Skip to content

Commit

Permalink
Deprecate netmask parameter
Browse files Browse the repository at this point in the history
Jonathan Gazeley committed Nov 24, 2015
1 parent 6c1f805 commit 4c414f6
Showing 4 changed files with 23 additions and 19 deletions.
7 changes: 2 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
@@ -222,10 +222,10 @@ freeradius::client { "wlan-controller01":
```

##### `ip`
The IP address of the client. For IPv6, use `ipv6addr`. `ip` and `ip6` are mutually exclusive but one must be supplied. Default: `undef`.
The IP address of the client or range in CIDR notation. For IPv6, use `ipv6addr`. `ip` and `ip6` are mutually exclusive but one must be supplied. Default: `undef`.

##### `ip6`
The IPv6 address of the client. `ip` and `ip6` are mutually exclusive but one must be supplied. Default: `undef`.
The IPv6 address of the client or range in CIDR notation. `ip` and `ip6` are mutually exclusive but one must be supplied. Default: `undef`.

##### `shortname`
A short alias that is used in place of the IP address or fully qualified hostname provided in the first line of the section. Required.
@@ -239,9 +239,6 @@ The virtual server that traffic from this client should be sent to. Default: `un
##### `nastype`
The `nastype` attribute is used to tell the `checkrad.pl` script which NAS-specific method it should use when checking simultaneous use. See [`man clients.conf`](http://freeradius.org/radiusd/man/clients.conf.txt) for a list of all options. Default: `undef`.

##### `netmask`
The netmask of the client, specified as an integer, e.g. `24`. Default: `undef`.

##### `port`
The UDP port that this virtual server should listen on. Leave blank if this client is not tied to a virtual server. Currently the port number is only used to create firewall exceptions and you only need to specify it if you set `firewall => true`. Use port range syntax as in [`puppetlabs-firewall`](https://forge.puppetlabs.com/puppetlabs/firewall). Default: `undef`.

25 changes: 17 additions & 8 deletions manifests/client.pp
Original file line number Diff line number Diff line change
@@ -19,6 +19,21 @@
$fr_group = $::freeradius::params::fr_group
$fr_version = $::freeradius::params::fr_version

# Calculate CIDR format IP now that FreeRADIUS has obsoleted use of separate netmask.
# This workaround means no syntax change is necessary, although we print a warning.
$cidr = $netmask ? {
undef => $ip,
default => "${ip}/${netmask}",
}
$cidr6 = $netmask ? {
undef => $ip6,
default => "${ip6}/${netmask}",
}

if ($netmask) {
warning("netmask field found in client ${shortname} is deprecated, use CIDR notation instead. Please fix your configuration.")
}

file { "${fr_basepath}/clients.d/${shortname}.conf":
ensure => $ensure,
mode => '0640',
@@ -36,21 +51,15 @@
proto => 'udp',
dport => $port,
action => 'accept',
source => $netmask ? {
undef => $ip,
default => "${ip}/${netmask}",
},
source => $cidr,
}
} elsif $ip6 {
firewall { "100-${shortname}-${port}-v6":
proto => 'udp',
dport => $port,
action => 'accept',
provider => 'ip6tables',
source => $netmask ? {
undef => $ip6,
default => "${ip6}/${netmask}",
},
source => $cidr6,
}
}
} else {
5 changes: 2 additions & 3 deletions templates/client.conf.fr2.erb
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
client <%= @shortname %> {
<% if @ip %>ipaddr= <%= @ip %><% end %>
<% if @ip6 %>ipv6addr = <%= @ip6 %><% end %>
<% if @netmask %>netmask = <%= @netmask %><% end %>
<% if @ip %>ipaddr= <%= @cidr %><% end %>
<% if @ip6 %>ipv6addr = <%= @cidr6 %><% end %>
shortname = <%= @shortname %>
secret = "<%= @secret %>"
<% if @virtual_server %>virtual_server = <%= @virtual_server %><% end %>
5 changes: 2 additions & 3 deletions templates/client.conf.fr3.erb
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
client <%= @shortname %> {
<% if @ip %>ipaddr= <%= @ip %><% end %>
<% if @ip6 %>ipv6addr = <%= @ip6 %><% end %>
<% if @netmask %>netmask = <%= @netmask %><% end %>
<% if @ip %>ipaddr= <%= @cidr %><% end %>
<% if @ip6 %>ipv6addr = <%= @cidr6 %><% end %>
shortname = <%= @shortname %>
secret = "<%= @secret %>"
<% if @virtual_server %>virtual_server = <%= @virtual_server %><% end %>

0 comments on commit 4c414f6

Please sign in to comment.