| EOF
tag => $bacula::tag_bacula_dsa_client_list,
}
+
+ # allow access from director
+ Ferm::Rule::Simple <<| tag == 'bacula::director-to-fd' |>> {
+ port => $bacula::bacula_client_port
+ }
} elsif $ensure == 'absent' {
file { '/etc/bacula':
ensure => absent,
ensure => absent,
}
}
-
- ferm::rule { 'dsa-bacula-fd':
- domain => '(ip ip6)',
- description => 'Allow bacula access from storage and director',
- rule => "proto tcp mod state state (NEW) dport (${bacula::bacula_client_port}) saddr (${bacula::bacula_director_ip_addrs}) ACCEPT",
- }
}
order => '00',
}
Concat::Fragment <<| tag == $bacula::tag_bacula_dsa_client_list |>>
+
+ @@ferm::rule::simple { "bacula::director-to-fd::${::fqdn}":
+ tag => 'bacula::director-to-fd',
+ description => 'Allow bacula-fd from the bacula-director',
+ port => '7', # overridden on collecting
+ saddr => $bacula::public_addresses,
+ }
}
# bacula class -- defines all the variables we care about in our bacula deployment
+#
+# @param public_addresses this host's public IP addresses. The ones it connects out from and is reachable from outsite.
class bacula (
String $bacula_operator_email = 'bacula-reports@admin.debian.org',
String $bacula_director_name = 'debian-dir',
String $bacula_pool_name = 'debian',
# use IP address for ferm.
- String $bacula_director_ip_addrs = '82.195.75.77 2001:41b8:202:deb::311:77',
String $bacula_director_address = 'dinis.debian.org',
Integer $bacula_director_port = 9101,
String $bacula_storage_address = 'storace.debian.org',
String $bacula_dsa_client_list = '/etc/bacula/dsa-clients',
String $tag_bacula_dsa_client_list = 'bacula::dsa::clientlist',
+
+ Array[Stdlib::IP::Address] $public_addresses = $base::public_addresses,
) {
file { '/usr/local/sbin/bacula-idle-restart':
mode => '0555',
projects / mirror / dsa-puppet.git / commitdiff