OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: marin on February 08, 2018, 11:03:52 am

Title: Import config file from CLI
Post by: marin on February 08, 2018, 11:03:52 am

We're planning to deploy several tens OpnSense instances in our enterprise network. These instances will share common alias and rule sets.

I do not know of any reliable central management solution capable of automating the update of these sets on such a scale. AFAIK, there is no web service or API either dedicated to these tasks. This is why we need to find our own way to push the updates to our boxes.

I plan to develop a tool which would generate dynamic OpnSense XML config files from a set of parameters. The files would be valid XML config files, either full or partial (e.g. aliases only).

My issue is how to perform the actual update on the target firewalls: let's assume I have a valid config.xml file which contains the desired config state. Does there exist a CLI tool able to perform the update? Such a tool would allow us to ease config updates with an Ansible-like engine.

If such a tool exists, does it also support partial config files, just like the Web UI?


Title: Re: Import config file from CLI
Post by: franco on February 28, 2018, 07:38:47 am
Hi Marin,

The new configuration needs to be moved to /conf/config.xml and then there are several scripts to reconfigure it according to what subsystem you need to reload.

# configctl configd actions