3.2.0: dynamic_home_servers ?

Alan DeKok aland at deployingradius.com
Tue May 31 14:53:12 UTC 2022 

On May 31, 2022, at 10:32 AM, Stefan Winter <stefan.winter at restena.lu> wrote:
> that doesn't change anything:

  Arg.  You should see %{1} getting expanded to something, and then %{home_server_dynamic:something} get expanded to "0" or "1"

  I'll find some more time for testing this.

> Reading this I wonder... how are realms.conf realms / home_server_pool / home_server and home_servers/* meant to co-exist?

  Dynamic home servers are just home_servers which are loaded while the server is running.

  Any home_server MUST define a unique home server.

  A home_server_pool can only contain static home servers.  Adding / deleting dynamic servers to pools is hard.

  Realms can only point to a static home_server_pool.

  The realm / home_server_pool / home_server name spaces are separate.  So you can use the same name in each one, and they don't conflict.  They also don't have any relationship, so "realm foo" doesn't need to point to "home_server_pool foo"

> Isn't a realms.conf defined realm "education.lu" just as static as one that is defined via home_servers/ ?

  Dynamic home_servers don't define realms, tho.  They just define home_servers.  You can't dynamically define a "realm".

  The whole "realm" thing is a throwback to 1995 or so, and is in v3 for historical reasons, and for ease of configuration.

> If there is no way to detect that a realm is already handled via normal "suffix" style Proxy-To-Realm, then this would mean one has to choose one or the other way of defining realms?

  There's only one way to define realms, via a "realm" definition.  That's why the server accepts:

  Proxy-To-Realm = "foo" 

	 proxies to a "realm foo", which in turn points to a home_server_pool, which points to home_server(s)

  Home-Server-Pool = "bar" 

	proxies to "home_server_pool bar", which generally points to home_server(s)
	this also doesn't use any "realm" definition

  Home-Server = "bar"

	proxies to "home_server bar", but doesn't use any fail-over / load-balancing of a "home_server_pool"

> (And how/where/why do I set "dynamic=true" for a given realm/home_server? The setting in proxy.conf is a global setting?)

  The setting in proxy.conf is whether or nor dynamic home servers are allowed at all.  There's no similar "dynamic = true" in the home servers read from the home_servers/ directory.  That's added automatically.

> FWIW, freshly starting 3.2.0 with my config lists all the realms.conf style realms with radmin:
> 
> 
> tld2bin #../sbin/radmin -e "show home_server list all"
> 
> [...]
> 
> 158.64.1.8      1812    udp     auth+acct       unknown 0       (name=server_158.64.1.8, dynamic=no)
> 158.64.1.8      1813    udp     acct    unknown 0       (name=server_158.64.1.8, dynamic=no)
> 158.64.1.43     1812    udp     auth+acct       unknown 0       (name=server_158.64.1.43, dynamic=no)
> 158.64.1.43     1813    udp     acct    unknown 0       (name=server_158.64.1.43, dynamic=no)
> 
> 
> So I kind of expected the expansion home_server_dynamic:%{1} to find them as "case 0". Anyway, once it does discovery as above, the new entry is listed, and is considered dynamic, and future expansions go to "case 1":
> 
> 158.64.1.26     2083    tcp     auth    unknown 0       (name=education.lu, dynamic=yes)

  That's good.

> Maybe one complication is that the home_servers defined in realms.conf do not have a name that gives away the realm they serve (i.e. server_158.64.1.8 etc.).

  Yes.  There's no strong tie between home_server and realm.  Because you can have multiple realms use the same home server.  And the same home server can be in multiple home_server_pools.

  Alan DeKok.

More information about the Freeradius-Users mailing list