171 lines
4.0 KiB
YAML
171 lines
4.0 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: {{ .Release.Name }}-configs
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
app: clickhouse-operator
|
|
data:
|
|
default: |
|
|
server default {
|
|
listen {
|
|
type = auth
|
|
ipaddr = *
|
|
port = {{.Values.ports.main}}
|
|
limit {
|
|
max_connections = 16
|
|
lifetime = 0
|
|
idle_timeout = 30
|
|
}
|
|
}
|
|
|
|
listen {
|
|
ipaddr = *
|
|
port = {{.Values.ports.second}}
|
|
type = acct
|
|
|
|
limit {
|
|
}
|
|
}
|
|
|
|
authorize {
|
|
filter_username
|
|
preprocess
|
|
chap
|
|
mschap
|
|
digest
|
|
suffix
|
|
-sql
|
|
expiration
|
|
logintime
|
|
pap
|
|
Autz-Type New-TLS-Connection {
|
|
ok
|
|
}
|
|
}
|
|
authenticate {
|
|
Auth-Type PAP {
|
|
pap
|
|
}
|
|
Auth-Type CHAP {
|
|
chap
|
|
}
|
|
digest
|
|
}
|
|
|
|
preacct {
|
|
preprocess
|
|
acct_unique
|
|
suffix
|
|
files
|
|
}
|
|
accounting {
|
|
detail
|
|
unix
|
|
-sql
|
|
exec
|
|
attr_filter.accounting_response
|
|
}
|
|
session {
|
|
}
|
|
post-auth {
|
|
if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) {
|
|
update reply {
|
|
&User-Name !* ANY
|
|
}
|
|
}
|
|
update {
|
|
&reply: += &session-state:
|
|
}
|
|
-sql
|
|
exec
|
|
remove_reply_message_if_eap
|
|
Post-Auth-Type REJECT {
|
|
-sql
|
|
attr_filter.access_reject
|
|
remove_reply_message_if_eap
|
|
}
|
|
Post-Auth-Type Client-Lost {
|
|
}
|
|
if (EAP-Key-Name && &reply:EAP-Session-Id) {
|
|
update reply {
|
|
&EAP-Key-Name := &reply:EAP-Session-Id
|
|
}
|
|
}
|
|
}
|
|
pre-proxy {
|
|
}
|
|
post-proxy {
|
|
}
|
|
}
|
|
|
|
|
|
sql: |
|
|
sql {
|
|
dialect = "postgresql"
|
|
driver = "rlm_sql_${dialect}"
|
|
postgresql {
|
|
send_application_name = yes
|
|
}
|
|
|
|
server = "{{.Values.db.host}}"
|
|
port = {{.Values.db.port}}
|
|
login = "{{.Values.db.user}}"
|
|
password = "{{.Values.db.password}}"
|
|
radius_db = "{{.Values.db.name}}"
|
|
|
|
acct_table1 = "radacct"
|
|
acct_table2 = "radacct"
|
|
postauth_table = "radpostauth"
|
|
authcheck_table = "radcheck"
|
|
groupcheck_table = "radgroupcheck"
|
|
authreply_table = "radreply"
|
|
groupreply_table = "radgroupreply"
|
|
usergroup_table = "radusergroup"
|
|
|
|
delete_stale_sessions = yes
|
|
|
|
pool {
|
|
start = ${thread[pool].start_servers}
|
|
min = ${thread[pool].min_spare_servers}
|
|
max = ${thread[pool].max_servers}
|
|
spare = ${thread[pool].max_spare_servers}
|
|
uses = 0
|
|
retry_delay = 30
|
|
lifetime = 0
|
|
idle_timeout = 60
|
|
}
|
|
|
|
client_table = "nas"
|
|
group_attribute = "SQL-Group"
|
|
$INCLUDE ${modconfdir}/${.:name}/main/${dialect}/queries.conf
|
|
}
|
|
|
|
rest: |
|
|
rest {
|
|
tls {
|
|
}
|
|
connect_uri = "http://{{.Values.api.host}}:{{.Values.api.port}}/"
|
|
authorize {
|
|
uri = "${..connect_uri}radius/auth"
|
|
method = 'post'
|
|
body = 'json'
|
|
data = '{"ip": "%{Packet-Src-IP-Address}", "hotspot-group": "%{raw:Called-Station-Id}", "hotspot-id": "%{raw:NAS-Identifier}"}'
|
|
force_to = 'json'
|
|
auth = 'none'
|
|
require_auth = no
|
|
timeout = 4.000000
|
|
}
|
|
pool {
|
|
start = ${thread[pool].start_servers}
|
|
min = ${thread[pool].min_spare_servers}
|
|
max = ${thread[pool].max_servers}
|
|
spare = ${thread[pool].max_spare_servers}
|
|
uses = 0
|
|
retry_delay = 30
|
|
lifetime = 0
|
|
idle_timeout = 60
|
|
}
|
|
}
|
|
|