Add freeradius::module::linelog

To configure linelog module

manifests/module/linelog.pp

+# == Define freeradius::module::linelog
+#
+# Specific define to configure linelog module
+#
+define freeradius::module::linelog (
+  Enum['present','absent'] $ensure      = 'present',
+  String $filename                      = "\${logdir}/linelog",
+  Freeradius::Boolean $escape_filenames = 'no',
+  String $permissions                   = '0600',
+  Optional[String] $group               = undef,
+  Optional[String] $syslog_facility     = undef,
+  Optional[String] $syslog_severity     = undef,
+  String $format                        = 'This is a log message for %{User-Name}',
+  String $reference                     = 'messages.%{%{reply:Packet-Type}:-default}',
+  Array[String] $messages               = [],
+  Array[String] $accounting_request     = [],
+) {
+  freeradius::module { "linelog_${name}":
+    ensure  => $ensure,
+    content => template('freeradius/linelog.erb'),
+  }
+}

templates/linelog.erb

+# This file is managed by Puppet. DO NOT EDIT.
+#
+
+#
+#  The "linelog" module will log one line of text to a file.
+#  Both the filename and the line of text are dynamically expanded.
+#
+#  We STRONGLY suggest that you do not use data from the
+#  packet as part of the filename.
+#
+<%- if @name == 'default' -%>
+linelog {
+<%- else -%>
+linelog <%= @name %> {
+<%- end -%>
+  #
+  #  The file where the logs will go.
+  #
+  #  If the filename is "syslog", then the log messages will
+  #  go to syslog.
+  filename = <%= @filename %>
+
+  #
+  #  Most file systems can handly nearly the full range of UTF-8
+  #  characters.  Ones that can deal with a limited range should
+  #  set this to "yes".
+  #
+  escape_filenames = <%= @escape_filenames %>
+
+  #
+  #  The Unix-style permissions on the log file.
+  #
+  #  Depending on format string, the log file may contain secret or
+  #  private information about users.  Keep the file permissions as
+  #  restrictive as possible.
+  permissions = <%= @permissions %>
+
+  #
+  # The Unix group which owns the log file.
+  #
+  # The user that freeradius runs as must be in the specified
+  # group, otherwise it will not be possible to set the group.
+  #
+  # group = ${security.group}
+<%- if @group -%>
+  group = <%= @group %>
+<%- end -%>
+
+  #  Syslog facility (if logging via syslog).
+  #  Defaults to the syslog_facility config item in radiusd.conf.
+  #  Standard facilities are:
+  #  - kern        Messages generated by the kernel.  These cannot
+  #                be generated by any user processes.
+  #  - user        Messages generated by random user processes.
+  #                This is the default facility identifier if
+  #                none is specified.
+  #  - mail        The mail system.
+  #  - daemon      System daemons, such as routed(8), that are not
+  #                provided for explicitly by other facilities.
+  #  - auth        The authorization system: login(1), su(1),
+  #                getty(8), etc.
+  #  - lpr         The line printer spooling system: cups-lpd(8),
+  #                cupsd(8), etc.
+  #  - news        The network news system.
+  #  - uucp        The uucp system.
+  #  - cron        The cron daemon: cron(8).
+  #  - authpriv    The same as LOG_AUTH, but logged to a file
+  #                readable only by selected individuals.
+  #  - ftp         The file transfer protocol daemons: ftpd(8),
+  #                tftpd(8).
+  #  - local[0-7]  Reserved for local use.
+  # syslog_facility = daemon
+<%- if @syslog_facility -%>
+  syslog_facility = <%= @syslog_facility %>
+<%- end -%>
+
+  #  Syslog severity (if logging via syslog). Defaults to info.
+  #  Possible values are:
+  #  - emergency   A panic condition.  This is normally broadcast
+  #                to all users.
+  #  - alert       A condition that should be corrected immediately,
+  #                such as a corrupted system database.
+  #  - critical    Critical conditions, e.g., hard device errors.
+  #  - error       Errors.
+  #  - warning     Warning messages.
+  #  - notice      Conditions that are not error conditions, but
+  #                should possibly be handled specially.
+  #  - info        Informational messages.
+  #  - debug       Messages that contain information normally of use
+  #                only when debugging a program.
+  #  syslog_severity = info
+<%- if @syslog_severity -%>
+  syslog_severity = <%= @syslog_severity %>
+<%- end -%>
+
+  #
+  #  The default format string.
+  format = "<%= @format %>"
+
+  #
+  #  This next line can be omitted.  If it is omitted, then
+  #  the log message is static, and is always given by "format",
+  #  above.
+  #
+  #  If it is defined, then the string is dynamically expanded,
+  #  and the result is used to find another configuration entry
+  #  here, with the given name.  That name is then used as the
+  #  format string.
+  #
+  #  If the configuration entry cannot be found, then no log
+  #  message is printed.
+  #
+  #  i.e. You can have many log messages in one "linelog" module.
+  #  If this two-step expansion did not exist, you would have
+  #  needed to configure one "linelog" module for each log message.
+
+  #
+  #  Reference the Packet-Type (Access-Request, etc.)  If it doesn't
+  #  exist, reference the "format" entry, above.
+  reference = "<%= @reference %>"
+
+  #
+  #  The messages defined here are taken from the "reference"
+  #  expansion, above.
+  #
+#  messages {
+#    default = "Unknown packet type %{Packet-Type}"
+#
+#    Access-Request = "Requested access: %{User-Name}"
+#    Access-Reject = "Rejected access: %{User-Name}"
+#    Access-Challenge = "Sent challenge: %{User-Name}"
+#  }
+<%- if !@messages.empty? -%>
+  messages {
+    <%= @messages.join("\n    ") %>
+  }
+<%- end -%>
+
+  #
+  #  Another example:
+  #
+  #
+#  Accounting-Request {
+#    Start = "Connect: [%{User-Name}] (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} ip %{Framed-IP-Address})"
+#    Stop = "Disconnect: [%{User-Name}] (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} ip %{Framed-IP-Address}) %{Acct-Session-Time} seconds"
+#
+#    #  Don't log anything for these packets.
+#    Alive = ""
+#
+#    Accounting-On = "NAS %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) just came online"
+#    Accounting-Off = "NAS %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) just went offline"
+#
+#    # don't log anything for other Acct-Status-Types.
+#    unknown = "NAS %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) sent unknown Acct-Status-Type %{Acct-Status-Type}"
+#  }
+<%- if !@accounting_request.empty? -%>
+  Accounting-Request {
+    <%= @accounting_request.join("\n    ")%>
+  }
+<%- end -%>
+}