refreshonly => true;
}
- define bacula_client($client) {
+ define bacula_client() {
# These must be kept in sync with the settings in bacula.pp
- $bacula_client_name = "$client-fd"
- $bacula_client_secret = hmac("/etc/puppet/secret", "bacula-fd-$client")
+ $bacula_client_name = "${name}-fd"
+ $bacula_client_secret = hmac("/etc/puppet/secret", "bacula-fd-${name}")
+ $client = $name
file {
- "/etc/bacula/conf.d/$client.conf":
+ "/etc/bacula/conf.d/${name}.conf":
content => template("bacula/per-client.conf.erb"),
mode => 440,
group => bacula,
notify => Exec["bacula-director restart"]
;
+ }
+ }
+ $allhosts = keys($site::allnodeinfo)
+
+ bacula_client { $allhosts: }
+
+ @ferm::rule { 'dsa-bacula-dir':
+ domain => '(ip ip6)',
+ description => 'Allow bacula access from localhost,
+ rule => "proto tcp mod state state (NEW) dport (bacula-dir) saddr ($bacula_director_address localhost) ACCEPT",
}
- bacula_client(allnodeinfo('hostname', ''))
}