Default variable details
Some of debops.freeradius
default variables have more extensive
configuration than simple strings or lists, here you can find documentation and
examples for them.
freeradius__configuration
The freeradius__*_configuration
variables define the contents of the
FreeRADIUS configuration files located in the /etc/freeradius/
directory. The variables contain a list of YAML dictionaries, each dictionary
describes one "object" (file or symlink). The dictionaries with the same
name
parameter are merged together; it is possible to override existing
entries by later ones. This can be used to modify the configuration
conditionally.
Examples
Define a custom radiusd.conf
configuration file with contents specified
in a YAML text block:
freeradius__configuration:
- name: 'radiusd.conf'
raw: |
# Contents of the configuration file
# ...
# Contents of the configuration file
state: 'present'
Enable the LDAP support via a symlink:
freeradius__configuration:
- name: 'mods-enabled/ldap'
link_src: '../mods-available/ldap'
Define custom client list with passwords in the configuration file; each section can be modified separately in other configuration entries:
freeradius__configuration:
- name: 'clients.conf'
no_log: '{{ debops__no_log | d(True) }}'
options:
- name: 'client_localhost'
comment: |
Local client, used for testing
raw: |
client localhost {
ipaddr = 127.0.0.1
secret = testing123
}
state: 'present'
- name: 'client_ap_mgmt'
raw: |
client ap_mgmt {
ipaddr = 192.0.2.0/24
secret = pa$$word
}
state: 'present'
Include a directory from a config file:
freeradius__configuration:
- name: 'custom.conf'
comment: |
Include custom configuration from a directory
raw: |
$INCLUDE custom-dir/
state: 'present'
Syntax
Each YAML dictionary entry can use specific set of parameters:
name
Required. Name of the configuration file or symlink to manage. This parameter is used as an anchor to merge multiple configuration entries together.
The specified configuration files are relative to the path defined in the
freeradius__conf_base_path
variable. You need to specify the full filenames with extensions, you can specify files in subdirectories as normal.filename
Optional. An alternative filename to use instead of the one in
name
.owner
Optional. Specify UNIX account which will be other owner of the generated file. If not specified,
freeradius__user
will be the owner.group
Optional. Specify UNIX group of the generated file. If not specified,
freeradius__group
will be set as the group.mode
Optional. Specify the file mode/attributes of the generated file. If not specified,
0640
will be used by default.divert
Optional, boolean. If
True
, the role will use the dpkg-divert command to move the original configuration file packaged in thefreeradius-config
APT package out of the way to preserve it for reference and to not create issues during package upgrades. The file will be reverted back when thestate
parameter is set toabsent
.The diverted files have a dot (
.
) prepended to them, this will ensure that the files will be ignored by the FreeRADIUS$INCLUDE dir/
directive.divert_filename
Optional. An alternative name of the diverted file. This parameter can be used to override the name automatically generated by the role.
link_src
If specified, the file defined in the
name
parameter will be a symlink to the file defined by this parameter. You can use relative paths, for example:freeradius__configuration: - name: 'sites-enabled/default' link_src: '../sites-available/default'
If the
state
parameter is set toabsent
, the symlink will be removed.raw
A string or YAML text block with FreeRADIUS configuration. It will be put in the generated configuration file as-is.
options
An alternative way to specify the contents of the configuration file. This is a list of YAML dictionaries, each dictionary can use parameters:
name
The name of the configuration section. If
value
parameter is present, it will be used as the variable name on the left side of the equal expression. If theraw
parameter is present, the value of thename
parameter is not used in the configuration file. This parameter is used as an anchor to merge options from multiple configuration entries.value
If specified, it will be used as the value on the right site of the equal expression.
raw
String or YAML text block with FireeRADIUS configuration. It will be put in the generated configuration file as-is.
comment
String or YAML text block with comments about a given configuration section.
state
If not specified or
present
, a given configuration section will be included in the generated file. Ifabsent
, a given configuration section will not be included in the configuration file. Ifignore
, a given configuration entry will not be evaluated by the role.
The
options
lists from multiple configuration entries are merged together. You can use this to create a FreeRADIUS configuration files from multiple parts that can be conditionally activated.state
Optional. If not specified or
present
, a given configuration file or symlink will be created. Ifabsent
, a given configuration file or symlink will be removed (original file will be reverted, if it was diverted). Ifignore
, a given configuration entry will not be evaluated by the role.no_log
Optional, boolean. If
True
, Ansible will not log the task for a given file. This is useful to enable when files contain passwords, so that they will not be leaked in the logs.comment
Optional. String or YAML text block with comments included at the beginning of the generated file.