# this mostly configures the file daemon, but also firewall rules and
# fragments to sent to the other servers.
#
-# @param director_server director server that controls this client's backups
-# @param storage_server storage server to use for this client
+# @param director_server director server (address) that controls this client's backups
+# @param storage_server storage server (address) to use for this client
# @param port_fd port that bacula-fd listens on
# @param client_name bacula client name for this instance
# @param ensure present or absent
$reverse_ensure = $ensure ? { 'present' => 'absent', 'absent' => 'present' }
$client = $::fqdn
- $client_secret = hkdf('/etc/puppet/secret', "bacula::director<->fd::${director_server}<->${client}")
+
+ file { '/etc/bacula/fd-conf.d':
+ ensure => directory,
+ mode => '0755',
+ group => bacula,
+ purge => true,
+ force => true,
+ recurse => true,
+ source => 'puppet:///files/empty/',
+ notify => Exec['bacula-fd restart-when-idle'],
+ }
if $ensure == 'present' {
- @@bacula::director::client { $client:
- port_fd => $port_fd,
- client => $client,
- client_name => $client_name,
- client_secret => $client_secret,
- tag => "bacula::to-director::${director_server}",
- }
+ Bacula::Client::Director <<| tag == "bacula::to-fd::${director_server}" |>>
@@bacula::storage::client { $client:
tag => "bacula::to-storage::${storage_server}",
--- /dev/null
+# Bacula fd config: director snippet
+#
+# Each/The director exports this class to be collected by each fd.
+#
+# @param director_name bacula name of the dir instance
+# @param director_address address of this dir instance that other instances should connect to (dns name)
+define bacula::client::director(
+ String $director_name,
+ Stdlib::Host $director_address,
+) {
+ include bacula::client
+
+ $dir_client_secret = hkdf('/etc/puppet/secret', "bacula::director<->fd::${director_address}<->${::fqdn}")
+
+ @@bacula::director::client { $bacula::client::client:
+ port_fd => $bacula::client::port_fd,
+ client => $bacula::client::client,
+ client_name => $bacula::client::client_name,
+ client_secret => $dir_client_secret,
+ tag => "bacula::to-director::${director_address}",
+ }
+
+ file {
+ "/etc/bacula/storage-conf.d/Dir_${director_address}.conf":
+ content => template('bacula/storage/sd-per-director.conf.erb'),
+ mode => '0440',
+ group => bacula,
+ notify => Exec['bacula-sd restart-when-idle'],
+ ;
+ }
+}
director_name => $director_name,
director_address => $director_address,
}
+ # let FDs know we exist
+ @@bacula::client::director{ $::fqdn:
+ tag => "bacula::to-fd::${director_address}",
+ director_name => $director_name,
+ director_address => $director_address,
+ }
ensure_packages ( [
'bacula-director-pgsql',
# @param public_addresses this host's public IP addresses. The ones it connects out from and is reachable from outsite.
class bacula (
String $bacula_operator_email = 'bacula-reports@admin.debian.org',
- String $bacula_director_name = 'debian-dir',
String $bacula_ca_path = '/etc/ssl/debian/certs/ca.crt',
String $bacula_ssl_client_cert = '/etc/ssl/debian/certs/thishost.crt',
##
# For Bacula release 5.0.1 (24 February 2010) -- debian 5.0.4
-# List Directors who are permitted to contact this File daemon
-Director {
- Name = <%= @bacula_director_name %>
- Password = "<%= @client_secret %>"
-
- TLS Enable = yes
- TLS Require = yes
- TLS Verify Peer = yes
- TLS Allowed CN = "clientcerts/<%= @director_server %>"
- TLS CA Certificate File = "<%= @bacula_ca_path %>"
- # This is a server certificate, used for incoming director connections.
- TLS Certificate = "<%= @bacula_ssl_server_cert %>"
- TLS Key = "<%= @bacula_ssl_server_key %>"
-}
-
# "Global" File daemon configuration specifications
FileDaemon {
Name = <%= @client_name %>
<%- end -%>
}
-# Send all messages except skipped files back to Director
-Messages {
- Name = Standard
- director = <%= @bacula_director_name %> = all, !skipped, !restored
-}
+@|"sh -c 'for f in /etc/bacula/fd-conf.d/*.conf ; do echo @${f} ; done'"
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+# For Bacula release 5.0.1 (24 February 2010) -- debian 5.0.4
+
+# List Directors who are permitted to contact this File daemon
+Director {
+ Name = <%= @director_name %>
+ Password = "<%= @dir_client_secret %>"
+
+ TLS Enable = yes
+ TLS Require = yes
+ TLS Verify Peer = yes
+ TLS Allowed CN = "clientcerts/<%= @director_address %>"
+ TLS CA Certificate File = "<%= scope['bacula::bacula_ca_path'] %>"
+ # This is a server certificate, used for incoming director connections.
+ TLS Certificate = "<%= scope['bacula::bacula_ssl_server_cert'] %>"
+ TLS Key = "<%= scope['bacula::bacula_ssl_server_key'] %>"
+}
+
+# Send all messages except skipped files back to Director
+Messages {
+ Name = Msg-<%= scope['bacula::client::client_name'] %>-<%= @director_name %>
+ director = <%= @director_name %> = all, !skipped, !restored
+}
projects / mirror / dsa-puppet.git / commitdiff