Add support to bind to ldap for freeradius. Also various fixes to mak…

…e this work for centos and ubuntu, changing packages, abstrating vairable. Also added some spec tests
gleamicus · Apr 30, 2014 · 08b4467 · 08b4467
1 parent 3cd16b3
commit 08b4467
Show file tree

Hide file tree

Showing 14 changed files with 1,497 additions and 51 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,22 @@
+freeradius CHANGELOG
+=======================
+
+This file is used to list changes made in each version of the freeradius cookbook.
+
+0.0.1
+-----
+- [Nicholas Maloney] - Initial release of freeradius
+
+- - -
+
+1.0.0
+-----
+- [Alex Farhadi] - Revamp of freeradius cookbook
+ - Add support for LDAP
+ - Add support for custom clients in freeradius
+ - Change package defaults for centos/ubuntu
+ - Abstract centos/ubuntu attributes
+ - Add some chef spec tests
+ - Update README for new LDAP documentation
+
+- - -
diff --git a/README.md b/README.md
@@ -11,6 +11,29 @@ Requirements
 Usage
 ====
 
+To enable LDAP Support, please override the following attributes in a wrapper cookbook as such
+
+    node.override['freeradius']['enable_sql'] = false
+    node.override['freeradius']['enable_ldap'] = true
+    node.override['freeradius']['ldap_server'] = 'localhost'
+    node.override['freeradius']['ldap_port'] = '636'
+    node.override['freeradius']['ldap_basedn'] = 'dc=contoso,dc=local'
+
+    node.override['freeradius']['clients'] = {
+      'localhost' => {
+        'ipaddr' => '127.0.0.1',
+        'netmask' => '0',
+        'secret' => 'password',
+        'nastype' => 'other'
+      },
+      'production' => {
+        'ipaddr' => '10.0.0.0',
+        'netmask' => '8',
+        'secret' => 'password',
+        'nastype' => 'other'
+      }
+    }
+
 
 License and Author
 ====

diff --git a/attributes/default.rb b/attributes/default.rb
@@ -1,5 +1,24 @@
+#OS Specific Attributes
+case platform_family
+when "rhel"
+  default['freeradius']['user'] = 'radiusd'
+  default['freeradius']['group'] = 'radiusd'
+  default['freeradius']['dir'] = '/etc/raddb'
+  default['freeradius']['service'] = 'radiusd'
+  default['freeradius']['logdir'] = '/var/log/radius'
+  default['freeradius']['name'] = 'radiusd'
+  default['freeradius']['libdir'] = '/usr/lib64/freeradius'
+when "debian"
+  default['freeradius']['user'] = 'freerad'
+  default['freeradius']['group'] = 'freerad'
+  default['freeradius']['dir'] = '/etc/freeradius'
+  default['freeradius']['service'] = 'freeradius'
+  default['freeradius']['logdir'] = '/var/log/freeradius'
+  default['freeradius']['name'] = 'freeradius'
+  default['freeradius']['libdir'] = '/usr/lib/freeradius'
+end
+
 default[:freeradius][:install_method] = "package"
-default['freeradius']['dir'] = "/etc/freeradius"
 
 # Db vars
 default['freeradius']['db_type'] = "postgresql"
@@ -15,9 +34,26 @@
 default['freeradius']['remote_secret'] = "remote1234"
 default['freeradius']['enable_sql'] = true
 
+#Client File Config
+default['freeradius']['clients'] = {
+  'localhost' => {
+    'ipaddr' => '127.0.0.1',
+    'netmask' => '0',
+    'secret' => 'default_secret',
+    'nastype' => 'other'
+  }
+}
+
+#LDAP Config
+default['freeradius']['enable_ldap'] = false
+default['freeradius']['ldap_server'] = 'ldap.example.com'
+default['freeradius']['ldap_port'] = '636'
+default['freeradius']['ldap_basedn'] = 'dc=example,dc=com'
+default['freeradius']['ldap_set_auth_type'] = 'yes'
+
 # Used for source installation
-default[:freeradius][:url] = "http://ftp.cc.uoc.gr/mirrors/ftp.freeradius.org/"
-default[:freeradius][:version] = "2.1.10"
-default[:freeradius][:checksum] = "b72d00d8d9c237b6bc3bfe89e6ccd99a7be63e699b305325ea60e04d5ddda4fe"
-default[:freeradius][:prefix_dir] = "/opt/local/freeradius"
-default[:freeradius][:configure_options] = %W{--prefix=#{freeradius[:prefix_dir]}/#{freeradius[:version]} --with-openssl-includes=/usr/include/openssl --with-openssl-libraries=/usr/lib}
+default['freeradius']['url'] = "http://ftp.cc.uoc.gr/mirrors/ftp.freeradius.org/"
+default['freeradius']['version'] = "2.1.10"
+default['freeradius']['checksum'] = "b72d00d8d9c237b6bc3bfe89e6ccd99a7be63e699b305325ea60e04d5ddda4fe"
+default['freeradius']['prefix_dir'] = "/opt/local/freeradius"
+default['freeradius']['configure_options'] = %W{--prefix=#{freeradius[:prefix_dir]}/#{freeradius[:version]} --with-openssl-includes=/usr/include/openssl --with-openssl-libraries=/usr/lib}
diff --git a/metadata.rb b/metadata.rb
@@ -3,7 +3,7 @@
 license          "All rights reserved"
 description      "Installs/Configures freeradius"
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          "0.0.1"
+version          "1.0.0"
 
 %w{ ubuntu centos debian }.each do |os|
   supports os

diff --git a/recipes/default.rb b/recipes/default.rb
@@ -8,31 +8,51 @@
 #
 include_recipe "freeradius::#{node[:freeradius][:install_method]}"
 
+if node['freeradius']['enable_ldap'] == true
+  include_recipe 'freeradius::ldap'
+end
+
 template "#{node['freeradius']['dir']}/sql.conf" do
   source "sql.conf.erb"
-  owner "freerad"
-  group "freerad"
+  owner node['freeradius']['user']
+  group node['freeradius']['group']
   mode 0600
-  notifies :restart, 'service[freeradius]', :immediately
+  notifies :restart, "service[#{node['freeradius']['service']}]", :immediately
 end
 
 template "#{node['freeradius']['dir']}/clients.conf" do
   source "clients.conf.erb"
-  owner "freerad"
-  group "freerad"
+  owner node['freeradius']['user']
+  group node['freeradius']['group']
   mode 0600
-  notifies :restart, 'service[freeradius]', :immediately
+  notifies :restart, "service[#{node['freeradius']['service']}]", :immediately
 end
 
 template "#{node['freeradius']['dir']}/radiusd.conf" do
   source "radiusd.conf.erb"
-  owner "freerad"
-  group "freerad"
+  owner node['freeradius']['user']
+  group node['freeradius']['group']
+  mode 0600
+  notifies :restart, "service[#{node['freeradius']['service']}]", :immediately
+end
+
+template "#{node['freeradius']['dir']}/sites-available/default" do
+  source "default.erb"
+  owner node['freeradius']['user']
+  group node['freeradius']['group']
+  mode 0600
+  notifies :restart, "service[#{node['freeradius']['service']}]", :immediately
+end
+
+template "#{node['freeradius']['dir']}/sites-available/inner-tunnel" do
+  source "inner-tunnel.erb"
+  owner node['freeradius']['user']
+  group node['freeradius']['group']
   mode 0600
-  notifies :restart, 'service[freeradius]', :immediately
+  notifies :restart, "service[#{node['freeradius']['service']}]", :immediately
 end
 
-service "freeradius" do
+service node['freeradius']['service'] do
   supports :restart => true, :status => false, :reload => false
   action [:enable, :start]
 end
diff --git a/recipes/ldap.rb b/recipes/ldap.rb
@@ -0,0 +1,7 @@
+template "#{node['freeradius']['dir']}/modules/ldap" do
+  source "ldap.erb"
+  owner node['freeradius']['user']
+  group node['freeradius']['group']
+  mode 0600
+  notifies :restart, "service[#{node['freeradius']['service']}]", :immediately
+end
diff --git a/recipes/package.rb b/recipes/package.rb
@@ -13,16 +13,39 @@
   ssl-cert }
   },
   [ "ubuntu" ] => {
-    "default" => %w{ libfreeradius2 freeradius-common libperl5.10 libssl0.9.8 libc6 libltdl7 }
+    "default" => %w{ freeradius freeradius-common freeradius-utils libfreeradius2 }
   },
   [ "centos" ] => {
-    "default" => %w{ openssl-devel }
+    "default" => %w{ freeradius2 freeradius2-utils }
   },
   "default" => %w{ }
 )
 
+ldap_pkgs = value_for_platform(
+  [ "debian" ] => {
+    "default" => %w{ freeradius-ldap }
+  },
+  [ "ubuntu" ] => {
+    "default" => %w{ freeradius-ldap }
+  },
+  [ "centos" ] => {
+    "default" => %w{ freeradius2-ldap }
+  },
+  [ "default" ] => {
+    "default" => %w{ }
+  },
+)
+
 pkgs.each do |pkg|
   package pkg do
     action :install
   end
 end
+
+if node['freeradius']['enable_ldap'] == true
+  ldap_pkgs.each do |pkg|
+    package pkg do
+      action :install
+    end
+  end
+end
diff --git a/spec/recipes/default_spec.rb b/spec/recipes/default_spec.rb
@@ -0,0 +1,83 @@
+require_relative '../spec_helper'
+
+describe 'freeradius::default' do
+  let(:chef_run) do
+    ChefSpec::Runner.new(platform: 'ubuntu', version: '12.04') do |node|
+      node.set[:datacenter][:domain] = 'local'
+      node.set[:freeradius][:clients] = {
+        'localhost' => {
+          'ipaddr' => '127.0.0.1',
+          'netmask' => '0',
+          'secret' => 'secret',
+          'nastype' => 'other'
+        },
+        'test' => { 
+          'ipaddr' => '10.0.0.0',
+          'netmask' => '8',
+          'secret' => 'secret',
+          'nastype' => 'other'
+        }
+      }
+    end.converge(described_recipe)
+  end
+  let(:chef_run_centos) do 
+    ChefSpec::Runner.new(platform: 'centos', version: '5.9') do |node|
+      node.set[:datacenter][:domain] = 'local'
+      node.set[:freeradius][:clients] = {
+        'localhost' => {
+          'ipaddr' => '127.0.0.1',
+          'netmask' => '0',
+          'secret' => 'secret',
+          'nastype' => 'other'
+        },
+        'test' => {
+          'ipaddr' => '10.0.0.0',
+          'netmask' => '8',
+          'secret' => 'secret',
+          'nastype' => 'other'
+        }
+      }
+    end.converge(described_recipe)
+  end
+
+  it 'creates the client file' do
+    template_content = <<HERE
+# -*- text -*-
+##
+## clients.conf -- client configuration directives
+##
+##      $Id$
+
+client localhost {
+  ipaddr = 127.0.0.1
+  netmask = 0
+  secret = secret
+  nastype = other
+}
+client test {
+  ipaddr = 10.0.0.0
+  netmask = 8
+  secret = secret
+  nastype = other
+}
+HERE
+    expect(chef_run).to render_file("/etc/freeradius/clients.conf").with_content(template_content)
+  end
+
+  it 'installs freeradius' do
+    expect(chef_run).to install_package('freeradius')
+  end
+
+  it 'installs freeradius on centos' do
+    expect(chef_run_centos).to install_package('freeradius2')
+  end
+
+  it 'starts freeradius service ubuntu' do
+    expect(chef_run).to start_service('freeradius')
+  end
+
+  it 'starts radiusd service centos' do
+    expect(chef_run_centos).to start_service('radiusd')
+  end
+
+end
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
@@ -0,0 +1,25 @@
+# Added by ChefSpec
+require 'chefspec'
+
+# Uncomment to use ChefSpec's Berkshelf extension
+# require 'chefspec/berkshelf'
+
+RSpec.configure do |config|
+  # Specify the path for Chef Solo to find cookbooks
+  # config.cookbook_path = '/var/cookbooks'
+
+  # Specify the path for Chef Solo to find roles
+  # config.role_path = '/var/roles'
+
+  # Specify the Chef log_level (default: :warn)
+  # config.log_level = :debug
+
+  # Specify the path to a local JSON file with Ohai data
+  # config.path = 'ohai.json'
+
+  # Specify the operating platform to mock Ohai data from
+  # config.platform = 'ubuntu'
+
+  # Specify the operating version to mock Ohai data from
+  # config.version = '12.04'
+end
diff --git a/templates/default/clients.conf.erb b/templates/default/clients.conf.erb
@@ -2,31 +2,13 @@
 ##
 ## clients.conf -- client configuration directives
 ##
-##	$Id$
-
-client localhost {
-	ipaddr = 127.0.0.1
-	secret		= <%= node['freeradius']['local_secret'] %>
-	require_message_authenticator = no
-	nastype     = other
-}
-
-# This is NOT secure!
-# Use IPTABLES/Firewall to restrict remote access!
-<% if node['freeradius']['enable_remote_clients'] %>
-client remote {
-	ipaddr = 0.0.0.0
-	netmask = 0
-	secret = <%= node['freeradius']['remote_secret'] %>
-	require_message_authenticator = no
-	nastype     = other
+##      $Id$
+
+<% node['freeradius']['clients'].each do |client, client_hash| %>
+client <%= client %> {
+  ipaddr = <%= client_hash['ipaddr']  %>
+  netmask = <%= client_hash['netmask'] %>
+  secret = <%= client_hash['secret'] %>
+  nastype = <%= client_hash['nastype'] %>
 }
 <% end %>
-
-
-
-
-
-
-
-