diff --git a/manifests/attr.pp b/manifests/attr.pp
index f1486a6e8ff3d179a9540e42de2798169fd25709..ed39f179846a79d8560066d08c3d9ea088832c43 100644
--- a/manifests/attr.pp
+++ b/manifests/attr.pp
@@ -1,11 +1,16 @@
# Install FreeRADIUS config snippets
define freeradius::attr ($source) {
- file { "/etc/raddb/attr.d/${name}":
+ $fr_package = $::freeradius::params::fr_package
+ $fr_service = $::freeradius::params::fr_service
+ $fr_basepath = $::freeradius::params::fr_basepath
+ $fr_user = $::freeradius::params::fr_user
+
+ file { "${fr_basepath}/attr.d/${name}":
mode => '0640',
owner => 'root',
group => 'radiusd',
source => $source,
- require => File['/etc/raddb/attr.d'],
- notify => Service['radiusd'],
+ require => File["${fr_basepath}/attr.d"],
+ notify => Service[$fr_service],
}
}
diff --git a/manifests/client.pp b/manifests/client.pp
index c453a86b06893f322a6786d6be5657876f339ab8..5cdfb88a26993d3ea9980e9e99fcf27bd774cc47 100644
--- a/manifests/client.pp
+++ b/manifests/client.pp
@@ -13,12 +13,17 @@ define freeradius::client (
$port=undef,
$srcip=undef,
) {
- file { "/etc/raddb/clients.d/${shortname}.conf":
+ $fr_package = $::freeradius::params::fr_package
+ $fr_service = $::freeradius::params::fr_service
+ $fr_basepath = $::freeradius::params::fr_basepath
+ $fr_user = $::freeradius::params::fr_user
+
+ file { "${fr_basepath}/clients.d/${shortname}.conf":
mode => '0640',
owner => 'root',
group => 'radiusd',
content => template('freeradius/client.conf.erb'),
- require => File['/etc/raddb/clients.d'],
- notify => Service['radiusd'],
+ require => File["${fr_basepath}/clients.d"],
+ notify => Service[$fr_service],
}
}
diff --git a/manifests/config.pp b/manifests/config.pp
index cc4f2e3ca5c7ab7d9b48037da161ccae368b042f..25d8854bc4889807a63f78b207b2a0232f44b5ef 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -1,11 +1,16 @@
# Install FreeRADIUS config snippets
define freeradius::config ($source) {
- file { "/etc/raddb/conf.d/${name}":
+ $fr_package = $::freeradius::params::fr_package
+ $fr_service = $::freeradius::params::fr_service
+ $fr_basepath = $::freeradius::params::fr_basepath
+ $fr_user = $::freeradius::params::fr_user
+
+ file { "${fr_basepath}/conf.d/${name}":
mode => '0640',
owner => 'root',
group => 'radiusd',
source => $source,
- require => File['/etc/raddb/conf.d'],
- notify => Service['radiusd'],
+ require => File["${fr_basepath}/conf.d"],
+ notify => Service[$fr_service],
}
}
diff --git a/manifests/init.pp b/manifests/init.pp
index 7c9f63474c200edbc9f6ce10e7914db85bf508dc..7b33203af02b29d2eeeb92dd55a7bca7c2e7e60b 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,62 +1,68 @@
# Base class to install FreeRADIUS
class freeradius (
$control_socket = false,
-) {
+ $fr_service = $fr_service,
+) inherits freeradius::params {
+
include samba
include nagios::plugins::radius
file { 'radiusd.conf':
- name => '/etc/raddb/radiusd.conf',
+ name => "$fr_basepath/radiusd.conf",
mode => '0640',
owner => 'root',
group => 'radiusd',
source => 'puppet:///modules/freeradius/radiusd.conf',
- require => Package['freeradius'],
- notify => Service['radiusd'],
+ require => Package[$fr_package],
+ notify => Service[$fr_service],
}
# Create various directories
file { [
- '/etc/raddb/clients.d',
- '/etc/raddb/statusclients.d',
- '/etc/raddb',
- '/etc/raddb/instantiate',
- '/etc/raddb/conf.d',
- '/etc/raddb/attr.d',
- '/etc/raddb/users.d',
- '/etc/raddb/policy.d',
- '/etc/raddb/scripts',
- '/etc/raddb/certs',
+ "$fr_basepath/clients.d",
+ "$fr_basepath/statusclients.d",
+ "$fr_basepath",
+ "$fr_basepath/instantiate",
+ "$fr_basepath/conf.d",
+ "$fr_basepath/attr.d",
+ "$fr_basepath/users.d",
+ "$fr_basepath/policy.d",
+ "$fr_basepath/scripts",
+ "$fr_basepath/certs",
]:
ensure => directory,
mode => '0750',
owner => 'root',
group => 'radiusd',
- require => Package['freeradius'],
- notify => Service['radiusd'],
+ require => Package[$fr_package],
+ notify => Service[$fr_service],
}
# Set up concat policy file, as there is only one global policy
# We also add standard header and footer
- concat { '/etc/raddb/policy.conf':
+ concat { "$fr_basepath/policy.conf":
owner => 'root',
group => 'radiusd',
mode => '0640',
}
concat::fragment { 'policy_header':
- target => '/etc/raddb/policy.conf',
+ target => "$fr_basepath/policy.conf",
content => "policy {\n",
order => 10,
}
concat::fragment { 'policy_footer':
- target => '/etc/raddb/policy.conf',
+ target => "$fr_basepath/policy.conf",
content => "}\n",
order => '99',
}
# Install FreeRADIUS packages from ResNet repo, which is newer than stock CentOS
+ package { 'freeradius':
+ name => $fr_package,
+ ensure => installed,
+ }
+
package { [
- 'freeradius',
'freeradius-mysql',
'freeradius-perl',
'freeradius-utils',
@@ -73,16 +79,12 @@ class freeradius (
# won't get restarted, and the puppet run will fail.
service { 'radiusd':
ensure => running,
- name => $::operatingsystem ? {
- /CentOS|Scientific|Fedora/ => 'radiusd',
- /Ubuntu|Debian/ => 'freeradius',
- default => 'radiusd',
- },
+ name => $fr_service,
require => [
Exec['radiusd-config-test'],
File['radiusd.conf'],
User['radiusd'],
- Package['freeradius'],
+ Package[$fr_package],
Service['winbind']
],
enable => true,
@@ -96,7 +98,7 @@ class freeradius (
uid => '95',
gid => 'radiusd',
groups => 'wbpriv',
- require => Package['freeradius', 'samba-winbind'],
+ require => Package[$fr_package, 'samba-winbind'],
}
# Install a few modules required on all FR installations
@@ -137,7 +139,7 @@ class freeradius (
'/var/log/radius/radacct',
]:
mode => '0750',
- require => Package['freeradius'],
+ require => Package[$fr_package],
}
file { '/var/log/radius/radius.log':
@@ -152,20 +154,20 @@ class freeradius (
owner => 'root',
group => 'radiusd',
source => 'puppet:///modules/freeradius/radiusd.logrotate',
- require => Package['freeradius'],
+ require => Package[$fr_package],
}
# Generate global SSL parameters
exec { 'dh':
- command => 'openssl dhparam -out /etc/raddb/certs/dh 1024',
- creates => '/etc/raddb/certs/dh',
+ command => "openssl dhparam -out $fr_basepath/certs/dh 1024",
+ creates => "$fr_basepath/certs/dh",
path => '/usr/bin',
}
# Generate global SSL parameters
exec { 'random':
- command => 'dd if=/dev/urandom of=/etc/raddb/certs/random count=10 >/dev/null 2>&1',
- creates => '/etc/raddb/certs/random',
+ command => "dd if=/dev/urandom of=$fr_basepath/certs/random count=10 >/dev/null 2>&1",
+ creates => "$fr_basepath/certs/random",
path => '/bin',
}
@@ -181,27 +183,27 @@ class freeradius (
# Blank a couple of default files that will break our config. This is more effective than deleting them
# as they won't get overwritten when FR is upgraded from RPM, whereas missing files are replaced.
file { [
- '/etc/raddb/sites-available/default',
- '/etc/raddb/sites-available/inner-tunnel',
- '/etc/raddb/proxy.conf',
- '/etc/raddb/clients.conf',
+ "$fr_basepath/sites-available/default",
+ "$fr_basepath/sites-available/inner-tunnel",
+ "$fr_basepath/proxy.conf",
+ "$fr_basepath/clients.conf",
]:
content => "# FILE INTENTIONALLY BLANK\n",
mode => '0644',
owner => 'root',
group => 'radiusd',
- require => Package['freeradius'],
- notify => Service['radiusd'],
+ require => Package[$fr_package],
+ notify => Service[$fr_service],
}
# Delete *.rpmnew and *.rpmsave files from the radius config dir because
# radiusd stupidly reads these files in, and they break the config
exec { 'delete-radius-rpmnew':
- command => '/bin/find /etc/raddb -name *.rpmnew -delete',
- onlyif => '/bin/find /etc/raddb -name *.rpmnew | /bin/grep rpmnew',
+ command => "/bin/find $fr_basepath -name *.rpmnew -delete",
+ onlyif => "/bin/find $fr_basepath -name *.rpmnew | /bin/grep rpmnew",
}
exec { 'delete-radius-rpmsave':
- command => '/bin/find /etc/raddb -name *.rpmsave -delete',
- onlyif => '/bin/find /etc/raddb -name *.rpmsave | /bin/grep rpmsave',
+ command => "/bin/find $fr_basepath -name *.rpmsave -delete",
+ onlyif => "/bin/find $fr_basepath -name *.rpmsave | /bin/grep rpmsave",
}
}
diff --git a/manifests/instantiate.pp b/manifests/instantiate.pp
index 95fce6a1d1a405d91f370f6b56d578f64a39e2c4..6df6f1cc622839fa815abc1115ed438b085750ed 100644
--- a/manifests/instantiate.pp
+++ b/manifests/instantiate.pp
@@ -1,11 +1,16 @@
# Instantiate a module in global config
define freeradius::instantiate {
- file { "/etc/raddb/instantiate/${name}":
+ $fr_package = $::freeradius::params::fr_package
+ $fr_service = $::freeradius::params::fr_service
+ $fr_basepath = $::freeradius::params::fr_basepath
+ $fr_user = $::freeradius::params::fr_user
+
+ file { "${fr_basepath}/instantiate/${name}":
mode => '0640',
owner => 'root',
group => 'radiusd',
content => $name,
- require => Package['freeradius'],
- notify => Service['radiusd'],
+ require => Package[$fr_package],
+ notify => Service[$fr_service],
}
}
diff --git a/manifests/module.pp b/manifests/module.pp
index 0af094f3abf0c8ab6fa3dadc189094d551fa8a62..73f6c4fbf2872dcdaceb29739138105a45af7db6 100644
--- a/manifests/module.pp
+++ b/manifests/module.pp
@@ -1,11 +1,16 @@
# Install FreeRADIUS modules
define freeradius::module ($source) {
- file { "/etc/raddb/modules/${name}":
+ $fr_package = $::freeradius::params::fr_package
+ $fr_service = $::freeradius::params::fr_service
+ $fr_basepath = $::freeradius::params::fr_basepath
+ $fr_user = $::freeradius::params::fr_user
+
+ file { "${fr_basepath}/modules/${name}":
mode => '0640',
owner => 'root',
group => 'radiusd',
source => $source,
- require => Package['freeradius'],
- notify => Service['radiusd'],
+ require => Package[$fr_package],
+ notify => Service[$fr_service],
}
}
diff --git a/manifests/params.pp b/manifests/params.pp
new file mode 100644
index 0000000000000000000000000000000000000000..b3916dec95967529d811027ce4655521f63aa454
--- /dev/null
+++ b/manifests/params.pp
@@ -0,0 +1,31 @@
+# Default parameters for freeradius
+class freeradius::params {
+
+ # Name of FreeRADIUS package
+ $fr_package = $::osfamily ? {
+ 'RedHat' => 'freeradius',
+ 'Debian' => 'freeradius',
+ default => 'freeradius',
+ }
+
+ # Name of FreeRADIUS service
+ $fr_service = $::osfamily ? {
+ 'RedHat' => 'radiusd',
+ 'Debian' => 'freeradius',
+ default => 'radiusd',
+ }
+
+ # Default base path for FreeRADIUS configs
+ $fr_basepath = $::osfamily ? {
+ 'RedHat' => '/etc/raddb',
+ 'Debian' => '/etc/freeradius',
+ default => '/etc/raddb',
+ }
+
+ # FreeRADIUS user
+ $fr_user = $::osfamily ? {
+ 'RedHat' => 'radiusd',
+ default => 'radiusd'
+ }
+
+}
diff --git a/manifests/policy.pp b/manifests/policy.pp
index 64fd264c792669e8326d841f4af8507e1b9552a2..124d4db5b362d0f37011207cc77e0b080be0ecf7 100644
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@@ -1,22 +1,27 @@
# Install FreeRADIUS policies
define freeradius::policy ($source, $order=50) {
+ $fr_package = $::freeradius::params::fr_package
+ $fr_service = $::freeradius::params::fr_service
+ $fr_basepath = $::freeradius::params::fr_basepath
+ $fr_user = $::freeradius::params::fr_user
+
# Install policy in policy.d
- file { "/etc/raddb/policy.d/${name}":
+ file { "${fr_basepath}/policy.d/${name}":
mode => '0644',
owner => 'root',
group => 'radiusd',
source => $source,
- require => Package['freeradius'],
- notify => Service['radiusd'],
+ require => Package[$fr_package],
+ notify => Service[$fr_service],
}
# Reference policy.d in the global includes file
# If no order priority is given, assume 50
concat::fragment { "policy-${name}":
- target => '/etc/raddb/policy.conf',
- content => "\t\$INCLUDE /etc/raddb/policy.d/${name}\n",
+ target => "${fr_basepath}/policy.conf",
+ content => "\t\$INCLUDE ${fr_basepath}/policy.d/${name}\n",
order => $order,
- require => File["/etc/raddb/policy.d/${name}"],
+ require => File["${fr_basepath}/policy.d/${name}"],
}
}
diff --git a/manifests/script.pp b/manifests/script.pp
index 08fcc5aaf5e30b999ecbc1dfcac9e37bd83b5b8b..59caf1da94c2db79a72a977653ce23f334eebf7f 100644
--- a/manifests/script.pp
+++ b/manifests/script.pp
@@ -1,10 +1,15 @@
# Install FreeRADIUS helper scripts
define freeradius::script ($source) {
- file { "/etc/raddb/scripts/${name}":
+ $fr_package = $::freeradius::params::fr_package
+ $fr_service = $::freeradius::params::fr_service
+ $fr_basepath = $::freeradius::params::fr_basepath
+ $fr_user = $::freeradius::params::fr_user
+
+ file { "${fr_basepath}/scripts/${name}":
mode => '0750',
owner => 'root',
group => 'radiusd',
source => $source,
- require => File['/etc/raddb/scripts'],
+ require => File["${fr_basepath}/scripts"],
}
}
diff --git a/manifests/site.pp b/manifests/site.pp
index 6d5abab5372dcb490045e60517fcea19b67ee3b0..12e7ea85a9e075f79598e99db04355de55bf149a 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -3,13 +3,18 @@ define freeradius::site (
$source = undef,
$content = undef,
) {
- file { "/etc/raddb/sites-enabled/${name}":
+ $fr_package = $::freeradius::params::fr_package
+ $fr_service = $::freeradius::params::fr_service
+ $fr_basepath = $::freeradius::params::fr_basepath
+ $fr_user = $::freeradius::params::fr_user
+
+ file { "${fr_basepath}/sites-enabled/${name}":
mode => '0640',
owner => 'root',
group => 'radiusd',
source => $source,
content => $content,
- require => Package['freeradius'],
- notify => Service['radiusd'],
+ require => Package[$fr_package],
+ notify => Service[$fr_service],
}
}
diff --git a/manifests/statusclient.pp b/manifests/statusclient.pp
index 57a4ead7064c16acce7580e22935601c3434b180..207de330dc8c070cfac4bb3fd7eaeeea67e4f44b 100644
--- a/manifests/statusclient.pp
+++ b/manifests/statusclient.pp
@@ -7,12 +7,17 @@ define freeradius::statusclient (
$shortname,
$netmask = undef,
) {
- file { "/etc/raddb/statusclients.d/${name}.conf":
+ $fr_package = $::freeradius::params::fr_package
+ $fr_service = $::freeradius::params::fr_service
+ $fr_basepath = $::freeradius::params::fr_basepath
+ $fr_user = $::freeradius::params::fr_user
+
+ file { "${fr_basepath}/statusclients.d/${name}.conf":
mode => '0640',
owner => 'root',
group => 'radiusd',
content => template('freeradius/client.conf.erb'),
- require => File['/etc/raddb/clients.d'],
- notify => Service['radiusd'],
+ require => File["${fr_basepath}/clients.d"],
+ notify => Service[$fr_service],
}
}