Unattended Installation/Auto-provisioning Options?

Started by saschas, May 27, 2025, 10:10:22 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 27, 2025, 10:10:22 AM
So my use case is that I need to install multiple opnsense firewalls in cloud and hypervisors like ESXi.
The provisioning MUST be unattended and will be fully automation.

I have managed to use a Jinja template and Python script to generate a config.xml from a XAML file with all settings. Users, interfaces, system settings and FW rules, passwords and certificates will be pulled from a vault during the process.

I have also managed to use VMware`s guestinfo feature and open-vm-tools to shared the config with the VM.
I added a service that checks if the config is different from the one in /conf/config.xml and replaces it.
During the process I also create a file that avoids having an loop in my auto-provision service.

I choosed that way as it is less work than creating an ISO image with the config and mount it to the VM.
Which I tried before and got stuck with the "press a key" from the installer.

I am stuck with the new config being overwritten, no matter how I restart the services.

So I tried to do it manually, saved the content of the guestinfo into a temp file, copied the temp file over the current configuration. (copy /tmp/config.xml /conf/config.xml)
But as soon as run any command like /usr/local/sbin/configctl the data in /conf/config.xml is replaced again.

I have tried to read the documentation to understand how exactly this works, but did not find any proper documentation.

Then I looked into opnsense-importer and as far as I can tell it just copies the config.xml from a mounted filesystem over /conf/config.xml and reboots.
So I tried to copy and reboot. But again the system comes up with the old configuration.

A Google search revealed that I am not alone with this problem, but I could not find a working answer.

Maybe some more experiences with opnsense could help to figure out how to setup opnsense VMs without the need for any manual intervention.
May 27, 2025, 10:13:34 AM #1
Maybe the bootstrap method is for you? You could look at my Vagrant project for ideas:

https://github.com/punktDe/vagrant-opnsense
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions