[radius] Removed database setup + minor

README.md

@@ -385,10 +385,6 @@ create an empty file named `playbook.yml` which contains the following:
   # the following line is needed only when an IP address is used as the inventory hostname
   vars:
       postfix_myhostname: localhost
-      # Enable the modules you want to use
-      openwisp2_network_topology: true
-      openwisp2_firmware_upgrader: true
-      openwisp2_radius: true
 ```
 
 **Step 6**: Run the playbook
@@ -405,6 +401,127 @@ username: admin
 password: admin
 ```
 
+Enabling the network topology module
+------------------------------------
+
+To enable the network topology module you need to set `openwisp2_network_topology` to `true` in
+your `playbook.yml` file. Here's a short summary of how to do this:
+
+**Step 1**: [Install ansible](#install-ansible)
+
+**Step 2**: [Install this role](#install-this-role)
+
+**Step 3**: [Create inventory file](#create-inventory-file)
+
+**Step 4**: Create a playbook file with following contents:
+
+```yaml
+- hosts: openwisp2
+  become: "{{ become | default('yes') }}"
+  roles:
+    - openwisp.openwisp2
+  vars:
+    openwisp2_network_topology: true
+```
+
+**Step 5**: [Run the playbook](#run-the-playbook)
+
+When the playbook is done running, if you got no errors you can login at:
+
+    https://openwisp2.mydomain.com/admin
+    username: admin
+    password: admin
+
+Enabling the firmware upgrader module
+-------------------------------------
+
+**Note**: It is encouraged that you read the [quick-start guide of openwisp-firmware-upgrader](https://github.com/openwisp/openwisp-firmware-upgrader#quickstart)
+before going ahead.
+
+To enable the firmware upgrader module you need to set `openwisp2_firmware_upgrader` to `true` in
+your `playbook.yml` file. Here's a short summary of how to do this:
+
+**Step 1**: [Install ansible](#install-ansible)
+
+**Step 2**: [Install this role](#install-this-role)
+
+**Step 3**: [Create inventory file](#create-inventory-file)
+
+**Step 4**: Create a playbook file with following contents:
+
+```yaml
+- hosts: openwisp2
+  become: "{{ become | default('yes') }}"
+  roles:
+    - openwisp.openwisp2
+  vars:
+    openwisp2_firmware_upgrader: true
+```
+
+**Step 5**: [Run the playbook](#run-the-playbook)
+
+When the playbook is done running, if you got no errors you can login at:
+
+    https://openwisp2.mydomain.com/admin
+    username: admin
+    password: admin
+
+**Note**: You can configure [openwisp-firmware-upgrader specific settings](https://github.com/openwisp/openwisp-firmware-upgrader#settings)
+using `openwisp2_extra_django_settings` variable of this ansible role.
+For example if you want to enable the [APIs of openwisp-firmware-upgrader](https://github.com/openwisp/openwisp-firmware-upgrader#rest-api),
+you will update the above playbook as follows:
+
+```yaml
+- hosts: openwisp2
+  become: "{{ become | default('yes') }}"
+  roles:
+    - openwisp.openwisp2
+  vars:
+    openwisp2_firmware_upgrader: true
+    openwisp2_extra_django_settings:
+      OPENWISP_USERS_AUTH_API: true
+      OPENWISP_FIRMWARE_UPGRADER_API: true
+```
+
+Enabling the radius module
+--------------------------
+
+To enable the radius module you need to set `openwisp2_radius` to `true` in
+your `playbook.yml` file. Here's a short summary of how to do this:
+
+**Step 1**: [Install ansible](#install-ansible)
+
+**Step 2**: [Install this role](#install-this-role)
+
+**Step 3**: [Create inventory file](#create-inventory-file)
+
+**Step 4**: Create a playbook file with following contents:
+
+```yaml
+- hosts: openwisp2
+  become: "{{ become | default('yes') }}"
+  roles:
+    - openwisp.openwisp2
+  vars:
+    openwisp2_radius: true
+    openwisp2_freeradius_install: true
+    # set to false when you don't want to register openwisp-radius
+    # API endpoints.
+    openwisp2_radius_urls: true
+```
+
+**Note:** `openwisp2_freeradius_install` option provides a basic configuration of freeradius for openwisp,
+it sets up the [radius user token mechanism](https://openwisp-radius.readthedocs.io/en/latest/user/api.html#radius-user-token-recommended) if you want to use another mechanism or manage your freeradius separately,
+please disable this option by setting it to `false`.
+
+**Step 5**: [Run the playbook](#run-the-playbook)
+
+When the playbook is done running, if you got no errors you can login at:
+
+    https://openwisp2.mydomain.com/admin
+    username: admin
+    password: admin
+
 Troubleshooting
 ===============
 
@@ -509,10 +626,14 @@ Below are listed all the variables you can customize (you may also want to take
     openwisp2_firmware_upgrader_version: "0.1"
     openwisp2_radius_version: "0.1"
     # Enable the modules you want to use
-    openwisp2_network_topology: true
-    openwisp2_firmware_upgrader: true
-    openwisp2_radius: true
-    openwisp2_radius_urls: true
+    openwisp2_network_topology: false
+    openwisp2_firmware_upgrader: false
+    openwisp2_radius: false
+    # when openwisp2_radius_urls is set to false, the radius module
+    # is setup but it's urls are not added, which means API and social
+    # views cannot be used, this is helpful if you have an external
+    # radius instance.
+    openwisp2_radius_urls: "{{ openwisp2_radius }}"
     # you may replace the values of these variables with any URL
     # supported by pip (the python package installer)
     # use these to install forks, branches or development versions
@@ -707,18 +828,8 @@ Below are listed all the variables you can customize (you may also want to take
     freeradius_mods_enabled_dir: "{{ freeradius_dir }}/mods-enabled"
     freeradius_sites_available_dir: "{{ freeradius_dir }}/sites-available"
     freeradius_sites_enabled_dir: "{{ freeradius_dir }}/sites-enabled"
-    freeradius_sql:
-        driver: rlm_sql_sqlite
-        dialect: sqlite
-        host: ""
-        port: ""
-        dbname: ""
-        user: ""
-        password: ""
     freeradius_rest:
         url: "https://{{ inventory_hostname }}/api/v1/freeradius"
-    freeradius_clients_ip: "0.0.0.0/0"
-    freeradius_clients_key: "admin"
     cron_delete_old_notifications: "'hour': 0, 'minute': 0"
     cron_deactivate_expired_users: "'hour': 0, 'minute': 0"
     cron_delete_old_users: "'hour': 0, 'minute': 10"

defaults/main.yml

@@ -125,22 +125,21 @@ freeradius_mods_enabled_dir: "{{ freeradius_dir }}/mods-enabled"
 freeradius_sites_available_dir: "{{ freeradius_dir }}/sites-available"
 freeradius_sites_enabled_dir: "{{ freeradius_dir }}/sites-enabled"
 freeradius_db_map:
-  django.contrib.gis.db.backends.spatialite:
-    driver: rlm_sql_sqlite
-    dialect: sqlite
-  django.contrib.gis.db.backends.postgis:
-    driver: rlm_sql_postgresql
-    dialect: postgresql
-  django.contrib.gis.db.backends.mysql:
-    driver: rlm_sql_mysql
-    dialect: mysql
+    django.contrib.gis.db.backends.spatialite:
+        driver: rlm_sql_sqlite
+        dialect: sqlite
+    django.contrib.gis.db.backends.postgis:
+        driver: rlm_sql_postgresql
+        dialect: postgresql
+    django.contrib.gis.db.backends.mysql:
+        driver: rlm_sql_mysql
+        dialect: mysql
 freeradius_sql:
     driver: "{{ freeradius_db_map[openwisp2_database.engine].driver }}"
     dialect: "{{ freeradius_db_map[openwisp2_database.engine].dialect }}"
 freeradius_rest:
     url: "https://{{ inventory_hostname }}/api/v1/freeradius"
-freeradius_clients_ip: "0.0.0.0/0"
-freeradius_clients_key: "admin"
+freeradius_expire_attr_after_seconds: 86400
 cron_delete_old_notifications: "'hour': 0, 'minute': 0"
 cron_deactivate_expired_users: "'hour': 0, 'minute': 0"
 cron_delete_old_users: "'hour': 0, 'minute': 10"

handlers/main.yml

@@ -18,3 +18,12 @@
   service:
     name: redis
     state: started
+
+- name: update-ca-certificates
+  command: /usr/sbin/update-ca-certificates
+  when: ansible_os_family == "Debian"
+
+- name: restart freeradius
+  service:
+    name: freeradius
+    state: started

tasks/freeradius.yml

@@ -1,49 +1,13 @@
 ---
 - name: Freeradius system packages
-  when: openwisp2_radius
   apt:
     name:
       - freeradius
       - freeradius-rest
     state: latest
   notify: restart freeradius
 
-# - import_tasks: freeradius-mysql.yml
-#   when: openwisp2_radius and freeradius_sql.dialect == "mysql"
-#
-# - import_tasks: freeradius-postgresql.yml
-#   when: openwisp2_radius and freeradius_sql.dialect == "postgresql"
-
-# - name: Radius configurations
-#   when: openwisp2_radius
-#   template:
-#     src: freeradius/radiusd.conf.j2
-#     dest: "{{ freeradius_dir }}/radiusd.conf"
-#     mode: 0640
-#     owner: freerad
-#     group: freerad
-#   notify: restart freeradius
-
-# - name: Clients configuration
-#   when: openwisp2_radius
-#   template:
-#     src: freeradius/clients.conf.j2
-#     dest: "{{ freeradius_dir }}/site"
-#     mode: 0640
-#     owner: freerad
-#     group: freerad
-#   notify: restart freeradius
-
-# - name: Remove unnecessary modules
-#   when: openwisp2_radius
-#   file:
-#     dest: "{{ item }}"
-#     state: absent
-#   with_items:
-#     - "{{ freeradius_mods_enabled_dir }}/eap"
-
 - name: SQL configuration
-  when: openwisp2_radius
   template:
     src: freeradius/sql.j2
     dest: "{{ freeradius_mods_available_dir }}/sql"
@@ -53,7 +17,6 @@
   notify: restart freeradius
 
 - name: Enable SQL module
-  when: openwisp2_radius
   file:
     src: "{{ freeradius_mods_available_dir }}/sql"
     dest: "{{ freeradius_mods_enabled_dir }}/sql"
@@ -63,7 +26,6 @@
     group: freerad
 
 - name: SQL Counter module
-  when: openwisp2_radius
   template:
     src: freeradius/sql_counter.j2
     dest: "{{ freeradius_mods_available_dir }}/sql_counter"
@@ -73,7 +35,6 @@
   notify: restart freeradius
 
 - name: Enable SQL Counter module
-  when: openwisp2_radius
   file:
     src: "{{ freeradius_mods_available_dir }}/sql_counter"
     dest: "{{ freeradius_mods_enabled_dir }}/sql_counter"
@@ -82,8 +43,12 @@
     owner: freerad
     group: freerad
 
+- name: Add Attributes to freeradius dictionary
+  lineinfile:
+    path: "{{ freeradius_dir }}/dictionary"
+    line: "ATTRIBUTE      Expire-After         {{ freeradius_expire_attr_after_seconds }}    integer"
+
 - name: REST configuration
-  when: openwisp2_radius
   template:
     src: freeradius/rest.j2
     dest: "{{ freeradius_mods_available_dir }}/rest"
@@ -93,7 +58,6 @@
   notify: restart freeradius
 
 - name: Enable REST module
-  when: openwisp2_radius
   file:
     src: "{{ freeradius_mods_available_dir }}/rest"
     dest: "{{ freeradius_mods_enabled_dir }}/rest"
@@ -103,7 +67,6 @@
     group: freerad
 
 - name: Remove default site
-  when: openwisp2_radius
   file:
     dest: "{{ item }}"
     state: absent
@@ -112,7 +75,6 @@
     - "{{ freeradius_sites_enabled_dir }}/inner-tunnel"
 
 - name: Site configuration
-  when: openwisp2_radius
   template:
     src: freeradius/openwisp_site.j2
     dest: "{{ freeradius_sites_enabled_dir }}/openwisp_site"

tasks/nginx.yml

@@ -30,7 +30,7 @@
   copy:
     src: "{{ openwisp2_ssl_cert }}"
     dest: /usr/local/share/ca-certificates/openwisp-ssl-server.crt
-    remote_src: yes
+    remote_src: true
     owner: "root"
     group: "root"
     mode: "0644"

tasks/pip.yml

@@ -150,7 +150,7 @@
     state: latest
     virtualenv: "{{ virtualenv_path }}"
     virtualenv_python: "{{ openwisp2_python }}"
-    virtualenv_site_packages: yes
+    virtualenv_site_packages: true
   notify: reload supervisor
   retries: 5
   delay: 10

templates/freeradius/sql_counter.j2

@@ -39,3 +39,28 @@ sqlcounter dailybandwidthcounter {
             WHERE UserName='%{${key}}' \
             AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%%b'"
 }
+
+sqlcounter monthlycounter {
+  sql_module_instance = sql
+  dialect = ${modules.sql.dialect}
+
+  counter_name = Monthly-Session-Time
+  check_name = Max-Monthly-Session
+  reply_name = Session-Timeout
+  key = User-Name
+  reset = monthly
+
+  $INCLUDE ${modconfdir}/sql/counter/${dialect}/${.:instance}.conf
+}
+
+sqlcounter expire_on_login {
+  sql_module_instance = sql
+  dialect = ${modules.sql.dialect}
+
+  counter_name = Expire-After-Initial-Login
+  check_name = Expire-After
+  key = User-Name
+  reset = never
+
+  $INCLUDE ${modconfdir}/sql/counter/${dialect}/${.:instance}.conf
+}