Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update high_availability_settings for 24.7 #149

Merged
merged 5 commits into from
Aug 15, 2024
Merged

Update high_availability_settings for 24.7 #149

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
ddc187b
update existing attributes for 24.7
LuminatiHD Aug 12, 2024
38386c4
add setting sync_compatibility
LuminatiHD Aug 12, 2024
5f62f03
a lil lint
LuminatiHD Aug 12, 2024
3b9ae7d
review
LuminatiHD Aug 14, 2024
9d10af7
change Opnsense to OPNsense
LuminatiHD Aug 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
122 changes: 110 additions & 12 deletions molecule/system_high_availability_settings/converge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@
- cron
- dhcpd
- dhcpdv6
- dhcrelay6
- dhcrelay
- widgets
- dnsforwarder
Expand All @@ -36,6 +35,15 @@
- virtualip
- webgui
tasks:
- name: Converge - Get OPNsense version
ansible.builtin.command: opnsense-version -O
register: opnsense_version_cmd
changed_when: false

- name: Converge - Set OPNsense version fact
ansible.builtin.set_fact:
opnsense_version: "{{ (opnsense_version_cmd.stdout | from_json)['product_version'] }}"

- name: Converge - Test all Parameters
puzzle.opnsense.system_high_availability_settings:
synchronize_interface: LAN
Expand Down Expand Up @@ -65,12 +73,33 @@
- "'<pfsyncenabled>on</pfsyncenabled>' in ( current_config.content | b64decode )"
- "'<disablepreempt>on</disablepreempt>' in ( current_config.content | b64decode )"
- "'<disconnectppps>on</disconnectppps>' in ( current_config.content | b64decode )"
when: opnsense_version is version('24.7', '<')

- name: Converge - Check that Parameters changed
ansible.builtin.assert:
that:
- "'<pfsyncinterface>lan</pfsyncinterface>' in ( current_config.content | b64decode )"
- "'<synchronizetoip>224.0.0.240</synchronizetoip>' in ( current_config.content | b64decode )"
- "'<username>opnsense</username>' in ( current_config.content | b64decode )"
- "'<password>v3rys3cure</password>' in ( current_config.content | b64decode )"
- "'<pfsyncpeerip>224.0.0.241</pfsyncpeerip>' in ( current_config.content | b64decode )"
- "'<pfsyncenabled>1</pfsyncenabled>' in ( current_config.content | b64decode )"
- "'<disablepreempt>1</disablepreempt>' in ( current_config.content | b64decode )"
- "'<disconnectppps>1</disconnectppps>' in ( current_config.content | b64decode )"
when: opnsense_version is version('24.7', '>=')

- name: Converge - Check that services changed
ansible.builtin.assert:
that:
- "'<synchronize{{ item }}>on</synchronize{{ item }}>' in ( current_config.content | b64decode )"
loop: "{{ services }}"
when: opnsense_version is version('24.7', '<')

- name: Converge - Check that services changed
ansible.builtin.assert:
that:
- "'<syncitems>{{ services | join(',') }}</syncitems>' in ( current_config.content | b64decode )"
when: opnsense_version is version('24.7', '>=')

- name: Converge - check idempotence
puzzle.opnsense.system_high_availability_settings:
Expand Down Expand Up @@ -123,13 +152,29 @@
that:
- "'<synchronize{{ item }}>on</synchronize{{ item }}>' not in ( current_config.content | b64decode )"
loop: "{{ services }}"
when: opnsense_version is version('24.7', '<')

- name: Converge - Check that services changed
ansible.builtin.assert:
that:
- "'<syncitems>{{ services | join(',') }}</syncitems>' not in ( current_config.content | b64decode )"
when: opnsense_version is version('24.7', '>=')

- name: Converge - Check that all settings in question are removed
ansible.builtin.assert:
that:
- "'<pfsyncenabled>on</pfsyncenabled>' not in ( current_config.content | b64decode )"
- "'<disablepreempt>on</disablepreempt>' not in ( current_config.content | b64decode )"
- "'<disconnectppps>on</disconnectppps>' not in ( current_config.content | b64decode )"
when: opnsense_version is version('24.7', '<')

- name: Converge - (24.7) Check that all settings in question have changed
ansible.builtin.assert:
that:
- "'<pfsyncenabled>0</pfsyncenabled>' in ( current_config.content | b64decode )"
- "'<disablepreempt>0</disablepreempt>' in ( current_config.content | b64decode )"
- "'<disconnectppps>0</disconnectppps>' in ( current_config.content | b64decode )"
when: opnsense_version is version('24.7', '>=')

- name: Converge - check idempotence
puzzle.opnsense.system_high_availability_settings:
Expand All @@ -156,16 +201,7 @@
ansible.builtin.assert:
that:
- unsupported_service_output is failed
- unsupported_service_output.msg.startswith("Service blabla could not be found in your Opnsense installation. These are all the available services:")

- name: Converge - Get OPNsense version
ansible.builtin.command: opnsense-version -O
register: opnsense_version_cmd
changed_when: false

- name: Converge - Set OPNsense version fact
ansible.builtin.set_fact:
opnsense_version: "{{ (opnsense_version_cmd.stdout | from_json)['product_version'] }}"
- unsupported_service_output.msg.startswith("Service blabla could not be found in your OPNsense installation. These are all the available services:")

- name: Converge - Set service on unsupported Version
puzzle.opnsense.system_high_availability_settings:
Expand Down Expand Up @@ -213,7 +249,6 @@
fail_msg: Services Kea DHCP and WireGuard should not be supported for Versions 23.7 and below
when: opnsense_version is version('24.1', '<')


- name: Converge - Set synchronize_interface to nonexistent Interface
puzzle.opnsense.system_high_availability_settings:
synchronize_interface: silly
Expand All @@ -237,3 +272,66 @@
that:
- virtual_interface_output is failed
- virtual_interface_output.msg == "'openvpn' is not a valid interface. If the interface exists, ensure it is enabled and also not virtual."

- name: Converge - Test sync_compatibility old version
puzzle.opnsense.system_high_availability_settings:
synchronize_interface: LAN
sync_compatibility: "<24.7"
when: opnsense_version is version('24.7', '>=')
changed_when: false

- name: Converge - get config
ansible.builtin.slurp:
src: /conf/config.xml
register: current_config

- name: Converge - Test sync_compatibility
ansible.builtin.assert:
that:
- "'<pfsyncversion>1301</pfsyncversion>' in ( current_config.content | b64decode )"
when: opnsense_version is version('24.7', '>=')

- name: Converge - Test sync_compatibility new version
puzzle.opnsense.system_high_availability_settings:
synchronize_interface: LAN
sync_compatibility: ">24.7"
when: opnsense_version is version('24.7', '>=')
changed_when: false

- name: Converge - get config
ansible.builtin.slurp:
src: /conf/config.xml
register: current_config

- name: Converge - Test sync_compatibility
ansible.builtin.assert:
that:
- "'<pfsyncversion>1400</pfsyncversion>' in ( current_config.content | b64decode )"
when: opnsense_version is version('24.7', '>=')

- name: Converge - Test sync_compatibility idempotence
puzzle.opnsense.system_high_availability_settings:
synchronize_interface: LAN
sync_compatibility: ">24.7"
when: opnsense_version is version('24.7', '>=')
register: sync_compatibility_output

- name: Converge - Test that nothing changed
ansible.builtin.assert:
that: sync_compatibility_output.changed == false


- name: Converge - Test sync_compatibility on unsupported version
puzzle.opnsense.system_high_availability_settings:
synchronize_interface: LAN
sync_compatibility: "<24.7"
register: sync_compatibility_output_fail
ignore_errors: true
when: opnsense_version is version('24.7', '<')

- name: Converge - Verify that sync_compatibility failed
ansible.builtin.assert:
that:
- sync_compatibility_output_fail is failed
- sync_compatibility_output_fail.msg == "Setting sync_compatibility is only supported for opnsense versions 24.7 and above"
when: opnsense_version is version('24.7', '<')
13 changes: 12 additions & 1 deletion molecule/system_high_availability_settings/molecule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,10 +56,21 @@ platforms:
- 'ssh.sudo_command = "%c"'
- 'ssh.shell = "/bin/sh"'

- name: "24.7"
box: puzzle/opnsense
hostname: false
box_version: "24.7"
memory: 1024
cpus: 2
instance_raw_config_args:
- 'vm.guest = :freebsd'
- 'ssh.sudo_command = "%c"'
- 'ssh.shell = "/bin/sh"'

provisioner:
name: ansible
env:
ANSIBLE_VERBOSITY: 3
ANSIBLE_VERBOSITY: 0
verifier:
name: ansible
options:
Expand Down
23 changes: 23 additions & 0 deletions plugins/module_utils/module_index.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -614,4 +614,27 @@
"configure_functions": {},
},
},
"24.7": {
KiLLuuuhh marked this conversation as resolved.
Show resolved Hide resolved
"system_high_availability_settings": {
# Add other mappings here
"hasync": "hasync",
"synchronize_states": "hasync/pfsyncenabled",
"synchronize_interface": "hasync/pfsyncinterface",
"synchronize_peer_ip": "hasync/pfsyncpeerip",
"synchronize_config_to_ip": "hasync/synchronizetoip",
"remote_system_username": "hasync/username",
"sync_compatibility": "hasync/pfsyncversion",
"remote_system_password": "hasync/password",
"disable_preempt": "hasync/disablepreempt",
"disconnect_dialup_interfaces": "hasync/disconnectppps",
"sync_services": "hasync/syncitems",
"php_requirements": [
"/usr/local/etc/inc/interfaces.inc",
"/usr/local/etc/inc/util.inc",
"/usr/local/etc/inc/config.inc",
"/usr/local/etc/inc/plugins.inc",
],
"configure_functions": {},
},
},
}
Loading