# this mostly configures the file daemon, but also firewall rules and
# fragments to sent to the other servers.
#
-# @param director_server The director server that controls this client's backups
-# @param storage_server The storage server to use for this client
-# @param port_fd Port that bacula-fd listens on
-# @param ensure present or absent
+# @param director_server director server that controls this client's backups
+# @param storage_server storage server to use for this client
+# @param port_fd port that bacula-fd listens on
+# @param client_name bacula client name for this instance
+# @param ensure present or absent
class bacula::client(
String $director_server,
String $storage_server,
Integer $port_fd = 9102,
+ String $client_name = "${::fqdn}-fd",
Enum['present', 'absent'] $ensure = defined(Class['bacula::not_a_client']) ? { true => 'absent', default => 'present' },
) inherits bacula {
$package_ensure = $ensure ? { 'present' => 'installed', 'absent' => 'purged' }
$service_enable = $ensure ? { 'present' => true, 'absent' => false }
$reverse_ensure = $ensure ? { 'present' => 'absent', 'absent' => 'present' }
+ $client = $::fqdn
+ $client_secret = hkdf('/etc/puppet/secret', "bacula::director<->fd::${director_server}<->${client}")
+
if $ensure == 'present' {
- @@bacula::director::client { $::fqdn:
- port_fd => $port_fd,
- client => $::fqdn,
- tag => "bacula::to-director::${director_server}",
+ @@bacula::director::client { $client:
+ port_fd => $port_fd,
+ client => $client,
+ client_name => $client_name,
+ client_secret => $client_name,
+ tag => "bacula::to-director::${director_server}",
}
- @@bacula::storage::client { $::fqdn:
+ @@bacula::storage::client { $client:
tag => "bacula::to-storage::${storage_server}",
- client => $::fqdn,
+ client => $client,
director_server => $director_server,
}
- @@concat::fragment { "bacula-dsa-client-list::${::fqdn}":
+ @@concat::fragment { "bacula-dsa-client-list::${client}":
target => $bacula::bacula_dsa_client_list ,
content => @("EOF"),
- ${::fqdn}
+ ${client}
| EOF
tag => $bacula::tag_bacula_dsa_client_list,
}
}
# get access to the storage
- @@ferm::rule::simple { "bacula::fd-to-storage::${::fqdn}":
+ @@ferm::rule::simple { "bacula::fd-to-storage::${client}":
tag => "bacula::fd-to-storage::${storage_server}",
description => 'Allow bacula-fd access to the bacula-storage',
chain => 'bacula-sd',
#
# This is stored config by a client, collected on the director
#
-# @param port_fd port that this node's bacula-fd is listening on
-# @param client The name of the client (relevant for device names, media type names, etc.)
+# @param port_fd port that this node's bacula-fd is listening on
+# @param client name of the client (relevant for device names, media type names, etc.)
+# @param client_name bacula client name
+# @param client_secret shared secret between director and client
define bacula::director::client (
Integer $port_fd,
String $client = $name,
+ String $client_name = "${client}-fd", # XXX remove default
+ String $client_secret = hkdf('/etc/puppet/secret', "bacula-fd-${client}"), # XXX remove default
) {
include bacula::director
$bacula_ssl_client_cert = $bacula::bacula_ssl_client_cert
$bacula_ssl_client_key = $bacula::bacula_ssl_client_key
- $client_name = "${client}-fd"
- $client_secret = hkdf('/etc/puppet/secret', "bacula-fd-${client}")
-
# we define this in both bacula::director::client_from_storage and
# bacula::director::client and it needs to match.
$pool_name = "${bacula::director::pool_name}-${client}"
String $bacula_operator_email = 'bacula-reports@admin.debian.org',
String $bacula_director_name = 'debian-dir',
String $bacula_storage_name = 'debian-sd',
- String $bacula_client_name = "${::fqdn}-fd",
String $bacula_monitor_name = 'debian-mon',
String $bacula_director_address = 'dinis.debian.org',
String $bacula_storage_address = 'storace.debian.org',
String $bacula_db_secret = hkdf('/etc/puppet/secret', "bacula-db-${::hostname}"),
- String $bacula_client_secret = hkdf('/etc/puppet/secret', "bacula-fd-${::fqdn}"),
String $bacula_monitor_secret = hkdf('/etc/puppet/secret', "bacula-monitor-${bacula_director_name}"),
String $bacula_ca_path = '/etc/ssl/debian/certs/ca.crt',
projects / mirror / dsa-puppet.git / commitdiff