X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fbacula%2Ftemplates%2Fbacula-sd.conf.erb;h=370c281501869cb82cc5eb51ecd151d2bfbf3c3d;hb=8fc2f013fa1510bcb2e53f7b307d371ae99cfebb;hp=f9bcdfee764eb594b99777bd1057c23328b8882c;hpb=fedc1fec6081de9840d9042c6c67d921f17267ac;p=mirror%2Fdsa-puppet.git diff --git a/modules/bacula/templates/bacula-sd.conf.erb b/modules/bacula/templates/bacula-sd.conf.erb index f9bcdfee7..370c28150 100644 --- a/modules/bacula/templates/bacula-sd.conf.erb +++ b/modules/bacula/templates/bacula-sd.conf.erb @@ -10,17 +10,17 @@ Storage { # bacula, on Debian 9 (stretch), does not resolve a single name # to both v4 and v6 addresses. Se we can't just say # ip = { addr = }. Boo. - <%- if scope.lookupvar('deprecated::nodeinfo')['misc']['has_v4_ldap'] -%> + <%- if @has_ipv4 -%> ipv4 = { # use the hostname rather than the IP address from LDAP, # as /etc/hosts might have a better answer in case of natted hosts. - addr = <%= @bacula_storage_address %> + addr = <%= @storage_address %> port = <%= @port_sd %> } <%- end -%> - <%- if scope.lookupvar('deprecated::nodeinfo')['misc']['has_v6_ldap'] -%> + <%- if @has_ipv6 -%> ipv6 = { - addr = <%= @bacula_storage_address %> + addr = <%= @storage_address %> port = <%= @port_sd %> } <%- end -%> @@ -34,34 +34,9 @@ Storage { TLS Enable = yes TLS Require = yes TLS Verify Peer = yes - TLS CA Certificate File = "<%= @bacula_ca_path %>" - # This is a server certificate, used for incoming connections. - TLS Certificate = "<%= @bacula_ssl_server_cert %>" - TLS Key = "<%= @bacula_ssl_server_key %>" -} - -# List Directors who are permitted to contact Storage daemon -# -Director { - Name = <%= @bacula_director_name %> - Password = "<%= @storage_secret %>" - - TLS Enable = yes - TLS Require = yes - TLS Verify Peer = yes - TLS Allowed CN = "clientcerts/<%= @bacula_director_address %>" - TLS CA Certificate File = "<%= @bacula_ca_path %>" - # This is a server certificate, used for incoming director connections. - TLS Certificate = "<%= @bacula_ssl_server_cert %>" - TLS Key = "<%= @bacula_ssl_server_key %>" -} - -# Send all messages to the Director, -# mount messages also are sent to the email address -# -Messages { - Name = Standard - director = <%= @bacula_director_name %> = all + <%= scope['bacula::bacula_tls_ca_certificate_file'] %> + <%= scope['bacula::bacula_tls_server_certificate'] %> + <%= scope['bacula::bacula_tls_server_key'] %> } @|"sh -c 'for f in /etc/bacula/storage-conf.d/*.conf ; do echo @${f} ; done'"