[MediaWiki-commits] [Gerrit] bacula: Also encrypt the data channel - change (operations/puppet)

Fri, 16 May 2014 06:35:31 -0700 

Alexandros Kosiaris has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/133702

Change subject: bacula: Also encrypt the data channel
......................................................................

bacula: Also encrypt the data channel

The actual data is already encrypted by the client before being
transmitted on the network but the metadata (filenames, permissions etc)
was not. This will incur some extra load on both servers due to the
extra layer of encryption but it should be relatively neglegible

Change-Id: I499a0d50d54e7b8e7d67f130d8887ee96d09c76d
---
M modules/bacula/templates/bacula-fd.conf.erb
M modules/bacula/templates/bacula-sd.conf.erb
2 files changed, 4 insertions(+), 4 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/02/133702/1

diff --git a/modules/bacula/templates/bacula-fd.conf.erb 
b/modules/bacula/templates/bacula-fd.conf.erb
index 3ac4fb7..0f9d655 100644
--- a/modules/bacula/templates/bacula-fd.conf.erb
+++ b/modules/bacula/templates/bacula-fd.conf.erb
@@ -28,8 +28,8 @@
     PKI Signatures = Yes
     PKI Keypair = "/var/lib/puppet/ssl/private_keys/bacula-keypair-<%= @fqdn 
%>.pem"
     PKI Master Key = "/var/lib/puppet/ssl/certs/ca.pem"
-    # Do NOT enable Data channel encryption.
-    TLS Enable = no
+    # Do enable Data channel encryption.
+    TLS Enable = yes
     TLS Require = yes
     TLS Certificate = "/var/lib/puppet/ssl/certs/<%= @fqdn %>.pem"
     TLS Key = "/var/lib/puppet/ssl/private_keys/<%= @fqdn %>.pem"
diff --git a/modules/bacula/templates/bacula-sd.conf.erb 
b/modules/bacula/templates/bacula-sd.conf.erb
index 22cd6f2..7022581 100644
--- a/modules/bacula/templates/bacula-sd.conf.erb
+++ b/modules/bacula/templates/bacula-sd.conf.erb
@@ -20,8 +20,8 @@
     Pid Directory = "/var/run/bacula"
     Maximum Concurrent Jobs = <%= @sd_max_concur_jobs %>
     Plugin Directory = "/usr/lib/bacula"
-    # Do NOT Have the data channel encrypted.
-    TLS Enable = no
+    # Do Have the data channel encrypted.
+    TLS Enable = yes
     TLS Require = yes
     TLS CA Certificate File = "/var/lib/puppet/ssl/certs/ca.pem"
     TLS Verify Peer = yes

-- 
To view, visit https://gerrit.wikimedia.org/r/133702
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I499a0d50d54e7b8e7d67f130d8887ee96d09c76d
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <akosia...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to