X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fbacula%2Fmanifests%2Finit.pp;h=1b88a49cecb9390453f694214a5eb2cbfb03f5cb;hb=63016bb3a6b7266c022f7d7e2398a0360d476fd5;hp=cff4087b7131e6d80c7a9997028aca959c6c828e;hpb=8610e08a607c6249308c4d80d52df6f6c88a5a51;p=mirror%2Fdsa-puppet.git

diff --git a/modules/bacula/manifests/init.pp b/modules/bacula/manifests/init.pp
index cff4087b7..1b88a49ce 100644
--- a/modules/bacula/manifests/init.pp
+++ b/modules/bacula/manifests/init.pp
@@ -1,17 +1,21 @@
 # bacula class -- defines all the variables we care about in our bacula deployment
 #
 # @param operator_email   email address for reports
+# @param ssl_ca_path      full path and filename specifying a PEM encoded TLS CA certificate(s)
+# @param ssl_client_cert  path to TLS client certificate
+# @param ssl_client_key   path to TLS client certificate key
+# @param ssl_server_cert  path to TLS server certificate
+# @param ssl_server_key   path to TLS server certificate key
 # @param public_addresses this host's public IP addresses.  The ones it connects out from and is reachable from outsite.
 # @param has_ipv4         daemons should listen on ipv4
 # @param has_ipv6         daemons should listen on ipv6
 class bacula (
   String  $operator_email          = 'root@localhost',
-
-  String  $bacula_ca_path          = '/etc/ssl/debian/certs/ca.crt',
-  String  $bacula_ssl_client_cert  = '/etc/ssl/debian/certs/thishost.crt',
-  String  $bacula_ssl_client_key   = '/etc/ssl/private/thishost.key',
-  String  $bacula_ssl_server_cert  = '/etc/ssl/debian/certs/thishost-server.crt',
-  String  $bacula_ssl_server_key   = '/etc/ssl/private/thishost-server.key',
+  String $ssl_ca_path,
+  String $ssl_client_cert,
+  String $ssl_client_key,
+  String $ssl_server_cert,
+  String $ssl_server_key,
 
   Array[Stdlib::IP::Address] $public_addresses = $base::public_addresses,
 
@@ -22,6 +26,12 @@ class bacula (
   $bacula_dsa_client_list     = '/etc/bacula/dsa-clients'
   $tag_bacula_dsa_client_list = 'bacula::dsa::clientlist'
 
+  $bacula_tls_ca_certificate_file = "TLS CA Certificate File = \"${ssl_ca_path}\""
+  $bacula_tls_client_certificate  = "TLS Certificate = \"${ssl_client_cert}\""
+  $bacula_tls_client_key          = "TLS Key = \"${ssl_client_key}\""
+  $bacula_tls_server_certificate  = "TLS Certificate = \"${ssl_server_cert}\""
+  $bacula_tls_server_key          = "TLS Key = \"${ssl_server_key}\""
+
   file { '/usr/local/sbin/bacula-idle-restart':
     mode   => '0555',
     source => 'puppet:///modules/bacula/bacula-idle-restart',