Comments (14)
waiting Haproxy rules too!
from ansible-pfsense.
As a start, I wrote two modules to manage backends. You can find documentation for those modules in the wiki: pfsense_haproxy_backend and pfsense_haproxy_backend_server
There is a lot of options there. I did everything for the server objects but not for the backend objects. Just tell me if there is anything missing.
Since I'm not a haproxy user, I need someone to validate the generation of a working configuration (I have tested the configuration generation but not the real haproxy job behind).
I'll move to frontends after that.
from ansible-pfsense.
I took a quick look and it seems to be quite some work (there are a lot of settings on backend and frontend entries).
If I write some minimalists modules, would you be ok to implement the extra settings you need ?
from ansible-pfsense.
The lack of API on pfsense for editing its configuration items makes me wonder if I will not endup switching from pfsense to something else in the future.
Still if I will continue using it I will be more than happy to contibute to it. Obviously that configuring haproxy counts as a corner case.
For the moment updating the haproxy settings is something I still do by hand.
from ansible-pfsense.
In pfSense 3, there will be a CLI that we will use to manage pfSense like other ansible network modules are doing with their devices (there will even be a RESTCONF api, see: https://www.reddit.com/r/PFSENSE/comments/6wosx8/a_very_short_preview_of_30_cli_and_restconf/). Then it will be a lot more easy for us to handle settings (we won't have to check user input).
Do you need both backend and frontend modules for haproxy ?
from ansible-pfsense.
@f-bor Well, Reddit goes back 3-4 years about pfsense 3, and https://www.pfsense.org/snapshots/ does not look like something we will soon(ever?) see.
Yep, i need both because my main use for haproxy is to use it as SSL frontent for services running on containers on one of my homelab network. The DNS has wildcard assignment for my homelab domain so I only need to add "foo-service.homelab" -> IP:PORT somewhere on intranet.
This assures that I can access my services using a globally recognized SSL certificate without needing to deploy the certificate to each ofthem (or to update it). Everything happenson pfsense side, end cerrtificate refresh with letsencrypt works well.
from ansible-pfsense.
Generally +1 for wanting to manage haproxy rules.
from ansible-pfsense.
Would anyone be willing to share the section of their config.xml files? This would give some indication of what settings would be useful for people. No commitment to work on this as I don't personally use haproxy. But as @f-bor indicated, perhaps giving people a base module others could submit PRs for the features they need.
from ansible-pfsense.
I need to finish two modules to manage ipsec proposals and phase 2 options for my own usage, and then I will work on haproxy.
from ansible-pfsense.
Since then I switched to opnsense but that's not signifiantly better either. I am willing to migrate to a completely new router-os if I find one that can be nicely managed with ansible and that has the ability to add DNS entries and SSL-offloading for services that I spawn internally. I am inclined to close thet ticket as I lost my interest but I think others may be upset.
from ansible-pfsense.
Since some other folks did upvote the request, I would prefer if you let it open.
For the DNS entries, you mean managing Bind records ?
from ansible-pfsense.
Hi @f-bor,
Since I'm not a haproxy user, I need someone to validate the generation of a working configuration (I have tested the configuration generation but not the real haproxy job behind).
I'm using pfsense_haproxy_backend_server
(via Ansible collection) to update the server pool and it works well.
from ansible-pfsense.
I hate to revive an old issue, but I'd love to see some sort of Ansible modules or collections for managing haproxy rules as well.
from ansible-pfsense.
Closing this repo down. Please file new requests at https://github.com/pfsensible/core
from ansible-pfsense.
Related Issues (20)
- Calling the plugin breaks special XML fields which use CDATA and contain ampersands HOT 4
- Managing DHCP and unbound - any plans? HOT 4
- Modules list error in main README.md ? HOT 1
- Feature Request: Provide interface update HOT 1
- Ansible - Error using privilege escalation HOT 1
- pfsense 2.5 Support? HOT 25
- using ca module in pfsense 2.5 HOT 1
- pfsensible.core not compatible with ansible.netcommon 2.0.0 HOT 1
- diff['before'] is equal to diff['after'] HOT 1
- Retire this repo HOT 5
- pfsense_vlan.py error on 2.5.1 HOT 5
- Problem with pfsense_authserver_ldap module - automatically change LDAP config ? HOT 2
- pfsense_ipsec_p2 module overwriting other p2 interfaces in 2.5.2 HOT 1
- pfsense_aggregate: module failuer when try to use non-default gateway with the rule
- cannot add vlan interface HOT 1
- can we have a backup option on this ansible modules HOT 1
- Rule add issue when alias list is empty -> TypeError: 'NoneType' object is not iterable HOT 1
- pfsense_interface module cannot remove a subinterface HOT 1
- ERROR! 'pfsense_rule' is not a valid attribute for a Play HOT 1
- Not a problem - just wondering if there is a way to print a list of users by group? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-pfsense.