diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2020-11-03 03:15:10 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2020-11-03 03:37:11 +0100 |
| commit | ead9aaa3dd7ca48012b2b21cc930ee73c8eaa9d3 (patch) | |
| tree | b656f589d1ff4d4b0d245afad3d8d22ce5e65368 /roles/common/tasks | |
| parent | 24616de43c39da3fe7efd72426fce078a3afdaea (diff) | |
Bacula: refactor systemd service files.
Use unit overrides on top of upstream's service files instead of
overriding entire service files. In particular, upstream uses flag `-P`
so we don't need to use RuntimeDirectory= anymore.
Diffstat (limited to 'roles/common/tasks')
| -rw-r--r-- | roles/common/tasks/bacula.yml | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/roles/common/tasks/bacula.yml b/roles/common/tasks/bacula.yml index fb37b5b..308e358 100644 --- a/roles/common/tasks/bacula.yml +++ b/roles/common/tasks/bacula.yml @@ -1,33 +1,33 @@ - name: Install bacula-fd apt: pkg=bacula-fd - name: Create /var/lib/bacula/tmp file: path=/var/lib/bacula/tmp state=directory owner=root group=root mode=0700 - name: Delete /etc/bacula/common_default_passwords file: path=/etc/bacula/common_default_passwords state=absent -# Create with: +# Populate with: # echo $director-dir $(pwgen -sn 64 1) | sudo tee -a /etc/bacula/passwords-fd - name: Ensure /etc/bacula/passwords-fd exists file: path=/etc/bacula/passwords-fd state=file owner=root group=root mode=0600 - name: Configure bacula template: src=etc/bacula/bacula-fd.conf.j2 dest=/etc/bacula/bacula-fd.conf owner=root group=root mode=0644 notify: - Restart bacula-fd - name: Create /etc/bacula/ssl file: path=/etc/bacula/ssl state=directory owner=root group=root mode=0755 @@ -37,44 +37,42 @@ --pubkey=/etc/bacula/ssl/{{ inventory_hostname_short }}.pem --privkey=/etc/bacula/ssl/{{ inventory_hostname_short }}.pem --ou=BaculaFD --cn={{ inventory_hostname }} --dns={{ inventory_hostname }} -t rsa -b 4096 -h sha512 register: r changed_when: r.rc == 0 failed_when: r.rc > 1 notify: - Restart bacula-fd tags: - genkey - name: Copy the master public key for data encryption copy: src=certs/bacula/data-master.pem dest=/etc/bacula/ssl/master.pem owner=root group=root mode=0644 tags: - genkey -- name: Copy bacula-fd.service - copy: src=etc/systemd/system/bacula-fd.service - dest=/etc/systemd/system/bacula-fd.service +- name: Create /etc/systemd/system/bacula-fd.service.d + file: path=/etc/systemd/system/bacula-fd.service.d + state=directory + owner=root group=root + mode=0755 + +- name: Copy bacula-fd.service override + copy: src=etc/systemd/system/bacula-fd.service.d/override.conf + dest=/etc/systemd/system/bacula-fd.service.d/override.conf owner=root group=root mode=0644 notify: - systemctl daemon-reload - Restart bacula-fd -# We use RuntimeDirectory in our service unit to avoid permission issues -# caused by the restrictive Capability Bounding Set -- name: Mask /usr/lib/tmpfiles.d/bacula.conf - file: src=/dev/null - dest=/etc/tmpfiles.d/bacula.conf - owner=root group=root - state=link - - meta: flush_handlers - name: Enable bacula-fd service: name=bacula-fd enabled=yes - name: Start bacula-fd service: name=bacula-fd state=started |