diff options
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/bacula-dir/handlers/main.yml | 3 | ||||
| -rw-r--r-- | roles/bacula-dir/tasks/main.yml | 69 | ||||
| -rw-r--r-- | roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2 | 23 | ||||
| -rw-r--r-- | roles/bacula-dir/templates/etc/stunnel/bacula-dir.conf.j2 | 81 | ||||
| -rw-r--r-- | roles/bacula-sd/files/lib/systemd/system/bacula-sd.service | 2 | ||||
| -rw-r--r-- | roles/bacula-sd/handlers/main.yml | 3 | ||||
| -rw-r--r-- | roles/bacula-sd/tasks/main.yml | 58 | ||||
| -rw-r--r-- | roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2 | 5 | ||||
| -rw-r--r-- | roles/bacula-sd/templates/etc/stunnel/bacula-sd.conf.j2 | 64 | ||||
| -rw-r--r-- | roles/common/files/lib/systemd/system/bacula-fd.service | 2 | ||||
| -rw-r--r-- | roles/common/handlers/main.yml | 3 | ||||
| -rw-r--r-- | roles/common/tasks/bacula.yml | 72 | ||||
| -rw-r--r-- | roles/common/templates/etc/bacula/bacula-fd.conf.j2 | 6 | ||||
| -rw-r--r-- | roles/common/templates/etc/iptables/services.j2 | 10 | ||||
| -rw-r--r-- | roles/common/templates/etc/stunnel/bacula-fd.conf.j2 | 73 |
15 files changed, 14 insertions, 460 deletions
diff --git a/roles/bacula-dir/handlers/main.yml b/roles/bacula-dir/handlers/main.yml index 778a1c4..3f3c1bc 100644 --- a/roles/bacula-dir/handlers/main.yml +++ b/roles/bacula-dir/handlers/main.yml @@ -2,8 +2,5 @@ - name: systemctl daemon-reload command: /bin/systemctl daemon-reload -- name: Restart stunnel@bacula-dir - service: name=stunnel4@bacula-dir state=restarted - - name: Restart bacula-director service: name=bacula-director state=restarted diff --git a/roles/bacula-dir/tasks/main.yml b/roles/bacula-dir/tasks/main.yml index 8d182d2..30a25c1 100644 --- a/roles/bacula-dir/tasks/main.yml +++ b/roles/bacula-dir/tasks/main.yml @@ -1,72 +1,3 @@ -- name: Create /etc/stunnel/certs - file: path=/etc/stunnel/certs - state=directory - owner=root group=root - mode=0755 - -- name: Generate a private key and a X.509 certificate for Bacula Dir - command: genkeypair.sh x509 - --pubkey=/etc/stunnel/certs/{{ inventory_hostname_short }}-dir.pem - --privkey=/etc/stunnel/certs/{{ inventory_hostname_short }}-dir.key - --ou=BaculaDir --cn={{ inventory_hostname }} --dns={{ inventory_hostname }} - -t rsa -b 4096 -h sha512 - register: r1 - changed_when: r1.rc == 0 - failed_when: r1.rc > 1 - notify: - - Restart stunnel@bacula-dir - tags: - - genkey - -- name: Fetch Bacula Dir X.509 certificate - # Ensure we don't fetch private data - become: False - fetch_cmd: cmd="openssl x509" - stdin=/etc/stunnel/certs/{{ inventory_hostname_short }}-dir.pem - dest=certs/bacula/{{ inventory_hostname_short }}-dir.pem - tags: - - genkey - -- name: Copy Bacula SD X.509 certificates - copy: src=certs/bacula/{{ hostvars[item].inventory_hostname_short }}-sd.pem - dest=/etc/stunnel/certs/ - owner=root group=root - mode=0644 - with_items: "{{ groups['bacula-sd'] | difference([inventory_hostname]) | sort }}" - register: r2 - notify: - - Restart stunnel@bacula-dir - -- name: Copy Bacula FD X.509 certificates - copy: src=certs/bacula/{{ hostvars[item].inventory_hostname_short }}-fd.pem - dest=/etc/stunnel/certs/ - owner=root group=root - mode=0644 - with_items: "{{ groups.all | difference([inventory_hostname]) | sort }}" - register: r3 - notify: - - Restart stunnel@bacula-dir - -- name: Configure stunnel - template: src=etc/stunnel/bacula-dir.conf.j2 - dest=/etc/stunnel/bacula-dir.conf - owner=root group=root - mode=0644 - register: r4 - notify: - - Restart stunnel@bacula-dir - -- name: Enable stunnel@bacula-dir - service: name=stunnel4@bacula-dir enabled=yes - -- name: Start stunnel@bacula-dir - service: name=stunnel4@bacula-dir state=started - when: not (r1.changed or r2.changed or r3.changed or r4.changed) - -- meta: flush_handlers - - - - name: Install bacula-director apt: pkg={{ item }} with_items: diff --git a/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2 b/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2 index 42b5f74..046ba01 100644 --- a/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2 +++ b/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2 @@ -12,11 +12,9 @@ Director { # define myself QueryFile = "/etc/bacula/scripts/query.sql" Maximum Concurrent Jobs = 1 DirAddress = 127.0.0.1 - DirSourceAddress = 127.0.0.1 DirPort = 9101 FDConnectTimeout = 5 min SDConnectTimeout = 5 min - Heartbeat Interval = 1 min } @@ -365,17 +363,11 @@ FileSet { # Client (File Services) to backup -{% set n = 0 %} {% for fd in groups.all | sort %} -{% set n = n + 1 %} Client { Name = {{ hostvars[fd].inventory_hostname_short }}-fd -{% if fd == inventory_hostname %} - Address = 127.0.0.1 -{% else %} - Address = 127.0.{{ n }}.1 -{% endif %} - FDPort = 9112 + Address = {{ ipsec[ hostvars[fd].inventory_hostname_short ] }} + FDPort = 9102 Catalog = MyCatalog @|"sed -n '/^{{ hostvars[fd].inventory_hostname_short }}-fd\\s/ {s//Password = /p; q}' /etc/bacula/passwords-dir" File Retention = 4 months @@ -387,16 +379,17 @@ Client { # Definition of file storage device +{% for sd in groups['bacula-sd'] | sort %} Storage { - Name = {{ hostvars[ groups['bacula-sd'][0] ].inventory_hostname_short }}-sd - Address = 127.0.0.1 - SDPort = 9113 - @|"sed -n '/^{{ hostvars[ groups['bacula-sd'][0] ].inventory_hostname_short }}-sd\\s/ {s//Password = /p; q}' /etc/bacula/passwords-dir" + Name = {{ hostvars[sd].inventory_hostname_short }}-sd + Address = {{ ipsec[ hostvars[sd].inventory_hostname_short ] }} + SDPort = 9103 + @|"sed -n '/^{{ hostvars[sd].inventory_hostname_short }}-sd\\s/ {s//Password = /p; q}' /etc/bacula/passwords-dir" Device = FileStorage Media Type = File - Heartbeat Interval = 1 min } +{% endfor %} # Default pool definition Pool { diff --git a/roles/bacula-dir/templates/etc/stunnel/bacula-dir.conf.j2 b/roles/bacula-dir/templates/etc/stunnel/bacula-dir.conf.j2 deleted file mode 100644 index 6219aff..0000000 --- a/roles/bacula-dir/templates/etc/stunnel/bacula-dir.conf.j2 +++ /dev/null @@ -1,81 +0,0 @@ -; ************************************************************************** -; * Global options * -; ************************************************************************** - -; setuid()/setgid() to the specified user/group in daemon mode -setuid = stunnel4 -setgid = stunnel4 - -; PID is created inside the chroot jail -pid = -foreground = yes - -; Only log messages at severity warning (4) and higher -debug = 4 - -; ************************************************************************** -; * Service defaults may also be specified in individual service sections * -; ************************************************************************** - -; Certificate/key is needed in server mode and optional in client mode -cert = /etc/stunnel/certs/{{ inventory_hostname_short }}-dir.pem -key = /etc/stunnel/certs/{{ inventory_hostname_short }}-dir.key -client = yes -socket = a:SO_BINDTODEVICE=lo - -socket = l:TCP_NODELAY=1 -socket = l:SO_KEEPALIVE=1 -socket = l:TCP_KEEPIDLE=60 -socket = l:TCP_KEEPINTVL=15 -socket = l:TCP_KEEPCNT=116 - -socket = r:TCP_NODELAY=1 -socket = r:SO_KEEPALIVE=1 -socket = r:TCP_KEEPIDLE=60 -socket = r:TCP_KEEPINTVL=15 -socket = r:TCP_KEEPCNT=116 - -; Prevent MITM attacks -verify = 4 - -; Disable support for insecure protocols -options = NO_SSLv2 -options = NO_SSLv3 -options = NO_TLSv1 -options = NO_TLSv1.1 - -options = NO_COMPRESSION - -; These options provide additional security at some performance degradation -options = SINGLE_ECDH_USE -options = SINGLE_DH_USE - -; Select permitted SSL ciphers -ciphers = EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL - -; ************************************************************************** -; * Service definitions (remove all services for inetd mode) * -; ************************************************************************** - -{% if 'bacula-sd' not in group_names %} -[{{ hostvars[ groups['bacula-sd'][0] ].inventory_hostname_short }}-sd] -accept = 127.0.{{ n }}.1:9113 -connect = {{ groups['bacula-sd'][0] }}:9103 -delay = yes -CAfile = /etc/stunnel/certs/{{ hostvars[ groups['bacula-sd'][0] ].inventory_hostname_short }}-sd.pem -{% endif %} - -{% set n = 0 %} -{% for fd in groups.all | sort %} -{% set n = n + 1 %} -{% if fd != inventory_hostname %} -[{{ hostvars[fd].inventory_hostname_short }}-fd] -accept = 127.0.{{ n }}.1:9112 -connect = {{ fd }}:9102 -delay = yes -CAfile = /etc/stunnel/certs/{{ hostvars[fd].inventory_hostname_short }}-fd.pem -{% endif %} - -{% endfor %} - -; vim:ft=dosini diff --git a/roles/bacula-sd/files/lib/systemd/system/bacula-sd.service b/roles/bacula-sd/files/lib/systemd/system/bacula-sd.service index ca147a7..698ad17 100644 --- a/roles/bacula-sd/files/lib/systemd/system/bacula-sd.service +++ b/roles/bacula-sd/files/lib/systemd/system/bacula-sd.service @@ -4,7 +4,7 @@ After=network.target [Service] Type=forking -PIDFile=/var/run/bacula/bacula-sd.9113.pid +PIDFile=/var/run/bacula/bacula-sd.9103.pid StandardOutput=syslog User=bacula Group=tape diff --git a/roles/bacula-sd/handlers/main.yml b/roles/bacula-sd/handlers/main.yml index c6adb80..3434333 100644 --- a/roles/bacula-sd/handlers/main.yml +++ b/roles/bacula-sd/handlers/main.yml @@ -2,8 +2,5 @@ - name: systemctl daemon-reload command: /bin/systemctl daemon-reload -- name: Restart stunnel@bacula-sd - service: name=stunnel4@bacula-sd state=restarted - - name: Restart bacula-sd service: name=bacula-sd state=restarted diff --git a/roles/bacula-sd/tasks/main.yml b/roles/bacula-sd/tasks/main.yml index 795804f..ad77db4 100644 --- a/roles/bacula-sd/tasks/main.yml +++ b/roles/bacula-sd/tasks/main.yml @@ -1,61 +1,3 @@ -- name: Create /etc/stunnel/certs - file: path=/etc/stunnel/certs - state=directory - owner=root group=root - mode=0755 - -- name: Generate a private key and a X.509 certificate for Bacula SD - command: genkeypair.sh x509 - --pubkey=/etc/stunnel/certs/{{ inventory_hostname_short }}-sd.pem - --privkey=/etc/stunnel/certs/{{ inventory_hostname_short }}-sd.key - --ou=BaculaSD --cn={{ inventory_hostname }} --dns={{ inventory_hostname }} - -t rsa -b 4096 -h sha512 - register: r1 - changed_when: r1.rc == 0 - failed_when: r1.rc > 1 - notify: - - Restart stunnel@bacula-sd - tags: - - genkey - -- name: Fetch Bacula SD X.509 certificate - # Ensure we don't fetch private data - become: False - fetch_cmd: cmd="openssl x509" - stdin=/etc/stunnel/certs/{{ inventory_hostname_short }}-sd.pem - dest=certs/bacula/{{ inventory_hostname_short }}-sd.pem - tags: - - genkey - -- name: Copy Bacula Dir/FD X.509 certificates - assemble: src=certs/bacula regexp="-(dir|fd)\.pem$" remote_src=no - dest=/etc/stunnel/certs/bacula-dir+fds.pem - owner=root group=root - mode=0644 - register: r2 - notify: - - Restart stunnel@bacula-sd - -- name: Configure stunnel - template: src=etc/stunnel/bacula-sd.conf.j2 - dest=/etc/stunnel/bacula-sd.conf - owner=root group=root - mode=0644 - register: r3 - notify: - - Restart stunnel@bacula-sd - -- name: Enable stunnel@bacula-sd - service: name=stunnel4@bacula-sd enabled=yes - -- name: Start stunnel - service: name=stunnel4@bacula-sd state=started - when: not (r1.changed or r2.changed or r3.changed) - -- meta: flush_handlers - - - - name: Install bacula-sd apt: pkg=bacula-sd diff --git a/roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2 b/roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2 index fbfdca5..5ffa17c 100644 --- a/roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2 +++ b/roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2 @@ -15,9 +15,8 @@ Storage { # define myself Working Directory = /var/lib/bacula Pid Directory = /var/run/bacula Maximum Concurrent Jobs = 20 - SDAddress = 127.0.0.1 - SDPort = 9113 - Heartbeat Interval = 1 min + SDAddress = {{ ipsec[inventory_hostname_short] }} + SDPort = 9103 } # diff --git a/roles/bacula-sd/templates/etc/stunnel/bacula-sd.conf.j2 b/roles/bacula-sd/templates/etc/stunnel/bacula-sd.conf.j2 deleted file mode 100644 index 051412c..0000000 --- a/roles/bacula-sd/templates/etc/stunnel/bacula-sd.conf.j2 +++ /dev/null @@ -1,64 +0,0 @@ -; ************************************************************************** -; * Global options * -; ************************************************************************** - -; setuid()/setgid() to the specified user/group in daemon mode -setuid = stunnel4 -setgid = stunnel4 - -; PID is created inside the chroot jail -pid = -foreground = yes - -; Only log messages at severity warning (4) and higher -debug = 4 - -; ************************************************************************** -; * Service defaults may also be specified in individual service sections * -; ************************************************************************** - -; Certificate/key is needed in server mode and optional in client mode -cert = /etc/stunnel/certs/{{ inventory_hostname_short }}-sd.pem -key = /etc/stunnel/certs/{{ inventory_hostname_short }}-sd.key - -socket = l:TCP_NODELAY=1 -socket = l:SO_KEEPALIVE=1 -socket = l:TCP_KEEPIDLE=60 -socket = l:TCP_KEEPINTVL=15 -socket = l:TCP_KEEPCNT=116 - -socket = r:TCP_NODELAY=1 -socket = r:SO_KEEPALIVE=1 -socket = r:TCP_KEEPIDLE=60 -socket = r:TCP_KEEPINTVL=15 -socket = r:TCP_KEEPCNT=116 - -; Prevent MITM attacks -verify = 4 - -; Disable support for insecure protocols -options = NO_SSLv2 -options = NO_SSLv3 -options = NO_TLSv1 -options = NO_TLSv1.1 - -options = NO_COMPRESSION - -; These options provide additional security at some performance degradation -options = SINGLE_ECDH_USE -options = SINGLE_DH_USE - -; Select permitted SSL ciphers -ciphers = EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL - -; ************************************************************************** -; * Service definitions (remove all services for inetd mode) * -; ************************************************************************** - -[{{ inventory_hostname_short }}-sd] -client = no -accept = 9103 -connect = 127.0.0.1:9113 -CAfile = /etc/stunnel/certs/bacula-dir+fds.pem - -; vim:ft=dosini diff --git a/roles/common/files/lib/systemd/system/bacula-fd.service b/roles/common/files/lib/systemd/system/bacula-fd.service index 07bd2e5..ee5afe3 100644 --- a/roles/common/files/lib/systemd/system/bacula-fd.service +++ b/roles/common/files/lib/systemd/system/bacula-fd.service @@ -4,7 +4,7 @@ After=network.target [Service] Type=forking -PIDFile=/var/run/bacula/bacula-fd.9112.pid +PIDFile=/var/run/bacula/bacula-fd.9102.pid StandardOutput=syslog ExecStart=/usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml index efab81b..250c77b 100644 --- a/roles/common/handlers/main.yml +++ b/roles/common/handlers/main.yml @@ -44,9 +44,6 @@ - name: Reload Postfix service: name=postfix state=reloaded -- name: Restart stunnel@bacula-fd - service: name=stunnel4@bacula-fd state=restarted - - name: Restart bacula-fd service: name=bacula-fd state=restarted diff --git a/roles/common/tasks/bacula.yml b/roles/common/tasks/bacula.yml index 1bd2b77..35666bd 100644 --- a/roles/common/tasks/bacula.yml +++ b/roles/common/tasks/bacula.yml @@ -1,75 +1,3 @@ -- name: Create /etc/stunnel/certs - file: path=/etc/stunnel/certs - state=directory - owner=root group=root - mode=0755 - -- name: Generate a private key and a X.509 certificate for Bacula FD - command: genkeypair.sh x509 - --pubkey=/etc/stunnel/certs/{{ inventory_hostname_short }}-fd.pem - --privkey=/etc/stunnel/certs/{{ inventory_hostname_short }}-fd.key - --ou=BaculaFD --cn={{ inventory_hostname }} --dns={{ inventory_hostname }} - -t rsa -b 4096 -h sha512 - register: r1 - changed_when: r1.rc == 0 - failed_when: r1.rc > 1 - notify: - - Restart stunnel@bacula-fd - tags: - - genkey - -- name: Fetch Bacula FD X.509 certificate - # Ensure we don't fetch private data - become: False - fetch_cmd: cmd="openssl x509" - stdin=/etc/stunnel/certs/{{ inventory_hostname_short }}-fd.pem - dest=certs/bacula/{{ inventory_hostname_short }}-fd.pem - tags: - - genkey - -- name: Copy Bacula Dir X.509 certificates - assemble: src=certs/bacula regexp="-dir\.pem$" remote_src=no - dest=/etc/stunnel/certs/bacula-dirs.pem - owner=root group=root - mode=0644 - register: r2 - when: "'bacula-dir' not in group_names" - notify: - - Restart stunnel@bacula-fd - -- name: Copy Bacula SD X.509 certificates - copy: src=certs/bacula/{{ hostvars[item].inventory_hostname_short }}-sd.pem - dest=/etc/stunnel/certs/ - owner=root group=root - mode=0644 - register: r3 - with_items: "{{ groups['bacula-sd'] | difference([inventory_hostname]) }}" - notify: - - Restart stunnel@bacula-fd - -- name: Configure stunnel - template: src=etc/stunnel/bacula-fd.conf.j2 - dest=/etc/stunnel/bacula-fd.conf - owner=root group=root - mode=0644 - register: r4 - when: "'bacula-dir' not in group_names or 'bacula-sd' not in group_names" - notify: - - Restart stunnel@bacula-fd - -- name: Enable stunnel@bacula-fd - when: "'bacula-dir' not in group_names or 'bacula-sd' not in group_names" - service: name=stunnel4@bacula-fd enabled=yes - -- name: Start stunnel@bacula-fd - service: name=stunnel4@bacula-fd state=started - when: ('bacula-dir' not in group_names or 'bacula-sd' not in group_names) and - not (r1.changed or r2.changed or r3.changed or r4.changed) - -- meta: flush_handlers - - - - name: Install bacula-fd apt: pkg=bacula-fd diff --git a/roles/common/templates/etc/bacula/bacula-fd.conf.j2 b/roles/common/templates/etc/bacula/bacula-fd.conf.j2 index 432768b..d64ac86 100644 --- a/roles/common/templates/etc/bacula/bacula-fd.conf.j2 +++ b/roles/common/templates/etc/bacula/bacula-fd.conf.j2 @@ -27,11 +27,9 @@ FileDaemon { # define myself Working Directory = /var/lib/bacula Pid Directory = /var/run/bacula Maximum Concurrent Jobs = 20 - FDAddress = 127.0.0.1 - FDPort = 9112 - FDSourceAddress = 127.0.0.1 + FDAddress = {{ ipsec[inventory_hostname_short] }} + FDPort = 9102 SDConnectTimeout = 5 min - Heartbeat Interval = 1 min PKI Signatures = Yes # Enable Data Signing PKI Encryption = Yes # Enable Data Encryption diff --git a/roles/common/templates/etc/iptables/services.j2 b/roles/common/templates/etc/iptables/services.j2 index 953cea5..ccbc735 100644 --- a/roles/common/templates/etc/iptables/services.j2 +++ b/roles/common/templates/etc/iptables/services.j2 @@ -61,16 +61,6 @@ in tcp 80,443 # HTTP/HTTPS out tcp 993 # IMAP out tcp 4190 # MANAGESIEVE {% endif %} -{% if 'bacula-dir' in group_names and groups.all | difference(groups['bacula-dir']) %} -out tcp 9102 # BACULA-FD -{% elif groups['bacula-dir'] | difference([inventory_hostname]) %} -in tcp 9102 # BACULA-FD -{% endif %} -{% if 'bacula-sd' in group_names and groups.all | difference(groups['bacula-sd']) %} -in tcp 9103 # BACULA-SD -{% elif groups['bacula-sd'] | difference([inventory_hostname]) %} -out tcp 9103 # BACULA-SD -{% endif %} {% if 'LDAP-provider' in group_names %} out tcp 11371 # HKP out tcp 43 # WHOIS diff --git a/roles/common/templates/etc/stunnel/bacula-fd.conf.j2 b/roles/common/templates/etc/stunnel/bacula-fd.conf.j2 deleted file mode 100644 index 057dc48..0000000 --- a/roles/common/templates/etc/stunnel/bacula-fd.conf.j2 +++ /dev/null @@ -1,73 +0,0 @@ -; ************************************************************************** -; * Global options * -; ************************************************************************** - -; setuid()/setgid() to the specified user/group in daemon mode -setuid = stunnel4 -setgid = stunnel4 - -; PID is created inside the chroot jail -pid = -foreground = yes - -; Only log messages at severity warning (4) and higher -debug = 4 - -; ************************************************************************** -; * Service defaults may also be specified in individual service sections * -; ************************************************************************** - -; Certificate/key is needed in server mode and optional in client mode -cert = /etc/stunnel/certs/{{ inventory_hostname_short }}-fd.pem -key = /etc/stunnel/certs/{{ inventory_hostname_short }}-fd.key - -socket = l:TCP_NODELAY=1 -socket = l:SO_KEEPALIVE=1 -socket = l:TCP_KEEPIDLE=60 -socket = l:TCP_KEEPINTVL=15 -socket = l:TCP_KEEPCNT=116 - -socket = r:TCP_NODELAY=1 -socket = r:SO_KEEPALIVE=1 -socket = r:TCP_KEEPIDLE=60 -socket = r:TCP_KEEPINTVL=15 -socket = r:TCP_KEEPCNT=116 - -; Prevent MITM attacks -verify = 4 - -; Disable support for insecure protocols -options = NO_SSLv2 -options = NO_SSLv3 -options = NO_TLSv1 -options = NO_TLSv1.1 - -options = NO_COMPRESSION - -; These options provide additional security at some performance degradation -options = SINGLE_ECDH_USE -options = SINGLE_DH_USE - -; Select permitted SSL ciphers -ciphers = EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL - -; ************************************************************************** -; * Service definitions (remove all services for inetd mode) * -; ************************************************************************** - -[{{ inventory_hostname_short }}-fd] -client = no -accept = 9102 -connect = 9112 -CAfile = /etc/stunnel/certs/bacula-dirs.pem - -{% if 'bacula-sd' not in group_names %} -[{{ hostvars[ groups['bacula-sd'][0] ].inventory_hostname_short }}-sd] -client = yes -accept = 127.0.0.1:9113 -connect = {{ groups['bacula-sd'][0] }}:9103 -delay = yes -CAfile = /etc/stunnel/certs/{{ hostvars[ groups['bacula-sd'][0] ].inventory_hostname_short }}-sd.pem -{% endif %} - -; vim:ft=dosini |