projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Move bacula::bacula_ssl_{server,client}_{cert,key} to hiera
[mirror/dsa-puppet.git] / modules / bacula / manifests / init.pp
diff --git a/modules/bacula/manifests/init.pp b/modules/bacula/manifests/init.pp
index d822559..1b88a49 100644 (file)
--- a/modules/bacula/manifests/init.pp
+++ b/modules/bacula/manifests/init.pp
@@ -1,19 +1,21 @@
 # bacula class -- defines all the variables we care about in our bacula deployment
 #
 # @param operator_email   email address for reports
-# @param do_ssl           use TLS between systems
 # @param ssl_ca_path      full path and filename specifying a PEM encoded TLS CA certificate(s)
+# @param ssl_client_cert  path to TLS client certificate
+# @param ssl_client_key   path to TLS client certificate key
+# @param ssl_server_cert  path to TLS server certificate
+# @param ssl_server_key   path to TLS server certificate key
 # @param public_addresses this host's public IP addresses.  The ones it connects out from and is reachable from outsite.
 # @param has_ipv4         daemons should listen on ipv4
 # @param has_ipv6         daemons should listen on ipv6
 class bacula (
   String  $operator_email          = 'root@localhost',
-  Boolean $do_ssl                  = true,
-  Optional[String] $ssl_ca_path,
-  String  $bacula_ssl_client_cert  = '/etc/ssl/debian/certs/thishost.crt',
-  String  $bacula_ssl_client_key   = '/etc/ssl/private/thishost.key',
-  String  $bacula_ssl_server_cert  = '/etc/ssl/debian/certs/thishost-server.crt',
-  String  $bacula_ssl_server_key   = '/etc/ssl/private/thishost-server.key',
+  String $ssl_ca_path,
+  String $ssl_client_cert,
+  String $ssl_client_key,
+  String $ssl_server_cert,
+  String $ssl_server_key,
 
   Array[Stdlib::IP::Address] $public_addresses = $base::public_addresses,
 
@@ -24,14 +26,11 @@ class bacula (
   $bacula_dsa_client_list     = '/etc/bacula/dsa-clients'
   $tag_bacula_dsa_client_list = 'bacula::dsa::clientlist'
 
-  if $do_ssl {
-    if !$ssl_ca_path { fail('Need ssl_ca_path with do_ssl') }
-
-    $bacula_tls_ca_certificate_file = "TLS CA Certificate File = \"${ssl_ca_path}\""
-  } else {
-    $bacula_tls_ca_certificate_file = ''
-  }
-
+  $bacula_tls_ca_certificate_file = "TLS CA Certificate File = \"${ssl_ca_path}\""
+  $bacula_tls_client_certificate  = "TLS Certificate = \"${ssl_client_cert}\""
+  $bacula_tls_client_key          = "TLS Key = \"${ssl_client_key}\""
+  $bacula_tls_server_certificate  = "TLS Certificate = \"${ssl_server_cert}\""
+  $bacula_tls_server_key          = "TLS Key = \"${ssl_server_key}\""
 
   file { '/usr/local/sbin/bacula-idle-restart':
     mode   => '0555',
Unnamed repository; edit this file 'description' to name the repository.