Puppet Class: freeradius

Inherited by:
freeradius::v3::sites::ldap
freeradius::v3::modules::ldap
Defined in:
manifests/init.pp

Overview

Parameters:

  • firewall (Boolean) (defaults to: simplib::lookup('simp_options::firewall', { 'default_value' => false}))

    If true set rules to open ports on firewall

  • freeradius_name (String) (defaults to: 'freeradius')

    Name of the package

  • user (String) (defaults to: 'radiusd')
  • uid (Integer) (defaults to: 95)
  • group (String) (defaults to: 'radiusd')
  • gid (Integer) (defaults to: 95)

    The user and group information for the local system that is used to run freeradius.

  • sysconfdir (Stdlib::Absolutepath) (defaults to: '/etc')

    Top level configuration directory.

  • confdir (Stdlib::Absolutepath) (defaults to: "${sysconfdir}/raddb")

    The configuration directories where the radius files are kept.

  • logdir (Stdlib::Absolutepath) (defaults to: '/var/log/freeradius')

    freeradius log directory

  • testcerts (Boolean) (defaults to: false)

    Whether or not freeradius should generate test certs at installation time.

  • use_rsync (Boolean) (defaults to: false)

    If true rsync will be used to copy configuration files into place. The other configuration manifests only work with freeradius version 3 or later, if you are using an earlier version you will need to copy files this way. rsync will not remove any files so you can use a combination of rsync and manifests.

  • package_ensure (String) (defaults to: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' }))

    String to pass to the freeradius package ensure attribute

  • manage_sites_enabled (Boolean) (defaults to: false)

    If true then only sites managed by puppet will be allowed in the sites-enabled directory. Files that are rsync’d are not “managed” by puppet. Use the freeradius::v3::site define or a file resource to create sites.

  • pki (Variant[Boolean,Enum['simp']]) (defaults to: simplib::lookup('simp_options::pki', { 'default_value' => false }))
  • fips (Boolean) (defaults to: simplib::lookup('simp_options::fips', {'default_value' => false }))
  • app_pki_dir (Stdlib::Absolutepath) (defaults to: '/etc/pki/simp_apps/freeradius/x509')
  • app_pki_cert (Stdlib::Absolutepath) (defaults to: "${app_pki_dir}/public/${facts['networking']['fqdn']}.pub")
  • app_pki_key (Stdlib::Absolutepath) (defaults to: "${app_pki_dir}/private/${facts['networking']['fqdn']}.pem")
  • app_pki_ca (Stdlib::Absolutepath) (defaults to: "${app_pki_dir}/cacerts/cacerts.pem")
  • app_pki_ca_dir (Stdlib::Absolutepath) (defaults to: "${app_pki_dir}/cacerts")
  • app_pki_external_source (Stdlib::Absolutepath) (defaults to: simplib::lookup('simp_options::pki::source', { 'default_value' => '/etc/pki/simp/x509' }))

Author:



77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
 
# File 'manifests/init.pp', line 77

class freeradius (
  Variant[Boolean,Enum['simp']]  $pki                     = simplib::lookup('simp_options::pki', { 'default_value'         => false }),
  Boolean                        $firewall                = simplib::lookup('simp_options::firewall', { 'default_value'    => false}),
  Boolean                        $fips                    = simplib::lookup('simp_options::fips', {'default_value' => false }),
  String                         $freeradius_name         = 'freeradius',
  String                         $user                    = 'radiusd',
  Integer                        $uid                     = 95,
  String                         $group                   = 'radiusd',
  Integer                        $gid                     = 95,
  Boolean                        $testcerts               = false,
  Boolean                        $use_rsync               = false,

  Stdlib::Absolutepath           $app_pki_dir             = '/etc/pki/simp_apps/freeradius/x509',
  Stdlib::Absolutepath           $app_pki_cert            = "${app_pki_dir}/public/${facts['networking']['fqdn']}.pub",
  Stdlib::Absolutepath           $app_pki_key             = "${app_pki_dir}/private/${facts['networking']['fqdn']}.pem",
  Stdlib::Absolutepath           $app_pki_ca              = "${app_pki_dir}/cacerts/cacerts.pem",
  Stdlib::Absolutepath           $app_pki_ca_dir          = "${app_pki_dir}/cacerts",
  Stdlib::Absolutepath           $app_pki_external_source = simplib::lookup('simp_options::pki::source', { 'default_value' => '/etc/pki/simp/x509' }),
  Stdlib::Absolutepath           $sysconfdir              = '/etc',
  Stdlib::Absolutepath           $confdir                 = "${sysconfdir}/raddb",
  Stdlib::Absolutepath           $logdir                  = '/var/log/freeradius',
  Boolean                        $manage_sites_enabled    = false,
  String                         $package_ensure          = simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' }),

) {

  if $fips or $facts['fips_enabled'] {
    warning('RADIUS, by design, must have MD5 support. FreeRADIUS (and RADIUS period) cannot be supported in FIPS mode.')
  } else {
    include 'freeradius::install'
    include 'freeradius::config'
    include 'freeradius::service'
    Class['freeradius::install'] -> Class['freeradius::config'] ~> Class['freeradius::service']
  }
}