X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fbacula%2Fmanifests%2Fclient.pp;h=ea15b7325ab2c4a15f37f57404b219bc08244d1b;hb=225f9f1650b942977fc3e9f5a2e3826108d2b43f;hp=2918a7938a79c1bc28208192ceff636a4716dce9;hpb=b529b139a60ea8355089511737c8264185d8d074;p=mirror%2Fdsa-puppet.git

diff --git a/modules/bacula/manifests/client.pp b/modules/bacula/manifests/client.pp
index 2918a7938..ea15b7325 100644
--- a/modules/bacula/manifests/client.pp
+++ b/modules/bacula/manifests/client.pp
@@ -5,6 +5,14 @@ class bacula::client inherits bacula {
 		@@bacula::node { $::fqdn:
 			bacula_client_port => $bacula::bacula_client_port,
 		}
+
+		@@concat::fragment { "bacula-dsa-client-list::$fqdn":
+			target => $bacula::bacula_dsa_client_list ,
+			content  => @("EOF"),
+					${fqdn}
+					| EOF
+			tag     => $bacula::tag_bacula_dsa_client_list,
+		}
 	}
 
 	package { ['bacula-fd']:
@@ -51,34 +59,29 @@ class bacula::client inherits bacula {
 		notify  => Service['bacula-fd'],
 	}
 	if (versioncmp($::lsbmajdistrelease, '9') >= 0 and $systemd) {
-		file { '/etc/systemd/system/bacula-fd.service.d':
-			ensure	=> directory,
-			mode	=> '0755',
-			owner	=> root,
-			group	=> root,
-		}
+		# old name for the override content
 		file { '/etc/systemd/system/bacula-fd.service.d/user.conf':
-			source	=> 'puppet:///modules/bacula/bacula-fd-systemd',
-			mode	=> '0400',
-			owner	=> root,
-			group	=> root,
-			notify	=> Exec['systemctl daemon-reload'],
+			ensure	=> absent,
+		}
+		dsa_systemd::override { 'bacula-fd':
+			content => @(EOT)
+				[Service]
+				ExecStart=
+				ExecStart=/usr/sbin/bacula-fd -c $CONFIG -f -u bacula -k
+				| EOT
 		}
 	} else {
 		file { '/etc/systemd/system/bacula-fd.service.d/user.conf':
 			ensure	=> absent,
 		}
+		dsa_systemd::override { 'bacula-fd':
+			ensure	=> absent,
+		}
 	}
 
-	@ferm::rule { 'dsa-bacula-fd-v4':
-		domain      => '(ip)',
+	@ferm::rule { 'dsa-bacula-fd':
+		domain      => '(ip ip6)',
 		description => 'Allow bacula access from storage and director',
-		rule        => "proto tcp mod state state (NEW) dport (${bacula_client_port}) saddr (${bacula_director_ip}) ACCEPT",
+		rule        => "proto tcp mod state state (NEW) dport (${bacula_client_port}) saddr (${bacula_director_ip_addrs}) ACCEPT",
 	}
-
-	#@ferm::rule { 'dsa-bacula-fd-v6':
-	#	domain      => '(ip6)',
-	#	description => 'Allow bacula access from storage and director',
-	#	rule        => "proto tcp mod state state (NEW) dport (bacula-fd) saddr (${bacula_director_ip6}) ACCEPT",
-	#}
 }