Infrastructure as Code : OPNSense configuration automation

Started by johnride, September 05, 2024, 04:18:43 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 05, 2024, 04:18:43 PM
Hey there,

I am building an infrastructure as code orchestrator and I am looking at the best way to automatically set up DHCP static mappings and iPXE related services.

The end goal is to have a series of modules that will 100% automate OPNSense configuration when building an Openshift / OKD cluster on bare metal.

The question is :

- What is the best way to automate OPNSense configuration today ?
- What is the vision for the API that is currently in the works ? Is the plan to cover all core OPNsense features ?

For now, I found the API is not mature yet and quite a few posts online on this topic that all seem to fall back on ssh editing the dhcpd configuration file for DHCP. I also need the internal DNS-DHCP integration enabled and to automate DNS overrides setup.

Eventually I will also need to automate interface assignment, VLANs, VPNs and possibly WAF.

Thanks !
September 05, 2024, 04:26:13 PM #1
I am also considering crafting automatically a config.xml file that I would send to the config restoration service.

I am concerned about preserving the backup/restore and High Availability sync capabilities of OPNSense. I feel like directly editing the dhcpd and dns config files might fly under the radar of opnsense sync/backup features.
September 11, 2024, 03:48:46 PM #2
Greetings.

Check out the Ansible Collection I'm maintaining: https://github.com/ansibleguy/collection_opnsense

It strictly only uses the APIs that are provided and supported by the OPNSense project: https://docs.opnsense.org/development/api.html

The API for DHCP reservations is not yet implemented though.. https://github.com/ansibleguy/collection_opnsense/issues/45

If you take the risk of editing the raw XML-config - you could also checkout this Ansible Collection: https://github.com/puzzle/puzzle.opnsense (I can not recommend that)
September 26, 2024, 07:23:42 PM #3
So it seems I was not blind. Proper opnsense automation is still kind of hacky. I will have a look at that puzzle collection, maybe it's good enough for now until proper APIs are implemented.

Thanks for the info!
Print
Go Up Pages1
User actions