Add configuration for preprocess module and huntgroups

1b08f414 · Angel L. Mateo · 4521ced5 · 1b08f414 · 1b08f414 · 1b08f414
Commit 1b08f414 authored Feb 01, 2017 by Angel L. Mateo
--- a/manifests/module/huntgroup.pp
+++ b/manifests/module/huntgroup.pp
+# == Define: freeradius::module::huntgroup
+#
+define freeradius::module::huntgroup (
+  Variant[String,Array] $conditions,
+  Variant[String,Integer] $order     = 50,
+  String $huntgroup                  = 'huntgroup',
+) {
+  concat::fragment {"Huntgroup ${name}":
+    target  => $huntgroup,
+    order   => $order,
+    content => template('freeradius/huntgroup.erb')
+  }
+}
--- a/manifests/module/preprocess.pp
+++ b/manifests/module/preprocess.pp
+# == Class: freeradius::module::preprocess
+#
+class freeradius::module::preprocess (
+  Enum['present','absent'] $ensure                   = 'present',
+  String $moddir                                     = "\${modconfdir}/\${.:instance}",
+  String $huntgroups                                 = "\${moddir}/huntgroups",
+  String $hints                                      = "\${moddir}/hints",
+  Freeradius::Boolean $with_acend_hack               = 'no',
+  Integer $ascend_channels_per_line                  = 23,
+  Freeradius::Boolean $with_ntdomain_hack            = 'no',
+  Freeradius::Boolean $with_specialix_jetstream_hack = 'no',
+  Freeradius::Boolean $with_cisco_vsa_hack           = 'no',
+) {
+  $fr_moduleconfigpath = $::freeradius::params::fr_moduleconfigpath
+  $fr_group            = $::freeradius::params::fr_group
+  $fr_service          = $::freeradius::params::fr_service
+
+  freeradius::module {'preprocess':
+    ensure  => $ensure,
+    content => template('freeradius/preprocess.erb'),
+  }
+
+
+  $huntgroup_path = $huntgroups ? {
+    "\${moddir}/huntgroups" => "${fr_moduleconfigpath}/preprocess/huntgroups",
+    default                 => $huntgroups,
+  }
+
+  concat {'huntgroup':
+    ensure  => $ensure,
+    path    => $huntgroup_path,
+    owner   => 'root',
+    group   => $fr_group,
+    mode    => '0640',
+    require => Freeradius::Module['preprocess'],
+    notify  => Service[$fr_service],
+  }
+}
--- a/templates/huntgroup.erb
+++ b/templates/huntgroup.erb
+
+#
+##########################################################
+# Huntgroup Puppet Name: <%= @name %>
+#
+<%- if @conditions.is_a?(Array) -%>
+<%= @conditions.collect { |cond| @name + " " + cond }.join("\n") %>
+<%- else -%>
+<%= @name %> <%= @conditions %>
+<%- end -%>
--- a/templates/preprocess.erb
+++ b/templates/preprocess.erb
+# -*- text -*-
+#
+#  $Id: 8baec7961ba75fe52546cb1331868b0b2b1c38f4 $
+
+# Preprocess the incoming RADIUS request, before handing it off
+# to other modules.
+#
+#  This module processes the 'huntgroups' and 'hints' files.
+#  In addition, it re-writes some weird attributes created
+#  by some NAS, and converts the attributes into a form which
+#  is a little more standard.
+#
+preprocess {
+	# Search for files in a subdirectory of mods-config which
+	# matches this instance of the preprocess module.
+  moddir = <%= @moddir %>
+
+huntgroups = <%= @huntgroups %>
+  hints = <%= @hints %>
+
+	# This hack changes Ascend's weird port numbering
+	# to standard 0-??? port numbers so that the "+" works
+	# for IP address assignments.
+  with_ascend_hack = <%= @with_ascend_hack %>
+ascend_channels_per_line = <%= @ascend_channels_per_line %>
+
+	# Windows NT machines often authenticate themselves as
+	# NT_DOMAIN\username
+	#
+	# If this is set to 'yes', then the NT_DOMAIN portion
+	# of the user-name is silently discarded.
+	#
+	# This configuration entry SHOULD NOT be used.
+	# See the "realms" module for a better way to handle
+	# NT domains.
+  with_ntdomain_hack = <%= @with_ntdomain_hack %>
+
+	# Specialix Jetstream 8500 24 port access server.
+	#
+	# If the user name is 10 characters or longer, a "/"
+	# and the excess characters after the 10th are
+	# appended to the user name.
+	#
+	# If you're not running that NAS, you don't need
+	# this hack.
+  with_specialix_jetstream_hack = <%= @with_specialix_jetstream_hack %>
+
+	# Cisco (and Quintum in Cisco mode) sends it's VSA attributes
+	# with the attribute name *again* in the string, like:
+	#
+	#   H323-Attribute = "h323-attribute=value".
+	#
+	# If this configuration item is set to 'yes', then
+	# the redundant data in the the attribute text is stripped
+	# out.  The result is:
+	#
+	#  H323-Attribute = "value"
+	#
+	# If you're not running a Cisco or Quintum NAS, you don't
+	# need this hack.
+  with_cisco_vsa_hack = <%= @with_cisco_vsa_hack %>
+}