Fixes redis configuration in freeradius

inverse-inc · Mar 7, 2025 · ebcac77 · ebcac77
1 parent 7d80a9b
commit ebcac77
Show file tree

Hide file tree

Showing 4 changed files with 252 additions and 0 deletions.
diff --git a/conf/documentation.conf b/conf/documentation.conf
@@ -378,20 +378,56 @@ description=<<EOT
 Should redis for caching be started? Keep enabled unless you know what you're doing.
 EOT
 
+[services.redis_cache_host]
+type=text
+description=<<EOT
+redis_cache_host host
+EOT
+
+[services.redis_cache_port]
+type=text
+description=<<EOT
+redis_cache_port port
+EOT
+
 [services.redis_queue]
 type=toggle
 options=enabled|disabled
 description=<<EOT
 Should redis be started? Keep enabled unless you know what you're doing.
 EOT
 
+[services.redis_queue_host]
+type=text
+description=<<EOT
+redis_queue_host host
+EOT
+
+[services.redis_queue_port]
+type=text
+description=<<EOT
+redis_queue_port port
+EOT
+
 [services.redis_ntlm_cache]
 type=toggle
 options=enabled|disabled
 description=<<EOT
 Should the redis NTLM cache be started? Use this if you are enabling an Active Directory NTLM cache.
 EOT
 
+[services.redis_ntlm_cache_host]
+type=text
+description=<<EOT
+redis_ntlm_cache_host host
+EOT
+
+[services.redis_ntlm_cache_port]
+type=text
+description=<<EOT
+redis_ntlm_cache_port port
+EOT
+
 [services.pfqueue-go]
 type=toggle
 options=enabled|disabled

diff --git a/conf/pf.conf.defaults b/conf/pf.conf.defaults
@@ -585,14 +585,35 @@ pfdetect=enabled
 #
 # Should redis be managed by PacketFence?
 redis_cache=enabled
+#
+# services.redis_cache_host
+redis_cache_host=[% ENV.env_or_default("REDIS_CACHE_HOST_PORT", "containers-gateway.internal") %]
+#
+# services.redis_cache_port
+redis_cache_port=[% ENV.env_or_default("REDIS_CACHE_PORT", "6379") %]
+#
 # services.redis_queue
 #
 # Should redis be managed by PacketFence?
 redis_queue=enabled
+#
+# services.redis_queue_host
+redis_queue_host=[% ENV.env_or_default("REDIS_QUEUE_HOST", "containers-gateway.internal") %]
+#
+# services.redis_queue_port
+redis_queue_port=[% ENV.env_or_default("REDIS_QUEUE_PORT", "6380") %]
+#
 # services.redis_ntlm_cache
 #
 # Should redis be managed by PacketFence?
 redis_ntlm_cache=disabled
+#
+# services.redis_ntlm_cache_host
+redis_ntlm_cache_host=[% ENV.env_or_default("REDIS_NTLM_CACHE_HOST_PORT", "containers-gateway.internal") %]
+#
+# services.redis_ntlm_cache_port
+redis_ntlm_cache_port=[% ENV.env_or_default("REDIS_NTLM_CACHE_PORT", "6383") %]
+#
 # 
 # services.redis_binary
 # 

diff --git a/conf/radiusd/redis.conf.example b/conf/radiusd/redis.conf.example
@@ -0,0 +1,179 @@
+# -*- text -*-
+#
+#  $Id: 0ef86751acd4389e7a6446e37856fde75fd4137c $
+
+#
+#  Configuration file for the "redis" module.  This module does nothing
+#  Other than provide connections to a redis database, and a %{redis: ...}
+#  expansion.
+#
+redis {
+	#  Host where the redis server is located.
+	#  We recommend using ONLY 127.0.0.1 !
+	server = [% redis_cache_host %]
+
+	#  The default port.
+	port = [% redis_cache_port %]
+
+	#  The password used to authenticate to the server.
+	#  We recommend using a strong password.
+#	password = thisisreallysecretandhardtoguess
+
+	#
+	#  Information for the connection pool.  The configuration items
+	#  below are the same for all modules which use the new
+	#  connection pool.
+	#
+	pool {
+		#  Connections to create during module instantiation.
+		#  If the server cannot create specified number of
+		#  connections during instantiation it will exit.
+		#  Set to 0 to allow the server to start without the
+		#  web service being available.
+		start = ${thread[pool].start_servers}
+
+		#  Minimum number of connections to keep open
+		min = ${thread[pool].min_spare_servers}
+
+		#  Maximum number of connections
+		#
+		#  If these connections are all in use and a new one
+		#  is requested, the request will NOT get a connection.
+		#
+		#  Setting 'max' to LESS than the number of threads means
+		#  that some threads may starve, and you will see errors
+		#  like 'No connections available and at max connection limit'
+		#
+		#  Setting 'max' to MORE than the number of threads means
+		#  that there are more connections than necessary.
+		max = ${thread[pool].max_servers}
+
+		#  Spare connections to be left idle
+		#
+		#  NOTE: Idle connections WILL be closed if "idle_timeout"
+		#  is set.  This should be less than or equal to "max" above.
+		spare = ${thread[pool].max_spare_servers}
+
+		#  Number of uses before the connection is closed
+		#
+		#  0 means "infinite"
+		uses = 0
+
+		#  The number of seconds to wait after the server tries
+		#  to open a connection, and fails.  During this time,
+		#  no new connections will be opened.
+		retry_delay = 30
+
+		#  The lifetime (in seconds) of the connection
+		#
+		#  NOTE: A setting of 0 means infinite (no limit).
+		lifetime = 86400
+
+		#  The pool is checked for free connections every
+		#  "cleanup_interval".  If there are free connections,
+		#  then one of them is closed.
+		cleanup_interval = 300
+
+		#  The idle timeout (in seconds).  A connection which is
+		#  unused for this length of time will be closed.
+		#
+		#  NOTE: A setting of 0 means infinite (no timeout).
+		idle_timeout = 600
+
+		#  NOTE: All configuration settings are enforced.  If a
+		#  connection is closed because of "idle_timeout",
+		#  "uses", or "lifetime", then the total number of
+		#  connections MAY fall below "min".  When that
+		#  happens, it will open a new connection.  It will
+		#  also log a WARNING message.
+		#
+		#  The solution is to either lower the "min" connections,
+		#  or increase lifetime/idle_timeout.
+	}
+}
+
+redis redis_ntlm {
+	#  Host where the redis server is located.
+	#  We recommend using ONLY 127.0.0.1 !
+        server = [% redis_ntlm_cache_host %]
+
+        #  The default port.
+        port = [% redis_ntlm_cache_port %]
+
+	#  The password used to authenticate to the server.
+	#  We recommend using a strong password.
+#	password = thisisreallysecretandhardtoguess
+
+	#
+	#  Information for the connection pool.  The configuration items
+	#  below are the same for all modules which use the new
+	#  connection pool.
+	#
+	pool {
+		#  Connections to create during module instantiation.
+		#  If the server cannot create specified number of
+		#  connections during instantiation it will exit.
+		#  Set to 0 to allow the server to start without the
+		#  web service being available.
+		start = 0
+
+		#  Minimum number of connections to keep open
+		min = ${thread[pool].min_spare_servers}
+
+		#  Maximum number of connections
+		#
+		#  If these connections are all in use and a new one
+		#  is requested, the request will NOT get a connection.
+		#
+		#  Setting 'max' to LESS than the number of threads means
+		#  that some threads may starve, and you will see errors
+		#  like 'No connections available and at max connection limit'
+		#
+		#  Setting 'max' to MORE than the number of threads means
+		#  that there are more connections than necessary.
+		max = ${thread[pool].max_servers}
+
+		#  Spare connections to be left idle
+		#
+		#  NOTE: Idle connections WILL be closed if "idle_timeout"
+		#  is set.  This should be less than or equal to "max" above.
+		spare = ${thread[pool].max_spare_servers}
+
+		#  Number of uses before the connection is closed
+		#
+		#  0 means "infinite"
+		uses = 0
+
+		#  The number of seconds to wait after the server tries
+		#  to open a connection, and fails.  During this time,
+		#  no new connections will be opened.
+		retry_delay = 30
+
+		#  The lifetime (in seconds) of the connection
+		#
+		#  NOTE: A setting of 0 means infinite (no limit).
+		lifetime = 86400
+
+		#  The pool is checked for free connections every
+		#  "cleanup_interval".  If there are free connections,
+		#  then one of them is closed.
+		cleanup_interval = 300
+
+		#  The idle timeout (in seconds).  A connection which is
+		#  unused for this length of time will be closed.
+		#
+		#  NOTE: A setting of 0 means infinite (no timeout).
+		idle_timeout = 600
+
+		#  NOTE: All configuration settings are enforced.  If a
+		#  connection is closed because of "idle_timeout",
+		#  "uses", or "lifetime", then the total number of
+		#  connections MAY fall below "min".  When that
+		#  happens, it will open a new connection.  It will
+		#  also log a WARNING message.
+		#
+		#  The solution is to either lower the "min" connections,
+		#  or increase lifetime/idle_timeout.
+	}
+}
+
diff --git a/lib/pf/services/manager/radiusd_child.pm b/lib/pf/services/manager/radiusd_child.pm
@@ -112,6 +112,7 @@ sub _generateConfig {
     $self->generate_radiusd_acctconf($tt);
     $self->generate_radiusd_eapconf($tt);
     $self->generate_radiusd_restconf($tt);
+    $self->generate_radiusd_redisconf($tt);
     $self->generate_radiusd_sqlconf($tt);
     $self->generate_radiusd_sitesconf($tt);
     $self->generate_radiusd_proxy($tt);
@@ -366,6 +367,21 @@ sub generate_radiusd_restconf {
     $tt->process("$conf_dir/radiusd/rest.conf", \%tags, "$install_dir/raddb/mods-enabled/rest") or die $tt->error();
 }
 
+sub generate_radiusd_redisconf {
+    my ($self, $tt) = @_;
+    my %tags;
+
+    $tags{'template'}    = "$conf_dir/radiusd/redis.conf";
+    $tags{'install_dir'} = $install_dir;
+    $tags{'redis_cache_host'} = $Config{services}{redis_cache_host} || "127.0.0.1";
+    $tags{'redis_cache_host'} = $Config{services}{redis_cache_port} || "6379";
+    $tags{'redis_ntlm_cache_host'} = $Config{services}{redis_ntlm_cache_host} || "127.0.0.1";
+    $tags{'redis_ntlm_cache_port'} = $Config{services}{redis_ntlm_cache_port} || "6383";
+
+    $tt->process("$conf_dir/radiusd/redis.conf", \%tags, "$install_dir/raddb/mods-enabled/redis") or die $tt->error();
+}
+
+
 sub generate_radiusd_authconf {
     my ($self, $tt) = @_;
     my %tags;