From c459a95cd4013e489ef4f9d47c05d1c98798522c Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 12 May 2016 11:39:19 +0200 Subject: bacula: Set heartbeat options. and also TCP keepalive options in the stunnel config. --- roles/common/templates/etc/bacula/bacula-fd.conf.j2 | 5 ++--- roles/common/templates/etc/stunnel/bacula-fd.conf.j2 | 10 +++++++++- 2 files changed, 11 insertions(+), 4 deletions(-) (limited to 'roles/common/templates') diff --git a/roles/common/templates/etc/bacula/bacula-fd.conf.j2 b/roles/common/templates/etc/bacula/bacula-fd.conf.j2 index a47bb90..432768b 100644 --- a/roles/common/templates/etc/bacula/bacula-fd.conf.j2 +++ b/roles/common/templates/etc/bacula/bacula-fd.conf.j2 @@ -30,9 +30,8 @@ FileDaemon { # define myself FDAddress = 127.0.0.1 FDPort = 9112 FDSourceAddress = 127.0.0.1 -{% if 'bacula-dir' not in group_names or 'bacula-sd' not in group_names %} - Heartbeat Interval = 60s -{% endif %} + SDConnectTimeout = 5 min + Heartbeat Interval = 1 min PKI Signatures = Yes # Enable Data Signing PKI Encryption = Yes # Enable Data Encryption diff --git a/roles/common/templates/etc/stunnel/bacula-fd.conf.j2 b/roles/common/templates/etc/stunnel/bacula-fd.conf.j2 index 851f0ac..057dc48 100644 --- a/roles/common/templates/etc/stunnel/bacula-fd.conf.j2 +++ b/roles/common/templates/etc/stunnel/bacula-fd.conf.j2 @@ -21,9 +21,17 @@ debug = 4 cert = /etc/stunnel/certs/{{ inventory_hostname_short }}-fd.pem key = /etc/stunnel/certs/{{ inventory_hostname_short }}-fd.key -; Some performance tunings socket = l:TCP_NODELAY=1 +socket = l:SO_KEEPALIVE=1 +socket = l:TCP_KEEPIDLE=60 +socket = l:TCP_KEEPINTVL=15 +socket = l:TCP_KEEPCNT=116 + socket = r:TCP_NODELAY=1 +socket = r:SO_KEEPALIVE=1 +socket = r:TCP_KEEPIDLE=60 +socket = r:TCP_KEEPINTVL=15 +socket = r:TCP_KEEPCNT=116 ; Prevent MITM attacks verify = 4 -- cgit v1.2.3