Skip to content

Puppet BareOS Director config

bareos/director/webui.yaml

classes:
  - apache
  - apache::mod::ssl
  - apache::mod::php
  - apache::mod::rewrite
  - bareos::webui

bareos::webui::manage_service: false

apache::default_vhost: false
apache::mpm_module: prefork
apache::mod::ssl::ssl_compression: true

resources:
  file:
    '/etc/ssl/%{::fqdn}.crt':
      source: 'file:///etc/puppetlabs/puppet/ssl/certs/%{::fqdn}.pem'
    '/etc/ssl/%{::fqdn}.key':
      source: 'file:///etc/puppetlabs/puppet/ssl/private_keys/%{::fqdn}.pem'
  bareos::webui::director:
    %{::fqdn}:
      dir_address: %{::fqdn}
  apache::vhost:
    bareos:
      port: 80
      docroot: '/usr/share/bareos-webui/public'
      servername: '%{::fqdn}'
      redirect_status: 'permanent'
      redirect_dest: 'https://%{::fqdn}/'
    bareos_ssl:
      port: 443
      ssl: true
      ssl_cert: "/etc/ssl/%{::fqdn}.crt"
      ssl_key: "/etc/ssl/%{::fqdn}.key"
      docroot: '/usr/share/bareos-webui/public'
      setenv: APPLICATION_ENV production
      aliases:
        - alias: /bareos-webui
          path: /usr/share/bareos-webui/public
      directories:
        - path: '/usr/share/bareos-webui/public'
          sethandler: 'None'
          options: 'FollowSymlinks'
          allowoverride: 'None'
          allow: 'from all'
          rewrites:
            - rewrite_base: /bareos-webui
              rewrite_cond:
                - "%{literal('%')}{REQUEST_FILENAME} -s [OR]"
                - "%{literal('%')}{REQUEST_FILENAME} -l [OR]"
                - "%{literal('%')}{REQUEST_FILENAME} -d"
              rewrite_rule:
                - "^.*$ - [NC,L]"
                - "^.*$ index.php [NC,L]"
          php_flags:
            - magic_quotes_gpc
            - register_globals

bareos/director/clients.yaml

---

resources:
  bareos::director::client:
    $CLIENT1: &CLIENT
      address: $CLIENT1
      auto_prune: 'yes'
      job_retention: '14 days'
      tls_enable: true
      tls_ca_certificate_file: /etc/bareos/easy-rsa/keys/ca.crt
      tls_certificate: "/etc/bareos/easy-rsa/keys/%{::fqdn}.crt"
      tls_key: "/etc/bareos/easy-rsa/keys/%{::fqdn}.key"
      tls_allowed_cn:
        - "%{::fqdn}"

bareos/director/director.yaml

classes:
  - profile
  - bareos::director::director

bareos::director::director::name_director: $DIRECTORDAEMON
bareos::director::director::key_encryption_key: $ENCRYPTIONKEY
bareos::director::director::maximum_concurrent_jobs: 16 
bareos::director::director::tls_enable: true 
bareos::director::director::tls_ca_certificate_file: /etc/bareos/easy-rsa/keys/ca.crt 
bareos::director::director::tls_certificate: /etc/bareos/easy-rsa/keys/$DIRECTORDAEMON.crt 
bareos::director::director::tls_key: /etc/bareos/easy-rsa/keys/$DIRECTORDAEMON.key 
bareos::director::director::tls_allowed_cn: 
  - $DIRECTORDAEMON

resources:
  bareos::console::director:
    $DIRECTORDAEMON:
      address: $DIRECTORDAEMON
      password: $PASSWORD
  bareos::director::console:
    webui-admin:
      password: $PASSWORD
      profile:
        - webui-admin

bareos/director/catalog.yaml

---

resources:
  bareos::director::catalog:
    catalog:
      db_address: "$SQLSERVER"
      db_driver: mysql
      db_name: "bareos_qsu"
      db_password: "$PASSWORD"
      db_port: 3306
      db_user: "bareos"
      reconnect: true
  exec:
    create_bareos_db:
      command: "/usr/bin/mysql -u%{lookup('bareos::director::catalog.catalog.db_user')} -p%{lookup('bareos::director::catalog.catalog.db_password')} -h%{lookup('bareos::director::catalog.catalog.db_address')} -D%{lookup('bareos::director::catalog.catalog.db_name')} < /usr/lib/bareos/scripts/ddl/creates/mysql.sql"
      creates: /var/tmp/bareos_db_created
      notify: Exec[bareos_db_created]
      require: Package[bareos-database-mysql]
    bareos_db_created:
      command: "/usr/bin/touch /var/tmp/bareos_db_created"
      refreshonly: true

bareos/director/easyrsa.yaml

---

resources:
  package:
    easy-rsa: {}
  file:
    /etc/bareos/easy-rsa:
      ensure: directory
      recurse: remote
      recurselimit: 1
      source_permissions: use
      source: file:///usr/share/easy-rsa
      require:
        - Package[easy-rsa]
        - Package[bareos-director]
    /etc/bareos/easy-rsa/openssl.cnf:
      content: |
        # managed by puppet
        [...]  # all the settings from /usr/share/easy-rsa/openssl-1.0.0.cnf
   /etc/bareos/easy-rsa/keys:
      ensure: directory
      owner: bareos
      group: bareos
    /etc/bareos/easy-rsa/vars:
      content: |
        # managed by puppet
        [...] #all the settings from /usr/share/easy-rsa/vars
  exec:
    bareos_keys:
      command: '/bin/bash -c "/bin/chown bareos: /etc/bareos/easy-rsa/keys/*.{key,crt}"'

bareos/director/filesets.yaml

---

resources:
  bareos::director::fileset:
    linux:
      enable_vss: 'No'
      exclude:
        File:
          - /proc
          - /tmp
          - /sys
          - /backuprbd
      include:
        Options:
          One FS: 'no'
          Signature: SHA256
          Compression: LZ4
        File: /

bareos/director/jobs.yaml

---
resources:
  bareos::director::job:
    $CLIENT:
      schedule_res: daily
      job_defs: DefaultJob
      file_set: linux
      client: $CLIENT
  bareos::director::jobdefs:
    DefaultJob:
      pool: bla
      type: backup
      messages: Default
      storage: $STORAGEDAEMON
      max_full_interval: '7 days'
      reschedule_on_error: true
      prune_files: 'yes'
      prune_jobs: 'yes'

bareos/director/messages.yaml

---
resources:
  bareos::director::messages:
    Default:
      director:
        - '$DIRECTORDAEMON = all'
      append:
        - '"/var/log/bareos/director.log" = all, !skipped'
      mail_on_error:
        - $MAILADDRESS = all, !skipped, !terminate

bareos/director/pools.yaml

resources:
  bareos::director::pool:
    bla:
      minimum_block_size: 4194304
      maximum_block_size: 4194304
      volume_retention: '28 days'
      pool_type: backup
      label_format: bla-
      auto_prune: 'yes'
      recycle: 'yes'

bareos/director/profiles.yaml

resources:
  bareos::director::profile:
    console-admin:
      command_acl: '*all*'
      job_acl: '*all*'
      schedule_acl: '*all*'
      catalog_acl: '*all*'
      pool_acl: '*all*'
      storage_acl: '*all*'
      client_acl: '*all*'
      file_set_acl: '*all*'
      where_acl: '*all*'
      plugin_options_acl: '*all*'
    [...]

bareos/director/schedules.yaml

resources:
  bareos::director::schedule:
    daily:
      run:
        - Incremental hourly at 18:00
    weekly:
      run:
        - Full sat at 18:00
        - Incremental sun-mon at 18:00

bareos/director/storages.yaml

---

resources:
  bareos::director::storage:
    $STORAGEDAEMON:
      address: $STORAGEDAEMON
      password: 
      tls_enable: true
      tls_ca_certificate_file: /etc/bareos/easy-rsa/keys/ca.crt
      tls_certificate: /etc/bareos/easy-rsa/keys/%{::fqdn}.crt
      tls_key: /etc/bareos/easy-rsa/keys/%{::fqdn}.key
      tls_allowed_cn:
        - $STORAGEDAEMON
      collect_statistics: true
      media_type: RadosFile
      maximum_concurrent_jobs: 16
      device:
        - RBD01
        - RBD02
        - RBD03
        - RBD04
        - RBD05

bareos/director/webui.yaml


Last update: April 13, 2020

Comments