Here's a sample playbook to install openwisp-radius with ansible-openwisp2.
I have taken it from a working playbook and removed the sensitive parts,
but I have not tested it, so it may be incomplete and surely will need
adaptation, but should hint all that needs to be done.
- hosts: yourhost
become: true
become_user: youruser
roles:
- openwisp.openwisp2
vars:
openwisp2_utils_pip:
https://github.com/openwisp/openwisp-utils/tarball/master
openwisp2_users_pip:
https://github.com/openwisp/openwisp-users/tarball/master
openwisp2_extra_python_packages:
# monitoring
- https://github.com/openwisp/openwisp-radius/tarball/master
- django-cors-headers
openwisp2_extra_django_settings_instructions:
# monitoring settings
- |
# openwisp-radius, registration, CORS
INSTALLED_APPS += [
'corsheaders',
'django_filters',
'rest_framework.authtoken',
'rest_auth',
'rest_auth.registration',
'openwisp_radius',
]
OPENWISP_RADIUS_FREERADIUS_ALLOWED_HOSTS = ['ip/host here']
# CORS
MIDDLEWARE.insert(
MIDDLEWARE.index('django.middleware.common.CommonMiddleware'),
'corsheaders.middleware.CorsMiddleware'
)
CORS_ORIGIN_WHITELIST = ('whitelisteddomain1', 'whitelisteddomain2')
CORS_ALLOW_METHODS = ('POST',)
# SMS
REST_AUTH_SERIALIZERS = {
'PASSWORD_RESET_SERIALIZER':
'openwisp_radius.api.serializers.PasswordResetSerializer',
}
REST_AUTH_REGISTER_SERIALIZERS = {
'REGISTER_SERIALIZER':
'openwisp_radius.api.serializers.RegisterSerializer',
}
OPENWISP_RADIUS_SMS_TOKEN_MAX_IP_DAILY = 25
SENDSMS_BACKEND = 'path to sms backend here'
# REST API
INSTALLED_APPS += [
'drf_yasg',
]
OPENWISP_USERS_AUTH_API = True
openwisp2_extra_urls:
- "url(r'^', include('openwisp_radius.urls'))"
- "url(r'^api/v1/', include('openwisp_utils.api.urls'))"
- "url(r'^api/v1/', include('openwisp_users.api.urls'))"
freeradius_dir: /etc/freeradius/3.0
freeradius_mods_available_dir: "{{ freeradius_dir }}/mods-available"
freeradius_mods_enabled_dir: "{{ freeradius_dir }}/mods-enabled"
freeradius_sites_available_dir: "{{ freeradius_dir }}/sites-available"
freeradius_sites_enabled_dir: "{{ freeradius_dir }}/sites-enabled"
freeradius_certs_dir: "{{ freeradius_dir }}/certs"
freeradius_sql:
driver: rlm_sql_postgresql
dialect: postgresql
host: localhost
port: 5432
name: "****"
user: "****"
password: "****"
freeradius_rest:
url: https://yourdomain/api/v1/freeradius
pre_tasks:
# openwisp-radius
- name: Install cairo
apt:
name:
- libcairo2
- libpango-1.0-0
- libpangocairo-1.0-0
- libgdk-pixbuf2.0-0
- shared-mime-info
update_cache: yes
tags: [openwisp2, radius]
### Follows an exmple installation and configuration of freeradius, but
my configuration uses postgres and is customized,
### so you need to be adapt it
- name: Freeradius system packages
apt:
name:
- freeradius
- freeradius-postgresql
- freeradius-rest
state: latest
notify: restart freeradius
- name: SQL Configuration
template:
src: freeradius/sql.j2
dest: "{{ freeradius_mods_available_dir }}/sql"
mode: 0640
owner: freerad
group: freerad
notify: restart freeradius
- name: Enable SQL module
file:
src: "{{ freeradius_mods_available_dir }}/sql"
dest: "{{ freeradius_mods_enabled_dir }}/sql"
state: link
mode: 0640
owner: freerad
group: freerad
- name: SQL Counter module
template:
src: freeradius/sqlcounter.j2
dest: "{{ freeradius_mods_available_dir }}/sqlcounter"
mode: 0640
owner: freerad
group: freerad
notify: restart freeradius
- name: Enable SQL Counter module
file:
src: "{{ freeradius_mods_available_dir }}/sqlcounter"
dest: "{{ freeradius_mods_enabled_dir }}/sqlcounter"
state: link
mode: 0640
owner: freerad
group: freerad
- name: Fix dailycounter.conf
copy:
src: freeradius/dailycounter.conf
dest: "{{ freeradius_dir
}}/mods-config/sql/counter/postgresql/dailycounter.conf"
mode: 0640
owner: freerad
group: freerad
notify: restart freeradius
- name: REST Configuration
template:
src: freeradius/rest.j2
dest: "{{ freeradius_mods_available_dir }}/rest"
mode: 0640
owner: freerad
group: freerad
notify: restart freeradius
- name: Enable REST module
file:
src: "{{ freeradius_mods_available_dir }}/rest"
dest: "{{ freeradius_mods_enabled_dir }}/rest"
state: link
mode: 0640
owner: freerad
group: freerad
- name: Remove default site
file:
dest: "{{ freeradius_sites_enabled_dir }}/default"
state: absent
- name: Ensure inner-tunnel site is present
file:
src: "{{ freeradius_sites_available_dir }}/inner-tunnel"
dest: "{{ freeradius_sites_enabled_dir }}/inner-tunnel"
state: link
mode: 0640
owner: freerad
group: freerad
- name: Captive portal configuration
template:
src: freeradius/captiveportal.j2
dest: "{{ freeradius_sites_available_dir }}/captiveportal"
mode: 0640
owner: freerad
group: freerad
notify: restart freeradius
tags: [radius]
- file:
src: "{{ freeradius_sites_available_dir }}/captiveportal"
dest: "{{ freeradius_sites_enabled_dir }}/captiveportal"
state: link
mode: 0640
owner: freerad
group: freerad
tags: [radius]
# openwisp-radius cron jobs
- name: delete_old_radacct
cron:
name: delete_old_radacct
day: "*"
hour: 05
minute: 30
job: "/opt/openwisp2/env/bin/python /opt/openwisp2/manage.py
delete_old_radacct 730"
tags: [openwisp2, radius]
- name: delete_old_postauth
cron:
name: delete_old_postauth
day: "*"
hour: 05
minute: 0
job: "/opt/openwisp2/env/bin/python /opt/openwisp2/manage.py
delete_old_postauth 365"
tags: [openwisp2, radius]
- name: cleanup_stale_radacct
cron:
name: cleanup_stale_radacct
day: "*"
hour: 04
minute: 0
job: "/opt/openwisp2/env/bin/python /opt/openwisp2/manage.py
cleanup_stale_radacct 1"
tags: [openwisp2, radius]
- name: deactivate_expired_users
cron:
name: deactivate_expired_users
day: "*"
hour: "*"
minute: "*/5"
job: "/opt/openwisp2/env/bin/python /opt/openwisp2/manage.py
deactivate_expired_users"
tags: [openwisp2, radius]
- name: delete_old_users
cron:
name: delete_old_users
day: "*"
hour: "03"
minute: "30"
job: "/opt/openwisp2/env/bin/python /opt/openwisp2/manage.py
delete_old_users"
tags: [openwisp2, radius]
Best regards
Federico
On Wednesday, October 14, 2020 at 11:23:38 AM UTC-5 Federico Capoano wrote:
> Hi Demian,
>
> regarding openwisp-monitoring, I left some hints in this other thread:
> https://groups.google.com/d/msg/openwisp/0Qh-TRAeoLE/BnpMZkvlAgAJ
> There's a playbook file shared in that thread as well
> <https://docs.google.com/viewer?a=v&pid=forums&srcid=MDY5OTA0NjI2NTkzOTQ2Nzk2ODkBMTM1NjE4NzI5MjUxODc3Nzg4MzIBQm5wTVprdmxBZ0FKATAuMgEBdjI&authuser=0>,
>
> I suggest following the thread until the end.
> The problem is that the new modules are evolving rapidly so new settings
> may be needed.
>
> We have open issues to add support for openwisp-monitoring
> <https://github.com/openwisp/ansible-openwisp2/issues/195>,
> openwisp-firmware-upgrader
> <https://github.com/openwisp/ansible-openwisp2/issues/199> and
> openwisp-radius <https://github.com/openwisp/ansible-openwisp2/issues/198> in
> ansible-openwisp2 but so far no one is working on these.
> I hope that more users and contributors will be willing to help out.
> The test project of each module provides a working settings.py file that
> can be used as reference.
>
> I hope this helps, I can't do more at the moment unfortunately.
>
> Best regards
> Federico
>
>
>
> On Wednesday, October 14, 2020 at 9:42:26 AM UTC-5, Demian Pecile wrote:
>>
>> Hi
>> I need to install Openwisp with freeradius integration, monitorin, and
>> firmware upgrade in a production environment.
>> There is any how to ?
>> I installed openwisp using ansible, but no problem to install directly if
>> some install guide to follow is available.
>>
>> Thanks
>>
>> Demian
>>
>
--
You received this message because you are subscribed to the Google Groups
"OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web, visit
https://groups.google.com/d/msgid/openwisp/75af9548-cee9-4d3d-aceb-7b30c41a14can%40googlegroups.com.
