Charmed FreeRADIUS

OSM’s 11. Hackfest happened last week — 31.05.2021–04.06.2021.

This Hackfest, the challenge was Network Function packaging and onboarding on the latest OSM Release 10 (pre-release).

Our team’s deployment got the 3rd place in the event🎉.

You can see the agenda and details here: https://osm.etsi.org/wikipub/index.php/OSM11_Hackfest

In this article, I am just going to talk about deploying Charmed FreeRADIUS

FreeRADIUS

The FreeRADIUS Server Project is a high performance and highly configurable multi-protocol policy server, supporting RADIUS, DHCPv4 DHCPv6, TACACS+ and VMPS. It is available under the terms of the GNU GPLv2. Using RADIUS allows authentication and authorization for a network to be centralized, and minimizes the number of changes that have to be done when adding or deleting new users to a network.

FreeRADIUS can authenticate users on systems such as 802.1x (WiFi), dialup, PPPoE, VPN’s, VoIP, and many others. It supports back-end databases such as MySQL, PostgreSQL, Oracle, Microsoft Active Directory, Apache Cassandra, Redis, OpenLDAP, and many more. It is used daily to authenticate the Internet access for hundreds of millions of people, in sites ranging from 10 to 10 million+ users. [1]

Juju

Juju is a Charmed Operator Framework, composed of a Charmed Operator Lifecycle Manager and the Charmed Operator SDK. Deploy, integrate, and manage Kubernetes, container and VM-native applications seamlessly across hybrid clouds. Juju drives Day 0 through Day 2 operations in your complex environment. [2]

Kubernetes Scaling with Juju (OSM)

Installation

Before go further, we should set up an environment for our deployment. Basically, we just need a Ubuntu-18.04(Bionic Beaver) machine and an internet connection.

Installation steps:

• Installation of MicroK8s and Juju
• Setting up the MicroK8s
• Bootstrapping the Juju controller on MicroK8s

MicroK8s and Juju Installation

The following commands will install MicroK8s and Juju from the Snap Store. It’s really easy to install. You just need to sit back and wait.

snap install microk8s --classic
snap install juju --classic

MicroK8s setup

After installation, you can enable any service you want. [3]

# Check the K8s status 
microk8s status --wait-ready
# Minimum components [4]
microk8s enable storage dns

With MicroK8s installation, you can only run kubectl command with microk8s.kubectl or mircok8s kubectl . To add alias for kubectl command

sudo snap alias microk8s.kubectl kubectl

Creating Juju controller

Creating controller go by the name of bootstrapping process. The Juju controller manages all the resources in our model such as scaling, configuration and actions [5]

# Assumes that the config file is located at $HOME/./kube/config
juju bootstrap microk8s

We are ready for deployment!

Deploying Charmed FreeRADIUS

Charms are sets of scripts that simplify the deployment and management tasks of a service. [6]
Bundles are collections of charms that link applications together, so you can deploy whole chunks of infrastructure in one go. [6]

We are going to locally deploy our application with Juju Bundle which includes three different application (freeradius-k8s, freeradiustesting-k8s, mariadb-k8s).

mariadb-k8s application (MySQL server ) will store the needed data.

freeradiustesting-k8s application for testing the authentication and it has an auth test action that can be triggered via juju run-action command

freeradius-k8s application is our FreeRADIUS server.

If you want to develop by yourself, there is a great guide for starting with Juju Bundles — https://osm.etsi.org/docs/vnf-onboarding-guidelines/05-quickstarts.html#starting-with-juju-bundles

Clone the repository to start deployment — https://github.com/eminaktas/freeradius-k8s

First, create a model to deploy the bundle.

# Creating model will automatically switch to the new model
# To switch the model `juju switch radius-model`
# Model name also become the namespace in the K8s
juju add-model radius-model microk8s

Deploy thebundle.

# Should be in the freeradius-k8s folder
# The applications will be deployed in the new model
juju deploy ./juju-bundles
# Check status of applications
juju status

The FreeRADIUS server container will most highly will fail to run because it requires MySQL database restored. In this early version, Should handled by hand

# Copy backup file to container
kubectl cp mysql/radius.sql.gz mariadb-k8s-0:/tmp/backup.sql.gz -n radius-model -c mariadb-k8s
# Run restore action
juju run-action mariadb-k8s/0 restore path="/tmp"

In a short time, applications should be up and running.

You can also check the K8s objects. The created model will be the namespace name in the K8s.

kubectl get all -n radius-model

If you see everything is fine. You can run the following action to test whether authentication is successful or not.

# Run `juju status` to find out the unit-number.
# It will print out the result
juju run-action freeradiustesting-k8s/<unit-number> auth-test hostname=freeradius-k8s username=testing password=password nas-port-number=2 radius-secret=testing123 --wait

That’s all from me. Thanks for reading 🙌

References:

1. https://github.com/FreeRADIUS/freeradius-server#introduction
2. https://juju.is/
3. https://microk8s.io/docs/addons#heading--list
4. https://microk8s.io/docs — search for “Use add-ons” in the page
5. https://jaas.ai/how-it-works
6. https://jaas.ai/store