diff --git a/bacula/files/bacula_catalog_dump b/bacula/files/bacula_catalog_dump index 0727a0c..9352f68 100755 --- a/bacula/files/bacula_catalog_dump +++ b/bacula/files/bacula_catalog_dump @@ -1,7 +1,34 @@ #!/bin/sh -# compact database -echo "vacuum;" | sqlite3 /srv/bacula/bacula.db +umask 077 -# dump database to file -echo ".dump" | sqlite3 /srv/bacula/bacula.db > /srv/bacula/bacula.sql +# read settings +eval `dbcheck -B -c /etc/bacula/bacula-dir.conf` + +backupfile="${working_dir}/bacula.sql" + +case $db_type in + MySQL) + cat < ${working_dir}/my.cnf +[client] +host="${db_address}" +user="${db_user}" +password="${db_password}" +EOF + MYSQL_HOME=${working_dir} mysqldump ${db_name} > ${backupfile} + rm ${working_dir}/my.cnf + ;; + PostgreSQL) + echo "${db_password}" > ${working_dir}/.pgpass + HOME=${working_dir} pg_dump -c ${db_address} -U ${db_user} \ + ${db_name} > ${backupfile} + rm ${working_dir}/.pgpass + ;; + SQLite) + echo "vacuum;" | sqlite3 ${working_dir}/bacula.db + echo ".dump" | sqlite3 ${working_dir}/bacula.db > ${backupfile} + ;; + *) + echo "ERR: No dump support for '${db_type}' database" + ;; +esac diff --git a/bacula/files/fileset.Catalog.conf b/bacula/files/fileset.Catalog.conf index 721f2b0..6a3dedb 100644 --- a/bacula/files/fileset.Catalog.conf +++ b/bacula/files/fileset.Catalog.conf @@ -3,7 +3,7 @@ FileSet { Name = "Catalog" Include { Options { - signature = MD5 + signature = SHA1 } File = "/srv/bacula/bacula.sql" } diff --git a/bacula/files/fileset.Default.conf b/bacula/files/fileset.Default.conf index 0094367..09c8700 100644 --- a/bacula/files/fileset.Default.conf +++ b/bacula/files/fileset.Default.conf @@ -4,6 +4,9 @@ FileSet { Include { Options { signature = SHA1 + noatime = yes + aclsupport = yes + xattrsupport = yes onefs = yes } File = "|sh -c 'mount | awk \"{ if (/^\\/dev\\//) { print \\$3} }\"'" diff --git a/bacula/manifests/init.pp b/bacula/manifests/init.pp index 87e0fd5..537d348 100644 --- a/bacula/manifests/init.pp +++ b/bacula/manifests/init.pp @@ -144,6 +144,13 @@ class bacula::director($password=undef, } } "mysql": { + require mysql::client + if !$dbpassword { + fail("\$dbpassword is required for bacula::director when using '${dbadapter} database") + } + } + "postgresql": { + require postgresql::client if !$dbpassword { fail("\$dbpassword is required for bacula::director when using '${dbadapter} database") } @@ -155,8 +162,9 @@ class bacula::director($password=undef, package { "bacula-director": name => $dbadapter ? { - "sqlite" => "bacula-director-sqlite", - "mysql" => "bacula-director-mysql", + "mysql" => "bacula-director-mysql", + "postgresql" => "bacula-director-postgresql", + "sqlite" => "bacula-director-sqlite", }, ensure => installed, before => Class["bacula::certificates"], @@ -400,6 +408,10 @@ class bacula::storage($password = undef) { define bacula::device($device, $media) { include bacula::storage + require smart + package { "mtx": + ensure => installed, + } file { "/etc/bacula/bacula-sd.d/${name}.conf": ensure => present, @@ -464,6 +476,11 @@ class bacula::web($htaccess, before => File["/usr/local/src/bacula-web.tar.gz"], } } + "postgresql": { + class { "php::pgsql": + before => File["/usr/local/src/bacula-web.tar.gz"], + } + } "sqlite": { } default: { fail("Invalid \$dbadapter '${dbadapter}' in bacula::web") diff --git a/bacula/templates/bacula-web.conf.erb b/bacula/templates/bacula-web.conf.erb index c4c7660..dd58d09 100644 --- a/bacula/templates/bacula-web.conf.erb +++ b/bacula/templates/bacula-web.conf.erb @@ -19,7 +19,11 @@ $config[0]['host'] = '<%= @dbserver %>'; $config[0]['login'] = '<%= @dbuser %>'; $config[0]['password'] = '<%= @dbpassword %>'; $config[0]['db_name'] = '<%= @dbname %>'; +<% if @dbadapter == 'postgresql' -%> +$config[0]['db_type'] = 'pgsql'; +<% else -%> $config[0]['db_type'] = 'mysql'; +<% end -%> <% end -%> ?> diff --git a/bacula/templates/device.conf.erb b/bacula/templates/device.conf.erb index 546066e..eec5b4f 100644 --- a/bacula/templates/device.conf.erb +++ b/bacula/templates/device.conf.erb @@ -7,4 +7,6 @@ Device { AlwaysOpen = no; RemovableMedia = yes; RandomAccess = no; + Alert Command = "sh -c 'tapeinfo -f %c | grep TapeAlert | cat'" + Alert Command = "sh -c 'smartctl -H -l error %c'" } diff --git a/nagios/files/commands.cfg b/nagios/files/commands.cfg index f2f3b97..b6cdcc6 100644 --- a/nagios/files/commands.cfg +++ b/nagios/files/commands.cfg @@ -148,6 +148,13 @@ define command{ } +# 'check_ldap' command definition +define command{ + command_name check_ldap + command_line $USER1$/check_ldap -H $HOSTADDRESS$ -b $ARG1$ + } + + # 'check_ssh' command definition define command{ command_name check_ssh @@ -155,6 +162,13 @@ define command{ } +# 'check_dig' command definition +define command{ + command_name check_dig + command_line $USER1$/check_dig -H $HOSTADDRESS$ -l $ARG1$ + } + + # 'check_dhcp' command definition define command{ command_name check_dhcp diff --git a/nagios/manifests/target.pp b/nagios/manifests/target.pp index 237e0c8..c2b6ad9 100644 --- a/nagios/manifests/target.pp +++ b/nagios/manifests/target.pp @@ -40,6 +40,23 @@ class nagios::target($parent=undef) { } +# Configure dig service target. +# +# === Parameters +# +# $query: +# Address to query from DNS server. Defaults to localhost. +# +class nagios::target::dns ($query="localhost") inherits nagios::target { + + @@nagios::service { "${::homename}_dig": + command => "check_dig!${query}", + description => "DNS", + } + +} + + # Configure ssh service target. # class nagios::target::ssh inherits nagios::target { @@ -88,6 +105,30 @@ class nagios::target::imaps inherits nagios::target { } +# Configure ldap service target. +# +class nagios::target::ldap inherits nagios::target { + + @@nagios::service { "${::homename}_ldap": + command => "check_ldap!${ldap_basedn}", + description => "LDAP", + } + +} + + +# Configure ldaps service target. +# +class nagios::target::ldaps inherits nagios::target { + + @@nagios::service { "${::homename}_ldaps": + command => "check_ldap!${ldap_basedn} -p 636", + description => "LDAPs", + } + +} + + # Configure smtp service target. # class nagios::target::smtp inherits nagios::target { diff --git a/php/manifests/init.pp b/php/manifests/init.pp index fb04aaa..f25e449 100644 --- a/php/manifests/init.pp +++ b/php/manifests/init.pp @@ -32,6 +32,17 @@ class php::mysql { } +# Install PostgreSQL support to PHP +# +class php::pgsql { + + package { "php-pgsql": + ensure => installed, + } + +} + + # Install PDO database abstraction support to PHP # class php::pdo { diff --git a/postgresql/manifests/init.pp b/postgresql/manifests/init.pp index b23c651..e974bea 100644 --- a/postgresql/manifests/init.pp +++ b/postgresql/manifests/init.pp @@ -46,26 +46,39 @@ class postgresql::server($datadir="/srv/pgsql") { if $datadir != "/srv/pgsql" { file { $datadir: - ensure => directory, - mode => "0700", - owner => "postgres", - group => "postgres", + ensure => directory, + mode => "0700", + owner => "postgres", + group => "postgres", + seltype => "postgresql_db_t", + require => Package["postgresql"], } file { "/srv/pgsql": ensure => link, target => $datadir, owner => "root", group => "root", + seltype => "postgresql_db_t", require => File[$datadir], } + selinux::manage_fcontext { "${datadir}(/.*)?": + type => "postgresql_db_t", + before => File[$datadir], + } } else { file { "/srv/pgsql": - ensure => directory, - mode => "0700", - owner => "postgres", - group => "postgres", + ensure => directory, + mode => "0700", + owner => "postgres", + group => "postgres", + seltype => "postgresql_db_t", + require => Package["postgresql"], } } + selinux::manage_fcontext { "/srv/pgsql(/.*)?": + type => "postgresql_db_t", + before => File["/srv/pgsql"], + } package { "postgresql-server": ensure => installed, diff --git a/smart/manifests/init.pp b/smart/manifests/init.pp index c055f70..6726786 100644 --- a/smart/manifests/init.pp +++ b/smart/manifests/init.pp @@ -1,11 +1,18 @@ +# Install S.M.A.R.T. tools +class smart { + + package { "smartmontools": + ensure => installed + } + +} + # Enable S.M.A.R.T. monitoring daemon # class smart::daemon { - package { "smartmontools": - ensure => installed, - } + require smart service { "smartd": ensure => running,