Ansible Support for OPNSense?

Started by rvalle, September 22, 2019, 10:56:21 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
October 29, 2019, 10:22:50 AM #15
Hello @rvalle and others. Good to see that our PoC and provision repo on Naturalis is being used.

@Naturalis we are using ansible to automate the first (xml rewrite) deployment of OPNsense. After this our module is far from complete to do config changes. So thanks @rvalle for the help on improving it. ;)
Unfortunately lacking time the automation effort is stalled, also waiting for a more complete REST api.

So far we deployed a new campus network and are starting to do the same for our datacenter. In this network (and  most other components) we use ansible to automate all of it. Except for the firewalls. So if there could be some joint effort on using the REST api.. great!

December 24, 2019, 11:30:48 PM #16 Last Edit: December 24, 2019, 11:33:52 PM by rvalle
Hi All, @fpieters

I have been runnig this automation for some time. and the result is very satisfying.

Using ansible to compile an XMl cofiguration is a workable strategy while the REST API matures.

OPNSense is mature in the wasy that the configuration file describes pretty well the desired configuration state.

After having run this for some time, I am planing on a next major version that overcomes some issues found, and will improve it a bit further.

https://github.com/naturalis/ansible-opnsense/issues/19

I am also trying to implement Continiuous Integration on Gitlab so that I can test this roles against new updates in OPNSense. H
ere I need to use packer to generate appliances or something.
July 09, 2020, 03:59:53 PM #17
Greetings everyone,

I am reviving this thread as we are considering assessing OPNsense on our network. Since we are managing a lot with Ansible, I am coming here.

I was wondering if there has been some more observations concerning the naturalis role (in good or bad, I see it's still maintained).

I have also found https://github.com/opoplawski/ansible-pfsense/ whose seems pretty active. @rvalle, did you evaluate it (I had not found it into your messages here)?

Thanks much!
December 22, 2022, 07:23:45 PM #18
Greetings!

I just want to mention the Ansible Collection I am developing: https://github.com/ansibleguy/collection_opnsense

It utilizes the REST APIs provided by OPNSense - therefor it has some limitations, but it is applicable for many common use-cases.

- AnsibleGuy
Print
Go Up Pages 1 2
User actions