Skip to content

Commit

Permalink
[feature] Added openwisp_radius installation
Browse files Browse the repository at this point in the history
  • Loading branch information
atb00ker committed Dec 5, 2020
1 parent 67fdb00 commit 3a6e7c0
Show file tree
Hide file tree
Showing 19 changed files with 617 additions and 111 deletions.
125 changes: 40 additions & 85 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -385,6 +385,10 @@ create an empty file named `playbook.yml` which contains the following:
# the following line is needed only when an IP address is used as the inventory hostname
vars:
postfix_myhostname: localhost
# Enable the modules you want to use
openwisp2_network_topology: true
openwisp2_firmware_upgrader: true
openwisp2_radius: true
```

**Step 6**: Run the playbook
Expand All @@ -401,88 +405,6 @@ username: admin
password: admin
```

Enabling the network topology module
------------------------------------

To enable the network topology module you need to set `openwisp2_network_topology` to `true` in
your `playbook.yml` file. Here's a short summary of how to do this:

**Step 1**: [Install ansible](#install-ansible)

**Step 2**: [Install this role](#install-this-role)

**Step 3**: [Create inventory file](#create-inventory-file)

**Step 4**: Create a playbook file with following contents:

```yaml
- hosts: openwisp2
become: "{{ become | default('yes') }}"
roles:
- openwisp.openwisp2
vars:
openwisp2_network_topology: true
```

**Step 5**: [Run the playbook](#run-the-playbook)

When the playbook is done running, if you got no errors you can login at:

https://openwisp2.mydomain.com/admin
username: admin
password: admin

Enabling the firmware upgrader module
-------------------------------------

**Note**: It is encouraged that you read the [quick-start guide of openwisp-firmware-upgrader](https://github.com/openwisp/openwisp-firmware-upgrader#quickstart)
before going ahead.

To enable the firmware upgrader module you need to set `openwisp2_firmware_upgrader` to `true` in
your `playbook.yml` file. Here's a short summary of how to do this:

**Step 1**: [Install ansible](#install-ansible)

**Step 2**: [Install this role](#install-this-role)

**Step 3**: [Create inventory file](#create-inventory-file)

**Step 4**: Create a playbook file with following contents:

```yaml
- hosts: openwisp2
become: "{{ become | default('yes') }}"
roles:
- openwisp.openwisp2
vars:
openwisp2_firmware_upgrader: true
```

**Step 5**: [Run the playbook](#run-the-playbook)

When the playbook is done running, if you got no errors you can login at:

https://openwisp2.mydomain.com/admin
username: admin
password: admin

**Note**: You can configure [openwisp-firmware-upgrader specific settings](https://github.com/openwisp/openwisp-firmware-upgrader#settings)
using `openwisp2_extra_django_settings` variable of this ansible role.
For example if you want to enable the [APIs of openwisp-firmware-upgrader](https://github.com/openwisp/openwisp-firmware-upgrader#rest-api),
you will update the above playbook as follows:

```yaml
- hosts: openwisp2
become: "{{ become | default('yes') }}"
roles:
- openwisp.openwisp2
vars:
openwisp2_firmware_upgrader: true
openwisp2_extra_django_settings:
OPENWISP_USERS_AUTH_API: true
OPENWISP_FIRMWARE_UPGRADER_API: true
```

Troubleshooting
===============

Expand Down Expand Up @@ -579,12 +501,17 @@ Below are listed all the variables you can customize (you may also want to take
- openwisp.openwisp2
vars:
# openwisp-controler version
openwisp2_controller_version: "0.4"
openwisp2_controller_version: "0.8.1"
# optional openwisp2 modules
openwisp2_network_topology: false
openwisp2_network_topology_version: "0.4"
openwisp2_network_topology_version: "0.5.1"
openwisp2_firmware_upgrader: false
openwisp2_firmware_upgrader_version: "0.1"
openwisp2_radius_version: "0.1"
# Enable the modules you want to use
openwisp2_network_topology: true
openwisp2_firmware_upgrader: true
openwisp2_radius: true
# you may replace the values of these variables with any URL
# supported by pip (the python package installer)
# use these to install forks, branches or development versions
Expand All @@ -598,6 +525,7 @@ Below are listed all the variables you can customize (you may also want to take
openwisp2_netjsonconfig_pip: false
openwisp2_network_topology_pip: false
openwisp2_firmware_upgrader_pip: false
openwisp2_radius_pip: false
# by default python3 is used, if may need to set this to python2.7 for older systems
openwisp2_python: python2.7
# customize the app_path
Expand Down Expand Up @@ -719,13 +647,40 @@ Below are listed all the variables you can customize (you may also want to take
# if set to True, will log all the celery events in the same log stream used by django
# which will cause log lines to be written to "{{ openwisp2_path }}/log/openwisp2.log"
# instead of "{{ openwisp2_path }}/log/celery.log" and "{{ openwisp2_path }}/log/celerybeat.log"
openwisp2_django_celery_logging: False
openwisp2_django_celery_logging: false
# allow overriding default `postfix_smtp_sasl_auth_enable` variable
postfix_smtp_sasl_auth_enable_override: yes
# allow overriding postfix_smtpd_relay_restrictions
postfix_smtpd_relay_restrictions_override: permit_mynetworks
# allows overriding the default duration for keeping notifications
openwisp2_notifications_delete_old_notifications: 10
openwisp2_users_auth_api: true
openwisp2_radius_sms_backend: "sendsms.backends.console.SmsBackend"
openwisp2_radius_sms_token_max_ip_daily: 25
openwisp2_freeradius_allowed_hosts: ["127.0.0.1"]
freeradius_dir: /etc/freeradius/3.0
freeradius_mods_available_dir: "{{ freeradius_dir }}/mods-available"
freeradius_mods_enabled_dir: "{{ freeradius_dir }}/mods-enabled"
freeradius_sites_available_dir: "{{ freeradius_dir }}/sites-available"
freeradius_sites_enabled_dir: "{{ freeradius_dir }}/sites-enabled"
freeradius_sql:
driver: rlm_sql_sqlite
dialect: sqlite
host: ""
port: ""
dbname: ""
user: ""
password: ""
freeradius_rest:
url: "https://{{ inventory_hostname }}/api/v1/freeradius"
freeradius_clients_ip: "0.0.0.0/0"
freeradius_clients_key: "admin"
cron_delete_old_notifications: "'hour': 0, 'minute': 0"
cron_deactivate_expired_users: "'hour': 0, 'minute': 0"
cron_delete_old_users: "'hour': 0, 'minute': 10"
cron_cleanup_stale_radacct: "'hour': 0, 'minute': 20"
cron_delete_old_postauth: "'hour': 0, 'minute': 30"
cron_delete_old_radacct: "'hour': 0, 'minute': 40"
```
Support
Expand Down
32 changes: 31 additions & 1 deletion defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,11 @@ openwisp2_python: python3
ansible_python_interpreter: /usr/bin/python3
openwisp2_network_topology: false
openwisp2_firmware_upgrader: false
openwisp2_radius: false
openwisp2_controller_version: "0.8.1"
openwisp2_network_topology_version: "0.5.1"
openwisp2_firmware_upgrader_version: "0.1"
openwisp2_radius_version: "0.1"
openwisp2_controller_pip: false
openwisp2_users_pip: false
openwisp2_utils_pip: false
Expand All @@ -13,6 +15,7 @@ openwisp2_django_loci_pip: false
openwisp2_netjsonconfig_pip: false
openwisp2_network_topology_pip: false
openwisp2_firmware_upgrader_pip: false
openwisp2_radius_pip: false
openwisp2_extra_python_packages: [bpython]
openwisp2_extra_django_apps: []
openwisp2_extra_django_settings: {}
Expand Down Expand Up @@ -88,5 +91,32 @@ openwisp2_celery_broker_url: redis://127.0.0.1:6379/3
openwisp2_celery_worker_prefetch_multiplier: 1
openwisp2_celery_task_acks_late: True
openwisp2_celery_broker_max_tries: 10
openwisp2_django_celery_logging: False
openwisp2_django_celery_logging: false
postfix_smtpd_relay_restrictions_override: "permit_sasl_authenticated, permit_mynetworks, check_relay_domains, reject_unauth_destination, reject"
openwisp2_users_auth_api: true
openwisp2_radius_sms_backend: "sendsms.backends.console.SmsBackend"
openwisp2_radius_sms_token_max_ip_daily: 25
openwisp2_freeradius_allowed_hosts: ["127.0.0.1"]
freeradius_dir: /etc/freeradius/3.0
freeradius_mods_available_dir: "{{ freeradius_dir }}/mods-available"
freeradius_mods_enabled_dir: "{{ freeradius_dir }}/mods-enabled"
freeradius_sites_available_dir: "{{ freeradius_dir }}/sites-available"
freeradius_sites_enabled_dir: "{{ freeradius_dir }}/sites-enabled"
freeradius_sql:
driver: rlm_sql_sqlite
dialect: sqlite
host: ""
port: ""
dbname: ""
user: ""
password: ""
freeradius_rest:
url: "https://{{ inventory_hostname }}/api/v1/freeradius"
freeradius_clients_ip: "0.0.0.0/0"
freeradius_clients_key: "admin"
cron_delete_old_notifications: "'hour': 0, 'minute': 0"
cron_deactivate_expired_users: "'hour': 0, 'minute': 0"
cron_delete_old_users: "'hour': 0, 'minute': 10"
cron_cleanup_stale_radacct: "'hour': 0, 'minute': 20"
cron_delete_old_postauth: "'hour': 0, 'minute': 30"
cron_delete_old_radacct: "'hour': 0, 'minute': 40"
25 changes: 22 additions & 3 deletions handlers/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,33 @@
---

- name: reload systemd
systemd: daemon_reload=yes
systemd:
daemon_reload: yes
when: ansible_distribution_release in ['bionic'] and ansible_service_mgr == 'systemd'

- name: reload supervisor
command: supervisorctl reload

- name: restart nginx
service: name=nginx state=restarted
service:
name: nginx
state: restarted

- name: start postgresql
service:
name: postgresql
state: started

- name: start redis
service: name=redis state=started
service:
name: redis
state: started

- name: update-ca-certificates
shell: /usr/sbin/update-ca-certificates
when: ansible_os_family == "Debian"

- name: restart freeradius
service:
name: freeradius
state: restarted
4 changes: 3 additions & 1 deletion molecule/resources/converge.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,9 @@

pre_tasks:
- name: Update apt cache
apt: update_cache=true cache_valid_time=600
apt:
update_cache: true
cache_valid_time: 600
when: ansible_os_family == 'Debian'

- name: Remove the .dockerenv file
Expand Down
14 changes: 13 additions & 1 deletion tasks/apt.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
- name: Update APT package cache
apt: update_cache=yes
apt:
update_cache: yes
changed_when: false
retries: 5
delay: 10
Expand Down Expand Up @@ -81,6 +82,17 @@
until: result is success
notify: reload systemd

- name: Install cairo
when: openwisp2_radius
apt:
name:
- libcairo2
- libpango-1.0-0
- libpangocairo-1.0-0
- libgdk-pixbuf2.0-0
- shared-mime-info
tags: [openwisp2, radius]

- name: Install mod-spatialite (may fail on older linux distros)
when: openwisp2_database.engine == "django.contrib.gis.db.backends.spatialite"
apt: name=libsqlite3-mod-spatialite
Expand Down
4 changes: 2 additions & 2 deletions tasks/django.yml
Original file line number Diff line number Diff line change
Expand Up @@ -90,8 +90,8 @@
group: "{{ www_group }}"
mode: 0664

- name: start redis
service: name=redis state=started
- name: start redis for migration
meta: flush_handlers

- name: migrate
notify: reload supervisor
Expand Down
43 changes: 43 additions & 0 deletions tasks/freeradius-postgresql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
---
- name: Freeradius additional postgresql system packages
when: openwisp2_radius and freeradius_sql.dialect == "postgresql"
apt:
name:
- postgresql
- freeradius-postgresql
- libpq-dev
state: latest
notify: start postgresql

- name: Install psycopg2
when: openwisp2_radius and freeradius_sql.dialect == "postgresql"
pip:
name: psycopg2
state: latest
retries: 5
delay: 10
register: result
until: result is success
notify: start postgresql

- name: start postgresql for migration
when: openwisp2_radius and freeradius_sql.dialect == "postgresql"
meta: flush_handlers

- name: Create freeradius database
when: openwisp2_radius and freeradius_sql.dialect == "postgresql"
become_user: postgres
become: true
postgresql_db:
name: "{{ freeradius_sql.dbname }}"
state: present

- name: Create freeradius database user
when: openwisp2_radius and freeradius_sql.dialect == "postgresql"
become_user: postgres
become: true
postgresql_user:
db: "{{ freeradius_sql.dbname }}"
name: "{{ freeradius_sql.user }}"
password: "{{ freeradius_sql.password }}"
priv: ALL
Loading

0 comments on commit 3a6e7c0

Please sign in to comment.