From: Peter Palfrader Date: Tue, 24 Sep 2019 22:08:25 +0000 (+0200) Subject: continue with moving director name/address to a more local thing X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=92461482f97287c63b614ae7338594023711ce12;p=mirror%2Fdsa-puppet.git continue with moving director name/address to a more local thing --- diff --git a/modules/bacula/manifests/director.pp b/modules/bacula/manifests/director.pp index 5c522c53b..ca065c7d0 100644 --- a/modules/bacula/manifests/director.pp +++ b/modules/bacula/manifests/director.pp @@ -8,6 +8,7 @@ # @param port_dir Port that the director should listen on # @param db_sslca SSL CA store for DB access # @param director_name bacula name of this dir instance +# @param director_address address of this sd instance that other instances should connect to (dns name) class bacula::director( String $db_address, Integer $db_port, @@ -18,12 +19,14 @@ class bacula::director( Optional[String] $db_sslca = undef, #String $director_name = "${::fqdn}-dir", String $director_name = $bacula::bacula_director_name, + Stdlib::Host $director_address = $::fqdn, ) inherits bacula { # used by e.g. bconsole $director_secret = hkdf('/etc/puppet/secret', "bacula-dir-${::fqdn}") - # the RestoreFiles Job needs a Pool. Any valid pool. - $some_pool_name = "poolfull-${pool_name}-${bacula::bacula_director_address}" + # the RestoreFiles Job needs a Pool and a client. Any valid pool and client. + $some_pool_name = "poolfull-${pool_name}-${director_address}" + $some_client_name = "${director_address}-fd" ensure_packages ( [ 'bacula-director-pgsql', @@ -144,7 +147,7 @@ class bacula::director( saddr => $bacula::public_addresses, } @@ferm::rule::simple { "bacula::director-to-storage::${::fqdn}": - tag => "bacula::director-to-storage::${::fqdn}", + tag => 'bacula::director-to-storage', description => 'Allow bacula-storage access from the bacula-director', chain => 'bacula-sd', saddr => $bacula::public_addresses, diff --git a/modules/bacula/manifests/storage.pp b/modules/bacula/manifests/storage.pp index 2b8ed3f9e..ffa80e39a 100644 --- a/modules/bacula/manifests/storage.pp +++ b/modules/bacula/manifests/storage.pp @@ -70,7 +70,7 @@ class bacula::storage ( port => $port_sd, target => 'bacula-sd', } - Ferm::Rule::Simple <<| tag == "bacula::director-to-storage::${bacula::bacula_director_address}" |>>; + Ferm::Rule::Simple <<| tag == 'bacula::director-to-storage' |>>; Ferm::Rule::Simple <<| tag == "bacula::fd-to-storage::${::fqdn}" |>>; file { '/etc/bacula/storage-conf.d/empty.conf': diff --git a/modules/bacula/templates/bacula-dir.conf.erb b/modules/bacula/templates/bacula-dir.conf.erb index 58b9c8536..84a7bbf7a 100644 --- a/modules/bacula/templates/bacula-dir.conf.erb +++ b/modules/bacula/templates/bacula-dir.conf.erb @@ -21,13 +21,13 @@ Director { DirAddresses = { # Always have localhost in, then the configured IP ip = { addr = 127.0.0.1; port = <%= @port_dir %> } - ip = { addr = <%=@bacula_director_address%>; port = <%= @port_dir %> } + ip = { addr = <%= @director_address %>; port = <%= @port_dir %> } } TLS Enable = yes TLS Require = yes TLS Verify Peer = yes - TLS Allowed CN = "clientcerts/<%= @bacula_director_address %>" + TLS Allowed CN = "clientcerts/<%= @director_address %>" TLS CA Certificate File = "<%= @bacula_ca_path %>" # This is a server certificate, used for incoming console connections. TLS Certificate = "<%= @bacula_ssl_server_cert %>" @@ -149,8 +149,8 @@ JobDefs { Job { Name = "RestoreFiles" Type = Restore - Client = <%=@bacula_director_address%>-fd FileSet = "Standard Set" + Client = <%= @some_client_name%> Pool = <%= @some_pool_name %> Messages = Standard Where = /var/tmp/bacula-restores diff --git a/modules/bacula/templates/bconsole.conf.erb b/modules/bacula/templates/bconsole.conf.erb index 74f970675..de675d4db 100644 --- a/modules/bacula/templates/bconsole.conf.erb +++ b/modules/bacula/templates/bconsole.conf.erb @@ -9,7 +9,7 @@ Director { Name = <%= @director_name %> DIRport = <%= @port_dir %> - address = <%= @bacula_director_address %> + address = <%= @director_address %> Password = "<%= @director_secret %>" TLS Enable = yes