Commit dfd51595 authored by Jonathan Gazeley's avatar Jonathan Gazeley
Browse files

Various changes to allow custom status clients to be created for the

status server
parent c6e9f837
# Base class to install FreeRADIUS
class freeradius {
class freeradius (
$control_socket = false,
) {
include samba
include nagios::plugins::radius
......@@ -35,6 +37,17 @@ class freeradius {
notify => Service['radiusd'],
}
# Set up conf.d style clients for the status server
file { 'statusclients.d':
ensure => directory,
name => '/etc/raddb/statusclients.d',
mode => '0750',
owner => 'root',
group => 'radiusd',
require => Package['freeradius'],
notify => Service['radiusd'],
}
# Set permissions on base dir
file { '/etc/raddb':
ensure => directory,
......@@ -129,7 +142,8 @@ class freeradius {
mode => '0640',
owner => 'root',
group => 'radiusd',
source => 'puppet:///modules/freeradius/proxy.conf',
# source => 'puppet:///modules/freeradius/proxy.conf',
content => '',
require => Package['freeradius'],
notify => Service['radiusd'],
}
......@@ -180,20 +194,20 @@ class freeradius {
}
# Install a few modules required on all FR installations
radius::module { 'always':
freeradius::module { 'always':
source => 'puppet:///modules/freeradius/modules/always',
}
radius::module { 'detail':
freeradius::module { 'detail':
source => 'puppet:///modules/freeradius/modules/detail',
}
radius::module { 'detail.log':
freeradius::module { 'detail.log':
source => 'puppet:///modules/freeradius/modules/detail.log',
}
::radius::module { 'logtosyslog':
::freeradius::module { 'logtosyslog':
source => 'puppet:///modules/freeradius/modules/logtosyslog',
}
::radius::module { 'logtofile':
::freeradius::module { 'logtofile':
source => 'puppet:///modules/freeradius/modules/logtofile',
}
......@@ -205,11 +219,10 @@ class freeradius {
# Install a couple of virtual servers needed on all FR installations
radius::site { 'status':
source => 'puppet:///modules/freeradius/sites-enabled/status',
}
radius::site { 'control-socket':
source => 'puppet:///modules/freeradius/sites-enabled/control-socket',
if $control_socket == true {
freeradius::site { 'control-socket':
source => 'puppet:///modules/freeradius/sites-enabled/control-socket',
}
}
# Make the cert dir traversable
......
class freeradius::status_server (
$port = '18121',
$listen = '*',
$ipaddr = '127.0.0.1',
$secret,
$firewall = false,
) {
freeradius::site { 'status':
content => template('freeradius/sites-enabled/status.erb'),
# source => 'puppet:///modules/freeradius/sites-enabled/status',
}
if $firewall == true {
firewall { '100-radius-status':
proto => 'udp',
dport => $port,
source => $ipaddr,
action => 'accept',
}
}
}
# Install FreeRADIUS clients (WISMs or testing servers)
define freeradius::statusclient (
$ip=undef,
$ip6=undef,
$secret,
$port=undef,
$shortname,
$netmask = undef,
) {
file { "/etc/raddb/statusclients.d/${name}.conf":
mode => '0640',
owner => 'root',
group => 'radiusd',
content => template('freeradius/client.conf.erb'),
require => File['clients.d'],
notify => Service['radiusd'],
}
}
......@@ -37,8 +37,8 @@
server status {
listen {
type = status
ipaddr = *
port = 18120
ipaddr = <%= @listen %>
port = <%= @port %>
}
#
......@@ -54,10 +54,8 @@ server status {
# Do you really want your partners seeing the internal details
# of what your RADIUS server is doing?
#
client localhost {
ipaddr = 127.0.0.1
secret = SECRET
}
$INCLUDE ${confdir}/statusclients.d/
#
# Simple authorize section. The "Autz-Type Status-Server"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment