Alexandros Kosiaris has uploaded a new change for review. https://gerrit.wikimedia.org/r/133702
Change subject: bacula: Also encrypt the data channel ...................................................................... bacula: Also encrypt the data channel The actual data is already encrypted by the client before being transmitted on the network but the metadata (filenames, permissions etc) was not. This will incur some extra load on both servers due to the extra layer of encryption but it should be relatively neglegible Change-Id: I499a0d50d54e7b8e7d67f130d8887ee96d09c76d --- M modules/bacula/templates/bacula-fd.conf.erb M modules/bacula/templates/bacula-sd.conf.erb 2 files changed, 4 insertions(+), 4 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/02/133702/1 diff --git a/modules/bacula/templates/bacula-fd.conf.erb b/modules/bacula/templates/bacula-fd.conf.erb index 3ac4fb7..0f9d655 100644 --- a/modules/bacula/templates/bacula-fd.conf.erb +++ b/modules/bacula/templates/bacula-fd.conf.erb @@ -28,8 +28,8 @@ PKI Signatures = Yes PKI Keypair = "/var/lib/puppet/ssl/private_keys/bacula-keypair-<%= @fqdn %>.pem" PKI Master Key = "/var/lib/puppet/ssl/certs/ca.pem" - # Do NOT enable Data channel encryption. - TLS Enable = no + # Do enable Data channel encryption. + TLS Enable = yes TLS Require = yes TLS Certificate = "/var/lib/puppet/ssl/certs/<%= @fqdn %>.pem" TLS Key = "/var/lib/puppet/ssl/private_keys/<%= @fqdn %>.pem" diff --git a/modules/bacula/templates/bacula-sd.conf.erb b/modules/bacula/templates/bacula-sd.conf.erb index 22cd6f2..7022581 100644 --- a/modules/bacula/templates/bacula-sd.conf.erb +++ b/modules/bacula/templates/bacula-sd.conf.erb @@ -20,8 +20,8 @@ Pid Directory = "/var/run/bacula" Maximum Concurrent Jobs = <%= @sd_max_concur_jobs %> Plugin Directory = "/usr/lib/bacula" - # Do NOT Have the data channel encrypted. - TLS Enable = no + # Do Have the data channel encrypted. + TLS Enable = yes TLS Require = yes TLS CA Certificate File = "/var/lib/puppet/ssl/certs/ca.pem" TLS Verify Peer = yes -- To view, visit https://gerrit.wikimedia.org/r/133702 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I499a0d50d54e7b8e7d67f130d8887ee96d09c76d Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Alexandros Kosiaris <akosia...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits