-class bacula::client inherits bacula {
- @@bacula::storage_per_node { $::fqdn: }
+# our bacula client configuration
+#
+# this mostly configures the file daemon, but also firewall rules and
+# fragments to sent to the other servers.
+class bacula::client(
+ Enum['present', 'absent'] $ensure = getfromhash($site::nodeinfo, 'not-bacula-client') ? { true => 'absent', default => 'present' },
+ # Enum['present', 'absent'] $ensure = defined(Class["bacula::not_a_client"]) ? { true => 'absent', default => 'present' },
+) inherits bacula {
+ $package_ensure = $ensure ? { 'present' => 'installed', 'absent' => 'purged' }
+ $service_ensure = $ensure ? { 'present' => 'running', 'absent' => 'stopped' }
+ $service_enable = $ensure ? { 'present' => true, 'absent' => false }
+ $reverse_ensure = $ensure ? { 'present' => 'absent', 'absent' => 'present' }
- if ! getfromhash($site::nodeinfo, 'not-bacula-client') {
- @@bacula::node { $::fqdn:
- bacula_client_port => $bacula::bacula_client_port,
- }
+ if $ensure == 'present' {
+ @@bacula::storage_per_node { $::fqdn: }
- @@concat::fragment { "bacula-dsa-client-list::$fqdn":
- target => $bacula::bacula_dsa_client_list ,
- content => @("EOF"),
- ${fqdn}
- | EOF
- tag => $bacula::tag_bacula_dsa_client_list,
- }
- }
+ @@bacula::node { $::fqdn:
+ bacula_client_port => $bacula::bacula_client_port,
+ }
- package { ['bacula-fd']:
- ensure => installed
- }
+ @@concat::fragment { "bacula-dsa-client-list::$fqdn":
+ target => $bacula::bacula_dsa_client_list ,
+ content => @("EOF"),
+ ${fqdn}
+ | EOF
+ tag => $bacula::tag_bacula_dsa_client_list,
+ }
+ } elsif $ensure == 'absent' {
+ file { '/etc/bacula':
+ ensure => absent,
+ purge => true,
+ force => true,
+ recurse => true;
+ }
+ }
- service { 'bacula-fd':
- ensure => running,
- enable => true,
- hasstatus => true,
- require => Package['bacula-fd']
- }
+ package { ['bacula-fd', 'bacula-common']:
+ ensure => $package_ensure
+ }
- exec { 'bacula-fd restart-when-idle':
- path => '/usr/bin:/usr/sbin:/bin:/sbin',
- command => 'sh -c "setsid /usr/local/sbin/bacula-idle-restart fd &"',
- refreshonly => true,
- subscribe => [ File[$bacula_ssl_server_cert], File[$bacula_ssl_client_cert] ],
- require => File['/usr/local/sbin/bacula-idle-restart'],
- }
+ service { 'bacula-fd':
+ ensure => $service_ensure,
+ enable => $service_enable,
+ hasstatus => true,
+ require => Package['bacula-fd']
+ }
- file { '/etc/bacula/bacula-fd.conf':
- content => template('bacula/bacula-fd.conf.erb'),
- mode => '0640',
- owner => root,
- group => bacula,
- require => Package['bacula-fd'],
- notify => Exec['bacula-fd restart-when-idle'],
- }
- file { '/usr/local/sbin/bacula-backup-dirs':
- mode => '0775',
- source => 'puppet:///modules/bacula/bacula-backup-dirs',
- }
- file { '/usr/local/sbin/postbaculajob':
- mode => '0775',
- source => 'puppet:///modules/bacula/postbaculajob',
- }
- file { '/etc/default/bacula-fd':
- content => template('bacula/default.bacula-fd.erb'),
- mode => '0400',
- owner => root,
- group => root,
- require => Package['bacula-fd'],
- notify => Service['bacula-fd'],
- }
- if (versioncmp($::lsbmajdistrelease, '9') >= 0 and $systemd) {
- # old name for the override content
- file { '/etc/systemd/system/bacula-fd.service.d/user.conf':
- ensure => absent,
- }
- dsa_systemd::override { 'bacula-fd':
- content => @(EOT)
- [Service]
- ExecStart=
- ExecStart=/usr/sbin/bacula-fd -c $CONFIG -f -u bacula -k
- | EOT
- }
- } else {
- file { '/etc/systemd/system/bacula-fd.service.d/user.conf':
- ensure => absent,
- }
- dsa_systemd::override { 'bacula-fd':
- ensure => absent,
- }
- }
+ exec { 'bacula-fd restart-when-idle':
+ path => '/usr/bin:/usr/sbin:/bin:/sbin',
+ command => 'sh -c "setsid /usr/local/sbin/bacula-idle-restart fd &"',
+ refreshonly => true,
+ subscribe => [ File[$bacula_ssl_server_cert], File[$bacula_ssl_client_cert] ],
+ require => File['/usr/local/sbin/bacula-idle-restart'],
+ }
- ferm::rule { 'dsa-bacula-fd':
- domain => '(ip ip6)',
- description => 'Allow bacula access from storage and director',
- rule => "proto tcp mod state state (NEW) dport (${bacula_client_port}) saddr (${bacula_director_ip_addrs}) ACCEPT",
- }
+ file { '/etc/bacula/bacula-fd.conf':
+ ensure => $ensure,
+ content => template('bacula/bacula-fd.conf.erb'),
+ mode => '0640',
+ owner => root,
+ group => bacula,
+ require => Package['bacula-fd'],
+ notify => Exec['bacula-fd restart-when-idle'],
+ }
+ file { '/usr/local/sbin/bacula-backup-dirs':
+ ensure => $ensure,
+ mode => '0775',
+ source => 'puppet:///modules/bacula/bacula-backup-dirs',
+ }
+ file { '/usr/local/sbin/postbaculajob':
+ ensure => $ensure,
+ mode => '0775',
+ source => 'puppet:///modules/bacula/postbaculajob',
+ }
+ file { '/etc/default/bacula-fd':
+ ensure => $ensure,
+ content => template('bacula/default.bacula-fd.erb'),
+ mode => '0400',
+ owner => root,
+ group => root,
+ require => Package['bacula-fd'],
+ notify => Service['bacula-fd'],
+ }
+ if (versioncmp($::lsbmajdistrelease, '9') >= 0 and $systemd) {
+ dsa_systemd::override { 'bacula-fd':
+ content => @(EOT)
+ [Service]
+ ExecStart=
+ ExecStart=/usr/sbin/bacula-fd -c $CONFIG -f -u bacula -k
+ | EOT
+ }
+ } else {
+ dsa_systemd::override { 'bacula-fd':
+ ensure => absent,
+ }
+ }
+
+ ferm::rule { 'dsa-bacula-fd':
+ domain => '(ip ip6)',
+ description => 'Allow bacula access from storage and director',
+ rule => "proto tcp mod state state (NEW) dport (${bacula_client_port}) saddr (${bacula_director_ip_addrs}) ACCEPT",
+ }
}
projects / mirror / dsa-puppet.git / commitdiff