Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Infrastructure as Code : OPNSense configuration automation
« previous
next »
Print
Pages: [
1
]
Author
Topic: Infrastructure as Code : OPNSense configuration automation (Read 648 times)
johnride
Newbie
Posts: 6
Karma: 1
Infrastructure as Code : OPNSense configuration automation
«
on:
September 05, 2024, 04:18:43 pm »
Hey there,
I am building an infrastructure as code orchestrator and I am looking at the best way to automatically set up DHCP static mappings and iPXE related services.
The end goal is to have a series of modules that will 100% automate OPNSense configuration when building an Openshift / OKD cluster on bare metal.
The question is :
- What is the best way to automate OPNSense configuration today ?
- What is the vision for the API that is currently in the works ? Is the plan to cover all core OPNsense features ?
For now, I found the API is not mature yet and quite a few posts online on this topic that all seem to fall back on ssh editing the dhcpd configuration file for DHCP. I also need the internal DNS-DHCP integration enabled and to automate DNS overrides setup.
Eventually I will also need to automate interface assignment, VLANs, VPNs and possibly WAF.
Thanks !
Logged
johnride
Newbie
Posts: 6
Karma: 1
Re: Infrastructure as Code : OPNSense configuration automation
«
Reply #1 on:
September 05, 2024, 04:26:13 pm »
I am also considering crafting automatically a config.xml file that I would send to the config restoration service.
I am concerned about preserving the backup/restore and High Availability sync capabilities of OPNSense. I feel like directly editing the dhcpd and dns config files might fly under the radar of opnsense sync/backup features.
Logged
ansibleguy
Newbie
Posts: 21
Karma: 2
Re: Infrastructure as Code : OPNSense configuration automation
«
Reply #2 on:
September 11, 2024, 03:48:46 pm »
Greetings.
Check out the Ansible Collection I'm maintaining:
https://github.com/ansibleguy/collection_opnsense
It strictly only uses the APIs that are provided and supported by the OPNSense project:
https://docs.opnsense.org/development/api.html
The API for DHCP reservations is not yet implemented though..
https://github.com/ansibleguy/collection_opnsense/issues/45
If you take the risk of editing the raw XML-config - you could also checkout this Ansible Collection:
https://github.com/puzzle/puzzle.opnsense
(I can not recommend that)
Logged
johnride
Newbie
Posts: 6
Karma: 1
Re: Infrastructure as Code : OPNSense configuration automation
«
Reply #3 on:
September 26, 2024, 07:23:42 pm »
So it seems I was not blind. Proper opnsense automation is still kind of hacky. I will have a look at that puzzle collection, maybe it's good enough for now until proper APIs are implemented.
Thanks for the info!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Infrastructure as Code : OPNSense configuration automation