Commit 3182ad0a authored by Angel L. Mateo's avatar Angel L. Mateo
Browse files

Add more parameters to freeradius::site

Add authorize, authenticate,... parameters to freeradius::site so they
could be used to configure the site.
parent fc9aed4d
......@@ -633,6 +633,63 @@ freeradius::site { 'inner-tunnel':
}
```
##### `ensure`
Whether the site should be present or not.
##### `source`
Provide source to a file with the configuration of the site. Default: `undef`.
##### `content`
Provide content for the configuartion of the site. Default: `undef`.
##### `authorize`
Array of options (as String) for the authorize section of the site. This parameter is
ignored if `source` or `content`are used. Default: [].
##### `authenticate`
Array of options (as String) for the authenticate section of the site. This parameter is
ignored if `source` or `content`are used. Default: [].
##### `preacct`
Array of options (as String) for the preacct section of the site. This parameter is
ignored if `source` or `content`are used. Default: [].
##### `accounting`
Array of options (as String) for the accounting section of the site. This parameter is
ignored if `source` or `content`are used. Default: [].
##### `session`
Array of options (as String) for the session section of the site. This parameter is
ignored if `source` or `content`are used. Default: [].
##### `post_auth`
Array of options (as String) for the post-auth section of the site. This parameter is
ignored if `source` or `content`are used. Default: [].
##### `pre_proxy`
Array of options (as String) for the pre-proxy section of the site. This parameter is
ignored if `source` or `content`are used. Default: [].
##### `post_proxy`
Array of options (as String) for the post-proxy section of the site. This parameter is
ignored if `source` or `content`are used. Default: [].
##### `listen`
Array of listen definitions for the site. This parameter is ignored if `source` or
`content`are used. Default: [].
#### `freeradius::sql`
Configure SQL connections. You can define multiple database connections by
......
# Install FreeRADIUS virtual servers (sites)
define freeradius::site (
$source = undef,
$content = undef,
$ensure = present,
$ensure = present,
$source = undef,
$content = undef,
Array[String] $authorize = [],
Array[String] $authenticate = [],
Array[String] $preacct = [],
Array[String] $accounting = [],
Array[String] $session = [],
Array[String] $post_auth = [],
Array[String] $pre_proxy = [],
Array[String] $post_proxy = [],
Array[Hash] $listen = [],
) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
$fr_group = $::freeradius::params::fr_group
$manage_content = $source ? {
undef => $content ? {
undef => template('freeradius/site.erb'),
default => $content,
},
default => undef,
}
file { "${fr_basepath}/sites-enabled/${name}":
ensure => $ensure,
mode => '0640',
owner => 'root',
group => $fr_group,
source => $source,
content => $content,
content => $manage_content,
require => [Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
......
# This file is managed by Puppet. DO NOT EDIT.
#
######################################################################
#
# As of 2.0.0, FreeRADIUS supports virtual hosts using the
# "server" section, and configuration directives.
#
# Virtual hosts should be put into the "sites-available"
# directory. Soft links should be created in the "sites-enabled"
# directory to these files. This is done in a normal installation.
#
# If you are using 802.1X (EAP) authentication, please see also
# the "inner-tunnel" virtual server. You will likely have to edit
# that, too, for authentication to work.
#
# $Id: cf7fe5ed3804e566c1569e96ae350804054ebcdd $
#
######################################################################
#
# Read "man radiusd" before editing this file. See the section
# titled DEBUGGING. It outlines a method where you can quickly
# obtain the configuration you want, without running into
# trouble. See also "man unlang", which documents the format
# of this file.
#
# This configuration is designed to work in the widest possible
# set of circumstances, with the widest possible number of
# authentication methods. This means that in general, you should
# need to make very few changes to this file.
#
# The best way to configure the server for your local system
# is to CAREFULLY edit this file. Most attempts to make large
# edits to this file will BREAK THE SERVER. Any edits should
# be small, and tested by running the server with "radiusd -X".
# Once the edits have been verified to work, save a copy of these
# configuration files somewhere. (e.g. as a "tar" file). Then,
# make more edits, and test, as above.
#
# There are many "commented out" references to modules such
# as ldap, sql, etc. These references serve as place-holders.
# If you need the functionality of that module, then configure
# it in radiusd.conf, and un-comment the references to it in
# this file. In most cases, those small changes will result
# in the server being able to connect to the DB, and to
# authenticate users.
#
######################################################################
server <%= @name %> {
<%- @listen.each do |l| -%>
listen {
<%- @l.each do |k, v| -%>
<%= k %> = <%= v %>
<%- end -%>
}
<%- end -%>
authorize {
<%= @authorize.join("\n ") %>
}
authenticate {
<%= @authenticate.join("\n ") %>
}
preacct {
<%= @preacct.join("\n ") %>
}
accounting {
<%= @accounting.join("\n ") %>
}
session {
<%= @session.join("\n ") %>
}
post-auth {
<%= @post_auth.join("\n ") %>
}
pre-proxy {
<%= @pre_proxy.join("\n ") %>
}
post-proxy {
<%= @post_proxy.join("\n ") %>
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment