class PuppetX::Eos::Radius
Radius
provides instance methods to retrieve and set radius configuration values.
Constants
- DEFAULT_ACCT_PORT
- DEFAULT_AUTH_PORT
- GROUP_MEMBER_REGEXP
- SERVER_GROUP_REGEXP
Regular expression to extract a radius server’s attributes from the running-configuration text. The explicit [ ] spaces enable line wrappping and indentation with the /x flag.
- SERVER_REGEXP
Regular expression to extract a radius server’s attributes from the running-configuration text. The explicit [ ] spaces enable line wrappping and indentation with the /x flag.
Public Instance Methods
getall Returns an Array with a single resource Hash describing the current state of the global radius configuration on the target device. This method is intended to be used by a provider’s instances class method.
The resource hash returned contains the following information:
* name: ('settings') * enable: (true | false) if radius functionality is enabled. This is always true for EOS. * key: (String) the key either in plaintext or hashed format * key_format: (Integer) e.g. 0 or 7 * timeout: (Integer) seconds before the timeout period ends * retransmit_count: (Integer), e.g. 3, attempts after first timeout expiry.
@api public
@return [Array<Hash>] Single element Array of resource hashes
# File lib/puppet_x/eos/modules/radius.rb, line 53 def getall config = running_configuration rsrc_hsh = radius_global_defaults rsrc_hsh.merge!(parse_global_key(config)) rsrc_hsh.merge!(parse_global_timeout(config)) rsrc_hsh.merge!(parse_global_retransmit(config)) [rsrc_hsh] end
parse_group_servers
parses the list of servers associated with a radius server group given a group name and a running configuration text.
@param [String] config The running configuration text.
@param [String] name The name of the server group to parse.
@api private
@return [Array<Hash<Symbol,Object>] Array of server attributes
# File lib/puppet_x/eos/modules/radius.rb, line 127 def parse_group_servers(config, name) regexp = /aaa group server radius #{name}(.*?)!/m mdata = regexp.match(config) if mdata tuples = mdata[1].scan(GROUP_MEMBER_REGEXP) tuples.collect do |(hostname, auth_port, acct_port)| { hostname: hostname, auth_port: auth_port ? auth_port.to_i : DEFAULT_AUTH_PORT, acct_port: acct_port ? acct_port.to_i : DEFAULT_ACCT_PORT } end else Array.new end end
remove_server
removes the SNMP server identified by the hostname, auth_port, and acct_port attributes.
@api public
@return [Boolean] true if no errors
# File lib/puppet_x/eos/modules/radius.rb, line 218 def remove_server(opts = {}) cmd = "no radius-server host #{opts[:hostname]}" cmd << " auth-port #{opts[:auth_port]}" if opts[:auth_port] cmd << " acct-port #{opts[:acct_port]}" if opts[:acct_port] result = api.config(cmd) result == [{}] end
remove_server_group
removes a radius server group by name. This API call maps to the ‘no aaa group server radius <name>` command.
@option opts [String] :name (‘RAD-SV2’) The name of the radius server
group to remove.
@api public
@return [Boolean] true if no errors
# File lib/puppet_x/eos/modules/radius.rb, line 183 def remove_server_group(opts = {}) result = api.config("no aaa group server radius #{opts[:name]}") result == [{}] end
server_groups
retrieves a list of radius server groups from the target device.
@api public
@return [Array<Hash<Symbol,Object>>] Array of resource hashes
# File lib/puppet_x/eos/modules/radius.rb, line 108 def server_groups config = running_configuration tuples = config.scan(SERVER_GROUP_REGEXP) tuples.map do |(name)| { name: name, servers: parse_group_servers(config, name) } end end
servers returns an Array of radius server resource hashes. Each hash describes the current state of the radius server and is suitable for use in initializing a radius_server provider.
The resource hash returned contains the following information:
* hostname: hostname or ip address * key: (String) the key either in plaintext or hashed format * key_format: (Fixnum) e.g. 0 or 7 * timeout: (Fixnum) seconds before the timeout period ends * retransmit_count: (Integer), e.g. 3, attempts after first timeout expiry. * group: (String) Server group associated with this server. * deadtime: (Fixnum) number of minutes to ignore an unresponsive server. * acct_port: (Fixnum) Port number to use for accounting. * accounting_only: (Boolean) Enable this server for accounting only. * auth_port: (Fixnum) Port number to use for authentication
@api public
@return [Array<Hash<Symbol,Object>>] Array of resource hashes
# File lib/puppet_x/eos/modules/radius.rb, line 84 def servers config = running_configuration tuples = config.scan(SERVER_REGEXP) tuples.map do |(host, authp, acctp, tout, dead, tries, keyfm, key)| hsh = { auth_port: DEFAULT_AUTH_PORT, acct_port: DEFAULT_ACCT_PORT } hsh[:hostname] = host if host hsh[:auth_port] = authp.to_i if authp hsh[:acct_port] = acctp.to_i if acctp hsh[:timeout] = tout.to_i if tout hsh[:retransmit_count] = tries.to_i if tries hsh[:deadtime] = dead.to_i if dead hsh[:key_format] = keyfm.to_i if keyfm hsh[:key] = key if key hsh end end
set_global_key
configures the radius default key. This method maps to the ‘radius-server key` EOS configuration command, e.g. `radius-server key 7 070E234F1F5B4A`.
@option opts [String] :key (‘070E234F1F5B4A’) The key value
@option opts [Fixnum] :key_format (7) The key format, 0 for plaintext
and 7 for a hashed value. 7 will be assumed if this option is not provided.
@api public
@return [Boolean] true if no errors
# File lib/puppet_x/eos/modules/radius.rb, line 322 def set_global_key(opts = {}) format = opts[:key_format] || 7 key = opts[:key] fail ArgumentError, 'key option is required' unless key result = api.config("radius-server key #{format} #{key}") result == [{}] end
set_retransmit_count
configures the radius default retransmit count. This method maps to the ‘radius-server retransmit` configuration command.
@option opts [Fixnum] :retransmit_count (4) The number of times to
retry an unresponsive server after the first timeout period.
@api public
@return [Boolean] true if no errors
# File lib/puppet_x/eos/modules/radius.rb, line 358 def set_retransmit_count(opts = {}) retransmit_count = opts[:retransmit_count] fail ArgumentError, 'retransmit_count option is required' unless retransmit_count result = api.config("radius-server retransmit #{retransmit_count}") result == [{}] end
set_timeout
configures the radius default timeout. This method maps to the ‘radius-server timeout` setting.
@option opts [Fixnum] :timeout (50) The timeout in seconds to
configure.
@api public
@return [Boolean] true if no errors
# File lib/puppet_x/eos/modules/radius.rb, line 340 def set_timeout(opts = {}) timeout = opts[:timeout] fail ArgumentError, 'timeout option is required' unless timeout result = api.config("radius-server timeout #{timeout}") result == [{}] end
update_server
configures a radius server resource on the target device. This API method maps to the ‘radius server host` command, e.g. `radius-server host 10.11.12.13 auth-port 1024 acct-port 2048 timeout 30 retransmit 5 key 7 011204070A5955`
@api public
@return [Boolean] true if there are no errors
# File lib/puppet_x/eos/modules/radius.rb, line 197 def update_server(opts = {}) retransmit = opts[:retransmit_count] key_format = opts[:key_format] || 7 cmd = "radius-server host #{opts[:hostname]}" cmd << " auth-port #{opts[:auth_port]}" if opts[:auth_port] cmd << " acct-port #{opts[:acct_port]}" if opts[:acct_port] cmd << " timeout #{opts[:timeout]}" if opts[:timeout] cmd << " deadtime #{opts[:deadtime]}" if opts[:deadtime] cmd << " retransmit #{retransmit}" if retransmit cmd << " key #{key_format} #{opts[:key]}" if opts[:key] result = api.config(cmd) result == [{}] end
update_server_group
updates a radius server group given an Array of server attributes and the name of the server group. The update happens by first deleting the existing group if it exists then creating it again with all of the specified servers.
@param [String] name The name of the server group to update
@param [Array<Hash<Symbol,Object>>] servers The array of servers to
associate with the server group. This hash should have at least the :hostname key.
@api public
@return [Boolean] true if no errors
# File lib/puppet_x/eos/modules/radius.rb, line 159 def update_server_group(opts = {}) cmd = "aaa group server radius #{opts[:name]}" api.config("no #{cmd}") cmds = [cmd] opts[:servers].each do |hsh| server = "server #{hsh[:hostname]}" server << " auth-port #{hsh[:auth_port] || DEFAULT_AUTH_PORT}" server << " acct-port #{hsh[:acct_port] || DEFAULT_ACCT_PORT}" cmds << server end result = api.config(cmds) !result.find { |r| r != {} } end
Private Instance Methods
parse_global_key
takes a running configuration as a string and parses out the radius global key and global key format if it exists in the configuration. An empty Hash is returned if there is no global key configured. The intent of the Hash is to be merged into a property hash.
@param [String] config The running configuration as a single string.
@api private
@return [Hash<Symbol,Object>] resource hash attributes
# File lib/puppet_x/eos/modules/radius.rb, line 257 def parse_global_key(config) rsrc_hsh = {} (key_format, key) = config.scan(/radius-server key (\d+) (\w+)/).first rsrc_hsh[:key_format] = key_format.to_i if key_format rsrc_hsh[:key] = key if key rsrc_hsh end
parse_global_retransmit
takes a running configuration as a string and parses out the radius global retransmit count value if it exists in the configuration. An empty Hash is returned if there is no global timeout value configured. The intent of the Hash is to be merged into a property hash.
@param [String] config The running configuration as a single string.
@api private
@return [Hash<Symbol,Object>] resource hash attributes
# File lib/puppet_x/eos/modules/radius.rb, line 299 def parse_global_retransmit(config) rsrc_hsh = {} count = config.scan(/radius-server retransmit (\d+)/).first # EOS default is 3 (does not show up in the running config) rsrc_hsh[:retransmit_count] = count.first.to_i if count rsrc_hsh end
parse_global_timeout
takes a running configuration as a string and parses out the radius global timeout if it exists in the configuration. An empty Hash is returned if there is no global timeout value configured. The intent of the Hash is to be merged into a property hash.
@param [String] config The running configuration as a single string.
@api private
@return [Hash<Symbol,Object>] resource hash attributes
# File lib/puppet_x/eos/modules/radius.rb, line 278 def parse_global_timeout(config) rsrc_hsh = {} timeout = config.scan(/radius-server timeout (\d+)/).first # EOS default is 5 (does not show up in the running config) rsrc_hsh[:timeout] = timeout.first.to_i if timeout rsrc_hsh end
radius_global_defaults
returns the default values for the radius_global resource. This is in a single method to keep the information in one place. If a value is explicitly configured to be the same as a default value it will not show up in the running configuration and as a result will not be parsed out by the parse instance methods. This method exposes the default values.
@return [Array<Hash>] Single element Array of resource hashes
# File lib/puppet_x/eos/modules/radius.rb, line 235 def radius_global_defaults { name: 'settings', enable: true, timeout: 5, retransmit_count: 3 } end