From c0a2aa7bfdcb0d56ec24e0ad98d5f248a995fd70 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Wed, 25 Sep 2019 00:32:23 +0200 Subject: [PATCH] continue with moving director address to a more local thing --- modules/bacula/manifests/director.pp | 9 ++++++- modules/bacula/manifests/init.pp | 2 -- modules/bacula/manifests/storage.pp | 2 +- modules/bacula/manifests/storage/client.pp | 6 ++++- modules/bacula/manifests/storage/director.pp | 25 +++++++++++++++++++ modules/bacula/templates/bacula-sd.conf.erb | 24 ------------------ .../storage/sd-per-director.conf.erb | 24 ++++++++++++++++++ 7 files changed, 63 insertions(+), 29 deletions(-) create mode 100644 modules/bacula/manifests/storage/director.pp create mode 100644 modules/bacula/templates/storage/sd-per-director.conf.erb diff --git a/modules/bacula/manifests/director.pp b/modules/bacula/manifests/director.pp index ca065c7d0..5aaa061ba 100644 --- a/modules/bacula/manifests/director.pp +++ b/modules/bacula/manifests/director.pp @@ -8,7 +8,7 @@ # @param port_dir Port that the director should listen on # @param db_sslca SSL CA store for DB access # @param director_name bacula name of this dir instance -# @param director_address address of this sd instance that other instances should connect to (dns name) +# @param director_address address of this dir instance that other instances should connect to (dns name) class bacula::director( String $db_address, Integer $db_port, @@ -28,6 +28,13 @@ class bacula::director( $some_pool_name = "poolfull-${pool_name}-${director_address}" $some_client_name = "${director_address}-fd" + # let the SD know we exist + @@bacula::storage::director{ $::fqdn: + tag => 'bacula::to-storage', + director_name => $director_name, + director_address => $director_address, + } + ensure_packages ( [ 'bacula-director-pgsql', 'bacula-common', diff --git a/modules/bacula/manifests/init.pp b/modules/bacula/manifests/init.pp index c9c554b4a..7b78df816 100644 --- a/modules/bacula/manifests/init.pp +++ b/modules/bacula/manifests/init.pp @@ -5,8 +5,6 @@ class bacula ( String $bacula_operator_email = 'bacula-reports@admin.debian.org', String $bacula_director_name = 'debian-dir', - Stdlib::Host $bacula_director_address = 'dinis.debian.org', - String $bacula_db_secret = hkdf('/etc/puppet/secret', "bacula-db-${::hostname}"), String $bacula_ca_path = '/etc/ssl/debian/certs/ca.crt', diff --git a/modules/bacula/manifests/storage.pp b/modules/bacula/manifests/storage.pp index ffa80e39a..80b4755de 100644 --- a/modules/bacula/manifests/storage.pp +++ b/modules/bacula/manifests/storage.pp @@ -18,7 +18,6 @@ class bacula::storage ( Boolean $has_ipv4 = $bacula::public_addresses.any |$addr| { $addr =~ Stdlib::IP::Address::V4 }, Boolean $has_ipv6 = $bacula::public_addresses.any |$addr| { $addr =~ Stdlib::IP::Address::V6 }, ) inherits bacula { - $storage_secret = hkdf('/etc/puppet/secret', "bacula-sd-${::fqdn}") package { 'bacula-sd': ensure => installed @@ -93,5 +92,6 @@ class bacula::storage ( | EOF } + Bacula::Storage::Director<<| tag == 'bacula::to-storage' |>> Bacula::Storage::Client<<| tag == "bacula::to-storage::${::fqdn}" |>> } diff --git a/modules/bacula/manifests/storage/client.pp b/modules/bacula/manifests/storage/client.pp index ba2f930b1..e49ff2b32 100644 --- a/modules/bacula/manifests/storage/client.pp +++ b/modules/bacula/manifests/storage/client.pp @@ -14,6 +14,10 @@ define bacula::storage::client( $media_type_name = "${bacula::storage::filestor_name}-${client}" $directory = "${bacula::storage::backup_path}/${client}" + # this is created in both bacula::storage::client and + # bacula::storage::director and needs to be the same + $dir_storage_secret = hkdf('/etc/puppet/secret', "bacula::director<->storage::${director_server}<->${::fqdn}") + file { "/etc/bacula/storage-conf.d/${client}.conf": content => template('bacula/storage/sd-per-client.conf.erb'), @@ -35,7 +39,7 @@ define bacula::storage::client( client => $client, storage_address => $bacula::storage::storage_address, port_sd => $bacula::storage::port_sd, - storage_secret => $bacula::storage::storage_secret, + storage_secret => $dir_storage_secret, storage_device_name => $device_name, storage_media_type_name => $media_type_name, } diff --git a/modules/bacula/manifests/storage/director.pp b/modules/bacula/manifests/storage/director.pp new file mode 100644 index 000000000..de4f25ef4 --- /dev/null +++ b/modules/bacula/manifests/storage/director.pp @@ -0,0 +1,25 @@ +# Bacula sd config: director snippet +# +# Each/The director exports this class to be collected by each/the storage. +# +# @param director_name bacula name of the dir instance +# @param director_address address of this dir instance that other instances should connect to (dns name) +define bacula::storage::director( + String $director_name, + Stdlib::Host $director_address, +) { + include bacula::storage + + # this is created in both bacula::storage::client and + # bacula::storage::director and needs to be the same + $dir_storage_secret = hkdf('/etc/puppet/secret', "bacula::director<->storage::${director_address}<->${::fqdn}") + + file { + "/etc/bacula/storage-conf.d/Dir_${director_address}.conf": + content => template('bacula/storage/sd-per-director.conf.erb'), + mode => '0440', + group => bacula, + notify => Exec['bacula-sd restart-when-idle'], + ; + } +} diff --git a/modules/bacula/templates/bacula-sd.conf.erb b/modules/bacula/templates/bacula-sd.conf.erb index 0a0ef7998..12b45aa5d 100644 --- a/modules/bacula/templates/bacula-sd.conf.erb +++ b/modules/bacula/templates/bacula-sd.conf.erb @@ -40,28 +40,4 @@ Storage { TLS Key = "<%= @bacula_ssl_server_key %>" } -# List Directors who are permitted to contact Storage daemon -# -Director { - Name = <%= @bacula_director_name %> - Password = "<%= @storage_secret %>" - - TLS Enable = yes - TLS Require = yes - TLS Verify Peer = yes - TLS Allowed CN = "clientcerts/<%= @bacula_director_address %>" - TLS CA Certificate File = "<%= @bacula_ca_path %>" - # This is a server certificate, used for incoming director connections. - TLS Certificate = "<%= @bacula_ssl_server_cert %>" - TLS Key = "<%= @bacula_ssl_server_key %>" -} - -# Send all messages to the Director, -# mount messages also are sent to the email address -# -Messages { - Name = Standard - director = <%= @bacula_director_name %> = all -} - @|"sh -c 'for f in /etc/bacula/storage-conf.d/*.conf ; do echo @${f} ; done'" diff --git a/modules/bacula/templates/storage/sd-per-director.conf.erb b/modules/bacula/templates/storage/sd-per-director.conf.erb new file mode 100644 index 000000000..7b3e115f6 --- /dev/null +++ b/modules/bacula/templates/storage/sd-per-director.conf.erb @@ -0,0 +1,24 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## + +Director { + Name = <%= @director_name %> + Password = "<%= @dir_storage_secret %>" + + TLS Enable = yes + TLS Require = yes + TLS Verify Peer = yes + TLS Allowed CN = "clientcerts/<%= @director_address %>" + TLS CA Certificate File = "<%= @bacula_ca_path %>" + # This is a server certificate, used for incoming director connections. + TLS Certificate = "<%= @bacula_ssl_server_cert %>" + TLS Key = "<%= @bacula_ssl_server_key %>" +} + +# Send all messages to the Director, +# +Messages { + Name = Standard + director = <%= @director_name %> = all +} -- 2.20.1