Forge Home

tac_plus

Installs, configures, and manages tac_plus.

12,971 downloads

1,373 latest version

1.6 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.0.6 (latest)
  • 0.0.5 (deleted)
  • 0.0.4
  • 0.0.3
  • 0.0.2
  • 0.0.1
released Jul 12th 2021
This version is compatible with:
  • Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
  • Puppet >= 6.21.0 < 8.0.0
  • Debian, FreeBSD

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'sethlyons-tac_plus', '0.0.6'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add sethlyons-tac_plus
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install sethlyons-tac_plus --version 0.0.6

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

sethlyons/tac_plus — version 0.0.6 Jul 12th 2021

#tac_plus

####Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with tac_plus
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Contributors

##Overview

Puppet module to manage Shrubbery's tac_plus

##Module Description

This module installs, configures, and manages tac_plus. It lets you define any number of tac_plus users, groups, and ACLs and then builds a configuration file. It also ensures that tac_plus is running. It currently works only on FreeBSD but can be easily ported for other operating systems.

##Setup

###What tac_plus affects

  • installs tac_plus
  • creates configuration file $tac_plus_conf in $tac_plus_dir

###Setup Requirements

  • REQUIRES: puppetlabs/concat

###Beginning with tac_plus To run tac_plus with all default options

class { 'tac_plus':
}

##Usage Even after setting up the tac_plus application (above), you will still need to create users/group/ACLs

To run tac_plus and override OS defaults

class { 'tac_plus':
  tac_plus_conf => '/my/new/conf/file',
}

Adding a user

tac_plus::user { 'test_user':
  login          => 'des <des-hashed-password>',
  pap            => 'des <des-hashed-password>',
  member         => 'cisco_users',
  service        => {
    'ppp'        => {
      'protocol' => {
        'ip'     => [
          'option1 = value1',
          'option2 = value2',
        ],
      },
    },
  },
  acl     => 'test_acl',
}

Adding a group

tac_plus::group { 'test_group':
  default_service   => 'deny',
  member            => 'other_group',
  service           => {
    'exec'          => {
      'opts'        => [
        'priv-lvl = 15',
        'idletime = 10',
      ],
    },
  },
  cmd             => {
    'terminal'    => [
      'permit length.*',
    ],
    'show'        => [
      'permit ip.arp.*',
      'permit mac-address-table.*',
    ],
  },
}

Adding an ACL

tac_plus::acl { 'test acl':
  line => [
    'permit = 1.1.1.1',
    'permit = 2.2.2.2',
    'deny = .*'
  ],
}

Note on additional_attrs: there can be many additional_attrs, but each attribute can only have one value.

tac_plus::user { 'test_user':
  login                => 'des <des-hashed-password>',
  pap                  => 'des <des-hashed-password>',
  member               => 'cisco_users',
  service              => {
    'ppp'              => {
      'protocol'       => {
        'ip'           => [
          'option1 = value1',
          'option2 = value2',
        ],
      },
    },
  },
  acl                  => 'test_acl',
  additional_attrs     => [
    'chap = <chap settings>',
    'expires = <date>',
  ],
}

##Reference

###Classes

####Public Class

  • tac_plus: Guides the basic setup of tac_plus

####Private Class

  • tac_plus::params: Sets OS defaults

###Defined Types

####Public Defined Types

  • tac_plus::user: Creates tac_plus users
  • tac_plus::group: Create tac_plus groups
  • tac_plus::acl: Creates tac_plus ACLs

###Templates The tac_plus module relies on server settings, user, group, and ACL templates that get concatenated into a single configuration file.

##Limitations This module currently works only on FreeBSD and Debian. It was written with a framework in place to easily add support for additional operating systems.

##Contributors Special thanks to the following individuals for their help:

  • fetep
  • tehdr