Commit 4c414f61 authored by Jonathan Gazeley's avatar Jonathan Gazeley
Browse files

Deprecate netmask parameter

parent 6c1f805b
......@@ -222,10 +222,10 @@ freeradius::client { "wlan-controller01":
```
##### `ip`
The IP address of the client. For IPv6, use `ipv6addr`. `ip` and `ip6` are mutually exclusive but one must be supplied. Default: `undef`.
The IP address of the client or range in CIDR notation. For IPv6, use `ipv6addr`. `ip` and `ip6` are mutually exclusive but one must be supplied. Default: `undef`.
##### `ip6`
The IPv6 address of the client. `ip` and `ip6` are mutually exclusive but one must be supplied. Default: `undef`.
The IPv6 address of the client or range in CIDR notation. `ip` and `ip6` are mutually exclusive but one must be supplied. Default: `undef`.
##### `shortname`
A short alias that is used in place of the IP address or fully qualified hostname provided in the first line of the section. Required.
......@@ -239,9 +239,6 @@ The virtual server that traffic from this client should be sent to. Default: `un
##### `nastype`
The `nastype` attribute is used to tell the `checkrad.pl` script which NAS-specific method it should use when checking simultaneous use. See [`man clients.conf`](http://freeradius.org/radiusd/man/clients.conf.txt) for a list of all options. Default: `undef`.
##### `netmask`
The netmask of the client, specified as an integer, e.g. `24`. Default: `undef`.
##### `port`
The UDP port that this virtual server should listen on. Leave blank if this client is not tied to a virtual server. Currently the port number is only used to create firewall exceptions and you only need to specify it if you set `firewall => true`. Use port range syntax as in [`puppetlabs-firewall`](https://forge.puppetlabs.com/puppetlabs/firewall). Default: `undef`.
......
......@@ -19,6 +19,21 @@ define freeradius::client (
$fr_group = $::freeradius::params::fr_group
$fr_version = $::freeradius::params::fr_version
# Calculate CIDR format IP now that FreeRADIUS has obsoleted use of separate netmask.
# This workaround means no syntax change is necessary, although we print a warning.
$cidr = $netmask ? {
undef => $ip,
default => "${ip}/${netmask}",
}
$cidr6 = $netmask ? {
undef => $ip6,
default => "${ip6}/${netmask}",
}
if ($netmask) {
warning("netmask field found in client ${shortname} is deprecated, use CIDR notation instead. Please fix your configuration.")
}
file { "${fr_basepath}/clients.d/${shortname}.conf":
ensure => $ensure,
mode => '0640',
......@@ -36,10 +51,7 @@ define freeradius::client (
proto => 'udp',
dport => $port,
action => 'accept',
source => $netmask ? {
undef => $ip,
default => "${ip}/${netmask}",
},
source => $cidr,
}
} elsif $ip6 {
firewall { "100-${shortname}-${port}-v6":
......@@ -47,10 +59,7 @@ define freeradius::client (
dport => $port,
action => 'accept',
provider => 'ip6tables',
source => $netmask ? {
undef => $ip6,
default => "${ip6}/${netmask}",
},
source => $cidr6,
}
}
} else {
......
client <%= @shortname %> {
<% if @ip %>ipaddr= <%= @ip %><% end %>
<% if @ip6 %>ipv6addr = <%= @ip6 %><% end %>
<% if @netmask %>netmask = <%= @netmask %><% end %>
<% if @ip %>ipaddr= <%= @cidr %><% end %>
<% if @ip6 %>ipv6addr = <%= @cidr6 %><% end %>
shortname = <%= @shortname %>
secret = "<%= @secret %>"
<% if @virtual_server %>virtual_server = <%= @virtual_server %><% end %>
......
client <%= @shortname %> {
<% if @ip %>ipaddr= <%= @ip %><% end %>
<% if @ip6 %>ipv6addr = <%= @ip6 %><% end %>
<% if @netmask %>netmask = <%= @netmask %><% end %>
<% if @ip %>ipaddr= <%= @cidr %><% end %>
<% if @ip6 %>ipv6addr = <%= @cidr6 %><% end %>
shortname = <%= @shortname %>
secret = "<%= @secret %>"
<% if @virtual_server %>virtual_server = <%= @virtual_server %><% end %>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment