Production install for openwisp2 + radius + monitoring + firmware update

Demian Pecile

unread,

Oct 14, 2020, 10:42:26 AM10/14/20

to OpenWISP

Hi

I need to install Openwisp with freeradius integration, monitorin, and firmware upgrade in a production environment.

There is any how to ?

I installed openwisp using ansible, but no problem to install directly if some install guide to follow is available.

Thanks

Demian

Federico Capoano

unread,

Oct 14, 2020, 12:23:38 PM10/14/20

to OpenWISP

Hi Demian,

regarding openwisp-monitoring, I left some hints in this other thread: https://groups.google.com/d/msg/openwisp/0Qh-TRAeoLE/BnpMZkvlAgAJ

There's a playbook file shared in that thread as well, I suggest following the thread until the end.

The problem is that the new modules are evolving rapidly so new settings may be needed.

We have open issues to add support for openwisp-monitoring, openwisp-firmware-upgrader and openwisp-radius in ansible-openwisp2 but so far no one is working on these.

I hope that more users and contributors will be willing to help out.

The test project of each module provides a working settings.py file that can be used as reference.

I hope this helps, I can't do more at the moment unfortunately.

Best regards

Federico

Federico Capoano

unread,

Nov 18, 2020, 12:19:32 PM11/18/20

to OpenWISP

Here's a sample playbook to install openwisp-radius with ansible-openwisp2.

I have taken it from a working playbook and removed the sensitive parts, but I have not tested it, so it may be incomplete and surely will need adaptation, but should hint all that needs to be done.

- hosts: yourhost

become: true

become_user: youruser

roles:

- openwisp.openwisp2

vars:

openwisp2_utils_pip: https://github.com/openwisp/openwisp-utils/tarball/master

openwisp2_users_pip: https://github.com/openwisp/openwisp-users/tarball/master

openwisp2_extra_python_packages:

# monitoring

- https://github.com/openwisp/openwisp-radius/tarball/master

- django-cors-headers

openwisp2_extra_django_settings_instructions:

# monitoring settings

- |

# openwisp-radius, registration, CORS

INSTALLED_APPS += [

'corsheaders',

'django_filters',

'rest_framework.authtoken',

'rest_auth',

'rest_auth.registration',

'openwisp_radius',

]

OPENWISP_RADIUS_FREERADIUS_ALLOWED_HOSTS = ['ip/host here']

# CORS

MIDDLEWARE.insert(

MIDDLEWARE.index('django.middleware.common.CommonMiddleware'),

'corsheaders.middleware.CorsMiddleware'

)

CORS_ORIGIN_WHITELIST = ('whitelisteddomain1', 'whitelisteddomain2')

CORS_ALLOW_METHODS = ('POST',)

# SMS

REST_AUTH_SERIALIZERS = {

'PASSWORD_RESET_SERIALIZER': 'openwisp_radius.api.serializers.PasswordResetSerializer',

}

REST_AUTH_REGISTER_SERIALIZERS = {

'REGISTER_SERIALIZER': 'openwisp_radius.api.serializers.RegisterSerializer',

}

OPENWISP_RADIUS_SMS_TOKEN_MAX_IP_DAILY = 25

SENDSMS_BACKEND = 'path to sms backend here'

# REST API

INSTALLED_APPS += [

'drf_yasg',

]

OPENWISP_USERS_AUTH_API = True

openwisp2_extra_urls:

- "url(r'^', include('openwisp_radius.urls'))"

- "url(r'^api/v1/', include('openwisp_utils.api.urls'))"

- "url(r'^api/v1/', include('openwisp_users.api.urls'))"

freeradius_dir: /etc/freeradius/3.0

freeradius_mods_available_dir: "{{ freeradius_dir }}/mods-available"

freeradius_mods_enabled_dir: "{{ freeradius_dir }}/mods-enabled"

freeradius_sites_available_dir: "{{ freeradius_dir }}/sites-available"

freeradius_sites_enabled_dir: "{{ freeradius_dir }}/sites-enabled"

freeradius_certs_dir: "{{ freeradius_dir }}/certs"

freeradius_sql:

driver: rlm_sql_postgresql

dialect: postgresql

host: localhost

port: 5432

user: "****"

password: "****"

freeradius_rest:

url: https://yourdomain/api/v1/freeradius

pre_tasks:

# openwisp-radius

- name: Install cairo

apt:

name:

- libcairo2

- libpango-1.0-0

- libpangocairo-1.0-0

- libgdk-pixbuf2.0-0

- shared-mime-info

update_cache: yes

tags: [openwisp2, radius]

### Follows an exmple installation and configuration of freeradius, but my configuration uses postgres and is customized,

### so you need to be adapt it

- name: Freeradius system packages

apt:

name:

- freeradius

- freeradius-postgresql

- freeradius-rest

state: latest

notify: restart freeradius

- name: SQL Configuration

template:

src: freeradius/sql.j2

dest: "{{ freeradius_mods_available_dir }}/sql"

mode: 0640

owner: freerad

group: freerad

notify: restart freeradius

- name: Enable SQL module

file:

src: "{{ freeradius_mods_available_dir }}/sql"

dest: "{{ freeradius_mods_enabled_dir }}/sql"

state: link

mode: 0640

owner: freerad

group: freerad

- name: SQL Counter module

template:

src: freeradius/sqlcounter.j2

dest: "{{ freeradius_mods_available_dir }}/sqlcounter"

mode: 0640

owner: freerad

group: freerad

notify: restart freeradius

- name: Enable SQL Counter module

file:

src: "{{ freeradius_mods_available_dir }}/sqlcounter"

dest: "{{ freeradius_mods_enabled_dir }}/sqlcounter"

state: link

mode: 0640

owner: freerad

group: freerad

- name: Fix dailycounter.conf

copy:

src: freeradius/dailycounter.conf

dest: "{{ freeradius_dir }}/mods-config/sql/counter/postgresql/dailycounter.conf"

mode: 0640

owner: freerad

group: freerad

notify: restart freeradius

- name: REST Configuration

template:

src: freeradius/rest.j2

dest: "{{ freeradius_mods_available_dir }}/rest"

mode: 0640

owner: freerad

group: freerad

notify: restart freeradius

- name: Enable REST module

file:

src: "{{ freeradius_mods_available_dir }}/rest"

dest: "{{ freeradius_mods_enabled_dir }}/rest"

state: link

mode: 0640

owner: freerad

group: freerad

- name: Remove default site

file:

dest: "{{ freeradius_sites_enabled_dir }}/default"

state: absent

- name: Ensure inner-tunnel site is present

file:

src: "{{ freeradius_sites_available_dir }}/inner-tunnel"

dest: "{{ freeradius_sites_enabled_dir }}/inner-tunnel"

state: link

mode: 0640

owner: freerad

group: freerad

- name: Captive portal configuration

template:

src: freeradius/captiveportal.j2

dest: "{{ freeradius_sites_available_dir }}/captiveportal"

mode: 0640

owner: freerad

group: freerad

notify: restart freeradius

tags: [radius]

- file:

src: "{{ freeradius_sites_available_dir }}/captiveportal"

dest: "{{ freeradius_sites_enabled_dir }}/captiveportal"

state: link

mode: 0640

owner: freerad

group: freerad

tags: [radius]

# openwisp-radius cron jobs

- name: delete_old_radacct

cron:

day: "*"

hour: 05

minute: 30

job: "/opt/openwisp2/env/bin/python /opt/openwisp2/manage.py delete_old_radacct 730"

tags: [openwisp2, radius]

- name: delete_old_postauth

cron:

day: "*"

hour: 05

minute: 0

job: "/opt/openwisp2/env/bin/python /opt/openwisp2/manage.py delete_old_postauth 365"

tags: [openwisp2, radius]

- name: cleanup_stale_radacct

cron:

day: "*"

hour: 04

minute: 0

job: "/opt/openwisp2/env/bin/python /opt/openwisp2/manage.py cleanup_stale_radacct 1"

tags: [openwisp2, radius]

- name: deactivate_expired_users

cron:

day: "*"

hour: "*"

minute: "*/5"

job: "/opt/openwisp2/env/bin/python /opt/openwisp2/manage.py deactivate_expired_users"

tags: [openwisp2, radius]

- name: delete_old_users

cron:

day: "*"

hour: "03"

minute: "30"

job: "/opt/openwisp2/env/bin/python /opt/openwisp2/manage.py delete_old_users"

tags: [openwisp2, radius]

Best regards

Federico

Demian Pecile

unread,

Nov 18, 2020, 12:21:59 PM11/18/20

to open...@googlegroups.com

Hi Federico

Great !

Thanks

I will give a try and let you know.

--
Demian Pecile

--
You received this message because you are subscribed to the Google Groups "OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+u...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/openwisp/75af9548-cee9-4d3d-aceb-7b30c41a14can%40googlegroups.com.

Michele Salerno

unread,

Nov 19, 2020, 9:36:59 AM11/19/20

to open...@googlegroups.com

Hi,
the templates where I find?
the directory freeradius not exist.
Best regards.

Michele Salerno

Il giorno mer 18 nov 2020 alle ore 18:19 Federico Capoano
<federico...@gmail.com> ha scritto:

> --
> You received this message because you are subscribed to the Google Groups "OpenWISP" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+u...@googlegroups.com.
> To view this discussion on the web, visit https://groups.google.com/d/msgid/openwisp/75af9548-cee9-4d3d-aceb-7b30c41a14can%40googlegroups.com.

--
Informativa Privacy - Ai sensi del D. Lgs n. 196/2003 (Codice Privacy)
si precisa che le informazioni contenute in questo messaggio sono
riservate e ad uso esclusivo del destinatario. Qualora il messaggio in
parola Le fosse pervenuto per errore, La preghiamo di eliminarlo senza
copiarlo e di non inoltrarlo a terzi, dandocene gentilmente
comunicazione. Grazie.

Privacy Information - This message, for the D. Lgs n. 196/2003
(Privacy Code), may contain confidential and/or privileged
information. If you are not the addressee or authorized to receive
this for the addressee, you must not use, copy, disclose or take any
action based on this message or any information herein. If you have
received this message in error, please advise the sender immediately
by reply e-mail and delete this message. Thank you for your
cooperation.

Ajay Tripathi

unread,

Nov 21, 2020, 7:19:53 AM11/21/20

to OpenWISP

Hi Michele Salerno,

On Thursday, November 19, 2020 at 8:06:59 PM UTC+5:30 miky...@gmail.com wrote:

the templates where I find?

You'll have to create them, this might help:-

1. See docs: https://openwisp-radius.readthedocs.io/en/latest/developer/freeradius.html

2. See example: https://github.com/openwisp/docker-openwisp/tree/master/build/openwisp_freeradius/raddb

Best,

Ajay Tripathi

unread,

Dec 16, 2020, 5:23:08 AM12/16/20

to OpenWISP

Hi guys,

The PR for installing radius + monitoring + firmware: https://github.com/openwisp/ansible-openwisp2/pull/223

is complete and ready for testing.

|f anyone can help with beta testing, that would speed up the process,

my basic playbook for installing everything looks like this.

```

- hosts: openwisp2

become: true

roles:

- ansible-openwisp2

vars:

openwisp2_network_topology: true

openwisp2_firmware_upgrader: true

openwisp2_radius: true

```

Thank You,

Ajay Tripathi

Reply all

Reply to author

Forward