X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fbacula%2Ftemplates%2Fbacula-fd.conf.erb;h=29521958d9ed5d97996b672834db1a9d35cb7eb1;hb=aba30e8586e4d77bd3d5f7bdc8481259d4d0a3b6;hp=f17b5ddf754b554382b19cfdaf1a43ab243ce766;hpb=4d6bb79abf538b41dd2c8b48a637635ac007db11;p=mirror%2Fdsa-puppet.git diff --git a/modules/bacula/templates/bacula-fd.conf.erb b/modules/bacula/templates/bacula-fd.conf.erb index f17b5ddf7..29521958d 100644 --- a/modules/bacula/templates/bacula-fd.conf.erb +++ b/modules/bacula/templates/bacula-fd.conf.erb @@ -6,44 +6,66 @@ # List Directors who are permitted to contact this File daemon Director { - Name = <%= bacula_director_name %> - Password = "<%= bacula_client_secret %>" + Name = <%= @bacula_director_name %> + Password = "<%= @bacula_client_secret %>" TLS Enable = yes TLS Require = yes TLS Verify Peer = yes - TLS Allowed CN = "clientcerts/<%= bacula_director_address %>" - TLS CA Certificate File = "<%= bacula_ca_path %>" + TLS Allowed CN = "clientcerts/<%= @bacula_director_address %>" + TLS CA Certificate File = "<%= @bacula_ca_path %>" # This is a server certificate, used for incoming director connections. - TLS Certificate = "<%= bacula_ssl_server_cert %>" - TLS Key = "<%= bacula_ssl_server_key %>" + TLS Certificate = "<%= @bacula_ssl_server_cert %>" + TLS Key = "<%= @bacula_ssl_server_key %>" } # "Global" File daemon configuration specifications FileDaemon { - Name = <%= bacula_client_name %> - FDport = <%= bacula_client_port %> + Name = <%= @bacula_client_name %> + FDAddresses = { + # bacula, on Debian 9 (stretch), does not resolve a single name + # to both v4 and v6 addresses. Se we can't just say + # ip = { addr = }. Boo. + <%- if scope.lookupvar('deprecated::nodeinfo')['misc']['has_v4_ldap'] -%> + ipv4 = { + # use the hostname rather than the IP address from LDAP, + # as /etc/hosts might have a better answer in case of natted hosts. + addr = <%= @fqdn %> + port = <%= @bacula_client_port %> + } + <%- end -%> + <%- scope.lookupvar('deprecated::nodeinfo')['misc']['v6_ldap'].each do |addr| -%> + ipv6 = { + addr = <%= addr %> + port = <%= @bacula_client_port %> + } + <%- end -%> + } WorkingDirectory = /var/lib/bacula +<%- if scope.call_function('versioncmp', [@lsbmajdistrelease, '8']) <= 0 -%> Pid Directory = /var/run/bacula +<%- else -%> + Pid Directory = /run/bacula + Plugin Directory = /usr/lib/bacula +<%- end -%> Maximum Concurrent Jobs = 20 - FDAddress = <%= fqdn %> #Maximum Network Buffer Size = 524288 TLS Enable = yes TLS Require = yes - TLS CA Certificate File = "<%= bacula_ca_path %>" + TLS CA Certificate File = "<%= @bacula_ca_path %>" # This is a client certificate, used by the client to connect to the storage daemon - TLS Certificate = "<%= bacula_ssl_client_cert %>" - TLS Key = "<%= bacula_ssl_client_key %>" + TLS Certificate = "<%= @bacula_ssl_client_cert %>" + TLS Key = "<%= @bacula_ssl_client_key %>" -<%- if hostname == "franck" -%> +<%- if scope.lookupvar('deprecated::nodeinfo')['hoster']['name'] == "brown" -%> # broken firewall - Heartbeat Interval = 300 + Heartbeat Interval = 60 <%- end -%> } # Send all messages except skipped files back to Director Messages { Name = Standard - director = <%=bacula_director_name%> = all, !skipped, !restored + director = <%= @bacula_director_name %> = all, !skipped, !restored }