diff --git a/manifests/attr.pp b/manifests/attr.pp
index ed39f179846a79d8560066d08c3d9ea088832c43..06a0cd62f13dcef68f3cdd1f62180769d15f0665 100644
--- a/manifests/attr.pp
+++ b/manifests/attr.pp
@@ -1,16 +1,16 @@
# Install FreeRADIUS config snippets
define freeradius::attr ($source) {
- $fr_package = $::freeradius::params::fr_package
- $fr_service = $::freeradius::params::fr_service
+ $fr_package = $::freeradius::params::fr_package
+ $fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
- $fr_user = $::freeradius::params::fr_user
+ $fr_group = $::freeradius::params::fr_group
file { "${fr_basepath}/attr.d/${name}":
mode => '0640',
owner => 'root',
- group => 'radiusd',
+ group => $fr_group,
source => $source,
- require => File["${fr_basepath}/attr.d"],
+ require => [File["${fr_basepath}/attr.d"], Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
}
diff --git a/manifests/client.pp b/manifests/client.pp
index d44ed9f0478e5ef211e337ca76424c4ac5fade1a..0b5e61ccfe12b493d35ab322fcf5e156d0e0c957 100644
--- a/manifests/client.pp
+++ b/manifests/client.pp
@@ -2,28 +2,27 @@
define freeradius::client (
$shortname,
$secret,
- $ip=undef,
- $ip6=undef,
- $net=undef,
- $server=undef,
- $virtual_server=undef,
- $nastype=undef,
- $netmask=undef,
- $redirect=undef,
- $port=undef,
- $srcip=undef,
-) {
- $fr_package = $::freeradius::params::fr_package
- $fr_service = $::freeradius::params::fr_service
+ $ip = undef,
+ $ip6 = undef,
+ $net = undef,
+ $server = undef,
+ $virtual_server = undef,
+ $nastype = undef,
+ $netmask = undef,
+ $redirect = undef,
+ $port = undef,
+ $srcip = undef,) {
+ $fr_package = $::freeradius::params::fr_package
+ $fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
- $fr_user = $::freeradius::params::fr_user
+ $fr_group = $::freeradius::params::fr_group
file { "${fr_basepath}/clients.d/${shortname}.conf":
mode => '0640',
owner => 'root',
- group => 'radiusd',
+ group => $fr_group,
content => template('freeradius/client.conf.erb'),
- require => File["${fr_basepath}/clients.d"],
+ require => [File["${fr_basepath}/clients.d"], Group[$fr_group]],
notify => Service[$fr_service],
}
}
diff --git a/manifests/config.pp b/manifests/config.pp
index 25d8854bc4889807a63f78b207b2a0232f44b5ef..01ea9de16e635be72f8b817469e02ea2b939589c 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -1,16 +1,16 @@
# Install FreeRADIUS config snippets
define freeradius::config ($source) {
- $fr_package = $::freeradius::params::fr_package
- $fr_service = $::freeradius::params::fr_service
+ $fr_package = $::freeradius::params::fr_package
+ $fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
- $fr_user = $::freeradius::params::fr_user
+ $fr_group = $::freeradius::params::fr_group
file { "${fr_basepath}/conf.d/${name}":
mode => '0640',
owner => 'root',
- group => 'radiusd',
+ group => $fr_group,
source => $source,
- require => File["${fr_basepath}/conf.d"],
+ require => [File["${fr_basepath}/conf.d"], Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
}
diff --git a/manifests/dictionary.pp b/manifests/dictionary.pp
index 28fe8ec2f7676e8ddf977cfcd95e423b9612f4c2..fa0f04d8924dc65e8f846c5285871ea75c8a3e80 100644
--- a/manifests/dictionary.pp
+++ b/manifests/dictionary.pp
@@ -1,16 +1,17 @@
# Install FreeRADIUS custom dictionaries
-define freeradius::dictionary ($source, $order=50) {
- $fr_package = $::freeradius::params::fr_package
- $fr_service = $::freeradius::params::fr_service
+define freeradius::dictionary ($source, $order = 50) {
+ $fr_package = $::freeradius::params::fr_package
+ $fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
+ $fr_group = $::freeradius::params::fr_group
- # Install dictionary in dictionary.d
+ # Install dictionary in dictionary.d
file { "${fr_basepath}/dictionary.d/dictionary.${name}":
mode => '0644',
owner => 'root',
- group => 'radiusd',
+ group => $fr_group,
source => $source,
- require => Package[$fr_package],
+ require => [File["${fr_basepath}/dictionary.d"], Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
diff --git a/manifests/init.pp b/manifests/init.pp
index 274b48b84c26944ed00a6dcedb7b4d1da6629d6f..d5665bc0e3f4a3c541cb2615e4c0f2232a2d521e 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -15,9 +15,9 @@ class freeradius (
name => "${fr_basepath}/radiusd.conf",
mode => '0640',
owner => 'root',
- group => 'radiusd',
+ group => $fr_group,
content => template('freeradius/radiusd.conf.erb'),
- require => Package[$fr_package],
+ require => [Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
@@ -38,17 +38,18 @@ class freeradius (
ensure => directory,
mode => '0750',
owner => 'root',
- group => 'radiusd',
- require => Package[$fr_package],
+ group => $fr_group,
+ require => [Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
# Set up concat policy file, as there is only one global policy
# We also add standard header and footer
concat { "${fr_basepath}/policy.conf":
- owner => 'root',
- group => 'radiusd',
- mode => '0640',
+ owner => 'root',
+ group => $fr_group,
+ mode => '0640',
+ require => [Package[$fr_package], Group[$fr_group]],
}
concat::fragment { 'policy_header':
target => "${fr_basepath}/policy.conf",
@@ -64,9 +65,10 @@ class freeradius (
# Install a slightly tweaked stock dictionary that includes
# our custom dictionaries
concat { "${fr_basepath}/dictionary":
- owner => 'root',
- group => 'radiusd',
- mode => '0640',
+ owner => 'root',
+ group => $fr_group,
+ mode => '0640',
+ require => [Package[$fr_package], Group[$fr_group]],
}
concat::fragment { 'dictionary_header':
target => "${fr_basepath}/dictionary",
@@ -116,12 +118,7 @@ class freeradius (
service { 'radiusd':
ensure => running,
name => $fr_service,
- require => [
- Exec['radiusd-config-test'],
- File['radiusd.conf'],
- User['radiusd'],
- Package[$fr_package],
- ],
+ require => [Exec['radiusd-config-test'], File['radiusd.conf'], User[$fr_user], Package[$fr_package],],
enable => true,
hasstatus => true,
hasrestart => true,
@@ -130,7 +127,7 @@ class freeradius (
# We don't want to create the radiusd user, just add it to the
# wbpriv group if the user needs winbind support. We depend on
# the FreeRADIUS package to be sure that the user has been created
- user { 'radiusd':
+ user { $fr_user:
ensure => present,
groups => $winbind_support ? {
true => $fr_wbpriv_user,
@@ -139,6 +136,14 @@ class freeradius (
require => Package[$fr_package],
}
+ # We don't want to add the radiusd group but it must be defined
+ # here so we can depend on it. WE depend on the FreeRADIUS
+ # package to be sure that the group has been created.
+ group { $fr_group:
+ ensure => present,
+ require => Package[$fr_package]
+ }
+
# Install a few modules required on all FR installations
freeradius::module { 'always':
source => 'puppet:///modules/freeradius/modules/always',
@@ -181,18 +186,19 @@ class freeradius (
}
file { "${fr_logpath}/radius.log":
- owner => 'radiusd',
- group => 'radiusd',
+ owner => $fr_user,
+ group => $fr_group,
seltype => 'radiusd_log_t',
+ require => [Package[$fr_package], User[$fr_user], Group[$fr_group]],
}
# Updated logrotate file to include radiusd-*.log
file { '/etc/logrotate.d/radiusd':
mode => '0640',
owner => 'root',
- group => 'radiusd',
+ group => $fr_group,
content => template('freeradius/radiusd.logrotate.erb'),
- require => Package[$fr_package],
+ require => [Package[$fr_package], Group[$fr_group]],
}
# Generate global SSL parameters
@@ -230,8 +236,8 @@ class freeradius (
content => "# FILE INTENTIONALLY BLANK\n",
mode => '0644',
owner => 'root',
- group => 'radiusd',
- require => Package[$fr_package],
+ group => $fr_group,
+ require => [Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
diff --git a/manifests/instantiate.pp b/manifests/instantiate.pp
index 6df6f1cc622839fa815abc1115ed438b085750ed..0b1c24275dc8cb101a326ec03976a961894d025a 100644
--- a/manifests/instantiate.pp
+++ b/manifests/instantiate.pp
@@ -1,16 +1,16 @@
# Instantiate a module in global config
define freeradius::instantiate {
- $fr_package = $::freeradius::params::fr_package
- $fr_service = $::freeradius::params::fr_service
+ $fr_package = $::freeradius::params::fr_package
+ $fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
- $fr_user = $::freeradius::params::fr_user
+ $fr_group = $::freeradius::params::fr_group
file { "${fr_basepath}/instantiate/${name}":
mode => '0640',
owner => 'root',
- group => 'radiusd',
+ group => $fr_group,
content => $name,
- require => Package[$fr_package],
+ require => [Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
}
diff --git a/manifests/module.pp b/manifests/module.pp
index 73f6c4fbf2872dcdaceb29739138105a45af7db6..3211bee45dac5efc7d7fac108546a5c5e4c634a7 100644
--- a/manifests/module.pp
+++ b/manifests/module.pp
@@ -1,16 +1,16 @@
# Install FreeRADIUS modules
define freeradius::module ($source) {
- $fr_package = $::freeradius::params::fr_package
- $fr_service = $::freeradius::params::fr_service
+ $fr_package = $::freeradius::params::fr_package
+ $fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
- $fr_user = $::freeradius::params::fr_user
+ $fr_group = $::freeradius::params::fr_group
file { "${fr_basepath}/modules/${name}":
mode => '0640',
owner => 'root',
- group => 'radiusd',
+ group => $fr_group,
source => $source,
- require => Package[$fr_package],
+ require => [Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
}
diff --git a/manifests/policy.pp b/manifests/policy.pp
index 124d4db5b362d0f37011207cc77e0b080be0ecf7..71bd549caa2c0a19c5e71a6ef246d2a289292fff 100644
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@@ -1,17 +1,17 @@
# Install FreeRADIUS policies
-define freeradius::policy ($source, $order=50) {
- $fr_package = $::freeradius::params::fr_package
- $fr_service = $::freeradius::params::fr_service
+define freeradius::policy ($source, $order = 50) {
+ $fr_package = $::freeradius::params::fr_package
+ $fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
- $fr_user = $::freeradius::params::fr_user
+ $fr_group = $::freeradius::params::fr_group
- # Install policy in policy.d
+ # Install policy in policy.d
file { "${fr_basepath}/policy.d/${name}":
mode => '0644',
owner => 'root',
- group => 'radiusd',
+ group => $fr_group,
source => $source,
- require => Package[$fr_package],
+ require => [Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
diff --git a/manifests/script.pp b/manifests/script.pp
index 59caf1da94c2db79a72a977653ce23f334eebf7f..e355994312ee1c7e3fb3fcb3ceccc3bdceeec090 100644
--- a/manifests/script.pp
+++ b/manifests/script.pp
@@ -1,15 +1,16 @@
# Install FreeRADIUS helper scripts
define freeradius::script ($source) {
- $fr_package = $::freeradius::params::fr_package
- $fr_service = $::freeradius::params::fr_service
+ $fr_package = $::freeradius::params::fr_package
+ $fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
- $fr_user = $::freeradius::params::fr_user
+ $fr_group = $::freeradius::params::fr_group
file { "${fr_basepath}/scripts/${name}":
mode => '0750',
owner => 'root',
- group => 'radiusd',
+ group => $fr_group,
source => $source,
- require => File["${fr_basepath}/scripts"],
+ require => [File["${fr_basepath}/scripts"], Package[$fr_package], Group[$fr_group]],
+ notify => Service[$fr_service],
}
}
diff --git a/manifests/site.pp b/manifests/site.pp
index 12e7ea85a9e075f79598e99db04355de55bf149a..957d6048b4252e74416e685e2d370ca89eafc95d 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1,20 +1,17 @@
# Install FreeRADIUS virtual servers (sites)
-define freeradius::site (
- $source = undef,
- $content = undef,
-) {
- $fr_package = $::freeradius::params::fr_package
- $fr_service = $::freeradius::params::fr_service
+define freeradius::site ($source = undef, $content = undef,) {
+ $fr_package = $::freeradius::params::fr_package
+ $fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
- $fr_user = $::freeradius::params::fr_user
+ $fr_group = $::freeradius::params::fr_group
file { "${fr_basepath}/sites-enabled/${name}":
mode => '0640',
owner => 'root',
- group => 'radiusd',
+ group => $fr_group,
source => $source,
content => $content,
- require => Package[$fr_package],
+ require => [Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
}
diff --git a/manifests/statusclient.pp b/manifests/statusclient.pp
index 0fdf15819e3a88c572c645ecbbca2482adaef9ce..ac6cae401143b35719034cb643bbbe0881668c91 100644
--- a/manifests/statusclient.pp
+++ b/manifests/statusclient.pp
@@ -1,23 +1,16 @@
# Install FreeRADIUS clients (WISMs or testing servers)
-define freeradius::statusclient (
- $secret,
- $ip=undef,
- $ip6=undef,
- $port=undef,
- $shortname=$name,
- $netmask = undef,
-) {
- $fr_package = $::freeradius::params::fr_package
- $fr_service = $::freeradius::params::fr_service
+define freeradius::statusclient ($secret, $ip = undef, $ip6 = undef, $port = undef, $shortname = $name, $netmask = undef,) {
+ $fr_package = $::freeradius::params::fr_package
+ $fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
- $fr_user = $::freeradius::params::fr_user
+ $fr_group = $::freeradius::params::fr_group
file { "${fr_basepath}/statusclients.d/${name}.conf":
mode => '0640',
owner => 'root',
- group => 'radiusd',
+ group => $fr_group,
content => template('freeradius/client.conf.erb'),
- require => File["${fr_basepath}/clients.d"],
+ require => [File["${fr_basepath}/clients.d"], Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
}