diff options
Diffstat (limited to '')
19 files changed, 880 insertions, 0 deletions
diff --git a/src/tests/salt-test-server/.gitignore b/src/tests/salt-test-server/.gitignore new file mode 100644 index 0000000..e3aa327 --- /dev/null +++ b/src/tests/salt-test-server/.gitignore @@ -0,0 +1,8 @@ +# Local files +*.swp +.DS_Store +*.md5 + +# Salt runtime directories +tmp +cache diff --git a/src/tests/salt-test-server/README b/src/tests/salt-test-server/README new file mode 100644 index 0000000..8265f46 --- /dev/null +++ b/src/tests/salt-test-server/README @@ -0,0 +1,3 @@ +Salt script to build the test VM required for running the ldap, mysql & postgres tests. + +See http://docs.saltstack.com/en/latest/index.html diff --git a/src/tests/salt-test-server/build.sh b/src/tests/salt-test-server/build.sh new file mode 100755 index 0000000..ad1873b --- /dev/null +++ b/src/tests/salt-test-server/build.sh @@ -0,0 +1 @@ +salt-ssh --config-dir=salt_config -l quiet "test-server" state.highstate diff --git a/src/tests/salt-test-server/salt/iptable.sls b/src/tests/salt-test-server/salt/iptable.sls new file mode 100644 index 0000000..7aefdd1 --- /dev/null +++ b/src/tests/salt-test-server/salt/iptable.sls @@ -0,0 +1,13 @@ +{% if grains['os'] == 'CentOS' %} +update_firewall: + file.managed: + - name: /etc/sysconfig/iptables + - source: salt://iptables + +reload_iptables: + cmd.wait: + - cwd: / + - name: service iptables reload + - watch: + - file: /etc/sysconfig/iptables +{% endif %} diff --git a/src/tests/salt-test-server/salt/iptables b/src/tests/salt-test-server/salt/iptables new file mode 100644 index 0000000..2e2d4a2 --- /dev/null +++ b/src/tests/salt-test-server/salt/iptables @@ -0,0 +1,15 @@ +# Generated by iptables-save v1.4.7 on Thu Feb 19 13:41:09 2015 +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT +-A INPUT -p tcp -m state --state NEW -m tcp --dport 5432 -j ACCEPT +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +-A INPUT -p icmp -j ACCEPT +-A INPUT -i lo -j ACCEPT +-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT +-A INPUT -j REJECT --reject-with icmp-host-prohibited +-A FORWARD -j REJECT --reject-with icmp-host-prohibited +COMMIT +# Completed on Thu Feb 19 13:41:09 2015 diff --git a/src/tests/salt-test-server/salt/ldap.sls b/src/tests/salt-test-server/salt/ldap.sls new file mode 100644 index 0000000..006abf8 --- /dev/null +++ b/src/tests/salt-test-server/salt/ldap.sls @@ -0,0 +1,41 @@ +{% if grains['os'] == 'Ubuntu' %} + +# In Ubuntu 14.10, openldap comes with a broken AppArmor profile (can't connect through socket) +# Disable AppArmor alltogether +/etc/init.d/apparmor teardown: + cmd.run + +update-rc.d -f apparmor remove: + cmd.run + +{% endif %} + +slapd: + pkg.installed + +ldap-utils: + pkg.installed + +# Copy ldif file for base structure +/root/base.ldif: + file.managed: + - source: salt://ldap/base.ldif + +# Copy ldif file for FreeRADIUS schema +/root/schema_freeradius.ldif: + file.managed: + - source: salt://ldap/schema_freeradius.ldif + +# Add FreeRADIUS schema +add_fr_schema: + cmd.run: + - name: "ldapadd -Y EXTERNAL -H ldapi:/// -f /root/schema_freeradius.ldif" + - cwd: /root/ + - unless: "/usr/bin/ldapsearch -Y EXTERNAL -H ldapi:/// -b cn={4}radius,cn=schema,cn=config -s base" + +# Create base structure in LDAP +build_base_structure: + cmd.run: + - name: "/usr/bin/ldapadd -Y EXTERNAL -H ldapi:/// -f /root/base.ldif" + - cwd: /root/ + - unless: "/usr/bin/ldapsearch -Y EXTERNAL -H ldapi:/// -b dc=example,dc=com -s base" diff --git a/src/tests/salt-test-server/salt/ldap/base.ldif b/src/tests/salt-test-server/salt/ldap/base.ldif new file mode 100644 index 0000000..7a7a1eb --- /dev/null +++ b/src/tests/salt-test-server/salt/ldap/base.ldif @@ -0,0 +1,80 @@ +# Database settings +dn: olcDatabase=mdb,cn=config +objectClass: olcDatabaseConfig +objectClass: olcMdbConfig +olcDatabase: {1}mdb +olcSuffix: dc=example,dc=com +olcDbDirectory: /tmp/ldap/db +olcRootDN: cn=admin,dc=example,dc=com +olcRootPW: {SSHA}SgCZuAcGQA5HlgKi+g5xwVyI2NhXRFYh +olcDbIndex: objectClass eq +olcLastMod: TRUE +olcDbCheckpoint: 512 30 +olcAccess: to attrs=userPassword by dn="cn=admin,dc=example,dc=com" write by anonymous auth by self write by * none +olcAccess: to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by dn="cn=admin,cn=config" manage +olcAccess: to attrs=shadowLastChange by self write by * read +olcAccess: to dn.base="" by * read +olcAccess: to * by dn="cn=admin,dc=example,dc=com" write by * read + +# Create top-level object in domain +dn: dc=example,dc=com +objectClass: top +objectClass: dcObject +objectclass: organization +o: Example Organization +dc: Example +description: LDAP Example + +dn: ou=people,dc=example,dc=com +objectClass: organizationalUnit +ou: people + +dn: ou=groups,dc=example,dc=com +objectClass: organizationalUnit +ou: groups + +# foo, groups, example.com +dn: cn=foo,ou=groups,dc=example,dc=com +cn: foo +objectClass: groupOfNames +objectClass: top +member: uid=john,ou=people,dc=example,dc=com + +dn: ou=profiles,dc=example,dc=com +objectClass: organizationalUnit +ou: profiles + +dn: cn=radprofile,ou=profiles,dc=example,dc=com +objectClass: radiusObjectProfile +objectClass: radiusprofile +cn: radprofile +radiusFramedIPNetmask: 255.255.255.0 + +dn: cn=profile1,ou=profiles,dc=example,dc=com +objectClass: radiusObjectProfile +objectClass: radiusprofile +cn: profile1 +radiusReplyAttribute: Framed-IP-Netmask := 255.255.0.0 +radiusReplyAttribute: Acct-Interim-Interval := 1800 +radiusRequestAttribute: Service-Type := Framed-User +radiusControlAttribute: Framed-IP-Address == 1.2.3.4 +radiusControlAttribute: Reply-Message == "Hello world" + +dn: uid=john,ou=people,dc=example,dc=com +objectClass: inetOrgPerson +objectClass: posixAccount +objectClass: shadowAccount +objectClass: radiusprofile +uid: john +sn: Doe +givenName: John +cn: John Doe +displayName: John Doe +userPassword: {cleartext}password +uidNumber: 100 +gidNumber: 100 +homeDirectory: /home/john +radiusIdleTimeout: 3600 +radiusAttribute: reply:Session-Timeout := 7200 +radiusAttribute: control:NAS-IP-Address := 1.2.3.4 +radiusProfileDN: cn=profile1,ou=profiles,dc=example,dc=com diff --git a/src/tests/salt-test-server/salt/ldap/base2.ldif b/src/tests/salt-test-server/salt/ldap/base2.ldif new file mode 100644 index 0000000..4ae6b07 --- /dev/null +++ b/src/tests/salt-test-server/salt/ldap/base2.ldif @@ -0,0 +1,81 @@ +# Database settings +dn: olcDatabase=mdb,cn=config +objectClass: olcDatabaseConfig +objectClass: olcMdbConfig +olcDatabase: {1}mdb +olcSuffix: dc=example,dc=com +olcDbDirectory: /tmp/ldap2/db +olcRootDN: cn=admin,dc=example,dc=com +olcRootPW: {SSHA}SgCZuAcGQA5HlgKi+g5xwVyI2NhXRFYh +olcDbIndex: objectClass eq +olcLastMod: TRUE +olcDbCheckpoint: 512 30 +olcAccess: to attrs=userPassword by dn="cn=admin,dc=example,dc=com" write by anonymous auth by self write by * none +olcAccess: to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by dn="cn=admin,cn=config" manage +olcAccess: to attrs=shadowLastChange by self write by * read +olcAccess: to dn.base="" by * read +olcAccess: to * by dn="cn=admin,dc=example,dc=com" write by * read + +# Create top-level object in domain +dn: dc=example,dc=com +objectClass: top +objectClass: dcObject +objectclass: organization +o: Example Organization +dc: Example +description: LDAP Example Two + +dn: dc=subdept,dc=example,dc=com +objectClass: organization +objectClass: dcObject +o: Sub org +dc: subdept + +dn: ou=people,dc=subdept,dc=example,dc=com +objectClass: organizationalUnit +ou: people + +dn: ou=groups,dc=subdept,dc=example,dc=com +objectClass: organizationalUnit +ou: groups + +dn: ou=profiles,dc=subdept,dc=example,dc=com +objectClass: organizationalUnit +ou: profiles + +dn: cn=radprofile,ou=profiles,dc=subdept,dc=example,dc=com +objectClass: radiusObjectProfile +objectClass: radiusprofile +cn: radprofile +radiusFramedIPNetmask: 255.255.255.0 + +dn: uid=fred,ou=people,dc=subdept,dc=example,dc=com +objectClass: inetOrgPerson +objectClass: posixAccount +objectClass: shadowAccount +objectClass: radiusprofile +uid: fred +sn: Jones +givenName: Fred +cn: Fred Jones +displayName: Fred Jones +userPassword: password +uidNumber: 100 +gidNumber: 100 +homeDirectory: /home/fred +radiusIdleTimeout: 3600 +radiusAttribute: reply.Session-Timeout := 7200 +radiusAttribute: control.NAS-IP-Address := 1.2.3.4 +radiusProfileDN: cn=radprofile,ou=profiles,ou=subdept,dc=example,dc=com + +dn: ou=offsite,dc=subdept,dc=example,dc=com +objectClass: referral +objectClass: extensibleObject +ou: offsite +ref: ldap://127.0.0.1:3890/dc=example,dc=com??sub + +dn: ou=bounce1,dc=subdept,dc=example,dc=com +objectClass: referral +objectClass: extensibleObject +ou: bounce1 +ref: ldap://127.0.0.1:3890/ou=bounce2,dc=example,dc=com??sub diff --git a/src/tests/salt-test-server/salt/ldap/schema_freeradius.ldif b/src/tests/salt-test-server/salt/ldap/schema_freeradius.ldif new file mode 100644 index 0000000..44d2cb9 --- /dev/null +++ b/src/tests/salt-test-server/salt/ldap/schema_freeradius.ldif @@ -0,0 +1,76 @@ +dn: cn=radius,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: radius +olcAttributeTypes: {0}( 1.3.6.1.4.1.11344.4.3.1.1 NAME 'radiusArapFeatures' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {1}( 1.3.6.1.4.1.11344.4.3.1.2 NAME 'radiusArapSecurity' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {2}( 1.3.6.1.4.1.11344.4.3.1.3 NAME 'radiusArapZoneAccess' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {3}( 1.3.6.1.4.1.11344.4.3.1.44 NAME 'radiusAuthType' DESC 'controlItem: Auth-Type' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {4}( 1.3.6.1.4.1.11344.4.3.1.4 NAME 'radiusCallbackId' DESC 'replyItem: Callback-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {5}( 1.3.6.1.4.1.11344.4.3.1.5 NAME 'radiusCallbackNumber' DESC 'replyItem: Callback-Number' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {6}( 1.3.6.1.4.1.11344.4.3.1.6 NAME 'radiusCalledStationId' DESC 'controlItem: Called-Station-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {7}( 1.3.6.1.4.1.11344.4.3.1.7 NAME 'radiusCallingStationId' DESC 'controlItem: Calling-Station-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {8}( 1.3.6.1.4.1.11344.4.3.1.8 NAME 'radiusClass' DESC 'replyItem: Class' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {9}( 1.3.6.1.4.1.11344.4.3.1.45 NAME 'radiusClientIPAddress' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {10}( 1.3.6.1.4.1.11344.4.3.1.9 NAME 'radiusFilterId' DESC 'replyItem: Filter-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {11}( 1.3.6.1.4.1.11344.4.3.1.10 NAME 'radiusFramedAppleTalkLink' DESC 'replyItem: Framed-AppleTalk-Link' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {12}( 1.3.6.1.4.1.11344.4.3.1.11 NAME 'radiusFramedAppleTalkNetwork' DESC 'replyItem: Framed-AppleTalk-Network' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {13}( 1.3.6.1.4.1.11344.4.3.1.12 NAME 'radiusFramedAppleTalkZone' DESC 'replyItem: Framed-AppleTalk-Zone' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {14}( 1.3.6.1.4.1.11344.4.3.1.13 NAME 'radiusFramedCompression' DESC 'replyItem: Framed-Compression' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {15}( 1.3.6.1.4.1.11344.4.3.1.14 NAME 'radiusFramedIPAddress' DESC 'replyItem: Framed-IP-Address' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {16}( 1.3.6.1.4.1.11344.4.3.1.15 NAME 'radiusFramedIPNetmask' DESC 'replyItem: Framed-IP-Netmask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {17}( 1.3.6.1.4.1.11344.4.3.1.16 NAME 'radiusFramedIPXNetwork' DESC 'replyItem: Framed-IPX-Network' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {18}( 1.3.6.1.4.1.11344.4.3.1.17 NAME 'radiusFramedMTU' DESC' replyItem: Framed-MTU' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {19}( 1.3.6.1.4.1.11344.4.3.1.18 NAME 'radiusFramedProtocol'DESC 'replyItem: Framed-Protocol' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {20}( 1.3.6.1.4.1.11344.4.3.1.19 NAME 'radiusFramedRoute' DESC 'replyItem: Framed-Route' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {21}( 1.3.6.1.4.1.11344.4.3.1.20 NAME 'radiusFramedRouting' DESC 'replyItem: Framed-Routing' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {22}( 1.3.6.1.4.1.11344.4.3.1.46 NAME 'radiusGroupName' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {23}( 1.3.6.1.4.1.11344.4.3.1.47 NAME 'radiusHint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {24}( 1.3.6.1.4.1.11344.4.3.1.48 NAME 'radiusHuntgroupName' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {25}( 1.3.6.1.4.1.11344.4.3.1.21 NAME 'radiusIdleTimeout' DESC 'replyItem: Idle-Timeout' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {26}( 1.3.6.1.4.1.11344.4.3.1.22 NAME 'radiusLoginIPHost' DESC 'replyItem: Login-IP-Host' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {27}( 1.3.6.1.4.1.11344.4.3.1.23 NAME 'radiusLoginLATGroup' DESC 'replyItem: Login-LAT-Group' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {28}( 1.3.6.1.4.1.11344.4.3.1.24 NAME 'radiusLoginLATNode' DESC 'replyItem: Login-LAT-Node' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {29}( 1.3.6.1.4.1.11344.4.3.1.25 NAME 'radiusLoginLATPort' DESC 'replyItem: Login-LAT-Port' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {30}( 1.3.6.1.4.1.11344.4.3.1.26 NAME 'radiusLoginLATService' DESC 'replyItem: Login-LAT-Service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {31}( 1.3.6.1.4.1.11344.4.3.1.27 NAME 'radiusLoginService' DESC 'replyItem: Login-Service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {32}( 1.3.6.1.4.1.11344.4.3.1.28 NAME 'radiusLoginTCPPort' DESC 'replyItem: Login-TCP-Port' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {33}( 1.3.6.1.4.1.11344.4.3.1.29 NAME 'radiusPasswordRetry' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {34}( 1.3.6.1.4.1.11344.4.3.1.30 NAME 'radiusPortLimit' DESC 'replyItem: Port-Limit' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {35}( 1.3.6.1.4.1.11344.4.3.1.49 NAME 'radiusProfileDN' DESC '' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +olcAttributeTypes: {36}( 1.3.6.1.4.1.11344.4.3.1.31 NAME 'radiusPrompt' DESC ''EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {37}( 1.3.6.1.4.1.11344.4.3.1.50 NAME 'radiusProxyToRealm' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {38}( 1.3.6.1.4.1.11344.4.3.1.51 NAME 'radiusReplicateToRealm' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {39}( 1.3.6.1.4.1.11344.4.3.1.52 NAME 'radiusRealm' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE) +olcAttributeTypes: {40}( 1.3.6.1.4.1.11344.4.3.1.32 NAME 'radiusServiceType' DESC 'replyItem: Service-Type' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {41}( 1.3.6.1.4.1.11344.4.3.1.33 NAME 'radiusSessionTimeout'DESC 'replyItem: Session-Timeout' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {42}( 1.3.6.1.4.1.11344.4.3.1.34 NAME 'radiusTerminationAction' DESC 'replyItem: Termination-Action' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {43}( 1.3.6.1.4.1.11344.4.3.1.35 NAME 'radiusTunnelAssignmentId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) +olcAttributeTypes: {44}( 1.3.6.1.4.1.11344.4.3.1.36 NAME 'radiusTunnelMediumType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {45}( 1.3.6.1.4.1.11344.4.3.1.37 NAME 'radiusTunnelPassword' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {46}( 1.3.6.1.4.1.11344.4.3.1.38 NAME 'radiusTunnelPreference' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {47}( 1.3.6.1.4.1.11344.4.3.1.39 NAME 'radiusTunnelPrivateGroupId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {48}( 1.3.6.1.4.1.11344.4.3.1.40 NAME 'radiusTunnelServerEndpoint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {49}( 1.3.6.1.4.1.11344.4.3.1.41 NAME 'radiusTunnelType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {50}( 1.3.6.1.4.1.11344.4.3.1.42 NAME 'radiusVSA' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {51}( 1.3.6.1.4.1.11344.4.3.1.43 NAME 'radiusTunnelClientEndpoint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {52}( 1.3.6.1.4.1.11344.4.3.1.53 NAME 'radiusSimultaneousUse' DESC 'controlItem: Simultaneous-Use' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {53}( 1.3.6.1.4.1.11344.4.3.1.54 NAME 'radiusLoginTime' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {54}( 1.3.6.1.4.1.11344.4.3.1.55 NAME 'radiusUserCategory' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {55}( 1.3.6.1.4.1.11344.4.3.1.56 NAME 'radiusStripUserName' DESC '' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +olcAttributeTypes: {56}( 1.3.6.1.4.1.11344.4.3.1.57 NAME 'dialupAccess' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {57}( 1.3.6.1.4.1.11344.4.3.1.58 NAME 'radiusExpiration' DESC 'controlItem: Expiration' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {58}( 1.3.6.1.4.1.11344.4.3.1.59 NAME 'radiusAttribute' DESC 'controlItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {59}( 1.3.6.1.4.1.11344.4.3.1.61 NAME 'radiusNASIpAddress' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {60}( 1.3.6.1.4.1.11344.4.3.1.62 NAME 'radiusReplyMessage' DESC 'replyItem: Reply-Message' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {61}( 1.3.6.1.4.1.11344.4.3.1.63 NAME 'radiusControlAttribute' DESC 'controlItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {62}( 1.3.6.1.4.1.11344.4.3.1.64 NAME 'radiusReplyAttribute' DESC 'replyItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {63}( 1.3.6.1.4.1.11344.4.3.1.65 NAME 'radiusRequestAttribute' DESC 'requestItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcObjectClasses: {0}( 1.3.6.1.4.1.11344.4.3.2.1 NAME 'radiusprofile' DESC '' SUP top AUXILIARY MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $ radiusAuthType $ + radiusCallbackId $ radiusCallbackNumber $radiusCalledStationId $ radiusCallingStationId $ radiusClass $ radiusClientIPAddress $ radiusFilterId $ radiusFramedAppleTalkLink $ radiusFramedAppleTalkNetwork $ + radiusFramedAppleTalkZone $ radiusFramedCompression $ radiusFramedIPAddress $ radiusFramedIPNetmask $ radiusFramedIPXNetwork $ radiusFramedMTU $radiusFramedProtocol $ radiusAttribute $ + radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $ radiusGroupName $ radiusHint $ radiusHuntgroupName $ radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $ radiusLoginLATPort $ + radiusLoginLATService $ radiusLoginService $ radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $ radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $ radiusRealm $ radiusReplicateToRealm $ + radiusServiceType $ radiusSessionTimeout $ radiusStripUserName $ radiusTerminationAction $ radiusTunnelClientEndpoint $ radiusProfileDN $ radiusSimultaneousUse $ radiusTunnelAssignmentId $ + radiusTunnelMediumType $ radiusTunnelPassword $ radiusTunnelPreference $ radiusTunnelPrivateGroupId $ radiusTunnelServerEndpoint $ radiusTunnelType $ radiusUserCategory $ radiusVSA $ radiusExpiration $ + dialupAccess $ radiusNASIpAddress $ radiusReplyMessage $ radiusControlAttribute $ radiusReplyAttribute $ radiusRequestAttribute ) ) +olcObjectClasses: {1}( 1.3.6.1.4.1.11344.4.3.2.2 NAME 'radiusObjectProfile' DESC 'A Container Objectclass to be used for creating radius profile object' SUP top STRUCTURAL MUST cn MAY ( uid $ userPassword $ description ) ) diff --git a/src/tests/salt-test-server/salt/mysql.sls b/src/tests/salt-test-server/salt/mysql.sls new file mode 100644 index 0000000..df1ea00 --- /dev/null +++ b/src/tests/salt-test-server/salt/mysql.sls @@ -0,0 +1,74 @@ +mysql-server: + pkg.installed + +# On Ubuntu, the default MySQL install only listens on localhost +/etc/mysql/my.cnf: +{% if grains['os'] == 'Ubuntu' %} + file.sed: + - before: 127.0.0.1 + - after: 0.0.0.0 + - limit: ^bind-address\s+= + - require: + - pkg: mysql-server +{% else %} + file.exists +{% endif %} + +mysql_daemon: + service: +{% if grains['os'] == 'CentOS' %} + - name: mysqld +{% elif grains['os'] == 'Ubuntu' or grains['os'] == 'Debian' %} + - name: mysql +{% endif %} + - running + - enable: True + - watch: + - file: /etc/mysql/my.cnf + - require: + - pkg: mysql-server + +## FW rules don't work well with CentOS < 7 +# Insert is run each time +# +# iptables.insert: +# - position: 1 +# - table: filter +# - chain: INPUT +# - j: ACCEPT # Use 'j' instead of 'jump' because iptables-save outputs 'j' flag. +# - match: state +# - connstate: NEW +# - dport: 3306 +# - proto: tcp +# - save: True + +# Copy DB schema file +/salt/mysql/schema.sql: + file.managed: + - source: salt://mysql/schema.sql + - makedirs: true + +# Copy DB setup script +/salt/mysql/setup.sql: + file.managed: + - source: salt://mysql/setup.sql + - makedirs: true + +# Create DB +echo "CREATE DATABASE radius" | mysql: + cmd.run: + - creates: /var/lib/mysql/radius/db.opt + +# Create FreeRADIUS schema +mysql radius < /salt/mysql/schema.sql: + cmd.run: + - unless: "echo 'desc radacct' | mysql radius" + - require: + - file: /salt/mysql/schema.sql + +# Setup DB access +mysql radius < /salt/mysql/setup.sql: + cmd.run: + - unless: "echo \"show grants for 'radius';\" | mysql" + - require: + - file: /salt/mysql/setup.sql diff --git a/src/tests/salt-test-server/salt/mysql/schema.sql b/src/tests/salt-test-server/salt/mysql/schema.sql new file mode 100644 index 0000000..7761a62 --- /dev/null +++ b/src/tests/salt-test-server/salt/mysql/schema.sql @@ -0,0 +1,150 @@ +########################################################################### +# $Id$ # +# # +# schema.sql rlm_sql - FreeRADIUS SQL Module # +# # +# Database schema for MySQL rlm_sql module # +# # +# To load: # +# mysql -uroot -prootpass radius < schema.sql # +# # +# Mike Machado <mike@innercite.com> # +########################################################################### +# +# Table structure for table 'radacct' +# + +CREATE TABLE radacct ( + radacctid bigint(21) NOT NULL auto_increment, + acctsessionid varchar(64) NOT NULL default '', + acctuniqueid varchar(32) NOT NULL default '', + username varchar(64) NOT NULL default '', + groupname varchar(64) NOT NULL default '', + realm varchar(64) default '', + nasipaddress varchar(15) NOT NULL default '', + nasportid varchar(50) default NULL, + nasporttype varchar(32) default NULL, + acctstarttime datetime NULL default NULL, + acctupdatetime datetime NULL default NULL, + acctstoptime datetime NULL default NULL, + acctinterval int(12) default NULL, + acctsessiontime int(12) unsigned default NULL, + acctauthentic varchar(32) default NULL, + connectinfo_start varchar(50) default NULL, + connectinfo_stop varchar(50) default NULL, + acctinputoctets bigint(20) default NULL, + acctoutputoctets bigint(20) default NULL, + calledstationid varchar(50) NOT NULL default '', + callingstationid varchar(50) NOT NULL default '', + acctterminatecause varchar(32) NOT NULL default '', + servicetype varchar(32) default NULL, + framedprotocol varchar(32) default NULL, + framedipaddress varchar(15) NOT NULL default '', + PRIMARY KEY (radacctid), + UNIQUE KEY acctuniqueid (acctuniqueid), + KEY username (username), + KEY framedipaddress (framedipaddress), + KEY acctsessionid (acctsessionid), + KEY acctsessiontime (acctsessiontime), + KEY acctstarttime (acctstarttime), + KEY acctinterval (acctinterval), + KEY acctstoptime (acctstoptime), + KEY nasipaddress (nasipaddress) +) ENGINE = INNODB; + +# +# Table structure for table 'radcheck' +# + +CREATE TABLE radcheck ( + id int(11) unsigned NOT NULL auto_increment, + username varchar(64) NOT NULL default '', + attribute varchar(64) NOT NULL default '', + op char(2) NOT NULL DEFAULT '==', + value varchar(253) NOT NULL default '', + PRIMARY KEY (id), + KEY username (username(32)) +); + +# +# Table structure for table 'radgroupcheck' +# + +CREATE TABLE radgroupcheck ( + id int(11) unsigned NOT NULL auto_increment, + groupname varchar(64) NOT NULL default '', + attribute varchar(64) NOT NULL default '', + op char(2) NOT NULL DEFAULT '==', + value varchar(253) NOT NULL default '', + PRIMARY KEY (id), + KEY groupname (groupname(32)) +); + +# +# Table structure for table 'radgroupreply' +# + +CREATE TABLE radgroupreply ( + id int(11) unsigned NOT NULL auto_increment, + groupname varchar(64) NOT NULL default '', + attribute varchar(64) NOT NULL default '', + op char(2) NOT NULL DEFAULT '=', + value varchar(253) NOT NULL default '', + PRIMARY KEY (id), + KEY groupname (groupname(32)) +); + +# +# Table structure for table 'radreply' +# + +CREATE TABLE radreply ( + id int(11) unsigned NOT NULL auto_increment, + username varchar(64) NOT NULL default '', + attribute varchar(64) NOT NULL default '', + op char(2) NOT NULL DEFAULT '=', + value varchar(253) NOT NULL default '', + PRIMARY KEY (id), + KEY username (username(32)) +); + + +# +# Table structure for table 'radusergroup' +# + +CREATE TABLE radusergroup ( + username varchar(64) NOT NULL default '', + groupname varchar(64) NOT NULL default '', + priority int(11) NOT NULL default '1', + KEY username (username(32)) +); + +# +# Table structure for table 'radpostauth' +# +CREATE TABLE radpostauth ( + id int(11) NOT NULL auto_increment, + username varchar(64) NOT NULL default '', + pass varchar(64) NOT NULL default '', + reply varchar(32) NOT NULL default '', + authdate timestamp NOT NULL, + PRIMARY KEY (id) +) ENGINE = INNODB; + +# +# Table structure for table 'nas' +# +CREATE TABLE nas ( + id int(10) NOT NULL auto_increment, + nasname varchar(128) NOT NULL, + shortname varchar(32), + type varchar(30) DEFAULT 'other', + ports int(5), + secret varchar(60) DEFAULT 'secret' NOT NULL, + server varchar(64), + community varchar(50), + description varchar(200) DEFAULT 'RADIUS Client', + PRIMARY KEY (id), + KEY nasname (nasname) +); diff --git a/src/tests/salt-test-server/salt/mysql/setup.sql b/src/tests/salt-test-server/salt/mysql/setup.sql new file mode 100644 index 0000000..3b9ec54 --- /dev/null +++ b/src/tests/salt-test-server/salt/mysql/setup.sql @@ -0,0 +1,18 @@ +# -*- text -*- +## +## admin.sql -- MySQL commands for creating the RADIUS user. +## +## WARNING: You should change 'localhost' and 'radpass' +## to something else. Also update raddb/sql.conf +## with the new RADIUS password. +## +## $Id$ + +# +# Create default administrator for RADIUS +# +CREATE USER 'radius'; +SET PASSWORD FOR 'radius' = PASSWORD('radpass'); + +# Need to read when running RADIUS and delete for cleanup +GRANT ALL ON radius.* TO 'radius'; diff --git a/src/tests/salt-test-server/salt/ntp.sls b/src/tests/salt-test-server/salt/ntp.sls new file mode 100644 index 0000000..66434ff --- /dev/null +++ b/src/tests/salt-test-server/salt/ntp.sls @@ -0,0 +1,22 @@ +UTC: + timezone.system + +ntp_daemon: + # Make sure ntp is installed and running + pkg: +{% if grains['os'] == 'CentOS' or grains['os'] == 'Ubuntu' or grains['os'] == 'Debian' %} + - name: ntp +{% elif grains['os'] == 'FreeBSD' %} + - name: openntpd +{% endif %} + - installed + +# Make sure ntpd is running and enabled (start on boot) +{% if grains['os'] == 'CentOS' or grains['os'] == 'FreeBSD' %} +ntpd: +{% elif grains['os'] == 'Ubuntu' or grains['os'] == 'Debian' %} +ntp: +{% endif %} + service: + - running + - enable: True diff --git a/src/tests/salt-test-server/salt/postgres.sls b/src/tests/salt-test-server/salt/postgres.sls new file mode 100644 index 0000000..26fc4e6 --- /dev/null +++ b/src/tests/salt-test-server/salt/postgres.sls @@ -0,0 +1,71 @@ +postgresql: + # Install postgres and make sure it is running and starts on boot + pkg: + - installed + # Only try to start service after DB has been initialized (will fail otherwise) + service: + - name: postgresql + - running + - enable: True + +postgres_set_interface: + file.sed: + - name: /etc/postgresql/9.4/main/postgresql.conf + - before: ^\#listen_addresses = 'localhost' + - after: listen_addresses = '*' + +postgres_password_auth: + # Add authentication from anywhere + file.append: + - name: /etc/postgresql/9.4/main/pg_hba.conf + - text: + - host radius radius 0.0.0.0/0 md5 + +postgres_restart: + # Restart postgres after changes to the config file (reload isn't enough) + cmd.wait: + - cwd: / + - name: service postgresql restart + - require: + - pkg: postgresql + - file: postgres_password_auth + - file: postgres_set_interface + - watch: + - file: /etc/postgresql/9.4/main/postgresql.conf + - file: /etc/postgresql/9.4/main/pg_hba.conf + +# Copy DB schema file +/salt/postgres/schema.sql: + file.managed: + - source: salt://postgres/schema.sql + - makedirs: true + +# Copy DB setup script +/salt/postgres/setup.sql: + file.managed: + - source: salt://postgres/setup.sql + - makedirs: true + +# Create DB +create_db: + cmd.run: + - cwd: / + - name: createdb radius + - user: postgres + - unless: psql --list | grep radius + +# Create FreeRADIUS schema +psql radius < /salt/postgres/schema.sql: + cmd.run: + - user: postgres + - unless: "echo '\\dt public.*' | psql radius | grep radacct;" + - require: + - file: /salt/postgres/schema.sql + +# Setup DB access +psql radius < /salt/postgres/setup.sql: + cmd.run: + - user: postgres + - unless: "echo '\\du' | psql radius | grep radius" + - require: + - file: /salt/postgres/setup.sql diff --git a/src/tests/salt-test-server/salt/postgres/schema.sql b/src/tests/salt-test-server/salt/postgres/schema.sql new file mode 100644 index 0000000..c94ee9e --- /dev/null +++ b/src/tests/salt-test-server/salt/postgres/schema.sql @@ -0,0 +1,183 @@ +/* + * $Id$ + * + * Postgresql schema for FreeRADIUS + * + * All field lengths need checking as some are still suboptimal. -pnixon 2003-07-13 + * + */ + +/* + * Table structure for table 'radacct' + * + * Note: Column type bigserial does not exist prior to Postgres 7.2 + * If you run an older version you need to change this to serial + */ +CREATE TABLE radacct ( + RadAcctId bigserial PRIMARY KEY, + AcctSessionId text NOT NULL, + AcctUniqueId text NOT NULL UNIQUE, + UserName text, + GroupName text, + Realm text, + NASIPAddress inet NOT NULL, + NASPortId text, + NASPortType text, + AcctStartTime timestamp with time zone, + AcctUpdateTime timestamp with time zone, + AcctStopTime timestamp with time zone, + AcctInterval bigint, + AcctSessionTime bigint, + AcctAuthentic text, + ConnectInfo_start text, + ConnectInfo_stop text, + AcctInputOctets bigint, + AcctOutputOctets bigint, + CalledStationId text, + CallingStationId text, + AcctTerminateCause text, + ServiceType text, + FramedProtocol text, + FramedIPAddress inet +); +-- This index may be useful.. +-- CREATE UNIQUE INDEX radacct_whoson on radacct (AcctStartTime, nasipaddress); + +-- For use by update-, stop- and simul_* queries +CREATE INDEX radacct_active_session_idx ON radacct (AcctUniqueId) WHERE AcctStopTime IS NULL; + +-- Add if you you regularly have to replay packets +-- CREATE INDEX radacct_session_idx ON radacct (AcctUniqueId); + +-- For backwards compatibility +-- CREATE INDEX radacct_active_user_idx ON radacct (AcctSessionId, UserName, NASIPAddress) WHERE AcctStopTime IS NULL; + +-- For use by onoff- +CREATE INDEX radacct_bulk_close ON radacct (NASIPAddress, AcctStartTime) WHERE AcctStopTime IS NULL; + +-- and for common statistic queries: +CREATE INDEX radacct_start_user_idx ON radacct (AcctStartTime, UserName); +-- and, optionally +-- CREATE INDEX radacct_stop_user_idx ON radacct (acctStopTime, UserName); + +/* + * There was WAAAY too many indexes previously. This combo index + * should take care of the most common searches. + * I have commented out all the old indexes, but left them in case + * someone wants them. I don't recomend anywone use them all at once + * as they will slow down your DB too much. + * - pnixon 2003-07-13 + */ + +/* + * create index radacct_UserName on radacct (UserName); + * create index radacct_AcctSessionId on radacct (AcctSessionId); + * create index radacct_AcctUniqueId on radacct (AcctUniqueId); + * create index radacct_FramedIPAddress on radacct (FramedIPAddress); + * create index radacct_NASIPAddress on radacct (NASIPAddress); + * create index radacct_AcctStartTime on radacct (AcctStartTime); + * create index radacct_AcctStopTime on radacct (AcctStopTime); +*/ + + + +/* + * Table structure for table 'radcheck' + */ +CREATE TABLE radcheck ( + id serial PRIMARY KEY, + UserName text NOT NULL DEFAULT '', + Attribute text NOT NULL DEFAULT '', + op VARCHAR(2) NOT NULL DEFAULT '==', + Value text NOT NULL DEFAULT '' +); +create index radcheck_UserName on radcheck (UserName,Attribute); +/* + * Use this index if you use case insensitive queries + */ +-- create index radcheck_UserName_lower on radcheck (lower(UserName),Attribute); + +/* + * Table structure for table 'radgroupcheck' + */ +CREATE TABLE radgroupcheck ( + id serial PRIMARY KEY, + GroupName text NOT NULL DEFAULT '', + Attribute text NOT NULL DEFAULT '', + op VARCHAR(2) NOT NULL DEFAULT '==', + Value text NOT NULL DEFAULT '' +); +create index radgroupcheck_GroupName on radgroupcheck (GroupName,Attribute); + +/* + * Table structure for table 'radgroupreply' + */ +CREATE TABLE radgroupreply ( + id serial PRIMARY KEY, + GroupName text NOT NULL DEFAULT '', + Attribute text NOT NULL DEFAULT '', + op VARCHAR(2) NOT NULL DEFAULT '=', + Value text NOT NULL DEFAULT '' +); +create index radgroupreply_GroupName on radgroupreply (GroupName,Attribute); + +/* + * Table structure for table 'radreply' + */ +CREATE TABLE radreply ( + id serial PRIMARY KEY, + UserName text NOT NULL DEFAULT '', + Attribute text NOT NULL DEFAULT '', + op VARCHAR(2) NOT NULL DEFAULT '=', + Value text NOT NULL DEFAULT '' +); +create index radreply_UserName on radreply (UserName,Attribute); +/* + * Use this index if you use case insensitive queries + */ +-- create index radreply_UserName_lower on radreply (lower(UserName),Attribute); + +/* + * Table structure for table 'radusergroup' + */ +CREATE TABLE radusergroup ( + id serial PRIMARY KEY, + UserName text NOT NULL DEFAULT '', + GroupName text NOT NULL DEFAULT '', + priority integer NOT NULL DEFAULT 0 +); +create index radusergroup_UserName on radusergroup (UserName); +/* + * Use this index if you use case insensitive queries + */ +-- create index radusergroup_UserName_lower on radusergroup (lower(UserName)); + +-- +-- Table structure for table 'radpostauth' +-- + +CREATE TABLE radpostauth ( + id bigserial PRIMARY KEY, + username text NOT NULL, + pass text, + reply text, + CalledStationId text, + CallingStationId text, + authdate timestamp with time zone NOT NULL default now() +); + +/* + * Table structure for table 'nas' + */ +CREATE TABLE nas ( + id serial PRIMARY KEY, + nasname text NOT NULL, + shortname text NOT NULL, + type text NOT NULL DEFAULT 'other', + ports integer, + secret text NOT NULL, + server text, + community text, + description text +); +create index nas_nasname on nas (nasname); diff --git a/src/tests/salt-test-server/salt/postgres/setup.sql b/src/tests/salt-test-server/salt/postgres/setup.sql new file mode 100644 index 0000000..6b41aa1 --- /dev/null +++ b/src/tests/salt-test-server/salt/postgres/setup.sql @@ -0,0 +1,21 @@ +/* + * admin.sql -- PostgreSQL commands for creating the RADIUS user. + * + * WARNING: You should change 'localhost' and 'radpass' + * to something else. Also update raddb/sql.conf + * with the new RADIUS password. + * + * WARNING: This example file is untested. Use at your own risk. + * Please send any bug fixes to the mailing list. + * + * $Id$ + */ + +/* + * Create default administrator for RADIUS + */ +CREATE USER radius WITH PASSWORD 'radpass'; + +/* radius user needs ti clean tables in test env */ +GRANT ALL ON ALL TABLES IN SCHEMA public TO radius; +GRANT SELECT, USAGE ON ALL SEQUENCES IN schema public TO radius; diff --git a/src/tests/salt-test-server/salt/top.sls b/src/tests/salt-test-server/salt/top.sls new file mode 100644 index 0000000..efba703 --- /dev/null +++ b/src/tests/salt-test-server/salt/top.sls @@ -0,0 +1,7 @@ +base: + 'test-server': + - ntp + - mysql + - postgres + - ldap + - iptable diff --git a/src/tests/salt-test-server/salt_config/master b/src/tests/salt-test-server/salt_config/master new file mode 100644 index 0000000..257396a --- /dev/null +++ b/src/tests/salt-test-server/salt_config/master @@ -0,0 +1,12 @@ +root_dir: . +# pki_dir and cachedir are prefixed with root_dir +pki_dir: /tmp/ +cachedir: /cache/ +file_roots: + base: + # salt directory in current working directory + - salt +pillar_roots: + base: + # pillar directory in current working directory + - pillar diff --git a/src/tests/salt-test-server/salt_config/roster b/src/tests/salt-test-server/salt_config/roster new file mode 100644 index 0000000..8958bd1 --- /dev/null +++ b/src/tests/salt-test-server/salt_config/roster @@ -0,0 +1,4 @@ +test-server: + host: 192.168.2.132 + user: root + passwd: root |