Ways to simplify configs?

adrian.p.smith at bt.com adrian.p.smith at bt.com
Thu Jul 27 14:21:24 CEST 2017

We have a different way of managing this.

1. We store almost a complete raddb folder in a GIT repo with an associated automated integration test suite written in Cucumber-JVM and run by gradle. The tests gzip up the config and, with some minor tweaks, applies it to a local copy of FreeRadius which is spun up by the test suite as required along with other stub servers for downstream radius and REST servers. We use a Java Radius client to feed in packets and assert that things happen, in the stubs and the client, as expected.
2. The project is built in Jenkins and, assuming all the tests pass, the gzip file becomes the deployable artefact
3. We use another tool called Ansible (similar to Puppet) that the uploads and uzips to the production servers after first backing up the existing config. FreeRadius is then automatically restarted.

-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+adrian.p.smith=bt.com at lists.freeradius.org] On Behalf Of Jonathan Gazeley
Sent: 27 July 2017 13:07
To: freeradius-users at lists.freeradius.org
Subject: Re: Ways to simplify configs?

On 27/07/17 12:46, Alan DeKok wrote:
>> Try putting that in puppet, to push out to several servers.  I'm willing to keep the full tree on my puppet server for editing, but setting that up for deployment is insane.
>    Puppet can't push out subdirectories, recursively?  That seems more of a flaw in puppet than anything else.  Unix systems have had subdirectories since 1975 or so...

Puppet *can* push out subdirectories, recursively. However it's not recommended to do it that way. Puppet's strength is modelling everything as a resource that can be manipulated in order to generate configs, rather than directly storing the configs itself. Flat files don't really tie into this.

Hence I wrote my FreeRADIUS Puppet module which allows the user to define things in a native Puppet way, and the module then magically generates the config. It's not quite as flexible as editing the plain text files but it has enough flexibility for 95% of people's needs, and it still provides the option to feed in arbitrary plain text configs for the cases where the content can't be modelled in Puppet.


List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list