Ways to simplify configs?

Adam Bishop Adam.Bishop at jisc.ac.uk
Thu Jul 27 17:34:25 CEST 2017


On 27 Jul 2017, at 16:20, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> As others have said, we put the entire repo into a git directory, and just push it out to servers.

This, and I split the config into more files than default, not less.

I have a file (/etc/raddb/variables) that is not stored in the git tree that contains the host name of the system, and a bunch of values for whether it's a Dev or Production system, vlan id's, policy enablement etc.

I then have split a bunch of files into folders (e.g. /etc/raddb/clients.d/) to allow one config to serve multiple servers like this:

--+ clients.d/
  |
  +--+ DEV/
  |  |
  |  +--> vpn 
  |  +--> eduroam
  |  +--> internal_wifi
  |
  +--+ PROD/
     +--> vpn 
     +--> eduroam
     +--> internal_wifi

Which is controlled by a single entry in radiusd.conf:

  $INCLUDE clients.d/${environment}/

There's also certs.d, proxy.d, secrets.d that are managed the same way - for secrets.d the hostname is used instead:
  $INCLUDE secrets.d/${hostname}/

Regards,

Adam Bishop

  gpg: E75B 1F92 6407 DFDF 9F1C  BF10 C993 2504 6609 D460

jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.  




More information about the Freeradius-Users mailing list