Skip to content
Snippets Groups Projects
Select Git revision
  • 5ee7a74fa4e39d82e9ece89f2001c31deadc694c
  • master default protected
  • main
  • update_github_actions
  • 144_rocky8_support
  • 195-update-pdk-to-300
  • 144-rocky8
  • add_test_github_test_workflow
  • pdk_2.4.0
  • fix_unclosed_let_block_in_defines_client_spec
  • validation_fixes
  • freeradius_3_0_21_config_updates
  • data_types
  • PrepareBuster
  • travis
  • 4.0.1
  • 4.0.0
  • 3.9.2
  • 3.9.1
  • 3.9.0
  • 3.8.2
  • 3.8.1
  • 3.8.0
  • 3.7.0
  • 3.6.0
  • 3.5.0
  • 3.4.3
  • 3.4.2
  • 3.4.1
  • 3.4.0
  • 3.3.0
  • 3.2.0
  • 3.1.0
  • 3.0.0
  • 2.3.1
35 results

client.pp

Blame
  • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    client.pp 1.62 KiB
    # Install FreeRADIUS clients (WISMs or testing servers)
    define freeradius::client (
      $shortname,
      $secret,
      $ip             = undef,
      $ip6            = undef,
      $virtual_server = undef,
      $nastype        = undef,
      $netmask        = undef,
      $redirect       = undef,
      $port           = undef,
      $srcip          = undef,
      $firewall       = false,
      $ensure         = present,
    ) {
      $fr_package  = $::freeradius::params::fr_package
      $fr_service  = $::freeradius::params::fr_service
      $fr_basepath = $::freeradius::params::fr_basepath
      $fr_group    = $::freeradius::params::fr_group
    
      file { "${fr_basepath}/clients.d/${shortname}.conf":
        ensure  => $ensure,
        mode    => '0640',
        owner   => 'root',
        group   => $fr_group,
        content => template('freeradius/client.conf.erb'),
        require => [File["${fr_basepath}/clients.d"], Group[$fr_group]],
        notify  => Service[$fr_service],
      }
    
      if ($firewall and $ensure == 'present') {
        if $port {
          if $ip {
            firewall { "100-${shortname}-${port}-v4":
              proto  => 'udp',
              dport  => $port,
              action => 'accept',
              source => $netmask ? {
                undef   => $ip,
                default => "${ip}/${netmask}",
              },
            }
          } elsif $ip6 {
            firewall { "100-${shortname}-${port}-v6":
              proto    => 'udp',
              dport    => $port,
              action   => 'accept',
              provider => 'ip6tables',
              source   => $netmask ? {
                undef   => $ip6,
                default => "${ip6}/${netmask}",
              },
            }
          }
        } else {
          fail('Must specify $port if you specify $firewall')
        }
      }
    }