Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
- Puppet >= 6.21.0 < 8.0.0
- Debian, FreeBSD
Start using this module
Add this module to your Puppetfile:
mod 'sethlyons-tac_plus', '0.0.6'Learn more about managing modules with a PuppetfileDocumentation
#tac_plus
####Table of Contents
- Overview
- Module Description - What the module does and why it is useful
- Setup - The basics of getting started with tac_plus
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Contributors
##Overview
Puppet module to manage Shrubbery's tac_plus
##Module Description
This module installs, configures, and manages tac_plus. It lets you define any number of tac_plus users, groups, and ACLs and then builds a configuration file. It also ensures that tac_plus is running. It currently works only on FreeBSD but can be easily ported for other operating systems.
##Setup
###What tac_plus affects
- installs tac_plus
- creates configuration file $tac_plus_conf in $tac_plus_dir
###Setup Requirements
- REQUIRES: puppetlabs/concat
###Beginning with tac_plus To run tac_plus with all default options
class { 'tac_plus':
}
##Usage Even after setting up the tac_plus application (above), you will still need to create users/group/ACLs
To run tac_plus and override OS defaults
class { 'tac_plus':
tac_plus_conf => '/my/new/conf/file',
}
Adding a user
tac_plus::user { 'test_user':
login => 'des <des-hashed-password>',
pap => 'des <des-hashed-password>',
member => 'cisco_users',
service => {
'ppp' => {
'protocol' => {
'ip' => [
'option1 = value1',
'option2 = value2',
],
},
},
},
acl => 'test_acl',
}
Adding a group
tac_plus::group { 'test_group':
default_service => 'deny',
member => 'other_group',
service => {
'exec' => {
'opts' => [
'priv-lvl = 15',
'idletime = 10',
],
},
},
cmd => {
'terminal' => [
'permit length.*',
],
'show' => [
'permit ip.arp.*',
'permit mac-address-table.*',
],
},
}
Adding an ACL
tac_plus::acl { 'test acl':
line => [
'permit = 1.1.1.1',
'permit = 2.2.2.2',
'deny = .*'
],
}
Note on additional_attrs: there can be many additional_attrs, but each attribute can only have one value.
tac_plus::user { 'test_user':
login => 'des <des-hashed-password>',
pap => 'des <des-hashed-password>',
member => 'cisco_users',
service => {
'ppp' => {
'protocol' => {
'ip' => [
'option1 = value1',
'option2 = value2',
],
},
},
},
acl => 'test_acl',
additional_attrs => [
'chap = <chap settings>',
'expires = <date>',
],
}
##Reference
###Classes
####Public Class
tac_plus: Guides the basic setup of tac_plus
####Private Class
tac_plus::params: Sets OS defaults
###Defined Types
####Public Defined Types
tac_plus::user: Creates tac_plus userstac_plus::group: Create tac_plus groupstac_plus::acl: Creates tac_plus ACLs
###Templates The tac_plus module relies on server settings, user, group, and ACL templates that get concatenated into a single configuration file.
##Limitations This module currently works only on FreeBSD and Debian. It was written with a framework in place to easily add support for additional operating systems.
##Contributors Special thanks to the following individuals for their help:
- fetep
- tehdr
Dependencies
- puppetlabs/concat (>= 1.0.2)