Mass deploy OPNsense

[KoS]

Hi

I have been using voyage linux (read-only debian-based system) for deploying many firewalls in the past. To make that process easier and repeatable, I have customized the system the way I needed it and than crated an image that I could re-deploy. I had a simple script that writes the image on a new disk and customizes e.g. the hostname.

Is there a similar process that I could use for OPNsense? fyi, I will deploy it always to the same storage (type & size) and use it on the same hardware (APU boards). Who are you doing this? Has somebody written a script for that?

Kind regards
 KoS

[fabian]

You can install it and then update the config.xml manually after writing the image of your previous installation.

[franco]

Someone suggested cloud-init integration, which would fix all that, but we will have to play with it for a bit (it also adds packaging complexity to the image).

There's no other way except for modifying the config.xml or maybe the MSDOS config import trick, which isn't well documented. You can use a Windows USB stick, put a /conf directory on it with config.xml and other genuine OPNsense content to have that used on system bootstrap instead of the factory defaults.


Cheers,
Franco

[KoS]

Thank you both for the hints.

So that means I could write the image to a new disk, replace the /conf/config.xml with my adapted version and thats it? So the /conf/config.xml is the "master" config and will be used upon boot-up? (and then overwritten by anychanges made in the UI)
The USB boot stick config trick sounds also good. Where would I found information about it?

In general I have not found any more description about the configuration system than here: https://docs.opnsense.org/development/architecture.html ?

[franco]

Yes on the replacement of content in /conf. config.xml is the main config file, backups for previous revisions are stored under /conf/backup, etc.

USB boot trick is not in the documentation, but in the forum there used to be a bit of talk about it.

The dev manual pages are aimed at general structure for the purpose of extending the system, not a hands on guide for how to best deploy changes / bootstrap images.


Cheers,
Franco

[KoS]

Thanks. I will search for it in the forum, whereas I just found your message https://forum.opnsense.org/index.php?topic=3297.msg10627#msg10627 where it seems that USB config.xml auto-restore has been removed. I will just try it later on to see if it still works :-)

Regards the dev manual, is there a place where such information should/could be documented? I don't want to bother too much in the forum asking "newbie" questions (whereas I couldn't find it with the forum search as I was not using the right search terms).

[franco]

The old way was removed, a simpler way was added later...

https://github.com/opnsense/core/issues/1372