Skip to content

Add apply functions to HAProxy Frontend#677

Merged
jaredhendrickson13 merged 57 commits into
pfrest:next_patchfrom
colindclare:haproxy_apply_fixes
Apr 2, 2025
Merged

Add apply functions to HAProxy Frontend#677
jaredhendrickson13 merged 57 commits into
pfrest:next_patchfrom
colindclare:haproxy_apply_fixes

Conversation

@colindclare

Copy link
Copy Markdown
Contributor

Description

Installed pfSense-pkg-RESTAPI version:

(kolla) cclare@NEX-LW-2179 [11:29:05] [~] 
-> % ssh root@${MY_LB_IP} pfsense-restapi version                                                                                                                                                         
pfSense-pkg-RESTAPI-2.4
Name           : pfSense-pkg-RESTAPI
Version        : 2.4
Installed on   : Wed Apr  2 14:15:27 2025 UTC
Origin         : sysutils/pfSense-pkg-RESTAPI
Architecture   : FreeBSD:14:*
Prefix         : /usr/local
Categories     : sysutils
Licenses       : APACHE20
Maintainer     : github@jaredhendrickson.com
WWW            : UNKNOWN
Comment        : pfSense REST API package
Annotations    :
Flat size      : 6.93MiB
Description    :
The missing REST API package for pfSense.

Currently, the HAProxyFrontend model lacks the pre_apply() and apply() methods found in other HAProxy models. This prevents application of changes to HAProxy frontends, both with using the apply request parameter and POST requests the /api/v2/services/haproxy/apply endpoint. Examples:

Attempt to use `/api/v2/services/haproxy/apply` endpoint
# API request
(kolla) cclare@NEX-LW-2179 [10:46:41] [~] 
-> % curl -X GET -H 'Accept: application/json' -H "X-API-Key: ${PFSENSE_V2_KEY}" -sk "https://${MY_LB_IP}:12345/api/v2/services/haproxy/frontends?name=lb.dishausgaming.com" | jq '.data[].name'
"lb.dishausgaming.com"
(kolla) cclare@NEX-LW-2179 [10:46:42] [~] 
-> % cat ${HOME}/haproxy_frontend_patch.json 
{
  "id": 1,
  "name": "lb.dishausgaming.com-rename"
}
(kolla) cclare@NEX-LW-2179 [10:46:57] [~] 
-> % curl -X PATCH  -H 'Content-Type: application/json' -H 'Accept: application/json' -H "X-API-Key: ${PFSENSE_V2_KEY}" -sk "https://${MY_LB_IP}:12345/api/v2/services/haproxy/frontend" -d @"${HOME}/haproxy_frontend_patch.json"
{"code":200,"status":"ok","response_id":"SUCCESS","message":"","data":{"id":1,"name":"lb.dishausgaming.com-rename","descr":"Simple frontend that can be cloned for other customers","status":"active","a_extaddr":[{"parent_id":1,"id":0,"extaddr":"wan_ipv4","extaddr_custom":null,"extaddr_port":"80","extaddr_ssl":false,"exaddr_advanced":null},{"parent_id":1,"id":1,"extaddr":"wan_ipv4","extaddr_custom":null,"extaddr_port":"443","extaddr_ssl":true,"exaddr_advanced":null}],"max_connections":8192,"type":"http","ha_acls":[{"parent_id":1,"id":0,"name":"acme_validation","expression":"path_starts_with","value":"\/.well-known\/acme-challenge","casesensitive":false,"not":false},{"parent_id":1,"id":1,"name":"is_https","expression":"custom","value":"ssl_fc","casesensitive":false,"not":false}],"a_actionitems":[{"parent_id":1,"id":0,"action":"use_backend","acl":"acme_validation","backend":"acme-validation","customaction":null,"deny_status":null,"realm":null,"rule":null,"lua_function":null,"name":null,"fmt":null,"find":null,"replace":null,"path":null,"status":null,"reason":null},{"parent_id":1,"id":1,"action":"use_backend","acl":"is_https","backend":"template-https","customaction":null,"deny_status":null,"realm":null,"rule":null,"lua_function":null,"name":null,"fmt":null,"find":null,"replace":null,"path":null,"status":null,"reason":null},{"parent_id":1,"id":2,"action":"http-request_set-header","acl":null,"backend":null,"customaction":null,"deny_status":null,"realm":null,"rule":null,"lua_function":null,"name":"X-Cluster-Client-IP","fmt":"%[src]","find":null,"replace":null,"path":null,"status":null,"reason":null}],"backend_serverpool":"template-http","socket_stats":false,"dontlognull":true,"dontlog_normal":false,"log_separate_errors":false,"log_detailed":false,"a_errorfiles":[],"client_timeout":30000,"forwardfor":true,"httpclose":"http-keep-alive","advanced_bind":null,"advanced":"","ssloffloadcert":"67a39f99695c0","ha_certificates":[{"parent_id":1,"id":0,"ssl_certificate":"67a39feaef240"}]}}
(kolla) cclare@NEX-LW-2179 [10:47:54] [~] 
-> % curl -X GET -H 'Accept: application/json' -H "X-API-Key: ${PFSENSE_V2_KEY}" -sk "https://${MY_LB_IP}:12345/api/v2/services/haproxy/frontends?name__contains=lb.dishausgaming.com" | jq '.data[].name'                       
"lb.dishausgaming.com-rename"
(kolla) cclare@NEX-LW-2179 [10:48:12] [~] 
-> % curl -X GET -H 'Accept: application/json' -H "X-API-Key: ${PFSENSE_V2_KEY}" -sk "https://${MY_LB_IP}:12345/api/v2/services/haproxy/apply"                                                            
{"code":200,"status":"ok","response_id":"SUCCESS","message":"","data":{"applied":true}}

# Checking the HAProxy config on my LB
(kolla) cclare@NEX-LW-2179 [11:29:05] [~] 
-> % ssh root@${MY_LB_IP} grep -C2 lb.dishausgaming.com /var/etc/haproxy/haproxy.cfg 
	timeout server 5000

frontend lb.dishausgaming.com
	bind			199.189.226.4:80 name 199.189.226.4:80   
	bind			199.189.226.4:443 name 199.189.226.4:443   ssl crt-list /var/etc/haproxy/lb.dishausgaming.com.crt_list  
	mode			http
	log			global

Attempt to use `apply` request parameter
(kolla) cclare@NEX-LW-2179 [11:28:16] [~] 
-> % curl -X PATCH  -H 'Content-Type: application/json' -H 'Accept: application/json' -H "X-API-Key: ${PFSENSE_V2_KEY}" -sk "https://${MY_LB_IP}:12345/api/v2/services/haproxy/frontend" -d @"${HOME}/haproxy_frontend_path_orig.json" | jq '.'
{
  "code": 500,
  "status": "internal server error",
  "response_id": "ENDPOINT_RECEIVED_UNEXPECTED_ERROR",
  "message": "Class `RESTAPI\\Models\\HAProxyApplyDispatcher` not found\n#0 /usr/local/pkg/RESTAPI/Core/Model.inc(1671): RESTAPI\\Models\\HAProxyFrontend->apply()\n#1 /usr/local/pkg/RESTAPI/Core/Model.inc(2155): RESTAPI\\Core\\Model->apply_update()\n#2 /usr/local/pkg/RESTAPI/Core/Endpoint.inc(1189): RESTAPI\\Core\\Model->update(true, false, false)\n#3 /usr/local/pkg/RESTAPI/Core/Endpoint.inc(1077): RESTAPI\\Core\\Endpoint->patch()\n#4 /usr/local/www/api/v2/services/haproxy/frontend/index.php(9): RESTAPI\\Core\\Endpoint->process_request()\n#5 {main}",
  "data": []
}
(kolla) cclare@NEX-LW-2179 [11:28:19] [~] 
-> % cat ~/haproxy_frontend_path_orig.json 
{
  "id": 1,
  "name": "lb.dishausgaming.com-orig",
  "apply": true
}

Ultimately, the pfSense configuration is changed, but it is not possible to apply changes via API. Additionally, without the pre-apply method, the GUI cannot be used to apply the changes either since the dirty file is not created.

Changes

  • Add the pre_apply() and apply() methods to the HAProxyFrontend model. These functions are copied from the HAProxyBackend model and are also used in multiple other models.
  • Use HAProxyApplyDispatcher in HAProxyFrontend

jaredhendrickson13 and others added 30 commits January 4, 2025 13:55
HAProxy: Set SSL offload certificates and alternate certificates via API
fix: correct internal callable name in IPsecChildSAStatus
jaredhendrickson13 and others added 25 commits March 24, 2025 21:42
Updates the requirements on [jinja2](https://github.com/pallets/jinja) to permit the latest version.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@3.1.5...3.1.6)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-version: 3.1.6
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [webonyx/graphql-php](https://github.com/webonyx/graphql-php) from 15.19.1 to 15.20.0.
- [Release notes](https://github.com/webonyx/graphql-php/releases)
- [Changelog](https://github.com/webonyx/graphql-php/blob/master/CHANGELOG.md)
- [Commits](webonyx/graphql-php@v15.19.1...v15.20.0)

---
updated-dependencies:
- dependency-name: webonyx/graphql-php
  dependency-version: 15.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@stoplight/spectral-cli](https://github.com/stoplightio/spectral) from 6.14.2 to 6.14.3.
- [Release notes](https://github.com/stoplightio/spectral/releases)
- [Changelog](https://github.com/stoplightio/spectral/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/stoplightio/spectral/compare/@stoplight/spectral-cli-6.14.2...@stoplight/spectral-cli-6.14.3)

---
updated-dependencies:
- dependency-name: "@stoplight/spectral-cli"
  dependency-version: 6.14.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Updates the requirements on [pylint](https://github.com/pylint-dev/pylint) to permit the latest version.
- [Release notes](https://github.com/pylint-dev/pylint/releases)
- [Commits](pylint-dev/pylint@v3.3.4...v3.3.6)

---
updated-dependencies:
- dependency-name: pylint
  dependency-version: 3.3.6
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
…master/pylint-approx-eq-3.3.6

chore: update pylint requirement from ~=3.3.4 to ~=3.3.6
…and_yarn/master/stoplight/spectral-cli-6.14.3

chore: bump @stoplight/spectral-cli from 6.14.2 to 6.14.3

@jaredhendrickson13 jaredhendrickson13 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch. Much appreciated!

@jaredhendrickson13 jaredhendrickson13 changed the base branch from master to next_patch April 2, 2025 18:50
@jaredhendrickson13 jaredhendrickson13 dismissed their stale review April 2, 2025 18:50

The base branch was changed.

@jaredhendrickson13 jaredhendrickson13 merged commit 40f6223 into pfrest:next_patch Apr 2, 2025
@jaredhendrickson13 jaredhendrickson13 mentioned this pull request Apr 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants