From 84ddb2f563ce9507a23feea61fde0b9d6519781a Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Wed, 5 Jun 2024 10:17:27 -0400 Subject: [PATCH 1/6] Fixes logic when pfacct and radius-acct are enabled --- lib/pf/services/manager/pfacct.pm | 12 ++++++++++-- lib/pf/services/manager/radiusd_child.pm | 12 ++++++++++-- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/lib/pf/services/manager/pfacct.pm b/lib/pf/services/manager/pfacct.pm index 64d643752a39..21fdb77e6931 100644 --- a/lib/pf/services/manager/pfacct.pm +++ b/lib/pf/services/manager/pfacct.pm @@ -18,6 +18,7 @@ use Template; use pf::cluster; use pf::config qw( $management_network + %Config ); extends 'pf::services::manager'; @@ -61,12 +62,19 @@ sub generate_container_environments { my $management_ip = $management_network->tag('ip'); my $port = '1813'; - if ($cluster_enabled) { + my $listeningIp = $management_ip; + if ($cluster_enabled || isenabled($Config{services}{radiusd_acct})) { $port = '1823'; } + if ($cluster_enabled && isenabled($Config{services}{radiusd_acct})) { + $port = '1833'; + } + if (isenabled($Config{services}{radiusd_acct})) { + $listeningIp = '127.0.0.1'; + } my $vars = { env_dict => { - PFACCT_ADDRESS=> "$port", + PFACCT_ADDRESS=> "$listeningIp:$port", }, }; $tt->process("/usr/local/pf/containers/environment.template", $vars, "/usr/local/pf/var/conf/acct.env") or die $tt->error(); diff --git a/lib/pf/services/manager/radiusd_child.pm b/lib/pf/services/manager/radiusd_child.pm index bcad8c268614..42ea6efd26ad 100644 --- a/lib/pf/services/manager/radiusd_child.pm +++ b/lib/pf/services/manager/radiusd_child.pm @@ -1079,7 +1079,15 @@ EOT if(isenabled($Config{services}{pfacct})) { my $management_ip = defined($management_network->tag('vip')) ? $management_network->tag('vip') : $management_network->tag('ip'); - $tags{'pfacct'} = <<"EOT"; + my $port = '1813'; + if ($cluster_enabled || isenabled($Config{services}{radiusd_acct})) { + $port = '1823'; + } + if ($cluster_enabled && isenabled($Config{services}{radiusd_acct})) { + $port = '1833'; + } + + $tags{'pfacct'} = <<"EOT"; # pfacct configuration realm pfacct { @@ -1094,7 +1102,7 @@ home_server_pool pfacct_pool { home_server pfacct_local { type = acct ipaddr = 127.0.0.1 - port = 1813 + port = $port secret = '$local_secret' src_ipaddr = $management_ip } From 8c9e4ae0615e9e311a137c8c224114533ee34816 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Thu, 8 Aug 2024 11:37:39 +0200 Subject: [PATCH 2/6] Listen everywhere by default --- lib/pf/services/manager/pfacct.pm | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/pf/services/manager/pfacct.pm b/lib/pf/services/manager/pfacct.pm index 21fdb77e6931..3d8a9efbedbf 100644 --- a/lib/pf/services/manager/pfacct.pm +++ b/lib/pf/services/manager/pfacct.pm @@ -59,10 +59,9 @@ Generate the environment variables for running the container sub generate_container_environments { my ($self, $tt) = @_; - my $management_ip = $management_network->tag('ip'); my $port = '1813'; - my $listeningIp = $management_ip; + my $listeningIp = ""; if ($cluster_enabled || isenabled($Config{services}{radiusd_acct})) { $port = '1823'; } From 9f8fea72639ea79874541956f4b08b6cd559f37b Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Thu, 29 Aug 2024 15:14:24 -0400 Subject: [PATCH 3/6] Fixed logic --- lib/pf/services/manager/pfacct.pm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/pf/services/manager/pfacct.pm b/lib/pf/services/manager/pfacct.pm index 3d8a9efbedbf..6ddbeb6854d6 100644 --- a/lib/pf/services/manager/pfacct.pm +++ b/lib/pf/services/manager/pfacct.pm @@ -68,12 +68,14 @@ sub generate_container_environments { if ($cluster_enabled && isenabled($Config{services}{radiusd_acct})) { $port = '1833'; } + my $listen = $port; if (isenabled($Config{services}{radiusd_acct})) { $listeningIp = '127.0.0.1'; + $listen = "$listeningIp:$port"; } my $vars = { env_dict => { - PFACCT_ADDRESS=> "$listeningIp:$port", + PFACCT_ADDRESS=> "$listen", }, }; $tt->process("/usr/local/pf/containers/environment.template", $vars, "/usr/local/pf/var/conf/acct.env") or die $tt->error(); From c371821f84270d44daab83fb859b2caed241d247 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Thu, 29 Aug 2024 15:27:37 -0400 Subject: [PATCH 4/6] Bind on the mgmt ip instead of * since pfacct will reply with the vip --- lib/pf/services/manager/pfacct.pm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/pf/services/manager/pfacct.pm b/lib/pf/services/manager/pfacct.pm index 6ddbeb6854d6..23b5d14d78b8 100644 --- a/lib/pf/services/manager/pfacct.pm +++ b/lib/pf/services/manager/pfacct.pm @@ -63,7 +63,8 @@ sub generate_container_environments { my $port = '1813'; my $listeningIp = ""; if ($cluster_enabled || isenabled($Config{services}{radiusd_acct})) { - $port = '1823'; + my $management_ip = $management_network->tag('ip'); + $port = "$management_ip:1823"; } if ($cluster_enabled && isenabled($Config{services}{radiusd_acct})) { $port = '1833'; From 350ad5e12cc275d81edb61bd4499a648b8236af6 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Fri, 13 Sep 2024 14:28:44 -0400 Subject: [PATCH 5/6] Added other interface with radius daemon logic --- lib/pf/services/manager/pfacct.pm | 24 ++++++++++++++++++++---- sbin/pfacct-docker-wrapper | 2 +- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/lib/pf/services/manager/pfacct.pm b/lib/pf/services/manager/pfacct.pm index 23b5d14d78b8..b4b161e76e0c 100644 --- a/lib/pf/services/manager/pfacct.pm +++ b/lib/pf/services/manager/pfacct.pm @@ -15,11 +15,14 @@ use warnings; use pf::util; use Moo; use Template; +use pf::log; use pf::cluster; use pf::config qw( $management_network %Config + @radius_ints ); +use List::MoreUtils qw(any uniq); extends 'pf::services::manager'; with 'pf::services::manager::roles::env_golang_service'; @@ -59,20 +62,33 @@ Generate the environment variables for running the container sub generate_container_environments { my ($self, $tt) = @_; + my $logger = get_logger(); + my @listen_ips; - my $port = '1813'; + my $port = '-p 1813:1813/udp'; + my $port_save; my $listeningIp = ""; if ($cluster_enabled || isenabled($Config{services}{radiusd_acct})) { my $management_ip = $management_network->tag('ip'); - $port = "$management_ip:1823"; + $port = "-p $management_ip:1823:1813/udp"; + $port_save = "1823" } if ($cluster_enabled && isenabled($Config{services}{radiusd_acct})) { - $port = '1833'; + $port = "-p 1833:1813/udp"; + $port_save = "1833"; } my $listen = $port; if (isenabled($Config{services}{radiusd_acct})) { $listeningIp = '127.0.0.1'; - $listen = "$listeningIp:$port"; + $listen = "-p $listeningIp:$port_save:1813/udp"; + } else { + if (!$cluster_enabled) { + foreach my $interface ( uniq(@radius_ints) ) { + push @listen_ips, $interface->tag('ip'); + } + my @interfaces = map { $_.":1813:1813/udp" } @listen_ips; + $listen = "-p " . join " -p ",@interfaces; + } } my $vars = { env_dict => { diff --git a/sbin/pfacct-docker-wrapper b/sbin/pfacct-docker-wrapper index 9fd91102e4ae..2a5fbb64c1de 100755 --- a/sbin/pfacct-docker-wrapper +++ b/sbin/pfacct-docker-wrapper @@ -12,6 +12,6 @@ args=`base_args $name` args="$args -v /usr/local/pf/raddb:/usr/local/pf/raddb" args="$args -v /usr/share/freeradius:/usr/share/freeradius" args="$args -p 2056:2056/udp" -args="$args -p $PFACCT_ADDRESS:1813/udp" +args="$args $PFACCT_ADDRESS" run $name "$args" From 47fafb83cf85829d0d9f275e90d711eca93fdfa0 Mon Sep 17 00:00:00 2001 From: JeGoi <13801368+JeGoi@users.noreply.github.com> Date: Thu, 19 Sep 2024 08:03:17 -0400 Subject: [PATCH 6/6] Hi gitlab --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 5717102b19e6..3e1c7d6b19f5 100644 --- a/README.md +++ b/README.md @@ -95,4 +95,3 @@ Licensed under the GNU General Public License v2. [mailing_lists]: https://packetfence.org/support/index.html#/community "Community Mailing Lists" -