97 lines
2.7 KiB
Bash
Executable File
97 lines
2.7 KiB
Bash
Executable File
#!/bin/bash
|
|
# Deploy Device Manager RADIUS client to FreeRADIUS server
|
|
set -e
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
RADIUS_PYTHON_DIR="${RADIUS_PYTHON_DIR:-/etc/freeradius/3.0/mods-config/python3}"
|
|
SYSTEMD_OVERRIDE_DIR="/etc/systemd/system/freeradius.service.d"
|
|
|
|
echo "Device Manager RADIUS Client Installation"
|
|
echo "=========================================="
|
|
echo
|
|
|
|
# Check if running as root
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "Error: This script must be run as root (use sudo)"
|
|
exit 1
|
|
fi
|
|
|
|
# Check if FreeRADIUS is installed
|
|
if ! command -v freeradius &> /dev/null; then
|
|
echo "Error: FreeRADIUS is not installed"
|
|
exit 1
|
|
fi
|
|
|
|
echo "1. Copying device_manager_radius.py to $RADIUS_PYTHON_DIR..."
|
|
mkdir -p "$RADIUS_PYTHON_DIR"
|
|
cp "$SCRIPT_DIR/device_manager_radius.py" "$RADIUS_PYTHON_DIR/"
|
|
chmod 644 "$RADIUS_PYTHON_DIR/device_manager_radius.py"
|
|
echo " ✓ Module copied"
|
|
|
|
echo
|
|
echo "2. Setting up environment configuration..."
|
|
if [ ! -d "$SYSTEMD_OVERRIDE_DIR" ]; then
|
|
mkdir -p "$SYSTEMD_OVERRIDE_DIR"
|
|
fi
|
|
|
|
# Prompt for configuration
|
|
read -p "Enter Frappe server URL (e.g., https://device-manager.example.edu): " FRAPPE_URL
|
|
read -p "Enter API Key: " API_KEY
|
|
read -sp "Enter API Secret: " API_SECRET
|
|
echo
|
|
|
|
# Create systemd override
|
|
cat > "$SYSTEMD_OVERRIDE_DIR/device-manager.conf" << EOF
|
|
[Service]
|
|
Environment="DEVICE_MANAGER_FRAPPE_URL=$FRAPPE_URL"
|
|
Environment="DEVICE_MANAGER_API_KEY=$API_KEY"
|
|
Environment="DEVICE_MANAGER_API_SECRET=$API_SECRET"
|
|
Environment="DEVICE_MANAGER_CACHE_PATH=/var/lib/freeradius/device_manager_verifier_cache.sqlite3"
|
|
Environment="DEVICE_MANAGER_HTTP_TIMEOUT=2.5"
|
|
EOF
|
|
|
|
chmod 600 "$SYSTEMD_OVERRIDE_DIR/device-manager.conf"
|
|
echo " ✓ Environment configured"
|
|
|
|
echo
|
|
echo "3. Creating cache directory..."
|
|
mkdir -p /var/lib/freeradius
|
|
chown freerad:freerad /var/lib/freeradius
|
|
chmod 750 /var/lib/freeradius
|
|
echo " ✓ Cache directory created"
|
|
|
|
echo
|
|
echo "4. Reloading systemd configuration..."
|
|
systemctl daemon-reload
|
|
echo " ✓ Systemd reloaded"
|
|
|
|
echo
|
|
echo "Installation complete!"
|
|
echo
|
|
echo "Next steps:"
|
|
echo "1. Configure FreeRADIUS module in /etc/freeradius/3.0/mods-available/python3:"
|
|
echo
|
|
cat << 'EOF'
|
|
python3 device_manager_radius {
|
|
module = device_manager_radius
|
|
instantiate = ${.module}
|
|
authorize = ${.module}
|
|
post_auth = ${.module}
|
|
}
|
|
EOF
|
|
echo
|
|
echo "2. Enable the module:"
|
|
echo " ln -s ../mods-available/python3 /etc/freeradius/3.0/mods-enabled/python3"
|
|
echo
|
|
echo "3. Add to your virtual server authorize section:"
|
|
echo " device_manager_radius"
|
|
echo
|
|
echo "4. Add to your virtual server post-auth section:"
|
|
echo " device_manager_radius"
|
|
echo
|
|
echo "5. Test configuration:"
|
|
echo " freeradius -X"
|
|
echo
|
|
echo "6. Restart FreeRADIUS:"
|
|
echo " systemctl restart freeradius"
|