X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fbacula%2Ftemplates%2Fbacula-sd.conf.erb;h=7e7176f2465398496dc91d08ddef8ce96dc89bf6;hb=d0c098685b92334a611a0c596a35f538b95ead47;hp=ec17f56e45dbb09d3249cbe728062c19311d494b;hpb=1842c3466ee92bb4f17654fda73f182f8b2fe12a;p=mirror%2Fdsa-puppet.git diff --git a/modules/bacula/templates/bacula-sd.conf.erb b/modules/bacula/templates/bacula-sd.conf.erb index ec17f56e4..7e7176f24 100644 --- a/modules/bacula/templates/bacula-sd.conf.erb +++ b/modules/bacula/templates/bacula-sd.conf.erb @@ -5,45 +5,75 @@ # For Bacula release 5.0.1 (24 February 2010) -- debian 5.0.4 Storage { - Name = <%= bacula_storage_name %> - SDPort = <%= bacula_storage_port %> + Name = <%= @bacula_storage_name %> + SDAddresses = { + # bacula, on Debian 9 (stretch), does not resolve a single name + # to both v4 and v6 addresses. Se we can't just say + # ip = { addr = }. Boo. + <%- if scope.lookupvar('deprecated::nodeinfo')['misc']['has_v4_ldap'] -%> + ipv4 = { + # use the hostname rather than the IP address from LDAP, + # as /etc/hosts might have a better answer in case of natted hosts. + addr = <%= @bacula_storage_address %> + port = <%= @bacula_storage_port %> + } + <%- end -%> + <%- if scope.lookupvar('deprecated::nodeinfo')['misc']['has_v6_ldap'] -%> + ipv6 = { + addr = <%= @bacula_storage_address %> + port = <%= @bacula_storage_port %> + } + <%- end -%> + } WorkingDirectory = "/var/lib/bacula" - Pid Directory = "/var/run/bacula" + Pid Directory = "/run/bacula" + Plugin Directory = "/usr/lib/bacula" Maximum Concurrent Jobs = 21 - SDAddress = <%= bacula_storage_address %> - Heartbeat Interval = 180 + Heartbeat Interval = 60 + + TLS Enable = yes + TLS Require = yes + TLS Verify Peer = yes + # TLS Allowed CN = "clientcerts/<%= @bacula_director_address %>" + TLS CA Certificate File = "<%= @bacula_ca_path %>" + # This is a server certificate, used for incoming connections. + TLS Certificate = "<%= @bacula_ssl_server_cert %>" + TLS Key = "<%= @bacula_ssl_server_key %>" } # List Directors who are permitted to contact Storage daemon # Director { - Name = <%= bacula_director_name %> - Password = "<%= bacula_storage_secret %>" -} + Name = <%= @bacula_director_name %> + Password = "<%= @bacula_storage_secret %>" + TLS Enable = yes + TLS Require = yes + TLS Verify Peer = yes + TLS Allowed CN = "clientcerts/<%= @bacula_director_address %>" + TLS CA Certificate File = "<%= @bacula_ca_path %>" + # This is a server certificate, used for incoming director connections. + TLS Certificate = "<%= @bacula_ssl_server_cert %>" + TLS Key = "<%= @bacula_ssl_server_key %>" +} -# To connect, the Director's bacula-dir.conf must have the -# same Name and MediaType. +# Send all messages to the Director, +# mount messages also are sent to the email address # +Messages { + Name = Standard + director = <%= @bacula_director_name %> = all +} + Device { - Name = <%= bacula_filestor_device %> - Media Type = <%= bacula_filestor_name %> - Archive Device = <%= bacula_backup_path %> + Name = "<%= @bacula_filestor_device %>-catalog" + Media Type = "<%= @bacula_filestor_name %>-catalog" + Archive Device = "<%= @bacula_backup_path %>/Catalog" LabelMedia = yes; Random Access = Yes; AutomaticMount = yes; RemovableMedia = no; AlwaysOpen = no; - Maximum Network Buffer Size = 4194304 - Maximum Spool Size = 250G - Maximum Job Spool Size = 50G - Spool Directory = <%= bacula_backup_path %>/spool } -# Send all messages to the Director, -# mount messages also are sent to the email address -# -Messages { - Name = Standard - director = <%= bacula_director_name %> = all -} +@|"sh -c 'for f in /etc/bacula/storage-conf.d/*.conf ; do echo @${f} ; done'"