bacula-{dir,sd}: Upgrade role to Debian Buster.

author: Guilhem Moulin <guilhem@fripost.org> 2020-05-26 21:12:38 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2020-05-26 21:26:45 +0200
commit: 6450b2f48b57d92db102277448879a3a7c99d97b (patch)
tree: 7b94ff4f95bc3468d3471afb352abf83355895f2
parent: 4797826cd2d7b64bf1d2c29c22a09f960ddbac30 (diff)
4 files changed, 6 insertions, 6 deletions
diff --git a/roles/bacula-dir/files/etc/systemd/system/bacula-director.service b/roles/bacula-dir/files/etc/systemd/system/bacula-director.service
index 4873689..8b2f5ff 100644
--- a/roles/bacula-dir/files/etc/systemd/system/bacula-director.service
+++ b/roles/bacula-dir/files/etc/systemd/system/bacula-director.service
@@ -1,27 +1,27 @@
 [Unit]
 Description=Bacula Director service
 After=network.target
 
 [Service]
 Type=simple
 StandardOutput=syslog
 User=bacula
 Group=bacula
 ExecStart=/usr/sbin/bacula-dir -f -c /etc/bacula/bacula-dir.conf
 
 # Hardening
 NoNewPrivileges=yes
 PrivateDevices=yes
 ProtectHome=yes
 ProtectSystem=strict
 ReadWriteDirectories=-/var/lib/bacula
 ReadWriteDirectories=-/var/log/bacula
-ReadWriteDirectories=-/var/run/bacula
+RuntimeDirectory=bacula
 PrivateDevices=yes
 ProtectControlGroups=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 
 [Install]
 WantedBy=multi-user.target
diff --git a/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2 b/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2
index efaf06a..2042b57 100644
--- a/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2
+++ b/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2
@@ -1,31 +1,31 @@
 #
 # Default Bacula Director Configuration file
-# For Bacula release 5.2.6 (21 February 2012) -- debian jessie/sid
+# For Bacula release 9.4.2 (04 February 2019) -- debian buster/sid
 #
 
 Director {  # define myself
   Name = {{ inventory_hostname_short }}-dir
   @|"sed -n '/^bconsole\\s/ {s//Password = /p; q}' /etc/bacula/passwords-dir"
   Messages = Daemon
   Working Directory = /var/lib/bacula
-  Pid Directory = /var/run/bacula
+  Pid Directory = /run/bacula
   QueryFile = "/etc/bacula/scripts/query.sql"
   Maximum Concurrent Jobs = 1
   DirAddress = 127.0.0.1
   DirPort = 9101
   FDConnectTimeout = 5 min
   SDConnectTimeout = 5 min
 }
 
 
 JobDefs {
   Name = DefaultJob
   Type = Backup
   Level = Incremental
   Storage = {{ hostvars[ groups['bacula_sd'][0] ].inventory_hostname_short }}-sd
   Messages = Standard
   Accurate = yes
   #Rerun Failed Levels = yes
   Reschedule On Error = yes
   Reschedule Interval = 17 min
   Reschedule Times = 3
diff --git a/roles/bacula-sd/files/etc/systemd/system/bacula-sd.service b/roles/bacula-sd/files/etc/systemd/system/bacula-sd.service
index 30fa562..61ba01d 100644
--- a/roles/bacula-sd/files/etc/systemd/system/bacula-sd.service
+++ b/roles/bacula-sd/files/etc/systemd/system/bacula-sd.service
@@ -1,27 +1,27 @@
 [Unit]
 Description=Bacula Storage Daemon service
 After=network.target
 
 [Service]
 Type=simple
 StandardOutput=syslog
 User=bacula
 Group=tape
 ExecStart=/usr/sbin/bacula-sd -f -c /etc/bacula/bacula-sd.conf
 
 # Hardening
 NoNewPrivileges=yes
 PrivateDevices=yes
 ProtectHome=yes
 ProtectSystem=strict
 ReadWriteDirectories=-/var/lib/bacula
-ReadWriteDirectories=-/var/run/bacula
 ReadWriteDirectories=/mnt/backup/bacula
+RuntimeDirectory=bacula
 PrivateDevices=yes
 ProtectControlGroups=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
 RestrictAddressFamilies=AF_INET AF_INET6
 
 [Install]
 WantedBy=multi-user.target
diff --git a/roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2 b/roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2
index 3cbf7fe..a898e0d 100644
--- a/roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2
+++ b/roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2
@@ -1,36 +1,36 @@
 #
 # Default Bacula Storage Daemon Configuration file
 #
-#  For Bacula release 5.2.6 (21 February 2012) -- debian jessie/sid
+#  For Bacula release 9.4.2 (04 February 2019) -- debian buster/sid
 #
 # You may need to change the name of your tape drive
 #   on the "Archive Device" directive in the Device
 #   resource.  If you change the Name and/or the
 #   "Media Type" in the Device resource, please ensure
 #   that dird.conf has corresponding changes.
 #
 
 Storage {  # define myself
   Name = {{ inventory_hostname_short }}-sd
   Working Directory = /var/lib/bacula
-  Pid Directory = /var/run/bacula
+  Pid Directory = /run/bacula
   Maximum Concurrent Jobs = 20
   SDAddress = {{ ipsec[inventory_hostname_short] }}
   SDPort = 9103
 }
 
 #
 # List Directors who are permitted to contact Storage daemon
 #
 {% for dir in groups['bacula_dir'] | sort %}
 Director {
   Name = {{ hostvars[dir].inventory_hostname_short }}-dir
   @|"sed -n '/^{{ hostvars[dir].inventory_hostname_short }}-dir\\s/ {s//Password = /p; q}' /etc/bacula/passwords-sd"
 }
 
 #
 # Send all messages to the Director,
 # mount messages also are sent to the email address
 #
 Messages {
   Name = Standard
author	Guilhem Moulin <guilhem@fripost.org>	2020-05-26 21:12:38 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2020-05-26 21:26:45 +0200
commit	6450b2f48b57d92db102277448879a3a7c99d97b (patch)
tree	7b94ff4f95bc3468d3471afb352abf83355895f2
parent	4797826cd2d7b64bf1d2c29c22a09f960ddbac30 (diff)