support for managing haproxy hosts about ansible-pfsense HOT 14 CLOSED

waiting Haproxy rules too!

from ansible-pfsense.

As a start, I wrote two modules to manage backends. You can find documentation for those modules in the wiki: pfsense_haproxy_backend and pfsense_haproxy_backend_server

There is a lot of options there. I did everything for the server objects but not for the backend objects. Just tell me if there is anything missing.

Since I'm not a haproxy user, I need someone to validate the generation of a working configuration (I have tested the configuration generation but not the real haproxy job behind).

I'll move to frontends after that.

from ansible-pfsense.

I took a quick look and it seems to be quite some work (there are a lot of settings on backend and frontend entries).

If I write some minimalists modules, would you be ok to implement the extra settings you need ?

from ansible-pfsense.

The lack of API on pfsense for editing its configuration items makes me wonder if I will not endup switching from pfsense to something else in the future.

Still if I will continue using it I will be more than happy to contibute to it. Obviously that configuring haproxy counts as a corner case.

For the moment updating the haproxy settings is something I still do by hand.

from ansible-pfsense.

In pfSense 3, there will be a CLI that we will use to manage pfSense like other ansible network modules are doing with their devices (there will even be a RESTCONF api, see: https://www.reddit.com/r/PFSENSE/comments/6wosx8/a_very_short_preview_of_30_cli_and_restconf/). Then it will be a lot more easy for us to handle settings (we won't have to check user input).

Do you need both backend and frontend modules for haproxy ?

from ansible-pfsense.

@f-bor Well, Reddit goes back 3-4 years about pfsense 3, and https://www.pfsense.org/snapshots/ does not look like something we will soon(ever?) see.

Yep, i need both because my main use for haproxy is to use it as SSL frontent for services running on containers on one of my homelab network. The DNS has wildcard assignment for my homelab domain so I only need to add "foo-service.homelab" -> IP:PORT somewhere on intranet.

This assures that I can access my services using a globally recognized SSL certificate without needing to deploy the certificate to each ofthem (or to update it). Everything happenson pfsense side, end cerrtificate refresh with letsencrypt works well.

from ansible-pfsense.

Generally +1 for wanting to manage haproxy rules.

from ansible-pfsense.

Would anyone be willing to share the section of their config.xml files? This would give some indication of what settings would be useful for people. No commitment to work on this as I don't personally use haproxy. But as @f-bor indicated, perhaps giving people a base module others could submit PRs for the features they need.

from ansible-pfsense.

I need to finish two modules to manage ipsec proposals and phase 2 options for my own usage, and then I will work on haproxy.

from ansible-pfsense.

Since then I switched to opnsense but that's not signifiantly better either. I am willing to migrate to a completely new router-os if I find one that can be nicely managed with ansible and that has the ability to add DNS entries and SSL-offloading for services that I spawn internally. I am inclined to close thet ticket as I lost my interest but I think others may be upset.

from ansible-pfsense.

Since some other folks did upvote the request, I would prefer if you let it open.

For the DNS entries, you mean managing Bind records ?

from ansible-pfsense.

Hi @f-bor,

Since I'm not a haproxy user, I need someone to validate the generation of a working configuration (I have tested the configuration generation but not the real haproxy job behind).

I'm using pfsense_haproxy_backend_server (via Ansible collection) to update the server pool and it works well.

from ansible-pfsense.

I hate to revive an old issue, but I'd love to see some sort of Ansible modules or collections for managing haproxy rules as well.

from ansible-pfsense.

Closing this repo down. Please file new requests at https://github.com/pfsensible/core

from ansible-pfsense.