Merge pull request #14 from adfinis/fix/bareos_dir_tls

fix: Bareos Director TLS settings

.github/workflows/molecule.yml

@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: ansible-lint
         uses: ansible-community/ansible-lint-action@main
   test:
@@ -30,26 +30,16 @@ jobs:
             tag: "latest"
           - image: "debian"
             tag: "bullseye"
-          - image: "debian"
-            tag: "buster"
-          - image: "enterpriselinux"
-            tag: "8"
           - image: "enterpriselinux"
             tag: "latest"
-          - image: "fedora"
-            tag: "38"
           - image: "fedora"
             tag: "39"
-          # TODO no packages for fedora 40 yet: https://download.bareos.org/current/
-          # pipeline will fail for now. replace 38 as soon as 40 is ready and working.
           - image: "fedora"
             tag: "latest"
-          - image: "opensuse"
-            tag: "latest"
           - image: "ubuntu"
-            tag: "latest"
+            tag: "jammy"
           - image: "ubuntu"
-            tag: "focal"
+            tag: "latest"
     steps:
       - name: checkout
         uses: actions/checkout@v4

README.md

@@ -359,40 +359,20 @@ bareos_dir_schedules: []
 bareos_dir_storages: []
 ```
 
-## [Requirements](#requirements)
-
-- pip packages listed in [requirements.txt](https://github.com/adfinis/ansible-role-bareos_dir/blob/master/requirements.txt).
-
-## [State of used roles](#state-of-used-roles)
-
-The following roles are used to prepare a system. You can prepare your system in another way.
-
-| Requirement | GitHub | GitLab |
-|-------------|--------|--------|
-|[robertdebock.bootstrap](https://galaxy.ansible.com/adfinis/robertdebock.bootstrap)|[![Build Status GitHub](https://github.com/adfinis/robertdebock.bootstrap/workflows/Ansible%20Molecule/badge.svg)](https://github.com/adfinis/robertdebock.bootstrap/actions)|[![Build Status GitLab](https://gitlab.com/robertdebock-iac/robertdebock.bootstrap/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/robertdebock.bootstrap)|
-|[adfinis.bareos_repository](https://galaxy.ansible.com/adfinis/bareos_repository)|[![Build Status GitHub](https://github.com/adfinis/ansible-role-bareos_repository/workflows/Ansible%20Molecule/badge.svg)](https://github.com/adfinis/ansible-role-bareos_repository/actions)|[![Build Status GitLab](https://gitlab.com/robertdebock-iac/ansible-role-bareos_repository/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/ansible-role-bareos_repository)|
-|[robertdebock.buildtools](https://galaxy.ansible.com/adfinis/robertdebock.buildtools)|[![Build Status GitHub](https://github.com/adfinis/robertdebock.buildtools/workflows/Ansible%20Molecule/badge.svg)](https://github.com/adfinis/robertdebock.buildtools/actions)|[![Build Status GitLab](https://gitlab.com/robertdebock-iac/robertdebock.buildtools/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/robertdebock.buildtools)|
-|[robertdebock.epel](https://galaxy.ansible.com/adfinis/robertdebock.epel)|[![Build Status GitHub](https://github.com/adfinis/robertdebock.epel/workflows/Ansible%20Molecule/badge.svg)](https://github.com/adfinis/robertdebock.epel/actions)|[![Build Status GitLab](https://gitlab.com/robertdebock-iac/robertdebock.epel/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/robertdebock.epel)|
-|[robertdebock.python_pip](https://galaxy.ansible.com/adfinis/robertdebock.python_pip)|[![Build Status GitHub](https://github.com/adfinis/robertdebock.python_pip/workflows/Ansible%20Molecule/badge.svg)](https://github.com/adfinis/robertdebock.python_pip/actions)|[![Build Status GitLab](https://gitlab.com/robertdebock-iac/robertdebock.python_pip/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/robertdebock.python_pip)|
-|[robertdebock.postgres](https://galaxy.ansible.com/adfinis/robertdebock.postgres)|[![Build Status GitHub](https://github.com/adfinis/robertdebock.postgres/workflows/Ansible%20Molecule/badge.svg)](https://github.com/adfinis/robertdebock.postgres/actions)|[![Build Status GitLab](https://gitlab.com/robertdebock-iac/robertdebock.postgres/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/robertdebock.postgres)|
-
 ## [Context](#context)
 
 This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://adfinis.com/) for further information.
 
-Here is an overview of related roles:
-![dependencies](https://raw.githubusercontent.com/adfinis/ansible-role-bareos_dir/png/requirements.png "Dependencies")
-
 ## [Compatibility](#compatibility)
 
 This role has been tested on these [container images](https://hub.docker.com/u/robertdebock):
 
 |container|tags|
 |---------|----|
-|[Debian](https://hub.docker.com/r/robertdebock/debian)|buster, bullseye, bookworm|
+|[Debian](https://hub.docker.com/r/robertdebock/debian)|bullseye, bookworm|
 |[EL](https://hub.docker.com/r/robertdebock/enterpriselinux)|9|
-|[Fedora](https://hub.docker.com/r/robertdebock/fedora)|38, 39|
-|[Ubuntu](https://hub.docker.com/r/robertdebock/ubuntu)|jammy|
+|[Fedora](https://hub.docker.com/r/robertdebock/fedora)|39, 40|
+|[Ubuntu](https://hub.docker.com/r/robertdebock/ubuntu)|jammy, numbat|
 
 The minimum version of Ansible required is 2.12, tests have been done to:
 

meta/argument_specs.yml

@@ -33,12 +33,20 @@ argument_specs:
         description: "The messages configuration to use."
       bareos_dir_tls_enable:
         type: "bool"
-        default: yes
-        description: "Enable TLS."
+        default: true
+        description: >
+          Enable TLS support.
+          If no certificates are configured PSK (Pre Shared Keys) ciphers will be used.
+          If the other side does not support TLS, or cleartext is configured the connection will be aborted.
       bareos_dir_tls_verify_peer:
         type: "bool"
-        default: no
-        description: "Verify the peer."
+        default: false
+        description: >
+          Request and verify the peers certificate.
+          In server context, unless the TLS Allowed CN configuration directive is specified,
+          any client certificate signed by a known-CA will be accepted.
+          In client context, the server certificate CommonName attribute is checked against the
+          Address and TLS Allowed CN configuration directives.
       bareos_dir_tls_ca_cert_src:
         type: "str"
         description: "The CA Certificate for the Director (src)"
@@ -57,6 +65,13 @@ argument_specs:
       bareos_dir_tls_cert_key_dest:
         type: "str"
         description: "The TLS certificate key of the director (dest)"
+      bareos_dir_tls_allowed_cns:
+        type: "list"
+        required: false
+        description: >
+          CN attribute of allowed peer certificates.
+          If `bareos_dir_tls_verify_peer` is true,
+          all connection request certificates will be checked against this list.
       bareos_dir_catalogs:
         type: "list"
         default: []

molecule/default/converge.yml

@@ -273,6 +273,15 @@
       bareos_dir_plugins:
         - director-python
 
+      bareos_dir_tls_enable: true
+      bareos_dir_tls_cert_src: "tls_files/molecule-test.pem"
+      bareos_dir_tls_ca_cert_src: "tls_files/molecule-ca.pem"
+      bareos_dir_tls_cert_key_src: "tls_files/molecule-test.key"
+      bareos_dir_tls_verify_peer: true
+      bareos_dir_tls_allowed_cns:
+        - "[email protected]"
+        - "[email protected]"
+
     - role: adfinis.bareos_console
       bareos_console_directors:
         - name: bareos-dir

molecule/default/tls_files/molecule-ca.pem

@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF6jCCA9KgAwIBAgIUfC/Gz2xsr6KrBFLNc2tpAYOK+BgwDQYJKoZIhvcNAQEL
+BQAwgZ8xCzAJBgNVBAYTAkNIMRQwEgYDVQQIDAtCYXNlbC1TdGFkdDEOMAwGA1UE
+BwwFQmFzZWwxEzARBgNVBAoMCkFkZmluaXMgQUcxEDAOBgNVBAsMB1Rlc3Rpbmcx
+ITAfBgNVBAMMGGJhcmVvcy13ZWJ1aS5leGFtcGxlLmNvbTEgMB4GCSqGSIb3DQEJ
+ARYRZHVtbXlAZXhhbXBsZS5jb20wHhcNMjQxMDI4MTMwNDQ1WhcNMjYxMDI4MTMw
+NDQ1WjB6MQswCQYDVQQGEwJDSDEUMBIGA1UECAwLQmFzZWwtU3RhZHQxDjAMBgNV
+BAcMBUJhc2VsMRAwDgYDVQQKDAdBZGZpbmlzMRAwDgYDVQQLDAdUZXN0aW5nMSEw
+HwYDVQQDDBhiYXJlb3Mtd2VidWkuZXhhbXBsZS5jb20wggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCZAtCNVtFEvOgW2lbbTpsAnzQvqGDEV42UYgWl4hk/
+bpgl8+NBDHxNuQHDjAnRQcBSmw0ZgfgtKZm1nDvaiIhGmuCuzkxXWeBG31iEp/YS
+4+X/ciN6/NPfyIBk08sA905y7fBIjCnYM+8D2gB0w1/INzHujBSrHU/upnkv9yKi
+2WpmYo+BtzZu2Lpjs2FIVguoJPsyMfuS+W3oz6QeJZLTMNGdDXyUAoonOyihP0nB
+dq3eMTOgB4c+XL+d6fvfxIVXGU4Cos1JVX4QiV2jzK7eIsoxoBUrnq3FwERxqCtr
+IibOWDjo69Y2vSfpAAIWXtYqXEiccX70/+wZOz4KFbi2lNmT/9bx3annk+enXJ9J
+fUX3QSH6SsyUROnDWMecth/wZeDwPeINzwU8R+iy09IauU4rj464icvQQQXjz5Iq
+C/HYgMrUolXg4PIiiXpsMxnqglcvkEbW7H9mFAkJaK1yMdNjBPRKovIeQbo27Lr9
+ODBmXwC8c9LGTaE33QBtAo5CsxNb8Aq4wccZwL/F1dd5G0RNdtdOefGSmIFTyKXS
++rng5utrpZGEAMymZa+zA+bSspQ1gQvuhp3ELKLwO/ByPElcBZX2QMblJRcXFJ7d
+eIJ2e++GE9+RhL2h25ePcjDwtAq2BaTQA3NJhCMeXptV0wwFPLBKvbB1Z+qNE4P8
+AQIDAQABo0IwQDAdBgNVHQ4EFgQUTPS2FzCmAWW3arAS978YU8u8fAowHwYDVR0j
+BBgwFoAUX/Q1ekxqcabTcuZsDvl9iwVvVrcwDQYJKoZIhvcNAQELBQADggIBAF94
+MGDv75jX2pR4ONE0Uy0/+bc2lz6PL0LfyIDpMh1RELTy08uCp0hCkeHuDZNOsZxc
+X8J3PhtF9e5vimd/tbTyvPxvRKy7XQLkq3TumtVH0tu8sGj1LlVNw5+1dBgDrwPC
+xX0UMx6RHRweHCbtOLqlNy4AEj+R7h0piU76oen8BWVJuinC+nidp4RDcVHOZAt/
+Y0gEA1wwE9mxo7WGGMzWo9PpbL2PnJIbBfKs/Gj58EoNzmHJWE8dhusADwLEDOu1
+KVUf8mqkzCn2/EHYKtbOBtHHOwG7qseLUiXJ+98e2AwJ9MpdpvBskR3oqMkObmo7
+OiiUZxXI6wEqPwzZeBVJujBY7UmXR1CQgJ3r6i3UBZRthejCxJM91aYR0VIqqcTT
+OAs+szVklaUfMB381EX3KFIWZYIHVbc7kHROeu3e6ufgCqRgpWQjhvR47glxHlYR
+GH8O5hcSAwvPfhnsQ2zXd6X24nujusNS1SbILX0etBTSI5s8++2g/wVDq2YEc/3l
+cMpRRnAx2qH8u/cOUWhShc4jTyJ6+7wRAkglhy/G17e1TDNCCUzTXxSlxoX9NKwm
+R3jB8RhzWh7Q/+n4s6vRT2toBu/mbT/Ohukh+wDkd893xbhcQ2db1JT8aocp79RK
+D0mLqasMsj2DrmWt2Lsf1XY8cOGoRizUsGops36X
+-----END CERTIFICATE-----

molecule/default/tls_files/molecule-test.key

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCZAtCNVtFEvOgW
+2lbbTpsAnzQvqGDEV42UYgWl4hk/bpgl8+NBDHxNuQHDjAnRQcBSmw0ZgfgtKZm1
+nDvaiIhGmuCuzkxXWeBG31iEp/YS4+X/ciN6/NPfyIBk08sA905y7fBIjCnYM+8D
+2gB0w1/INzHujBSrHU/upnkv9yKi2WpmYo+BtzZu2Lpjs2FIVguoJPsyMfuS+W3o
+z6QeJZLTMNGdDXyUAoonOyihP0nBdq3eMTOgB4c+XL+d6fvfxIVXGU4Cos1JVX4Q
+iV2jzK7eIsoxoBUrnq3FwERxqCtrIibOWDjo69Y2vSfpAAIWXtYqXEiccX70/+wZ
+Oz4KFbi2lNmT/9bx3annk+enXJ9JfUX3QSH6SsyUROnDWMecth/wZeDwPeINzwU8
+R+iy09IauU4rj464icvQQQXjz5IqC/HYgMrUolXg4PIiiXpsMxnqglcvkEbW7H9m
+FAkJaK1yMdNjBPRKovIeQbo27Lr9ODBmXwC8c9LGTaE33QBtAo5CsxNb8Aq4wccZ
+wL/F1dd5G0RNdtdOefGSmIFTyKXS+rng5utrpZGEAMymZa+zA+bSspQ1gQvuhp3E
+LKLwO/ByPElcBZX2QMblJRcXFJ7deIJ2e++GE9+RhL2h25ePcjDwtAq2BaTQA3NJ
+hCMeXptV0wwFPLBKvbB1Z+qNE4P8AQIDAQABAoICABBTDI0HxivfO6O0h6++Iytd
+0OOEw04vSRubmZ6pEKiD1Be4fXZjLp/cLSP/vMxmh25IvI0MIL4wwgVuNbSK/H8L
+5wy/VcW8AQGOspL0mHxLdC5crwxgDPrDGW+oaPAhcm0wlYIn8g7u+4EdsQ7ECWQC
+/4DD0TCwX+bGPAeyBi/5ojBqM4VTVqtc1AXvDWH6TCQUTfh8/KohkmhUPt44hAGk
+I7jtx2zDGJo25Y7Ogb/yOXqLJUbdhsBQhOEEJasp/E/ek0QUunIofNqmzSa8n6tz
+ar8ApUGSHFgMu0ClAHzdl+ZL40Z2YtRUOf3R0mcwlwjN77FBKppY84d9mpDY4Gvw
+BJZ7X4Sl52lTh2pU9H8a1Pn4fVrxtCcFqEQV5nLemGO9W2APF0KaNGKRVg2ogc5P
+1bHR60bUjznU6C+vxaILXy0loeWq0pUZlXJoAf5iNzIOEgFGAei5EdR/pBJcLnNW
+I6dmvFcK3I2IqbhNJ3/wah4avsYim36aWR2WjU8ujfbI7PfDyv3NCuV/bm2MRAze
+/LHAr347d8I4n+Ft1zrgdQHshtwAEYXCUs5nsD6+cUMYac89LcqbmTvQ++H7QI5M
+XgGWxaZAwGK7CO9kgQNdPLtDUYzLkhkvv44GXpBpPSntUNFc7pN6dEWgifPcIzcA
+X3+3iTbisda/JUsk2ecBAoIBAQDS4USqV5L03fr8hyI45qh11MDjGgqvlR0Tsphd
+0Oj5gVPMoSX8y+KYOm+tOBS9JSkt9aXnuztJ+zPmBvZiGgYh4aRodzDRDUdE7WlY
+NFs8Ay870aqsF2I87lKWTtUBNgV7DzgIPXWfcxoS/e4M2jqhrAwwiQohC9EK7Gai
+XH0/bPbJsXXTDtPJpKe561rrmrjYvUCSkv9C+l2Y/H/seNijJXFuXZ/h/HEy87ZV
+rRV9lihPNkkPr4KDsPGSQf69JsjmrGbeILxzCg27PHpb3Y7SfeGXj7IWMtiy0s6j
+hRXZ/Qzms+I9FcsYxn8OdXttmUs6luwjCSEX6IEUWEdA5nlVAoIBAQC5v9V8hvxL
+W3n1FHFa1JlwJzljnvMn2D6YWDPVq/ubZt/Bs+AhxUPDt5XqC3SMcYbdzHPNbKbZ
+E3PIeAW9h+QGIzkw90DvcZwX0xOAMoAdjFLO3gA0UzyhtOZUaB4iT5tpLuA1Zqg6
+bk5jx2E6GbC5TCsjc5BLsBEqZ8kKNGwbGz4viuFmHA5EjrpKDfAWs1Yd22FYNkog
+fEVjB65zlYTl77wn+dvpwDXP4IbRYLITfuNxiipIdn+V0saDQAd+seEZaOUpiUCZ
+W3gX/7jvOIZdX6g42RZLCt0Sn1Y5XmHgWK4cB8p+KaidEGBAYn3P8YYSEYGz+v3c
+hytbVPi1ucf9AoIBABcRX1KG6+NvWOJA4gR5btoc4NC2645TcG/ULIiurp2EgSc0
+RZSGtQ3T7p1zMgmSxBNr+K8FszGfkgjKoC8RC7SvGy32Q9fKbQ5kLg7hA03oR0Vy
+5QmYMT3bEBuzGefdAfJ5MrbsCi7cB3EmZ+DuClXfHSI+C2acBUz9mSiPl3/VqpVb
+nTjuOUqogVR8I2D8dtX2tdaSz+uCubRfgpraiVAna2YYRcIRvExHjp2GpoAradNo
+a8uUdmFzfKl0IKqOUJGzMDmCOTsYUXI25megL9xkusW6iU+WVlARcVs/1qkW3k9q
+RAhMlv/pzsJFJbBSgYEyOziF6iHUZDJWiczWqVUCggEAJ6pigXwl5kW7jm12I2pg
+9cU6iR6JWEniXBABybA3Q6E9SRULWMrSRLowhlE56z/XCAg/9m8sVhDEWdvfhfC9
+7d2Zue4i7L77EU9ey7J9D1JG4KwhqQrZWMLTqNSvEq6jRlvfPygT5p5lmQMbrReN
+WJR+Zcyo1LDdiYuuL8KwDz3LEsX6ih6VoWhFOckuKvrS+f8+E2NMgxFmk9YxF7en
+MJ74NCU0I/+KvkB5Kb8XZ/hhw344t06uwiTHhYGn2BNOOWnf/fW0WMtiouVV7afJ
+cakauEELdKz2NqLV+9w+1HS7gXrccAKfYiL8GuOtcDloYvVgGDoR+gTXamKD1fK9
+VQKCAQAHPI4XEf9RQOvyHq4IRNGSqFp9jcSM1Xq5A7fFQ2E+FVmb5j3D1tPCn8gx
+cMcOU6giELiwkTGtHzHX2Ys25ya/3HMBSMQtlScJUQAUmdU1ZZPxaWnOw03h/+Zh
+kzxAnLdgdkkvEGFyGWJGzOT2Si1vDDegfvucFXiQyUEen539O8+khznu3vuJbgDt
+V4jtUB8ZM0vQYQSiKXP6QLMGD+ddOVK3IQEMQAUhXjcO9UPF1RrBIwqgoFZTIm94
+nbs1AK9ChW13yV0OKvJuUYOq0gHPPIMaI/5cVNmC1YjeYHx8++s2r0ZpJ0NAiLka
+JCTfWhmiwPKkEyK5rJq5zOQpyf6g
+-----END PRIVATE KEY-----

molecule/default/tls_files/molecule-test.pem

@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGITCCBAmgAwIBAgIUO3payEGDpdtdlo8hzloqR7OMBAkwDQYJKoZIhvcNAQEL
+BQAwgZ8xCzAJBgNVBAYTAkNIMRQwEgYDVQQIDAtCYXNlbC1TdGFkdDEOMAwGA1UE
+BwwFQmFzZWwxEzARBgNVBAoMCkFkZmluaXMgQUcxEDAOBgNVBAsMB1Rlc3Rpbmcx
+ITAfBgNVBAMMGGJhcmVvcy13ZWJ1aS5leGFtcGxlLmNvbTEgMB4GCSqGSIb3DQEJ
+ARYRZHVtbXlAZXhhbXBsZS5jb20wHhcNMjQxMDI4MTI1NDUzWhcNMjkxMDI4MTI1
+NDUzWjCBnzELMAkGA1UEBhMCQ0gxFDASBgNVBAgMC0Jhc2VsLVN0YWR0MQ4wDAYD
+VQQHDAVCYXNlbDETMBEGA1UECgwKQWRmaW5pcyBBRzEQMA4GA1UECwwHVGVzdGlu
+ZzEhMB8GA1UEAwwYYmFyZW9zLXdlYnVpLmV4YW1wbGUuY29tMSAwHgYJKoZIhvcN
+AQkBFhFkdW1teUBleGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
+AgoCggIBALG1vmmRPoussCeWddH6LYw/SrhbfwWoGU14G/GuSE+I+rGOq72TDxBz
+hUxJSsZFt7b0w+4Fw/iiGL26H/fqpGIRgKV6WqAzzAjLVhKpxT6IHclH6tbEjk97
+1xFW9sJPq2mw7z7C9qY6pDSG+Cz4zcMKcxo6HtFCRL5Nw5l1Dyns1Yv3ODx5wsR3
+qdkSbZfo0Qvx6c7RPfLCiyy41ueX9IpKPzwBieGoBqcPC75vdarGDApBRkydCsjo
+5pR+zjAGHpyOmdHvm59cg//RjNIpTwb/VLK6/2F5O3aqfBTro5p9ADR77my/Gc5Q
+u0xAd9zPmKPc4HrRlbX0usVyb3JKXUf2LpiGkjkeiNaQuXNhhgSEJvW0aNuuvwcP
+JeQ6WJxObfqOq3WSpY4wztzOW90xecx/4BGgB2BDVwSJfDbsxVZhSpLdZ2RPhyvA
+G72qyFoRRaDnDOpmGmkMY9I1rzm7o/nUNpwsCHo35V+psWbMW9HPVKK2AcWZb1El
+27Y+DvlytidftcObLQKFKsIyxtBidV8sJUvJNlJ3lNf8g3lrzVwDBTm1g8AvzhwS
+LyKxGY5jw7KDhL7AXBEg7IiPxwcoolVcf2/+rWooSa5HIHzyOsONk7ZkE00kUlx5
+8C3tgafyqsmxDashlSjfMzNnXmbJo9lW24lot58v4qRnmYhjhe0RAgMBAAGjUzBR
+MB0GA1UdDgQWBBRf9DV6TGpxptNy5mwO+X2LBW9WtzAfBgNVHSMEGDAWgBRf9DV6
+TGpxptNy5mwO+X2LBW9WtzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4ICAQClXdzTSZZQkg55reHK79O6RomxvLg3ereSmKwKyhrNky4SlZ1HsN6BR8FF
+sDFloXIsslIVUzkf3uosg5j7Gp9QPAU+OqzBKThPgjPuwocuT7qBQYGeJgeJ/pwB
+dVHlKnDTX0pKatGm1j7xa6JIsLlvo9VHQ3O/Ofj7im6K9lBfnTu13zQq1WU9n0Yk
+TYvr6+7FfHITBv9VKv/rCBbYF5iaQD+Nphpk2GOBGkxrscMMeLrifMv9IA/J86K0
+D/aroBpbRmzuO7RWcqduiiULakrWqmFS5JOYEHdVmMys7WMjycr+hrEl3G5aUgp1
+2Ufr32wNQvzmXvssZkS7eKvcWtvjJPLDofZ5T3rWahiHqcP77wBXAklwdk6MBChK
+YpxYQVH7qH8K1Q3hdbAs0zZaPLpXSjI8d5Cc03+BWiusxsTms9OOhsXCIa+7cc4x
+DK2PNGUb6ug4nCZ/pE16g1k12BePao2MKryEfEMIrh7egJdpdpmWMzI0BcFvR2vR
+lFdtBVSdlVqk1BIxmWyN7OfsHSrwqYE9MT5RJz2wszMYk15RyrqvSKZMzKIWEaL9
+VW6OyOmsurs/OsFADX1A8ySjxqz1NPwxh9qXtj01VOA4zm1OgfIIyEYgBKxm2ZnI
+6mQkTRV2w2557KjeTjPtruR9ne4jT2YwTbnC9pMnuUAdB2FMxA==
+-----END CERTIFICATE-----

templates/bareos-dir.conf.j2

@@ -8,23 +8,27 @@ Director {
   Maximum Concurrent Jobs = {{ bareos_dir_max_concurrent_jobs }}
 {% endif %}
   Messages = "{{ bareos_dir_message }}"
-{% if not bareos_dir_tls_enable %}
-  TLS Enable = No
+
+  TLS Enable = {{ bareos_dir_tls_enable | ternary("yes","no")}}
+{% if bareos_dir_tls_ca_cert_dest is defined and
+  bareos_dir_tls_cert_dest is defined and
+  bareos_dir_tls_cert_key_dest is defined
+%}
+  TLS CA Certificate File = {{ bareos_dir_tls_ca_cert_dest }}
+  TLS Certificate = {{ bareos_dir_tls_cert_dest }}
+  TLS Key = {{ bareos_dir_tls_cert_key_dest }}
 {% endif %}
-{% if bareos_dir_tls_verify_peer %}
-  TLS Verify Peer = Yes
+
+  TLS Verify Peer = {{ bareos_dir_tls_verify_peer | default(false) | ternary("yes","no")}}
+{% if bareos_dir_tls_allowed_cns is defined and
+  bareos_dir_tls_allowed_cns is iterable %}
+{% for cn in bareos_dir_tls_allowed_cns %}
+  TLS Allowed CN = "{{ cn }}"
+{% endfor %}
 {% endif %}
+
 {% if bareos_dir_plugins is defined %}
   Plugin Names = "{{ bareos_dir_plugin_name }}"
   Plugin Directory = "{{ bareos_dir_plugin_dir }}"
 {% endif %}
-{% if bareos_dir_tls_ca_cert_dest is defined and bareos_dir_tls_ca_cert_dest != "" %}
-  TLS CA Certificate File = "{{ bareos_dir_tls_ca_cert_dest }}"
-{% endif %}
-{% if bareos_dir_tls_cert_dest is defined and bareos_dir_tls_cert_dest != "" %}
-  TLS Certificate = "{{ bareos_dir_tls_cert_dest }}"
-{% endif %}
-{% if bareos_dir_tls_cert_key_dest is defined and bareos_dir_tls_cert_key_dest != "" %}
-  TLS Key = "{{ bareos_dir_tls_cert_key_dest }}"
-{% endif %}
 }