Ways to simplify configs?

David Hartburn D.J.Hartburn at kent.ac.uk
Thu Jul 27 16:48:08 CEST 2017 

We have something similar, except our configs are still in subversion 
(moving to git reasonably soon).

All changes on the dev server are checked in, ready to be checked out on 
test. The puppet config specifies both the svn repository and the config 
version number to deploy to the production servers.

This allows us to make as many changes as we like in svn, but those 
changes never go live until we are happy with load testing and 
specifically say in puppet 'now deploy version x'.

Dave


On 27/07/17 13:21, adrian.p.smith at bt.com wrote:
> We have a different way of managing this.
> 
> 1. We store almost a complete raddb folder in a GIT repo with an associated automated integration test suite written in Cucumber-JVM and run by gradle. The tests gzip up the config and, with some minor tweaks, applies it to a local copy of FreeRadius which is spun up by the test suite as required along with other stub servers for downstream radius and REST servers. We use a Java Radius client to feed in packets and assert that things happen, in the stubs and the client, as expected.
> 2. The project is built in Jenkins and, assuming all the tests pass, the gzip file becomes the deployable artefact
> 3. We use another tool called Ansible (similar to Puppet) that the uploads and uzips to the production servers after first backing up the existing config. FreeRadius is then automatically restarted.
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Freeradius-Users [mailto:freeradius-users-bounces+adrian.p.smith=bt.com at lists.freeradius.org] On Behalf Of Jonathan Gazeley
> Sent: 27 July 2017 13:07
> To: freeradius-users at lists.freeradius.org
> Subject: Re: Ways to simplify configs?
> 
> On 27/07/17 12:46, Alan DeKok wrote:
>>> Try putting that in puppet, to push out to several servers.  I'm willing to keep the full tree on my puppet server for editing, but setting that up for deployment is insane.
>>     Puppet can't push out subdirectories, recursively?  That seems more of a flaw in puppet than anything else.  Unix systems have had subdirectories since 1975 or so...
>>
> 
> Puppet *can* push out subdirectories, recursively. However it's not recommended to do it that way. Puppet's strength is modelling everything as a resource that can be manipulated in order to generate configs, rather than directly storing the configs itself. Flat files don't really tie into this.
> 
> Hence I wrote my FreeRADIUS Puppet module which allows the user to define things in a native Puppet way, and the module then magically generates the config. It's not quite as flexible as editing the plain text files but it has enough flexibility for 95% of people's needs, and it still provides the option to feed in arbitrary plain text configs for the cases where the content can't be modelled in Puppet.
> 
> Cheers,
> Jonathan
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list