $bacula_ssl_server_cert  = '/etc/ssl/debian/certs/thishost-server.crt',
@@ -22,6 +24,15 @@ class bacula (
   $bacula_dsa_client_list     = '/etc/bacula/dsa-clients'
   $tag_bacula_dsa_client_list = 'bacula::dsa::clientlist'
 
+  if $do_ssl {
+    if !$ssl_ca_path { fail('Need ssl_ca_path with do_ssl') }
+
+    $bacula_tls_ca_certificate_file = "TLS CA Certificate File = \"${ssl_ca_path}\""
+  } else {
+    $bacula_tls_ca_certificate_file = ''
+  }
+
+
   file { '/usr/local/sbin/bacula-idle-restart':
     mode   => '0555',
     source => 'puppet:///modules/bacula/bacula-idle-restart',