diff options
Diffstat (limited to 'roles/bacula-sd/templates/etc')
| -rw-r--r-- | roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2 | 20 | ||||
| -rw-r--r-- | roles/bacula-sd/templates/etc/stunnel/bacula-sd.conf.j2 | 53 |
2 files changed, 10 insertions, 63 deletions
diff --git a/roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2 b/roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2 index 7be783b..a898e0d 100644 --- a/roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2 +++ b/roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2 @@ -1,56 +1,56 @@ # # Default Bacula Storage Daemon Configuration file # -# For Bacula release 5.2.6 (21 February 2012) -- debian jessie/sid +# For Bacula release 9.4.2 (04 February 2019) -- debian buster/sid # # You may need to change the name of your tape drive # on the "Archive Device" directive in the Device # resource. If you change the Name and/or the # "Media Type" in the Device resource, please ensure # that dird.conf has corresponding changes. # Storage { # define myself Name = {{ inventory_hostname_short }}-sd Working Directory = /var/lib/bacula - Pid Directory = /var/run/bacula + Pid Directory = /run/bacula Maximum Concurrent Jobs = 20 - SDAddress = 127.0.0.1 - SDPort = 9113 + SDAddress = {{ ipsec[inventory_hostname_short] }} + SDPort = 9103 } # # List Directors who are permitted to contact Storage daemon # -{% for dir in groups['bacula-dir'] | sort %} +{% for dir in groups['bacula_dir'] | sort %} Director { Name = {{ hostvars[dir].inventory_hostname_short }}-dir @|"sed -n '/^{{ hostvars[dir].inventory_hostname_short }}-dir\\s/ {s//Password = /p; q}' /etc/bacula/passwords-sd" } # # Send all messages to the Director, # mount messages also are sent to the email address # Messages { Name = Standard director = {{ hostvars[dir].inventory_hostname_short }}-dir = all } {% endfor %} # # Devices supported by this Storage daemon # To connect, the Director's bacula-dir.conf must have the # same Name and MediaType. # Device { Name = FileStorage Media Type = File Archive Device = /mnt/backup/bacula - LabelMedia = yes; # lets Bacula label unlabeled media - Random Access = Yes; - AutomaticMount = yes; # when device opened, read it - RemovableMedia = no; - AlwaysOpen = no; + LabelMedia = Yes # lets Bacula label unlabeled media + Random Access = Yes + AutomaticMount = Yes # when device opened, read it + RemovableMedia = No + AlwaysOpen = No } diff --git a/roles/bacula-sd/templates/etc/stunnel/bacula-sd.conf.j2 b/roles/bacula-sd/templates/etc/stunnel/bacula-sd.conf.j2 deleted file mode 100644 index b193826..0000000 --- a/roles/bacula-sd/templates/etc/stunnel/bacula-sd.conf.j2 +++ /dev/null @@ -1,53 +0,0 @@ -; ************************************************************************** -; * Global options * -; ************************************************************************** - -; setuid()/setgid() to the specified user/group in daemon mode -setuid = stunnel4 -setgid = stunnel4 - -; PID is created inside the chroot jail -pid = /var/run/stunnel4/bacula-sd.pid - -; Only log messages at severity warning (4) and higher -debug = 4 - -; ************************************************************************** -; * Service defaults may also be specified in individual service sections * -; ************************************************************************** - -; Certificate/key is needed in server mode and optional in client mode -cert = /etc/stunnel/certs/{{ inventory_hostname_short }}-sd.pem -key = /etc/stunnel/certs/{{ inventory_hostname_short }}-sd.key - -; Some performance tunings -socket = l:TCP_NODELAY=1 -socket = r:TCP_NODELAY=1 - -; Prevent MITM attacks -verify = 4 - -; Disable support for insecure protocols -options = NO_SSLv2 -options = NO_SSLv3 -options = NO_TLSv1 -options = NO_TLSv1.1 - -; These options provide additional security at some performance degradation -options = SINGLE_ECDH_USE -options = SINGLE_DH_USE - -; Select permitted SSL ciphers -ciphers = EECDH+AES:EDH+AES:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1 - -; ************************************************************************** -; * Service definitions (remove all services for inetd mode) * -; ************************************************************************** - -[{{ inventory_hostname_short }}-sd] -client = no -accept = 9103 -connect = 127.0.0.1:9113 -CAfile = /etc/stunnel/certs/bacula-dir+fds.pem - -; vim:ft=dosini |