X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fbacula%2Fmanifests%2Finit.pp;h=02cf50615db485740b8fa8c3537d89ef0cc87933;hb=HEAD;hp=270d0708e4abbe849054c0a7009c4619f39fd29c;hpb=93aa8a665a0d34bfe7a16c4e65dbd4875feac197;p=mirror%2Fdsa-puppet.git

diff --git a/modules/bacula/manifests/init.pp b/modules/bacula/manifests/init.pp
index 270d0708e..02cf50615 100644
--- a/modules/bacula/manifests/init.pp
+++ b/modules/bacula/manifests/init.pp
@@ -1,46 +1,45 @@
 # bacula class -- defines all the variables we care about in our bacula deployment
 #
+# @param ssl_ca_path      full path and filename specifying a PEM encoded TLS CA certificate(s)
+# @param ssl_client_cert  path to TLS client certificate
+# @param ssl_client_key   path to TLS client certificate key
+# @param ssl_server_cert  path to TLS server certificate
+# @param ssl_server_key   path to TLS server certificate key
+# @param email_all        email address for all reports
+# @param email_error      email address for errors
+# @param email_operator   email address for the operator (to mount tapes etc)
+# @param email_daemon     email address for messages from the daemon
 # @param public_addresses this host's public IP addresses.  The ones it connects out from and is reachable from outsite.
+# @param has_ipv4         daemons should listen on ipv4
+# @param has_ipv6         daemons should listen on ipv6
 class bacula (
-  String  $bacula_operator_email      = 'bacula-reports@admin.debian.org',
-  String  $bacula_director_name       = 'debian-dir',
-  String  $bacula_storage_name        = 'debian-sd',
-  String  $bacula_client_name         = "${::fqdn}-fd",
-  String  $bacula_monitor_name        = 'debian-mon',
-  String  $bacula_filestor_name       = 'File',
-  String  $bacula_filestor_device     = 'FileStorage',
-  String  $bacula_pool_name           = 'debian',
-
-  # use IP address for ferm.
-  String  $bacula_director_address    = 'dinis.debian.org',
-  Integer $bacula_director_port       = 9101,
-  String  $bacula_storage_address     = 'storace.debian.org',
-  Integer $bacula_storage_port        = 9103,
-  Integer $bacula_client_port         = 9102,
-  String  $bacula_db_address          = 'danzi.debian.org',
-  Integer $bacula_db_port             = 5433,
-
-  String  $bacula_backup_path         = '/srv/bacula',
-
-  String  $bacula_director_secret     = hkdf('/etc/puppet/secret', "bacula-dir-${::hostname}"),
-  String  $bacula_db_secret           = hkdf('/etc/puppet/secret', "bacula-db-${::hostname}"),
-  String  $bacula_storage_secret      = hkdf('/etc/puppet/secret', "bacula-sd-${bacula_storage_name}"),
-  String  $bacula_client_secret       = hkdf('/etc/puppet/secret', "bacula-fd-${::fqdn}"),
-  String  $bacula_monitor_secret      = hkdf('/etc/puppet/secret', "bacula-monitor-${bacula_director_name}"),
-
-  String  $bacula_ca_path             = '/etc/ssl/debian/certs/ca.crt',
-  String  $bacula_ssl_client_cert     = '/etc/ssl/debian/certs/thishost.crt',
-  String  $bacula_ssl_client_key      = '/etc/ssl/private/thishost.key',
-  String  $bacula_ssl_server_cert     = '/etc/ssl/debian/certs/thishost-server.crt',
-  String  $bacula_ssl_server_key      = '/etc/ssl/private/thishost-server.key',
-
-  String  $bacula_dsa_client_list     = '/etc/bacula/dsa-clients',
-  String  $tag_bacula_dsa_client_list = 'bacula::dsa::clientlist',
+  String $ssl_ca_path,
+  String $ssl_client_cert,
+  String $ssl_client_key,
+  String $ssl_server_cert,
+  String $ssl_server_key,
 
+  Optional[String] $email_all = undef,
+  # default to all if defined, otherwise default to 'root' to enforce error delivery
+  String $email_error                          = $email_all ? { undef => 'root', default => $email_all },
+  String $email_operator                       = $email_error,
+  String $email_daemon                         = $email_error,
   Array[Stdlib::IP::Address] $public_addresses = $base::public_addresses,
+  Boolean $has_ipv4                            = $bacula::public_addresses.any |$addr| { $addr =~ Stdlib::IP::Address::V4 },
+  Boolean $has_ipv6                            = $bacula::public_addresses.any |$addr| { $addr =~ Stdlib::IP::Address::V6 },
 ) {
+  # This file is used by our helper scripts on the director
+  $bacula_dsa_client_list     = '/etc/bacula/dsa-clients'
+  $tag_bacula_dsa_client_list = 'bacula::dsa::clientlist'
+
+  $bacula_tls_ca_certificate_file = "TLS CA Certificate File = \"${ssl_ca_path}\""
+  $bacula_tls_client_certificate  = "TLS Certificate = \"${ssl_client_cert}\""
+  $bacula_tls_client_key          = "TLS Key = \"${ssl_client_key}\""
+  $bacula_tls_server_certificate  = "TLS Certificate = \"${ssl_server_cert}\""
+  $bacula_tls_server_key          = "TLS Key = \"${ssl_server_key}\""
+
   file { '/usr/local/sbin/bacula-idle-restart':
-    mode    => '0555',
-    content => template('bacula/bacula-idle-restart.erb'),
+    mode   => '0555',
+    source => 'puppet:///modules/bacula/bacula-idle-restart',
   }
 }