Commit c9820527 authored by Jonathan Gazeley's avatar Jonathan Gazeley
Browse files

Start auto-purging mods-enabled. Provide a way of enabling stock modules from...

Start auto-purging mods-enabled. Provide a way of enabling stock modules from mods-available. Enable a set of stock modules by default.
parent 26fb5079
...@@ -467,15 +467,24 @@ Default: `allow` ...@@ -467,15 +467,24 @@ Default: `allow`
#### `freeradius::module` #### `freeradius::module`
Install a module from a flat file. Install a module from a flat file, or enable a stock module that came with your distribution of FreeRADIUS.
```puppet ```puppet
# Enable a stock module
freeradius::module { 'pap':
preserve => true,
}
```
```puppet
# Install a custom module from a flat file
freeradius::module { 'buffered-sql': freeradius::module { 'buffered-sql':
source => 'puppet:///modules/site_freeradius/buffered-sql', source => 'puppet:///modules/site_freeradius/buffered-sql',
} }
``` ```
```puppet ```puppet
# Install a custom module from a template
freeradius::module { 'buffered-sql': freeradius::module { 'buffered-sql':
content => template('some_template.erb)', content => template('some_template.erb)',
} }
......
...@@ -55,6 +55,7 @@ class freeradius ( ...@@ -55,6 +55,7 @@ class freeradius (
"${freeradius::fr_basepath}/certs", "${freeradius::fr_basepath}/certs",
"${freeradius::fr_basepath}/clients.d", "${freeradius::fr_basepath}/clients.d",
"${freeradius::fr_basepath}/sites-enabled", "${freeradius::fr_basepath}/sites-enabled",
"${freeradius::fr_basepath}/mods-enabled",
"${freeradius::fr_basepath}/instantiate", "${freeradius::fr_basepath}/instantiate",
]: ]:
ensure => directory, ensure => directory,
...@@ -73,6 +74,41 @@ class freeradius ( ...@@ -73,6 +74,41 @@ class freeradius (
ensure => absent, ensure => absent,
} }
# Preserve some stock modules
freeradius::module { [
'always',
'cache_eap',
'chap',
'detail',
'detail.log',
'dhcp',
'digest',
'dynamic_clients',
'echo',
'exec',
'expiration',
'expr',
'files',
'linelog',
'logintime',
'mschap',
'ntlm_auth',
'pap',
'passwd',
'preprocess',
'radutmp',
'realm',
'replicate',
'soh',
'sradutmp',
'unix',
'unpack',
'utf8',
]:
preserve => true,
}
# Set up concat policy file, as there is only one global policy # Set up concat policy file, as there is only one global policy
# We also add standard header and footer # We also add standard header and footer
concat { "${freeradius::fr_basepath}/policy.conf": concat { "${freeradius::fr_basepath}/policy.conf":
......
...@@ -3,20 +3,31 @@ define freeradius::module ( ...@@ -3,20 +3,31 @@ define freeradius::module (
$source = undef, $source = undef,
$content = undef, $content = undef,
$ensure = present, $ensure = present,
$preserve = false,
) { ) {
$fr_package = $::freeradius::params::fr_package $fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service $fr_service = $::freeradius::params::fr_service
$fr_modulepath = $::freeradius::params::fr_modulepath $fr_modulepath = $::freeradius::params::fr_modulepath
$fr_basepath = $::freeradius::params::fr_basepath
$fr_group = $::freeradius::params::fr_group $fr_group = $::freeradius::params::fr_group
file { "${fr_modulepath}/${name}": if ($preserve) {
ensure => $ensure, # Symlink to mods-available for stock modules
mode => '0640', file { "${fr_modulepath}/${name}":
owner => 'root', ensure => link,
group => $fr_group, target => "${fr_basepath}/mods-available/${name}",
source => $source, }
content => $content, } else {
require => [Package[$fr_package], Group[$fr_group]], # Deploy actual module to sites-enabled
notify => Service[$fr_service], file { "${fr_modulepath}/${name}":
ensure => $ensure,
mode => '0640',
owner => 'root',
group => $fr_group,
source => $source,
content => $content,
require => [Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
} }
} }
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment