Puppet BareOS Director config
bareos/director/webui.yaml¶
classes:
- apache
- apache::mod::ssl
- apache::mod::php
- apache::mod::rewrite
- bareos::webui
bareos::webui::manage_service: false
apache::default_vhost: false
apache::mpm_module: prefork
apache::mod::ssl::ssl_compression: true
resources:
file:
'/etc/ssl/%{::fqdn}.crt':
source: 'file:///etc/puppetlabs/puppet/ssl/certs/%{::fqdn}.pem'
'/etc/ssl/%{::fqdn}.key':
source: 'file:///etc/puppetlabs/puppet/ssl/private_keys/%{::fqdn}.pem'
bareos::webui::director:
%{::fqdn}:
dir_address: %{::fqdn}
apache::vhost:
bareos:
port: 80
docroot: '/usr/share/bareos-webui/public'
servername: '%{::fqdn}'
redirect_status: 'permanent'
redirect_dest: 'https://%{::fqdn}/'
bareos_ssl:
port: 443
ssl: true
ssl_cert: "/etc/ssl/%{::fqdn}.crt"
ssl_key: "/etc/ssl/%{::fqdn}.key"
docroot: '/usr/share/bareos-webui/public'
setenv: APPLICATION_ENV production
aliases:
- alias: /bareos-webui
path: /usr/share/bareos-webui/public
directories:
- path: '/usr/share/bareos-webui/public'
sethandler: 'None'
options: 'FollowSymlinks'
allowoverride: 'None'
allow: 'from all'
rewrites:
- rewrite_base: /bareos-webui
rewrite_cond:
- "%{literal('%')}{REQUEST_FILENAME} -s [OR]"
- "%{literal('%')}{REQUEST_FILENAME} -l [OR]"
- "%{literal('%')}{REQUEST_FILENAME} -d"
rewrite_rule:
- "^.*$ - [NC,L]"
- "^.*$ index.php [NC,L]"
php_flags:
- magic_quotes_gpc
- register_globals
bareos/director/clients.yaml¶
---
resources:
bareos::director::client:
$CLIENT1: &CLIENT
address: $CLIENT1
auto_prune: 'yes'
job_retention: '14 days'
tls_enable: true
tls_ca_certificate_file: /etc/bareos/easy-rsa/keys/ca.crt
tls_certificate: "/etc/bareos/easy-rsa/keys/%{::fqdn}.crt"
tls_key: "/etc/bareos/easy-rsa/keys/%{::fqdn}.key"
tls_allowed_cn:
- "%{::fqdn}"
bareos/director/director.yaml¶
classes:
- profile
- bareos::director::director
bareos::director::director::name_director: $DIRECTORDAEMON
bareos::director::director::key_encryption_key: $ENCRYPTIONKEY
bareos::director::director::maximum_concurrent_jobs: 16
bareos::director::director::tls_enable: true
bareos::director::director::tls_ca_certificate_file: /etc/bareos/easy-rsa/keys/ca.crt
bareos::director::director::tls_certificate: /etc/bareos/easy-rsa/keys/$DIRECTORDAEMON.crt
bareos::director::director::tls_key: /etc/bareos/easy-rsa/keys/$DIRECTORDAEMON.key
bareos::director::director::tls_allowed_cn:
- $DIRECTORDAEMON
resources:
bareos::console::director:
$DIRECTORDAEMON:
address: $DIRECTORDAEMON
password: $PASSWORD
bareos::director::console:
webui-admin:
password: $PASSWORD
profile:
- webui-admin
bareos/director/catalog.yaml¶
---
resources:
bareos::director::catalog:
catalog:
db_address: "$SQLSERVER"
db_driver: mysql
db_name: "bareos_qsu"
db_password: "$PASSWORD"
db_port: 3306
db_user: "bareos"
reconnect: true
exec:
create_bareos_db:
command: "/usr/bin/mysql -u%{lookup('bareos::director::catalog.catalog.db_user')} -p%{lookup('bareos::director::catalog.catalog.db_password')} -h%{lookup('bareos::director::catalog.catalog.db_address')} -D%{lookup('bareos::director::catalog.catalog.db_name')} < /usr/lib/bareos/scripts/ddl/creates/mysql.sql"
creates: /var/tmp/bareos_db_created
notify: Exec[bareos_db_created]
require: Package[bareos-database-mysql]
bareos_db_created:
command: "/usr/bin/touch /var/tmp/bareos_db_created"
refreshonly: true
bareos/director/easyrsa.yaml¶
---
resources:
package:
easy-rsa: {}
file:
/etc/bareos/easy-rsa:
ensure: directory
recurse: remote
recurselimit: 1
source_permissions: use
source: file:///usr/share/easy-rsa
require:
- Package[easy-rsa]
- Package[bareos-director]
/etc/bareos/easy-rsa/openssl.cnf:
content: |
# managed by puppet
[...] # all the settings from /usr/share/easy-rsa/openssl-1.0.0.cnf
/etc/bareos/easy-rsa/keys:
ensure: directory
owner: bareos
group: bareos
/etc/bareos/easy-rsa/vars:
content: |
# managed by puppet
[...] #all the settings from /usr/share/easy-rsa/vars
exec:
bareos_keys:
command: '/bin/bash -c "/bin/chown bareos: /etc/bareos/easy-rsa/keys/*.{key,crt}"'
bareos/director/filesets.yaml¶
---
resources:
bareos::director::fileset:
linux:
enable_vss: 'No'
exclude:
File:
- /proc
- /tmp
- /sys
- /backuprbd
include:
Options:
One FS: 'no'
Signature: SHA256
Compression: LZ4
File: /
bareos/director/jobs.yaml¶
---
resources:
bareos::director::job:
$CLIENT:
schedule_res: daily
job_defs: DefaultJob
file_set: linux
client: $CLIENT
bareos::director::jobdefs:
DefaultJob:
pool: bla
type: backup
messages: Default
storage: $STORAGEDAEMON
max_full_interval: '7 days'
reschedule_on_error: true
prune_files: 'yes'
prune_jobs: 'yes'
bareos/director/messages.yaml¶
---
resources:
bareos::director::messages:
Default:
director:
- '$DIRECTORDAEMON = all'
append:
- '"/var/log/bareos/director.log" = all, !skipped'
mail_on_error:
- $MAILADDRESS = all, !skipped, !terminate
bareos/director/pools.yaml¶
resources:
bareos::director::pool:
bla:
minimum_block_size: 4194304
maximum_block_size: 4194304
volume_retention: '28 days'
pool_type: backup
label_format: bla-
auto_prune: 'yes'
recycle: 'yes'
bareos/director/profiles.yaml¶
resources:
bareos::director::profile:
console-admin:
command_acl: '*all*'
job_acl: '*all*'
schedule_acl: '*all*'
catalog_acl: '*all*'
pool_acl: '*all*'
storage_acl: '*all*'
client_acl: '*all*'
file_set_acl: '*all*'
where_acl: '*all*'
plugin_options_acl: '*all*'
[...]
bareos/director/schedules.yaml¶
resources:
bareos::director::schedule:
daily:
run:
- Incremental hourly at 18:00
weekly:
run:
- Full sat at 18:00
- Incremental sun-mon at 18:00
bareos/director/storages.yaml¶
---
resources:
bareos::director::storage:
$STORAGEDAEMON:
address: $STORAGEDAEMON
password:
tls_enable: true
tls_ca_certificate_file: /etc/bareos/easy-rsa/keys/ca.crt
tls_certificate: /etc/bareos/easy-rsa/keys/%{::fqdn}.crt
tls_key: /etc/bareos/easy-rsa/keys/%{::fqdn}.key
tls_allowed_cn:
- $STORAGEDAEMON
collect_statistics: true
media_type: RadosFile
maximum_concurrent_jobs: 16
device:
- RBD01
- RBD02
- RBD03
- RBD04
- RBD05
bareos/director/webui.yaml¶
Last update:
April 13, 2020