[feature] Added openwisp_radius installation #223
Conversation
atb00ker
force-pushed
the
openwisp_radius
branch
from
03428e0
to
bec48bc
Compare
atb00ker
force-pushed
the
openwisp_radius
branch
3 times, most recently
from
3e2dee8
to
b898ca9
Compare
atb00ker
changed the title
atb00ker
force-pushed
the
openwisp_radius
branch
from
b898ca9
to
3a6e7c0
Compare
atb00ker
force-pushed
the
openwisp_radius
branch
from
3a6e7c0
to
5dfa2c6
Compare
atb00ker
force-pushed
the
openwisp_radius
branch
4 times, most recently
from
b615612
to
6193334
Compare
|
It fails on molecule but works on my system install. |
|
@pandafy, stuck at #223 (comment), if you have time, please look into it. |
|
I wonder why we have a task that installs cryptography in this role, cryptography should be a dependency of django-x509 and I don't think we have to explicitly install it. I am releasing a new minor version of django-x509 to ensure the cryptography dependency is bound: openwisp/django-x509#108 |
|
@atb00ker this is occurring becausue openwisp/openwisp-radius@0819e35 was added after version 0.1.0. This should not occur if you test with the latest master. I guess it will require issuing 0.2.0 release of openwisp-radius |
|
@pandafy got it, since radius 2 release is so close, then let's wait for it! 😄 |
@atb00ker openwisp-radius 0.2 is out! 😁 |
| @@ -64,3 +64,22 @@ | |||
| - name: Show OpenWisp log | |||
| debug: | |||
| var: openwisp_log | |||
|
|
|||
| - name: Check Freeradius | |||
| # TODO: This test should work when openwisp-radius 0.3.0 is released! | |||
There was a problem hiding this comment.
This remains a blocker to merge this PR.
We would need to release the next version of openwisp-radius to enable testing here.
There was a problem hiding this comment.
yes we're getting near to that 👍
atb00ker
force-pushed
the
openwisp_radius
branch
4 times, most recently
from
77a25a9
to
301e123
Compare
atb00ker
force-pushed
the
openwisp_radius
branch
from
301e123
to
8c0bbc8
Compare
tasks/freeradius.yml
Outdated
|
|
||
| - name: Inner tunnel | ||
| template: | ||
| src: freeradius/openwisp_site.j2 |
There was a problem hiding this comment.
Yes, this was one of the causes of build failure,fixed it in the latest commit! 😄
There was a problem hiding this comment.
This is basically ready!
OpenWISP RADIUS 0.3 milestone issues: https://github.com/openwisp/openwisp-radius/milestone/1
There was a problem hiding this comment.
I found an issue that prevents the group configurations (radius group check, radius group reply) from working when using registration with phone number because the plus sign gets escaped. This is breaking group authorization rules.
To fix it we need to add a configurable variable called openwisp2_freeradius_safe_characters defaulting to +@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /.
Then in the configuration of the SQL dialect in use has to be changed, I think we have to replace the line which contains safe_characters =, because it seems the default is different depending on the DB:
- https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/raddb/mods-config/sql/main/postgresql/queries.conf here the default is commented out
- https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/raddb/mods-config/sql/main/mysql/queries.conf here it's not commented out
The value we put should be:
safe_characters = "{{ openwisp2_freeradius_safe_characters }}"
defaults/main.yml
Outdated
| cron_delete_old_users: "'hour': 0, 'minute': 10" | ||
| cron_cleanup_stale_radacct: "'hour': 0, 'minute': 20" | ||
| cron_delete_old_postauth: "'hour': 0, 'minute': 30" | ||
| cron_delete_old_radacct: "'hour': 1, 'minute': 30" |
There was a problem hiding this comment.
I think we should prefix these cron variables with openwisp2 for consistency, since it's configuration related to openwisp.
nemesifier
force-pushed
the
openwisp_radius
branch
from
f50a1b9
to
8bebc28
Compare
Commit 8bebc28 should fix it. I tested it. WIll keep an eye on the CI. |
|
I have merged this manually in the |
|
Merged manually in the |
|
@nemesisdesign awesome, big win! 😄 |
Todo:
Implements #198.