blob: 521f6ae118c1f7b1c03819446b39fe0b8db3fd1e (
plain) (
tree)
|
|
---
- name: Install our freeradius-assha package
dnf:
name: '{{ item }}'
state: present
with_fileglob: 'radius/freeradius-assha-*.fc{{ ansible_distribution_major_version }}.*.rpm'
tags:
- packages
- name: Make sure curl and diffutils are installed
dnf:
name: '{{ item }}'
state: present
with_items:
- curl
- diffutils
tags:
- packages
- name: Disable default site
file:
path: '/etc/raddb/sites-enabled/{{ item }}'
state: absent
with_items:
- default
- inner-tunnel
notify:
- restart radiusd
- name: Configure radiusd
copy:
dest: '/etc/raddb/{{ item }}'
src: 'radius/{{ item }}'
owner: root
group: radiusd
mode: 0640
with_items:
- radiusd.conf
- mods-available/eap
- sites-available/labitat
- sites-available/labitat-inner
notify:
- restart radiusd
- name: Configure radius clients
template:
dest: '/etc/raddb/clients.conf'
src: radius/clients.conf.j2
owner: root
group: radiusd
mode: 0640
notify:
- restart radiusd
- name: Enable labitat site
file:
path: '/etc/raddb/sites-enabled/{{ item }}'
src: '../sites-available/{{ item }}'
state: link
owner: root
group: radiusd
force: yes
with_items:
- labitat
- labitat-inner
notify:
- restart radiusd
- name: Create getusers script
template:
dest: '/etc/raddb/getusers.sh'
src: radius/getusers.sh.j2
owner: root
group: radiusd
mode: 0750
- name: Create getusers service and timer
copy:
dest: '/etc/systemd/system/{{ item }}'
src: 'radius/{{ item }}'
owner: root
group: root
mode: 0644
with_items:
- getusers.service
- getusers.timer
notify:
- restart getusers
- name: Enable getusers timer
systemd:
name: getusers.timer
enabled: yes
masked: no
state: started
when: not chroot
- name: '- when in chroot'
command: systemctl enable getusers.timer
args:
creates: '/etc/systemd/system/timers.target.wants/getusers.timer'
when: chroot
- name: Create service drop-in directory
file:
dest: '/etc/systemd/system/radiusd.service.d'
state: directory
owner: root
group: root
mode: 0755
- name: Start radiusd after networks are configured
copy:
dest: '/etc/systemd/system/radiusd.service.d/wait-online.conf'
src: wait-online.conf
owner: root
group: root
mode: 0644
- name: Enable radiusd service
systemd:
name: radiusd.service
enabled: yes
masked: no
state: started
when: not chroot
- name: '- when in chroot'
command: systemctl enable radiusd.service
args:
creates: '/etc/systemd/system/multi-user.target.wants/radiusd.service'
when: chroot
# vim: set ts=2 sw=2 et:
|
