Import config file from CLI

Started by marin, February 08, 2018, 11:03:52 AM

Previous topic - Next topic
Hi,

We're planning to deploy several tens OpnSense instances in our enterprise network. These instances will share common alias and rule sets.

I do not know of any reliable central management solution capable of automating the update of these sets on such a scale. AFAIK, there is no web service or API either dedicated to these tasks. This is why we need to find our own way to push the updates to our boxes.

I plan to develop a tool which would generate dynamic OpnSense XML config files from a set of parameters. The files would be valid XML config files, either full or partial (e.g. aliases only).

My issue is how to perform the actual update on the target firewalls: let's assume I have a valid config.xml file which contains the desired config state. Does there exist a CLI tool able to perform the update? Such a tool would allow us to ease config updates with an Ansible-like engine.

If such a tool exists, does it also support partial config files, just like the Web UI?

Thanks,

Marin.

Hi Marin,

The new configuration needs to be moved to /conf/config.xml and then there are several scripts to reconfigure it according to what subsystem you need to reload.

# configctl configd actions


Cheers,
Franco