Forge Home

tac_plus

Installs, configures, and manages tac_plus.

sethlyons

sethlyons

11,710 downloads

528 latest version

1.6 quality score

Version information

  • 0.0.6 (latest)
  • 0.0.5 (deleted)
  • 0.0.4
  • 0.0.3
  • 0.0.2
  • 0.0.1
released Jul 12th 2021
This version is compatible with:
  • Puppet Enterprise 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
  • Puppet >= 6.21.0 < 8.0.0
  • Debian, FreeBSD

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this declaration to your Puppetfile:

mod 'sethlyons-tac_plus', '0.0.6'
Learn more about managing modules with a Puppetfile

Add this module to a Bolt project:

bolt module add sethlyons-tac_plus
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install sethlyons-tac_plus --version 0.0.6

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

sethlyons/tac_plus — version 0.0.6 Jul 12th 2021

#tac_plus

####Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with tac_plus
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Contributors

##Overview

Puppet module to manage Shrubbery's tac_plus

##Module Description

This module installs, configures, and manages tac_plus. It lets you define any number of tac_plus users, groups, and ACLs and then builds a configuration file. It also ensures that tac_plus is running. It currently works only on FreeBSD but can be easily ported for other operating systems.

##Setup

###What tac_plus affects

  • installs tac_plus
  • creates configuration file $tac_plus_conf in $tac_plus_dir

###Setup Requirements

  • REQUIRES: puppetlabs/concat

###Beginning with tac_plus To run tac_plus with all default options

class { 'tac_plus':
}

##Usage Even after setting up the tac_plus application (above), you will still need to create users/group/ACLs

To run tac_plus and override OS defaults

class { 'tac_plus':
  tac_plus_conf => '/my/new/conf/file',
}

Adding a user

tac_plus::user { 'test_user':
  login          => 'des <des-hashed-password>',
  pap            => 'des <des-hashed-password>',
  member         => 'cisco_users',
  service        => {
    'ppp'        => {
      'protocol' => {
        'ip'     => [
          'option1 = value1',
          'option2 = value2',
        ],
      },
    },
  },
  acl     => 'test_acl',
}

Adding a group

tac_plus::group { 'test_group':
  default_service   => 'deny',
  member            => 'other_group',
  service           => {
    'exec'          => {
      'opts'        => [
        'priv-lvl = 15',
        'idletime = 10',
      ],
    },
  },
  cmd             => {
    'terminal'    => [
      'permit length.*',
    ],
    'show'        => [
      'permit ip.arp.*',
      'permit mac-address-table.*',
    ],
  },
}

Adding an ACL

tac_plus::acl { 'test acl':
  line => [
    'permit = 1.1.1.1',
    'permit = 2.2.2.2',
    'deny = .*'
  ],
}

Note on additional_attrs: there can be many additional_attrs, but each attribute can only have one value.

tac_plus::user { 'test_user':
  login                => 'des <des-hashed-password>',
  pap                  => 'des <des-hashed-password>',
  member               => 'cisco_users',
  service              => {
    'ppp'              => {
      'protocol'       => {
        'ip'           => [
          'option1 = value1',
          'option2 = value2',
        ],
      },
    },
  },
  acl                  => 'test_acl',
  additional_attrs     => [
    'chap = <chap settings>',
    'expires = <date>',
  ],
}

##Reference

###Classes

####Public Class

  • tac_plus: Guides the basic setup of tac_plus

####Private Class

  • tac_plus::params: Sets OS defaults

###Defined Types

####Public Defined Types

  • tac_plus::user: Creates tac_plus users
  • tac_plus::group: Create tac_plus groups
  • tac_plus::acl: Creates tac_plus ACLs

###Templates The tac_plus module relies on server settings, user, group, and ACL templates that get concatenated into a single configuration file.

##Limitations This module currently works only on FreeBSD and Debian. It was written with a framework in place to easily add support for additional operating systems.

##Contributors Special thanks to the following individuals for their help:

  • fetep
  • tehdr