Comments (18)
@piethonkoop Thanks.
I don't have free time for now but my roadmap/needs for the next new modules is:
- pfsense_log
- pfsense_notification
- pfsense_package
- pfsense_patch
- pfsense_shellcmd
- pfsense_cron
- pfsense_frr
- pfsense_frr_acl
- pfsense_frr_ospf
- pfsense_frr_ospf_interface
Since it's not much work, I will probably start with the vip ip alias.
from ansible-pfsense.
good news ! Writing unit tests is boring but it saved us from a lot of bugs :)
from ansible-pfsense.
it's fixed. Every parameters with choices and a default value is considered as always present. So in that case required=True is invalid (the linter complains about it), and required=False is tautological.
I have also removed description and details from required parameters on alias when state is equal to present (they are not).
We should etablish a todo list before submitting our code for real.
from ansible-pfsense.
done:
- implement icmp types in pfsense_rule
- complete rules testing (check the CLI output)
- a few bugs in pfsense_interface needs to be fix
- clarify interface terminology (in interfaces xml, it can be named by tag, by descr or by if)
todo:
- full code review
- rewrite user, group, ca and ldap modules with module_base inheritance
- write unit tests for these modules
- check ip type consistency between ipv4 & ipv6 everywhere there is an ip protocol parameter (pfsense_rule is not doing this check for example)
- implement ipv6 and dhcp in interfaces
- for each delete (absent), check if the object is in use (missing at least for aliases)
maybe:
- i dont like much what we've done in modules_util/pfsense.py regarding init (searching all kind of nodes for later). A when needed search & cache would be more clean imo.
- split into multiple files module_utils/pfsense.py which is starting to be too big (I have wrote last new functions in __impl folder)
- in rules, the protocol default to any. In the web gui, it's tcp. Maybe it would be better (more intuitive) to stay on pfsense gui default values ?
- in rules, we're using a parameters 'name' when it's a 'descr'. It's confusing since there is some modules that use real name fields (like alias or gateway).
from ansible-pfsense.
we have an issue with ipv6 on rules. Since we've used ":" as a separator, we can't correctly parse something like 2001::2001:22. It can either be the address 2001::2001:22 or the address 2001::2001 on port 22.
I suggest to split the source and destination fields and to create two new parameters for the ports (like source_port and destination_port)
from ansible-pfsense.
I have added the two parameters. The old syntax is still working but a warning is emitted about the deprecation.
Also, the source, source_port, destination & destination_port are a bit long. How about just src, src_port, dst and dst_port ?
from ansible-pfsense.
They are long, but that it what the iptables module uses so i would like to be consistent with that I think.
from ansible-pfsense.
Ok. I took a look to iptables module, they used ':' as a separator for port range. Do you want us to do the same ? (in the new fields, with a proper warning)
from ansible-pfsense.
Regarding the interface names:
- the xml descr field is the display name, which is named "interface" in modules parameters
- the xml if field is the os name (igb0, igb0.100, etc.), which is also named "interface" in pfsense_vlan parameters or 'port' in some parts of pfSense code
- the xml tag is the internal pfSense name, or id, which should never be exposed to users, and is used all along config.xml
Therefore, to clarify, variables or parameters should use:
- interface or displayname (interface in parameters, get_interface_by_displayname)
- interface_port (interface_port in parameters, get_interface_by_port)
- interface_id (get_interface_by_id)
I will do some changes to reflect that unless you disagree.
from ansible-pfsense.
Hi,
It's on my mind (as general & advanced setup, packages, frr, ...). Which vip type(s) are you using ?
from ansible-pfsense.
Hi @f-bor ,
glad to hear that :-)
I'm using "ip alias" vip.
from ansible-pfsense.
Awesome job, thanks!
+1 for VIP IP Alias :)
from ansible-pfsense.
from ansible-pfsense.
If I'm reading things correctly, it's not currently possible to use this collection to manage services like DHCP or DNS, is that correct? Is that functionality planned, or should I approach this a different way?
from ansible-pfsense.
@lhanson - it certainly could be added if anyone has the time/inclination. Feel free to file an RFE request so that is stays on the radar.
from ansible-pfsense.
So, I've ported user, group, ca, and authserver_ldap to PFSenseModuleBase. Need to finally start writing unit tests myself...
from ansible-pfsense.
Travis CI is now running ansible-test sanity and units tests.
from ansible-pfsense.
Closing this repo down. Please file new requests at https://github.com/pfsensible/core
from ansible-pfsense.
Related Issues (20)
- Calling the plugin breaks special XML fields which use CDATA and contain ampersands HOT 4
- Managing DHCP and unbound - any plans? HOT 4
- Modules list error in main README.md ? HOT 1
- Feature Request: Provide interface update HOT 1
- Ansible - Error using privilege escalation HOT 1
- pfsense 2.5 Support? HOT 25
- using ca module in pfsense 2.5 HOT 1
- pfsensible.core not compatible with ansible.netcommon 2.0.0 HOT 1
- diff['before'] is equal to diff['after'] HOT 1
- Retire this repo HOT 5
- pfsense_vlan.py error on 2.5.1 HOT 5
- Problem with pfsense_authserver_ldap module - automatically change LDAP config ? HOT 2
- pfsense_ipsec_p2 module overwriting other p2 interfaces in 2.5.2 HOT 1
- pfsense_aggregate: module failuer when try to use non-default gateway with the rule
- cannot add vlan interface HOT 1
- can we have a backup option on this ansible modules HOT 1
- Rule add issue when alias list is empty -> TypeError: 'NoneType' object is not iterable HOT 1
- pfsense_interface module cannot remove a subinterface HOT 1
- ERROR! 'pfsense_rule' is not a valid attribute for a Play HOT 1
- Not a problem - just wondering if there is a way to print a list of users by group? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-pfsense.