diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2016-05-12 11:39:19 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2016-05-12 14:14:31 +0200 |
commit | c459a95cd4013e489ef4f9d47c05d1c98798522c (patch) | |
tree | ab579cee1200d965bc28525e9b27b407f7ac24a1 | |
parent | 4a4e71ef7111ffcbe052fbed8bb0b92b20b6af79 (diff) |
bacula: Set heartbeat options.
and also TCP keepalive options in the stunnel config.
6 files changed, 34 insertions, 6 deletions
diff --git a/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2 b/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2 index 790ae64..42b5f74 100644 --- a/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2 +++ b/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2 @@ -14,6 +14,9 @@ Director { # define myself DirAddress = 127.0.0.1 DirSourceAddress = 127.0.0.1 DirPort = 9101 + FDConnectTimeout = 5 min + SDConnectTimeout = 5 min + Heartbeat Interval = 1 min } @@ -391,6 +394,7 @@ Storage { @|"sed -n '/^{{ hostvars[ groups['bacula-sd'][0] ].inventory_hostname_short }}-sd\\s/ {s//Password = /p; q}' /etc/bacula/passwords-dir" Device = FileStorage Media Type = File + Heartbeat Interval = 1 min } diff --git a/roles/bacula-dir/templates/etc/stunnel/bacula-dir.conf.j2 b/roles/bacula-dir/templates/etc/stunnel/bacula-dir.conf.j2 index e6ab105..6219aff 100644 --- a/roles/bacula-dir/templates/etc/stunnel/bacula-dir.conf.j2 +++ b/roles/bacula-dir/templates/etc/stunnel/bacula-dir.conf.j2 @@ -23,9 +23,17 @@ key = /etc/stunnel/certs/{{ inventory_hostname_short }}-dir.key client = yes socket = a:SO_BINDTODEVICE=lo -; Some performance tunings socket = l:TCP_NODELAY=1 +socket = l:SO_KEEPALIVE=1 +socket = l:TCP_KEEPIDLE=60 +socket = l:TCP_KEEPINTVL=15 +socket = l:TCP_KEEPCNT=116 + socket = r:TCP_NODELAY=1 +socket = r:SO_KEEPALIVE=1 +socket = r:TCP_KEEPIDLE=60 +socket = r:TCP_KEEPINTVL=15 +socket = r:TCP_KEEPCNT=116 ; Prevent MITM attacks verify = 4 diff --git a/roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2 b/roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2 index 683c70a..fbfdca5 100644 --- a/roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2 +++ b/roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2 @@ -17,6 +17,7 @@ Storage { # define myself Maximum Concurrent Jobs = 20 SDAddress = 127.0.0.1 SDPort = 9113 + Heartbeat Interval = 1 min } # diff --git a/roles/bacula-sd/templates/etc/stunnel/bacula-sd.conf.j2 b/roles/bacula-sd/templates/etc/stunnel/bacula-sd.conf.j2 index f0234fa..051412c 100644 --- a/roles/bacula-sd/templates/etc/stunnel/bacula-sd.conf.j2 +++ b/roles/bacula-sd/templates/etc/stunnel/bacula-sd.conf.j2 @@ -21,9 +21,17 @@ debug = 4 cert = /etc/stunnel/certs/{{ inventory_hostname_short }}-sd.pem key = /etc/stunnel/certs/{{ inventory_hostname_short }}-sd.key -; Some performance tunings socket = l:TCP_NODELAY=1 +socket = l:SO_KEEPALIVE=1 +socket = l:TCP_KEEPIDLE=60 +socket = l:TCP_KEEPINTVL=15 +socket = l:TCP_KEEPCNT=116 + socket = r:TCP_NODELAY=1 +socket = r:SO_KEEPALIVE=1 +socket = r:TCP_KEEPIDLE=60 +socket = r:TCP_KEEPINTVL=15 +socket = r:TCP_KEEPCNT=116 ; Prevent MITM attacks verify = 4 diff --git a/roles/common/templates/etc/bacula/bacula-fd.conf.j2 b/roles/common/templates/etc/bacula/bacula-fd.conf.j2 index a47bb90..432768b 100644 --- a/roles/common/templates/etc/bacula/bacula-fd.conf.j2 +++ b/roles/common/templates/etc/bacula/bacula-fd.conf.j2 @@ -30,9 +30,8 @@ FileDaemon { # define myself FDAddress = 127.0.0.1 FDPort = 9112 FDSourceAddress = 127.0.0.1 -{% if 'bacula-dir' not in group_names or 'bacula-sd' not in group_names %} - Heartbeat Interval = 60s -{% endif %} + SDConnectTimeout = 5 min + Heartbeat Interval = 1 min PKI Signatures = Yes # Enable Data Signing PKI Encryption = Yes # Enable Data Encryption diff --git a/roles/common/templates/etc/stunnel/bacula-fd.conf.j2 b/roles/common/templates/etc/stunnel/bacula-fd.conf.j2 index 851f0ac..057dc48 100644 --- a/roles/common/templates/etc/stunnel/bacula-fd.conf.j2 +++ b/roles/common/templates/etc/stunnel/bacula-fd.conf.j2 @@ -21,9 +21,17 @@ debug = 4 cert = /etc/stunnel/certs/{{ inventory_hostname_short }}-fd.pem key = /etc/stunnel/certs/{{ inventory_hostname_short }}-fd.key -; Some performance tunings socket = l:TCP_NODELAY=1 +socket = l:SO_KEEPALIVE=1 +socket = l:TCP_KEEPIDLE=60 +socket = l:TCP_KEEPINTVL=15 +socket = l:TCP_KEEPCNT=116 + socket = r:TCP_NODELAY=1 +socket = r:SO_KEEPALIVE=1 +socket = r:TCP_KEEPIDLE=60 +socket = r:TCP_KEEPINTVL=15 +socket = r:TCP_KEEPCNT=116 ; Prevent MITM attacks verify = 4 |