# List Directors who are permitted to contact this File daemon
Director {
- Name = <%= bacula_director_name %>
- Password = "<%= bacula_client_secret %>"
+ Name = <%= @bacula_director_name %>
+ Password = "<%= @bacula_client_secret %>"
TLS Enable = yes
TLS Require = yes
TLS Verify Peer = yes
- TLS Allowed CN = "clientcerts/<%= bacula_director_address %>"
- TLS CA Certificate File = "<%= bacula_ca_path %>"
+ TLS Allowed CN = "clientcerts/<%= @bacula_director_address %>"
+ TLS CA Certificate File = "<%= @bacula_ca_path %>"
# This is a server certificate, used for incoming director connections.
- TLS Certificate = "<%= bacula_ssl_server_cert %>"
- TLS Key = "<%= bacula_ssl_server_key %>"
+ TLS Certificate = "<%= @bacula_ssl_server_cert %>"
+ TLS Key = "<%= @bacula_ssl_server_key %>"
}
# "Global" File daemon configuration specifications
FileDaemon {
- Name = <%= bacula_client_name %>
- FDport = <%= bacula_client_port %>
+ Name = <%= @bacula_client_name %>
+ FDAddresses = {
+ # bacula, on Debian 9 (stretch), does not resolve a single name
+ # to both v4 and v6 addresses. Se we can't just say
+ # ip = { addr = <hostname> }. Boo.
+ <%- if scope.lookupvar('deprecated::nodeinfo')['misc']['has_v4_ldap'] -%>
+ ipv4 = {
+ # use the hostname rather than the IP address from LDAP,
+ # as /etc/hosts might have a better answer in case of natted hosts.
+ addr = <%= @fqdn %>
+ port = <%= @bacula_client_port %>
+ }
+ <%- end -%>
+ <%- scope.lookupvar('deprecated::nodeinfo')['misc']['v6_ldap'].each do |addr| -%>
+ ipv6 = {
+ addr = <%= addr %>
+ port = <%= @bacula_client_port %>
+ }
+ <%- end -%>
+ }
WorkingDirectory = /var/lib/bacula
+<%- if scope.call_function('versioncmp', [@lsbmajdistrelease, '8']) <= 0 -%>
Pid Directory = /var/run/bacula
+<%- else -%>
+ Pid Directory = /run/bacula
+ Plugin Directory = /usr/lib/bacula
+<%- end -%>
Maximum Concurrent Jobs = 20
- FDAddress = <%= fqdn %>
#Maximum Network Buffer Size = 524288
TLS Enable = yes
TLS Require = yes
- TLS CA Certificate File = "<%= bacula_ca_path %>"
+ TLS CA Certificate File = "<%= @bacula_ca_path %>"
# This is a client certificate, used by the client to connect to the storage daemon
- TLS Certificate = "<%= bacula_ssl_client_cert %>"
- TLS Key = "<%= bacula_ssl_client_key %>"
+ TLS Certificate = "<%= @bacula_ssl_client_cert %>"
+ TLS Key = "<%= @bacula_ssl_client_key %>"
+
+<%- if scope.lookupvar('deprecated::nodeinfo')['hoster']['name'] == "brown" -%>
+ # broken firewall
+ Heartbeat Interval = 60
+<%- end -%>
}
# Send all messages except skipped files back to Director
Messages {
Name = Standard
- director = <%=bacula_director_name%> = all, !skipped, !restored
+ director = <%= @bacula_director_name %> = all, !skipped, !restored
}
projects / mirror / dsa-puppet.git / blobdiff