Commit c9820527 authored by Jonathan Gazeley's avatar Jonathan Gazeley
Browse files

Start auto-purging mods-enabled. Provide a way of enabling stock modules from...

Start auto-purging mods-enabled. Provide a way of enabling stock modules from mods-available. Enable a set of stock modules by default.
parent 26fb5079
......@@ -467,15 +467,24 @@ Default: `allow`
#### `freeradius::module`
Install a module from a flat file.
Install a module from a flat file, or enable a stock module that came with your distribution of FreeRADIUS.
```puppet
# Enable a stock module
freeradius::module { 'pap':
preserve => true,
}
```
```puppet
# Install a custom module from a flat file
freeradius::module { 'buffered-sql':
source => 'puppet:///modules/site_freeradius/buffered-sql',
}
```
```puppet
# Install a custom module from a template
freeradius::module { 'buffered-sql':
content => template('some_template.erb)',
}
......
......@@ -55,6 +55,7 @@ class freeradius (
"${freeradius::fr_basepath}/certs",
"${freeradius::fr_basepath}/clients.d",
"${freeradius::fr_basepath}/sites-enabled",
"${freeradius::fr_basepath}/mods-enabled",
"${freeradius::fr_basepath}/instantiate",
]:
ensure => directory,
......@@ -73,6 +74,41 @@ class freeradius (
ensure => absent,
}
# Preserve some stock modules
freeradius::module { [
'always',
'cache_eap',
'chap',
'detail',
'detail.log',
'dhcp',
'digest',
'dynamic_clients',
'echo',
'exec',
'expiration',
'expr',
'files',
'linelog',
'logintime',
'mschap',
'ntlm_auth',
'pap',
'passwd',
'preprocess',
'radutmp',
'realm',
'replicate',
'soh',
'sradutmp',
'unix',
'unpack',
'utf8',
]:
preserve => true,
}
# Set up concat policy file, as there is only one global policy
# We also add standard header and footer
concat { "${freeradius::fr_basepath}/policy.conf":
......
......@@ -3,20 +3,31 @@ define freeradius::module (
$source = undef,
$content = undef,
$ensure = present,
$preserve = false,
) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
$fr_modulepath = $::freeradius::params::fr_modulepath
$fr_basepath = $::freeradius::params::fr_basepath
$fr_group = $::freeradius::params::fr_group
file { "${fr_modulepath}/${name}":
ensure => $ensure,
mode => '0640',
owner => 'root',
group => $fr_group,
source => $source,
content => $content,
require => [Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
if ($preserve) {
# Symlink to mods-available for stock modules
file { "${fr_modulepath}/${name}":
ensure => link,
target => "${fr_basepath}/mods-available/${name}",
}
} else {
# Deploy actual module to sites-enabled
file { "${fr_modulepath}/${name}":
ensure => $ensure,
mode => '0640',
owner => 'root',
group => $fr_group,
source => $source,
content => $content,
require => [Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment