Make the bacula storage node request DB access from its role

diff --git a/data/nodes/storace.debian.org.yaml b/data/nodes/storace.debian.org.yaml
index ca972f8..5d97af7 100644 (file)
--- a/data/nodes/storace.debian.org.yaml
+++ b/data/nodes/storace.debian.org.yaml
@@ -1,5 +1,5 @@
 ---
 classes:
-  - bacula::storage
+  - roles::bacula::storage
   - postgres::backup_server
   - profile::ipsec::fasolo_storace

diff --git a/modules/roles/manifests/bacula/storage.pp b/modules/roles/manifests/bacula/storage.pp
new file mode 100644 (file)
index 0000000..e668148
--- /dev/null
+++ b/modules/roles/manifests/bacula/storage.pp
@@ -0,0 +1,18 @@
+#
+# bacula storage node
+#
+class roles::bacula::storage(
+) {
+  include bacula::storage
+
+  $pg_server = lookup('bacula::director::db_address')
+  $pg_port   = lookup('bacula::director::db_port')
+
+  @@postgres::cluster::hba_entry { 'bacula-sd':
+    tag      => "postgres::cluster::${pg_port}::hba::${pg_server}",
+    pg_port  => $pg_port,
+    database => 'bacula',
+    user     => "bacula-${::hostname}-reader",
+    address  => $base::public_addresses,
+  }
+}

diff --git a/modules/roles/manifests/postgresql/cluster_bacula.pp b/modules/roles/manifests/postgresql/cluster_bacula.pp
index 1a85355..eeebd83 100644 (file)
--- a/modules/roles/manifests/postgresql/cluster_bacula.pp
+++ b/modules/roles/manifests/postgresql/cluster_bacula.pp
@@ -20,12 +20,4 @@ class roles::postgresql::cluster_bacula {
     user       => ['bacula', 'bacula-dinis-reader', 'nagios'],
     address    => ['82.195.75.77', '2001:41b8:202:deb::311:77'],
   }
-  postgres::cluster::hba_entry { 'bacula-sd':
-    pg_version => $pg_version,
-    pg_cluster => $pg_cluster,
-    pg_port    => $pg_port,
-    database   => 'bacula',
-    user       => 'bacula-storace-reader',
-    address    => ['93.94.130.161', '2a02:158:380:280::161'],
-  }
 }