Commit cc3a692b authored by Jonathan Gazeley's avatar Jonathan Gazeley
Browse files

Commit based on PR #10 to standardise use of variables in group names

parent d89b3de3
# Install FreeRADIUS config snippets
define freeradius::attr ($source) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
$fr_user = $::freeradius::params::fr_user
$fr_group = $::freeradius::params::fr_group
file { "${fr_basepath}/attr.d/${name}":
mode => '0640',
owner => 'root',
group => 'radiusd',
group => $fr_group,
source => $source,
require => File["${fr_basepath}/attr.d"],
require => [File["${fr_basepath}/attr.d"], Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
}
......@@ -2,28 +2,27 @@
define freeradius::client (
$shortname,
$secret,
$ip=undef,
$ip6=undef,
$net=undef,
$server=undef,
$virtual_server=undef,
$nastype=undef,
$netmask=undef,
$redirect=undef,
$port=undef,
$srcip=undef,
) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
$ip = undef,
$ip6 = undef,
$net = undef,
$server = undef,
$virtual_server = undef,
$nastype = undef,
$netmask = undef,
$redirect = undef,
$port = undef,
$srcip = undef,) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
$fr_user = $::freeradius::params::fr_user
$fr_group = $::freeradius::params::fr_group
file { "${fr_basepath}/clients.d/${shortname}.conf":
mode => '0640',
owner => 'root',
group => 'radiusd',
group => $fr_group,
content => template('freeradius/client.conf.erb'),
require => File["${fr_basepath}/clients.d"],
require => [File["${fr_basepath}/clients.d"], Group[$fr_group]],
notify => Service[$fr_service],
}
}
# Install FreeRADIUS config snippets
define freeradius::config ($source) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
$fr_user = $::freeradius::params::fr_user
$fr_group = $::freeradius::params::fr_group
file { "${fr_basepath}/conf.d/${name}":
mode => '0640',
owner => 'root',
group => 'radiusd',
group => $fr_group,
source => $source,
require => File["${fr_basepath}/conf.d"],
require => [File["${fr_basepath}/conf.d"], Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
}
# Install FreeRADIUS custom dictionaries
define freeradius::dictionary ($source, $order=50) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
define freeradius::dictionary ($source, $order = 50) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
$fr_group = $::freeradius::params::fr_group
# Install dictionary in dictionary.d
# Install dictionary in dictionary.d
file { "${fr_basepath}/dictionary.d/dictionary.${name}":
mode => '0644',
owner => 'root',
group => 'radiusd',
group => $fr_group,
source => $source,
require => Package[$fr_package],
require => [File["${fr_basepath}/dictionary.d"], Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
......
......@@ -15,9 +15,9 @@ class freeradius (
name => "${fr_basepath}/radiusd.conf",
mode => '0640',
owner => 'root',
group => 'radiusd',
group => $fr_group,
content => template('freeradius/radiusd.conf.erb'),
require => Package[$fr_package],
require => [Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
......@@ -38,17 +38,18 @@ class freeradius (
ensure => directory,
mode => '0750',
owner => 'root',
group => 'radiusd',
require => Package[$fr_package],
group => $fr_group,
require => [Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
# Set up concat policy file, as there is only one global policy
# We also add standard header and footer
concat { "${fr_basepath}/policy.conf":
owner => 'root',
group => 'radiusd',
mode => '0640',
owner => 'root',
group => $fr_group,
mode => '0640',
require => [Package[$fr_package], Group[$fr_group]],
}
concat::fragment { 'policy_header':
target => "${fr_basepath}/policy.conf",
......@@ -64,9 +65,10 @@ class freeradius (
# Install a slightly tweaked stock dictionary that includes
# our custom dictionaries
concat { "${fr_basepath}/dictionary":
owner => 'root',
group => 'radiusd',
mode => '0640',
owner => 'root',
group => $fr_group,
mode => '0640',
require => [Package[$fr_package], Group[$fr_group]],
}
concat::fragment { 'dictionary_header':
target => "${fr_basepath}/dictionary",
......@@ -116,12 +118,7 @@ class freeradius (
service { 'radiusd':
ensure => running,
name => $fr_service,
require => [
Exec['radiusd-config-test'],
File['radiusd.conf'],
User['radiusd'],
Package[$fr_package],
],
require => [Exec['radiusd-config-test'], File['radiusd.conf'], User[$fr_user], Package[$fr_package],],
enable => true,
hasstatus => true,
hasrestart => true,
......@@ -130,7 +127,7 @@ class freeradius (
# We don't want to create the radiusd user, just add it to the
# wbpriv group if the user needs winbind support. We depend on
# the FreeRADIUS package to be sure that the user has been created
user { 'radiusd':
user { $fr_user:
ensure => present,
groups => $winbind_support ? {
true => $fr_wbpriv_user,
......@@ -139,6 +136,14 @@ class freeradius (
require => Package[$fr_package],
}
# We don't want to add the radiusd group but it must be defined
# here so we can depend on it. WE depend on the FreeRADIUS
# package to be sure that the group has been created.
group { $fr_group:
ensure => present,
require => Package[$fr_package]
}
# Install a few modules required on all FR installations
freeradius::module { 'always':
source => 'puppet:///modules/freeradius/modules/always',
......@@ -181,18 +186,19 @@ class freeradius (
}
file { "${fr_logpath}/radius.log":
owner => 'radiusd',
group => 'radiusd',
owner => $fr_user,
group => $fr_group,
seltype => 'radiusd_log_t',
require => [Package[$fr_package], User[$fr_user], Group[$fr_group]],
}
# Updated logrotate file to include radiusd-*.log
file { '/etc/logrotate.d/radiusd':
mode => '0640',
owner => 'root',
group => 'radiusd',
group => $fr_group,
content => template('freeradius/radiusd.logrotate.erb'),
require => Package[$fr_package],
require => [Package[$fr_package], Group[$fr_group]],
}
# Generate global SSL parameters
......@@ -230,8 +236,8 @@ class freeradius (
content => "# FILE INTENTIONALLY BLANK\n",
mode => '0644',
owner => 'root',
group => 'radiusd',
require => Package[$fr_package],
group => $fr_group,
require => [Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
......
# Instantiate a module in global config
define freeradius::instantiate {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
$fr_user = $::freeradius::params::fr_user
$fr_group = $::freeradius::params::fr_group
file { "${fr_basepath}/instantiate/${name}":
mode => '0640',
owner => 'root',
group => 'radiusd',
group => $fr_group,
content => $name,
require => Package[$fr_package],
require => [Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
}
# Install FreeRADIUS modules
define freeradius::module ($source) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
$fr_user = $::freeradius::params::fr_user
$fr_group = $::freeradius::params::fr_group
file { "${fr_basepath}/modules/${name}":
mode => '0640',
owner => 'root',
group => 'radiusd',
group => $fr_group,
source => $source,
require => Package[$fr_package],
require => [Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
}
# Install FreeRADIUS policies
define freeradius::policy ($source, $order=50) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
define freeradius::policy ($source, $order = 50) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
$fr_user = $::freeradius::params::fr_user
$fr_group = $::freeradius::params::fr_group
# Install policy in policy.d
# Install policy in policy.d
file { "${fr_basepath}/policy.d/${name}":
mode => '0644',
owner => 'root',
group => 'radiusd',
group => $fr_group,
source => $source,
require => Package[$fr_package],
require => [Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
......
# Install FreeRADIUS helper scripts
define freeradius::script ($source) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
$fr_user = $::freeradius::params::fr_user
$fr_group = $::freeradius::params::fr_group
file { "${fr_basepath}/scripts/${name}":
mode => '0750',
owner => 'root',
group => 'radiusd',
group => $fr_group,
source => $source,
require => File["${fr_basepath}/scripts"],
require => [File["${fr_basepath}/scripts"], Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
}
# Install FreeRADIUS virtual servers (sites)
define freeradius::site (
$source = undef,
$content = undef,
) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
define freeradius::site ($source = undef, $content = undef,) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
$fr_user = $::freeradius::params::fr_user
$fr_group = $::freeradius::params::fr_group
file { "${fr_basepath}/sites-enabled/${name}":
mode => '0640',
owner => 'root',
group => 'radiusd',
group => $fr_group,
source => $source,
content => $content,
require => Package[$fr_package],
require => [Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
}
# Install FreeRADIUS clients (WISMs or testing servers)
define freeradius::statusclient (
$secret,
$ip=undef,
$ip6=undef,
$port=undef,
$shortname=$name,
$netmask = undef,
) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
define freeradius::statusclient ($secret, $ip = undef, $ip6 = undef, $port = undef, $shortname = $name, $netmask = undef,) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
$fr_user = $::freeradius::params::fr_user
$fr_group = $::freeradius::params::fr_group
file { "${fr_basepath}/statusclients.d/${name}.conf":
mode => '0640',
owner => 'root',
group => 'radiusd',
group => $fr_group,
content => template('freeradius/client.conf.erb'),
require => File["${fr_basepath}/clients.d"],
require => [File["${fr_basepath}/clients.d"], Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment