X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fbacula%2Fmanifests%2Fdirector.pp;h=b94a9992def4ca7b37ca626c50eff2804676f7d1;hb=c429f34b4841fc1c41eac251fc2e9203704b1164;hp=3bb019764887248114775d5740c3db601c896cbe;hpb=8fc104f1c82d84fb71ed3f3b5e8ac7708dea6d86;p=mirror%2Fdsa-puppet.git

diff --git a/modules/bacula/manifests/director.pp b/modules/bacula/manifests/director.pp
index 3bb019764..b94a9992d 100644
--- a/modules/bacula/manifests/director.pp
+++ b/modules/bacula/manifests/director.pp
@@ -18,10 +18,11 @@ class bacula::director inherits bacula {
       ensure  => directory,
       mode => 755,
       group => bacula,
+      purge => true,
       notify  => Exec["bacula-director restart"]
       ;
     "/etc/bacula/bacula-dir.conf":
-      content => template("bacula/etc/bacula/bacula-dir.conf.erb"),
+      content => template("bacula/bacula-dir.conf.erb"),
       mode => 440,
       group => bacula,
       require => Package["bacula-director-pgsql"],
@@ -34,4 +35,30 @@ class bacula::director inherits bacula {
       path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
       refreshonly => true;
   }
+
+  define bacula_client() {
+    # These must be kept in sync with the settings in bacula.pp
+    $bacula_client_name       = "${name}-fd"
+    $bacula_client_secret     = hmac("/etc/puppet/secret", "bacula-fd-${name}")
+    $client = $name
+
+    file {
+      "/etc/bacula/conf.d/${name}.conf":
+      content => template("bacula/per-client.conf.erb"),
+      mode => 440,
+      group => bacula,
+      notify  => Exec["bacula-director restart"]
+      ;
+    }
+  }
+#  $allhosts = keys($site::allnodeinfo)
+  $allhosts = [ "berlioz.debian.org" ]
+  bacula_client { $allhosts: }
+
+  @ferm::rule { 'dsa-bacula-dir':
+    domain      => '(ip ip6)',
+    description => 'Allow bacula access from localhost',
+    rule        => "proto tcp mod state state (NEW) dport (bacula-dir) saddr ($bacula_director_address localhost) ACCEPT",
+  }
+
 }