# @param port_dir Port that the director should listen on
# @param db_sslca SSL CA store for DB access
# @param director_name bacula name of this dir instance
-# @param director_address address of this sd instance that other instances should connect to (dns name)
+# @param director_address address of this dir instance that other instances should connect to (dns name)
class bacula::director(
String $db_address,
Integer $db_port,
$some_pool_name = "poolfull-${pool_name}-${director_address}"
$some_client_name = "${director_address}-fd"
+ # let the SD know we exist
+ @@bacula::storage::director{ $::fqdn:
+ tag => 'bacula::to-storage',
+ director_name => $director_name,
+ director_address => $director_address,
+ }
+
ensure_packages ( [
'bacula-director-pgsql',
'bacula-common',
String $bacula_operator_email = 'bacula-reports@admin.debian.org',
String $bacula_director_name = 'debian-dir',
- Stdlib::Host $bacula_director_address = 'dinis.debian.org',
-
String $bacula_db_secret = hkdf('/etc/puppet/secret', "bacula-db-${::hostname}"),
String $bacula_ca_path = '/etc/ssl/debian/certs/ca.crt',
Boolean $has_ipv4 = $bacula::public_addresses.any |$addr| { $addr =~ Stdlib::IP::Address::V4 },
Boolean $has_ipv6 = $bacula::public_addresses.any |$addr| { $addr =~ Stdlib::IP::Address::V6 },
) inherits bacula {
- $storage_secret = hkdf('/etc/puppet/secret', "bacula-sd-${::fqdn}")
package { 'bacula-sd':
ensure => installed
| EOF
}
+ Bacula::Storage::Director<<| tag == 'bacula::to-storage' |>>
Bacula::Storage::Client<<| tag == "bacula::to-storage::${::fqdn}" |>>
}
$media_type_name = "${bacula::storage::filestor_name}-${client}"
$directory = "${bacula::storage::backup_path}/${client}"
+ # this is created in both bacula::storage::client and
+ # bacula::storage::director and needs to be the same
+ $dir_storage_secret = hkdf('/etc/puppet/secret', "bacula::director<->storage::${director_server}<->${::fqdn}")
+
file {
"/etc/bacula/storage-conf.d/${client}.conf":
content => template('bacula/storage/sd-per-client.conf.erb'),
client => $client,
storage_address => $bacula::storage::storage_address,
port_sd => $bacula::storage::port_sd,
- storage_secret => $bacula::storage::storage_secret,
+ storage_secret => $dir_storage_secret,
storage_device_name => $device_name,
storage_media_type_name => $media_type_name,
}
--- /dev/null
+# Bacula sd config: director snippet
+#
+# Each/The director exports this class to be collected by each/the storage.
+#
+# @param director_name bacula name of the dir instance
+# @param director_address address of this dir instance that other instances should connect to (dns name)
+define bacula::storage::director(
+ String $director_name,
+ Stdlib::Host $director_address,
+) {
+ include bacula::storage
+
+ # this is created in both bacula::storage::client and
+ # bacula::storage::director and needs to be the same
+ $dir_storage_secret = hkdf('/etc/puppet/secret', "bacula::director<->storage::${director_address}<->${::fqdn}")
+
+ file {
+ "/etc/bacula/storage-conf.d/Dir_${director_address}.conf":
+ content => template('bacula/storage/sd-per-director.conf.erb'),
+ mode => '0440',
+ group => bacula,
+ notify => Exec['bacula-sd restart-when-idle'],
+ ;
+ }
+}
TLS Key = "<%= @bacula_ssl_server_key %>"
}
-# List Directors who are permitted to contact Storage daemon
-#
-Director {
- Name = <%= @bacula_director_name %>
- Password = "<%= @storage_secret %>"
-
- TLS Enable = yes
- TLS Require = yes
- TLS Verify Peer = yes
- TLS Allowed CN = "clientcerts/<%= @bacula_director_address %>"
- TLS CA Certificate File = "<%= @bacula_ca_path %>"
- # This is a server certificate, used for incoming director connections.
- TLS Certificate = "<%= @bacula_ssl_server_cert %>"
- TLS Key = "<%= @bacula_ssl_server_key %>"
-}
-
-# Send all messages to the Director,
-# mount messages also are sent to the email address
-#
-Messages {
- Name = Standard
- director = <%= @bacula_director_name %> = all
-}
-
@|"sh -c 'for f in /etc/bacula/storage-conf.d/*.conf ; do echo @${f} ; done'"
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+##
+
+Director {
+ Name = <%= @director_name %>
+ Password = "<%= @dir_storage_secret %>"
+
+ TLS Enable = yes
+ TLS Require = yes
+ TLS Verify Peer = yes
+ TLS Allowed CN = "clientcerts/<%= @director_address %>"
+ TLS CA Certificate File = "<%= @bacula_ca_path %>"
+ # This is a server certificate, used for incoming director connections.
+ TLS Certificate = "<%= @bacula_ssl_server_cert %>"
+ TLS Key = "<%= @bacula_ssl_server_key %>"
+}
+
+# Send all messages to the Director,
+#
+Messages {
+ Name = Standard
+ director = <%= @director_name %> = all
+}
projects / mirror / dsa-puppet.git / commitdiff