From a3265133b4a390133b3fc306f866433a57fc793e Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 25 Sep 2019 08:40:28 +0200
Subject: [PATCH] Get director name from director

---
 modules/bacula/manifests/client.pp            | 24 ++++++++------
 modules/bacula/manifests/client/director.pp   | 31 +++++++++++++++++++
 modules/bacula/manifests/director.pp          |  6 ++++
 modules/bacula/manifests/init.pp              |  1 -
 modules/bacula/templates/bacula-fd.conf.erb   | 21 +------------
 .../templates/client/fd-per-director.conf.erb | 26 ++++++++++++++++
 6 files changed, 78 insertions(+), 31 deletions(-)
 create mode 100644 modules/bacula/manifests/client/director.pp
 create mode 100644 modules/bacula/templates/client/fd-per-director.conf.erb

diff --git a/modules/bacula/manifests/client.pp b/modules/bacula/manifests/client.pp
index 9d35c63f7..03988fb20 100644
--- a/modules/bacula/manifests/client.pp
+++ b/modules/bacula/manifests/client.pp
@@ -3,8 +3,8 @@
 # this mostly configures the file daemon, but also firewall rules and
 # fragments to sent to the other servers.
 #
-# @param director_server  director server that controls this client's backups
-# @param storage_server   storage server to use for this client
+# @param director_server  director server (address) that controls this client's backups
+# @param storage_server   storage server (address) to use for this client
 # @param port_fd          port that bacula-fd listens on
 # @param client_name      bacula client name for this instance
 # @param ensure           present or absent
@@ -21,16 +21,20 @@ class bacula::client(
   $reverse_ensure = $ensure ? { 'present' => 'absent', 'absent' => 'present' }
 
   $client = $::fqdn
-  $client_secret = hkdf('/etc/puppet/secret', "bacula::director<->fd::${director_server}<->${client}")
+
+  file { '/etc/bacula/fd-conf.d':
+    ensure  => directory,
+    mode    => '0755',
+    group   => bacula,
+    purge   => true,
+    force   => true,
+    recurse => true,
+    source  => 'puppet:///files/empty/',
+    notify  => Exec['bacula-fd restart-when-idle'],
+  }
 
   if $ensure == 'present' {
-    @@bacula::director::client { $client:
-      port_fd       => $port_fd,
-      client        => $client,
-      client_name   => $client_name,
-      client_secret => $client_secret,
-      tag           => "bacula::to-director::${director_server}",
-    }
+    Bacula::Client::Director <<| tag == "bacula::to-fd::${director_server}" |>>
 
     @@bacula::storage::client { $client:
       tag             => "bacula::to-storage::${storage_server}",
diff --git a/modules/bacula/manifests/client/director.pp b/modules/bacula/manifests/client/director.pp
new file mode 100644
index 000000000..9c96eb4c8
--- /dev/null
+++ b/modules/bacula/manifests/client/director.pp
@@ -0,0 +1,31 @@
+# Bacula fd config: director snippet
+#
+# Each/The director exports this class to be collected by each fd.
+#
+# @param director_name     bacula name of the dir instance
+# @param director_address  address of this dir instance that other instances should connect to (dns name)
+define bacula::client::director(
+  String $director_name,
+  Stdlib::Host $director_address,
+) {
+  include bacula::client
+
+  $dir_client_secret = hkdf('/etc/puppet/secret', "bacula::director<->fd::${director_address}<->${::fqdn}")
+
+  @@bacula::director::client { $bacula::client::client:
+    port_fd       => $bacula::client::port_fd,
+    client        => $bacula::client::client,
+    client_name   => $bacula::client::client_name,
+    client_secret => $dir_client_secret,
+    tag           => "bacula::to-director::${director_address}",
+  }
+
+  file {
+    "/etc/bacula/storage-conf.d/Dir_${director_address}.conf":
+      content => template('bacula/storage/sd-per-director.conf.erb'),
+      mode    => '0440',
+      group   => bacula,
+      notify  => Exec['bacula-sd restart-when-idle'],
+      ;
+  }
+}
diff --git a/modules/bacula/manifests/director.pp b/modules/bacula/manifests/director.pp
index ff41e1bb2..e44ed7c04 100644
--- a/modules/bacula/manifests/director.pp
+++ b/modules/bacula/manifests/director.pp
@@ -36,6 +36,12 @@ class bacula::director(
     director_name    => $director_name,
     director_address => $director_address,
   }
+  # let FDs know we exist
+  @@bacula::client::director{ $::fqdn:
+    tag              => "bacula::to-fd::${director_address}",
+    director_name    => $director_name,
+    director_address => $director_address,
+  }
 
   ensure_packages ( [
     'bacula-director-pgsql',
diff --git a/modules/bacula/manifests/init.pp b/modules/bacula/manifests/init.pp
index f5cc52d6e..eee682f27 100644
--- a/modules/bacula/manifests/init.pp
+++ b/modules/bacula/manifests/init.pp
@@ -3,7 +3,6 @@
 # @param public_addresses this host's public IP addresses.  The ones it connects out from and is reachable from outsite.
 class bacula (
   String  $bacula_operator_email      = 'bacula-reports@admin.debian.org',
-  String  $bacula_director_name       = 'debian-dir',
 
   String  $bacula_ca_path             = '/etc/ssl/debian/certs/ca.crt',
   String  $bacula_ssl_client_cert     = '/etc/ssl/debian/certs/thishost.crt',
diff --git a/modules/bacula/templates/bacula-fd.conf.erb b/modules/bacula/templates/bacula-fd.conf.erb
index 51624af5c..5e07c9fe6 100644
--- a/modules/bacula/templates/bacula-fd.conf.erb
+++ b/modules/bacula/templates/bacula-fd.conf.erb
@@ -4,21 +4,6 @@
 ##
 #  For Bacula release 5.0.1 (24 February 2010) -- debian 5.0.4
 
-# List Directors who are permitted to contact this File daemon
-Director {
-  Name = <%= @bacula_director_name %>
-  Password = "<%= @client_secret %>"
-
-  TLS Enable = yes
-  TLS Require = yes
-  TLS Verify Peer = yes
-  TLS Allowed CN = "clientcerts/<%= @director_server %>"
-  TLS CA Certificate File = "<%= @bacula_ca_path %>"
-  # This is a server certificate, used for incoming director connections.
-  TLS Certificate = "<%= @bacula_ssl_server_cert %>"
-  TLS Key = "<%= @bacula_ssl_server_key %>"
-}
-
 # "Global" File daemon configuration specifications
 FileDaemon {
   Name = <%= @client_name %>
@@ -63,8 +48,4 @@ FileDaemon {
 <%- end -%>
 }
 
-# Send all messages except skipped files back to Director
-Messages {
-  Name = Standard
-  director = <%= @bacula_director_name %> = all, !skipped, !restored
-}
+@|"sh -c 'for f in /etc/bacula/fd-conf.d/*.conf ; do echo @${f} ; done'"
diff --git a/modules/bacula/templates/client/fd-per-director.conf.erb b/modules/bacula/templates/client/fd-per-director.conf.erb
new file mode 100644
index 000000000..25daf0a2e
--- /dev/null
+++ b/modules/bacula/templates/client/fd-per-director.conf.erb
@@ -0,0 +1,26 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+#  For Bacula release 5.0.1 (24 February 2010) -- debian 5.0.4
+
+# List Directors who are permitted to contact this File daemon
+Director {
+  Name = <%= @director_name %>
+  Password = "<%= @dir_client_secret %>"
+
+  TLS Enable = yes
+  TLS Require = yes
+  TLS Verify Peer = yes
+  TLS Allowed CN = "clientcerts/<%= @director_address %>"
+  TLS CA Certificate File = "<%= scope['bacula::bacula_ca_path'] %>"
+  # This is a server certificate, used for incoming director connections.
+  TLS Certificate = "<%= scope['bacula::bacula_ssl_server_cert'] %>"
+  TLS Key = "<%= scope['bacula::bacula_ssl_server_key'] %>"
+}
+
+# Send all messages except skipped files back to Director
+Messages {
+  Name = Msg-<%= scope['bacula::client::client_name'] %>-<%= @director_name %>
+  director = <%= @director_name %> = all, !skipped, !restored
+}
-- 
2.20.1