Skip to content

Commit ebcac77

Browse files
committed
Fixes redis configuration in freeradius
1 parent 7d80a9b commit ebcac77

File tree

4 files changed

+252
-0
lines changed

4 files changed

+252
-0
lines changed

conf/documentation.conf

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -378,20 +378,56 @@ description=<<EOT
378378
Should redis for caching be started? Keep enabled unless you know what you're doing.
379379
EOT
380380

381+
[services.redis_cache_host]
382+
type=text
383+
description=<<EOT
384+
redis_cache_host host
385+
EOT
386+
387+
[services.redis_cache_port]
388+
type=text
389+
description=<<EOT
390+
redis_cache_port port
391+
EOT
392+
381393
[services.redis_queue]
382394
type=toggle
383395
options=enabled|disabled
384396
description=<<EOT
385397
Should redis be started? Keep enabled unless you know what you're doing.
386398
EOT
387399

400+
[services.redis_queue_host]
401+
type=text
402+
description=<<EOT
403+
redis_queue_host host
404+
EOT
405+
406+
[services.redis_queue_port]
407+
type=text
408+
description=<<EOT
409+
redis_queue_port port
410+
EOT
411+
388412
[services.redis_ntlm_cache]
389413
type=toggle
390414
options=enabled|disabled
391415
description=<<EOT
392416
Should the redis NTLM cache be started? Use this if you are enabling an Active Directory NTLM cache.
393417
EOT
394418

419+
[services.redis_ntlm_cache_host]
420+
type=text
421+
description=<<EOT
422+
redis_ntlm_cache_host host
423+
EOT
424+
425+
[services.redis_ntlm_cache_port]
426+
type=text
427+
description=<<EOT
428+
redis_ntlm_cache_port port
429+
EOT
430+
395431
[services.pfqueue-go]
396432
type=toggle
397433
options=enabled|disabled

conf/pf.conf.defaults

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -585,14 +585,35 @@ pfdetect=enabled
585585
#
586586
# Should redis be managed by PacketFence?
587587
redis_cache=enabled
588+
#
589+
# services.redis_cache_host
590+
redis_cache_host=[% ENV.env_or_default("REDIS_CACHE_HOST_PORT", "containers-gateway.internal") %]
591+
#
592+
# services.redis_cache_port
593+
redis_cache_port=[% ENV.env_or_default("REDIS_CACHE_PORT", "6379") %]
594+
#
588595
# services.redis_queue
589596
#
590597
# Should redis be managed by PacketFence?
591598
redis_queue=enabled
599+
#
600+
# services.redis_queue_host
601+
redis_queue_host=[% ENV.env_or_default("REDIS_QUEUE_HOST", "containers-gateway.internal") %]
602+
#
603+
# services.redis_queue_port
604+
redis_queue_port=[% ENV.env_or_default("REDIS_QUEUE_PORT", "6380") %]
605+
#
592606
# services.redis_ntlm_cache
593607
#
594608
# Should redis be managed by PacketFence?
595609
redis_ntlm_cache=disabled
610+
#
611+
# services.redis_ntlm_cache_host
612+
redis_ntlm_cache_host=[% ENV.env_or_default("REDIS_NTLM_CACHE_HOST_PORT", "containers-gateway.internal") %]
613+
#
614+
# services.redis_ntlm_cache_port
615+
redis_ntlm_cache_port=[% ENV.env_or_default("REDIS_NTLM_CACHE_PORT", "6383") %]
616+
#
596617
#
597618
# services.redis_binary
598619
#

conf/radiusd/redis.conf.example

Lines changed: 179 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,179 @@
1+
# -*- text -*-
2+
#
3+
# $Id: 0ef86751acd4389e7a6446e37856fde75fd4137c $
4+
5+
#
6+
# Configuration file for the "redis" module. This module does nothing
7+
# Other than provide connections to a redis database, and a %{redis: ...}
8+
# expansion.
9+
#
10+
redis {
11+
# Host where the redis server is located.
12+
# We recommend using ONLY 127.0.0.1 !
13+
server = [% redis_cache_host %]
14+
15+
# The default port.
16+
port = [% redis_cache_port %]
17+
18+
# The password used to authenticate to the server.
19+
# We recommend using a strong password.
20+
# password = thisisreallysecretandhardtoguess
21+
22+
#
23+
# Information for the connection pool. The configuration items
24+
# below are the same for all modules which use the new
25+
# connection pool.
26+
#
27+
pool {
28+
# Connections to create during module instantiation.
29+
# If the server cannot create specified number of
30+
# connections during instantiation it will exit.
31+
# Set to 0 to allow the server to start without the
32+
# web service being available.
33+
start = ${thread[pool].start_servers}
34+
35+
# Minimum number of connections to keep open
36+
min = ${thread[pool].min_spare_servers}
37+
38+
# Maximum number of connections
39+
#
40+
# If these connections are all in use and a new one
41+
# is requested, the request will NOT get a connection.
42+
#
43+
# Setting 'max' to LESS than the number of threads means
44+
# that some threads may starve, and you will see errors
45+
# like 'No connections available and at max connection limit'
46+
#
47+
# Setting 'max' to MORE than the number of threads means
48+
# that there are more connections than necessary.
49+
max = ${thread[pool].max_servers}
50+
51+
# Spare connections to be left idle
52+
#
53+
# NOTE: Idle connections WILL be closed if "idle_timeout"
54+
# is set. This should be less than or equal to "max" above.
55+
spare = ${thread[pool].max_spare_servers}
56+
57+
# Number of uses before the connection is closed
58+
#
59+
# 0 means "infinite"
60+
uses = 0
61+
62+
# The number of seconds to wait after the server tries
63+
# to open a connection, and fails. During this time,
64+
# no new connections will be opened.
65+
retry_delay = 30
66+
67+
# The lifetime (in seconds) of the connection
68+
#
69+
# NOTE: A setting of 0 means infinite (no limit).
70+
lifetime = 86400
71+
72+
# The pool is checked for free connections every
73+
# "cleanup_interval". If there are free connections,
74+
# then one of them is closed.
75+
cleanup_interval = 300
76+
77+
# The idle timeout (in seconds). A connection which is
78+
# unused for this length of time will be closed.
79+
#
80+
# NOTE: A setting of 0 means infinite (no timeout).
81+
idle_timeout = 600
82+
83+
# NOTE: All configuration settings are enforced. If a
84+
# connection is closed because of "idle_timeout",
85+
# "uses", or "lifetime", then the total number of
86+
# connections MAY fall below "min". When that
87+
# happens, it will open a new connection. It will
88+
# also log a WARNING message.
89+
#
90+
# The solution is to either lower the "min" connections,
91+
# or increase lifetime/idle_timeout.
92+
}
93+
}
94+
95+
redis redis_ntlm {
96+
# Host where the redis server is located.
97+
# We recommend using ONLY 127.0.0.1 !
98+
server = [% redis_ntlm_cache_host %]
99+
100+
# The default port.
101+
port = [% redis_ntlm_cache_port %]
102+
103+
# The password used to authenticate to the server.
104+
# We recommend using a strong password.
105+
# password = thisisreallysecretandhardtoguess
106+
107+
#
108+
# Information for the connection pool. The configuration items
109+
# below are the same for all modules which use the new
110+
# connection pool.
111+
#
112+
pool {
113+
# Connections to create during module instantiation.
114+
# If the server cannot create specified number of
115+
# connections during instantiation it will exit.
116+
# Set to 0 to allow the server to start without the
117+
# web service being available.
118+
start = 0
119+
120+
# Minimum number of connections to keep open
121+
min = ${thread[pool].min_spare_servers}
122+
123+
# Maximum number of connections
124+
#
125+
# If these connections are all in use and a new one
126+
# is requested, the request will NOT get a connection.
127+
#
128+
# Setting 'max' to LESS than the number of threads means
129+
# that some threads may starve, and you will see errors
130+
# like 'No connections available and at max connection limit'
131+
#
132+
# Setting 'max' to MORE than the number of threads means
133+
# that there are more connections than necessary.
134+
max = ${thread[pool].max_servers}
135+
136+
# Spare connections to be left idle
137+
#
138+
# NOTE: Idle connections WILL be closed if "idle_timeout"
139+
# is set. This should be less than or equal to "max" above.
140+
spare = ${thread[pool].max_spare_servers}
141+
142+
# Number of uses before the connection is closed
143+
#
144+
# 0 means "infinite"
145+
uses = 0
146+
147+
# The number of seconds to wait after the server tries
148+
# to open a connection, and fails. During this time,
149+
# no new connections will be opened.
150+
retry_delay = 30
151+
152+
# The lifetime (in seconds) of the connection
153+
#
154+
# NOTE: A setting of 0 means infinite (no limit).
155+
lifetime = 86400
156+
157+
# The pool is checked for free connections every
158+
# "cleanup_interval". If there are free connections,
159+
# then one of them is closed.
160+
cleanup_interval = 300
161+
162+
# The idle timeout (in seconds). A connection which is
163+
# unused for this length of time will be closed.
164+
#
165+
# NOTE: A setting of 0 means infinite (no timeout).
166+
idle_timeout = 600
167+
168+
# NOTE: All configuration settings are enforced. If a
169+
# connection is closed because of "idle_timeout",
170+
# "uses", or "lifetime", then the total number of
171+
# connections MAY fall below "min". When that
172+
# happens, it will open a new connection. It will
173+
# also log a WARNING message.
174+
#
175+
# The solution is to either lower the "min" connections,
176+
# or increase lifetime/idle_timeout.
177+
}
178+
}
179+

lib/pf/services/manager/radiusd_child.pm

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,7 @@ sub _generateConfig {
112112
$self->generate_radiusd_acctconf($tt);
113113
$self->generate_radiusd_eapconf($tt);
114114
$self->generate_radiusd_restconf($tt);
115+
$self->generate_radiusd_redisconf($tt);
115116
$self->generate_radiusd_sqlconf($tt);
116117
$self->generate_radiusd_sitesconf($tt);
117118
$self->generate_radiusd_proxy($tt);
@@ -366,6 +367,21 @@ sub generate_radiusd_restconf {
366367
$tt->process("$conf_dir/radiusd/rest.conf", \%tags, "$install_dir/raddb/mods-enabled/rest") or die $tt->error();
367368
}
368369

370+
sub generate_radiusd_redisconf {
371+
my ($self, $tt) = @_;
372+
my %tags;
373+
374+
$tags{'template'} = "$conf_dir/radiusd/redis.conf";
375+
$tags{'install_dir'} = $install_dir;
376+
$tags{'redis_cache_host'} = $Config{services}{redis_cache_host} || "127.0.0.1";
377+
$tags{'redis_cache_host'} = $Config{services}{redis_cache_port} || "6379";
378+
$tags{'redis_ntlm_cache_host'} = $Config{services}{redis_ntlm_cache_host} || "127.0.0.1";
379+
$tags{'redis_ntlm_cache_port'} = $Config{services}{redis_ntlm_cache_port} || "6383";
380+
381+
$tt->process("$conf_dir/radiusd/redis.conf", \%tags, "$install_dir/raddb/mods-enabled/redis") or die $tt->error();
382+
}
383+
384+
369385
sub generate_radiusd_authconf {
370386
my ($self, $tt) = @_;
371387
my %tags;

0 commit comments

Comments
 (0)