X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fbacula%2Ftemplates%2Fbacula-dir.conf.erb;h=95403c86fcde5ce0a5e583c6f68006911547a591;hb=343b1973e7e83d192f14a5cd0c9846fa212ea06e;hp=862cb6a3ac126b2f721b55dcb0e478731f9abf8b;hpb=e812cb06d99be72f687b9df15d54448c334d77d5;p=mirror%2Fdsa-puppet.git

diff --git a/modules/bacula/templates/bacula-dir.conf.erb b/modules/bacula/templates/bacula-dir.conf.erb
index 862cb6a3a..95403c86f 100644
--- a/modules/bacula/templates/bacula-dir.conf.erb
+++ b/modules/bacula/templates/bacula-dir.conf.erb
@@ -10,19 +10,28 @@
 ########################################################################
 
 Director {
-  Name = <%= bacula_director_name %>
-  Description = <%= hostname %> - <%= domain %> Bacula Director
+  Name = <%= @bacula_director_name %>
+  Description = <%= @hostname %> - <%= @domain %> Bacula Director
   QueryFile = "/etc/bacula/scripts/query.sql"
   WorkingDirectory = "/var/lib/bacula"
   PidDirectory = "/var/run/bacula"
   Maximum Concurrent Jobs = 20
-  Password = "<%= bacula_director_secret %>"
+  Password = "<%= @bacula_director_secret %>"
   Messages = Daemon
   DirAddresses = {
      # Always have localhost in, then the configured IP
      ip = { addr = 127.0.0.1; port = 9101 }
-	 ip = { addr = <%=bacula_director_address%>; port = <%=bacula_director_port%> }
+	 ip = { addr = <%=@bacula_director_address%>; port = <%=@bacula_director_port%> }
   }
+
+  TLS Enable = yes
+  TLS Require = yes
+  TLS Verify Peer = yes
+  TLS Allowed CN = "clientcerts/<%= @bacula_director_address %>"
+  TLS CA Certificate File = "<%= @bacula_ca_path %>"
+  # This is a server certificate, used for incoming console connections.
+  TLS Certificate = "<%= @bacula_ssl_server_cert %>"
+  TLS Key = "<%= @bacula_ssl_server_key %>"
 }
 
 ########################################################################
@@ -30,31 +39,43 @@ Director {
 ########################################################################
 FileSet {
   Name = "Standard Set"
+  Ignore FileSet Changes = yes
   Include {
     Options {
       signature = SHA1
       compression = GZIP9
+      aclsupport = yes
+      xattrsupport = yes
+    }
+    Options {
+      wild = "/swapfile*"
+      exclude = yes
     }
-    File = "\\|bash -c \"df -Pkl -x tmpfs | tail -n +2 | awk '{print \$NF}' \""
+    File = "\\|/usr/local/sbin/bacula-backup-dirs"
     # Dont backup directories that contain .nobackup files
     Exclude Dir Containing = .nobackup
   }
 
   Exclude {
-    File = /var/lib/bacula
-    File = /var/cache/apt/
+    File = /.fsck
+    File = /.journal
+    File = /dev
+    File = /home/buildd/build-trees
+    File = /lib/init/rw
     File = /nonexistant
     File = /proc
-    File = /tmp
-    File = /.journal
-    File = /.fsck
+    File = /srv/chroot
     File = /sys
-    File = /lib/init/rw
-    File = /var/run
+    File = /tmp
+    File = /var/cache/apache2/mod_cache_disk
+    File = /var/cache/apt
+    File = /var/lib/apt
+    File = /var/lib/bacula
+    File = /var/lib/munin-async
     File = /var/lock
-    File = /dev
-    File = /srv/chroot
-    File = /home/buildd/build-trees
+    File = /var/log/samhain
+    File = /var/run
+    File = "\\|bash -c 'grep -s -v ^# /etc/bacula/local-exclude || true'"
   }
 }
 
@@ -66,9 +87,9 @@ FileSet {
   Include {
     Options {
       signature = SHA1
-      compression = GZIP9
+      #compression = GZIP9
     }
-    File = "/var/lib/bacula/bacula.sql"
+    File = "/var/lib/bacula/bacula.sql.gz"
   }
 }
 
@@ -81,8 +102,10 @@ FileSet {
 #  and incremental backups other days
 Schedule {
   Name = "WeeklyCycle"
-  Run = Full 1st sat at 00:35
-  Run = Differential 2nd-5th sat at 00:35
+  # fulls are automatically run if the last full backup was 40 days ago
+  # for the current value of 40 look for "Max Full Interval" in this file.
+  # Run = Full 1st sat at 00:35
+  Run = Differential sat at 00:35
   Run = Incremental sun-fri at 00:35
 }
 
@@ -97,11 +120,11 @@ Schedule {
 ########################################################################
 Catalog {
   Name = MyCatalog
-  dbname = bacula;
-  DB Address = "<%= bacula_db_address %>";
-  DB Port = <%= bacula_db_port %>;
+  dbname = "service = bacula";
+  #DB Address = "<%= @bacula_db_address %>";
+  #DB Port = <%= @bacula_db_port %>;
   dbuser = "bacula";
-  dbpassword = "<%= bacula_db_secret %>"
+  dbpassword = "<%= @bacula_db_secret %>"
 }
 
 ########################################################################
@@ -111,10 +134,11 @@ Messages {
   Name = Standard
   mailcommand = "/usr/lib/bacula/bsmtp -h localhost -f \"\(Bacula\) %r\" -s \"Bacula: %t %e of %c %l\" %r"
   operatorcommand = "/usr/lib/bacula/bsmtp -h localhost -f \"\(Bacula\) %r\" -s \"Bacula: Intervention needed for %j\" %r"
-  mail = <%= bacula_operator_email %> = all, !skipped
-  operator = <%= bacula_operator_email %> = mount
+  #mail on error = <%= @bacula_operator_email %> = all, !skipped
+  mail = <%= @bacula_operator_email %> = all
+  operator = <%= @bacula_operator_email %> = mount
   console = all, !skipped, !saved
-  append = "/var/lib/bacula/log" = all, !skipped
+  append = "/var/lib/bacula/log" = all
   catalog = all
 }
 
@@ -122,31 +146,17 @@ Messages {
 Messages {
   Name = Daemon
   mailcommand = "/usr/lib/bacula/bsmtp -h localhost -f \"\(Bacula\) %r\" -s \"Bacula daemon message\" %r"
-  mail = <%= bacula_operator_email %> = all, !skipped
+  mail = <%= @bacula_operator_email %> = all
   console = all, !skipped, !saved
-  append = "/var/lib/bacula/log" = all, !skipped
-}
-
-########################################################################
-# Storage config                                                       #
-########################################################################
-
-Storage {
-  Name = <%= bacula_filestor_name %>
-  Address = <%= bacula_storage_address %>
-  SDPort = <%= bacula_storage_port %>
-  Password = "<%= bacula_storage_secret %>"
-  Device = <%= bacula_filestor_device %>
-  Media Type = <%= bacula_filestor_name %>
-  Maximum Concurrent Jobs = 10
+  append = "/var/lib/bacula/log" = all
 }
 
 ########################################################################
 # Console, limited                                                     #
 ########################################################################
 Console {
-  Name = <%= bacula_monitor_name %>
-  Password = "<%= bacula_monitor_secret %>"
+  Name = <%= @bacula_monitor_name %>
+  Password = "<%= @bacula_monitor_secret %>"
   CommandACL = status, .status
 }
 
@@ -158,90 +168,96 @@ JobDefs {
   Type = Backup
   Level = Incremental
   FileSet = "Standard Set"
+  Accurate = yes
   Schedule = "WeeklyCycle"
-  Storage = <%=bacula_filestor_name%>
   Messages = Standard
-  Pool = <%=bacula_pool_name%>
-  Differential Backup Pool = <%=bacula_pool_name%>diff
-  Incremental Backup Pool = <%=bacula_pool_name%>inc
-  Max Full Interval = 1 month
+  Max Full Interval = 40 days
   Priority = 10
   Write Bootstrap = "/var/lib/bacula/%c.bsr"
   Maximum Concurrent Jobs = 20
+  Client Run After Job = "/usr/local/sbin/postbaculajob -c \"%c\" -d \"%d\" -i \"%i\" -l \"%l\" -n \"%n\" -o /var/log/bacula/client-after.state"
 }
 
 ########################################################################
-# Pool definition                                                      #
+# Standard Restore template, to be changed by Console program          #
+#  Only one such job is needed for all Jobs/Clients/Storage ...        #
 ########################################################################
-Pool {
-  Name = <%= bacula_pool_name %>
-  Pool Type = Backup
-  Recycle = no
-  AutoPrune = yes
-  Volume Retention = 1 year
-  Label Format = "${Client}-${Year}-${Month:p/2/0/r}-${Day:p/2/0/r}_${Hour:p/2/0/r}:${Minute:p/2/0/r}"
-  Volume Use Duration = 23h
-  Maximum Volume Jobs = 1
-  Maximum Volume Bytes = 50G
-  Action On Purge = Truncate
+Job {
+  Name = "RestoreFiles"
+  Type = Restore
+  Client = <%=@bacula_director_address%>-fd
+  FileSet = "Standard Set"
+  Pool = poolfull-<%=@bacula_pool_name%>-<%=@bacula_director_address%>
+  Messages = Standard
+  Where = /var/tmp/bacula-restores
 }
 
+
+# Scratch pool definition
 Pool {
-  Name = <%= bacula_pool_name %>diff
+  Name = Scratch
   Pool Type = Backup
-  Recycle = no
-  AutoPrune = yes
-  Volume Retention = 1 year
-  Label Format = "${Client}-${Year}-${Month:p/2/0/r}-${Day:p/2/0/r}_${Hour:p/2/0/r}:${Minute:p/2/0/r}"
-  Volume Use Duration = 23h
-  Maximum Volume Jobs = 1
-  Maximum Volume Bytes = 50G
-  Action On Purge = Truncate
 }
 
+########################################################################
+# Generic jobs                                                         #
+########################################################################
+# Backup the catalog database (after the nightly save)
+Storage {
+  Name = "<%= @bacula_filestor_name %>-catalog"
+  Address = <%= @bacula_storage_address %>
+  SDPort = <%= @bacula_storage_port %>
+  Password = "<%= @bacula_storage_secret %>"
+  Device = "<%= @bacula_filestor_device %>-catalog"
+  Media Type = "<%= @bacula_filestor_name %>-catalog"
+  Maximum Concurrent Jobs = 10
+
+  TLS Enable = yes
+  TLS Require = yes
+  TLS CA Certificate File = "<%= @bacula_ca_path %>"
+  # This is a client certificate, used by the director to connect to the storage daemon
+  TLS Certificate = "<%= @bacula_ssl_client_cert %>"
+  TLS Key = "<%= @bacula_ssl_client_key %>"
+}
 Pool {
-  Name = <%= bacula_pool_name %>inc
+  Name = "poolcatalog-<%=@bacula_pool_name%>"
   Pool Type = Backup
-  Recycle = no
+  Storage = "<%=@bacula_filestor_name%>-catalog"
   AutoPrune = yes
-  Volume Retention = 1 year
-  Label Format = "${Client}-${Year}-${Month:p/2/0/r}-${Day:p/2/0/r}_${Hour:p/2/0/r}:${Minute:p/2/0/r}"
+  Volume Retention = 2 months
+  Label Format = "<%= @bacula_pool_name %>-catalog.${Year}-${Month:p/2/0/r}-${Day:p/2/0/r}_${Hour:p/2/0/r}:${Minute:p/2/0/r}"
   Volume Use Duration = 23h
   Maximum Volume Jobs = 1
-  Maximum Volume Bytes = 50G
+  Maximum Volume Bytes = 500G
   Action On Purge = Truncate
+  Recycle = yes
+  RecyclePool = "poolcataloggraveyard-<%=@bacula_pool_name%>"
 }
-
-# Scratch pool definition
 Pool {
-  Name = Scratch
+  Name = "poolcataloggraveyard-<%=@bacula_pool_name%>"
   Pool Type = Backup
+  Storage = "<%=@bacula_filestor_name%>-catalog"
+  Recycle = yes
+  RecyclePool = "poolcataloggraveyard-<%=@bacula_pool_name%>"
 }
 
-########################################################################
-# Generic jobs                                                         #
-########################################################################
-# Backup the catalog database (after the nightly save)
-#Job {
-#  Name = "BackupCatalog"
-#  JobDefs = "Standardbackup"
-#  Level = Full
-#  FileSet="Catalog"
-#  Schedule = "WeeklyCycleAfterBackup"
+Job {
+  Name = "BackupCatalog"
+  JobDefs = "Standardbackup"
+  Client = <%=@bacula_director_address%>-fd
+  Level = Full
+  FileSet = "Catalog"
+  Schedule = "WeeklyCycleAfterBackup"
 #  # This creates an ASCII copy of the catalog
 #  # Arguments to make_catalog_backup.pl are:
 #  #  make_catalog_backup.pl <catalog-name>
-#  RunBeforeJob = "/etc/bacula/scripts/make_catalog_backup.pl MyCatalog"
+  RunBeforeJob = "/etc/bacula/scripts/make_catalog_backup.pl MyCatalog"
 #  # This deletes the copy of the catalog
-#  RunAfterJob  = "/etc/bacula/scripts/delete_catalog_backup"
-#  Write Bootstrap = "/var/lib/bacula/%n.bsr"
-#  Priority = 15    # run after main backup
-#  RunScript {
-#        RunsWhen=After
-#	    RunsOnClient=No
-#	    Console = "purge volume action=all allpools storage=File"
-#  }
-#}
+  RunAfterJob  = "/etc/bacula/scripts/delete_catalog_backup"
+  Write Bootstrap = "/var/lib/bacula/%n.bsr"
+  Priority = 15    # run after main backup
+  Pool = "poolcatalog-<%=@bacula_pool_name%>"
+}
 
 ########################################################################
 # And now include all the generated configs                            #