Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update high_availability_settings for 24.7 #149

Merged
merged 5 commits into from
Aug 15, 2024
Merged

Update high_availability_settings for 24.7 #149

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
ddc187b
update existing attributes for 24.7
LuminatiHD Aug 12, 2024
38386c4
add setting sync_compatibility
LuminatiHD Aug 12, 2024
5f62f03
a lil lint
LuminatiHD Aug 12, 2024
3b9ae7d
review
LuminatiHD Aug 14, 2024
9d10af7
change Opnsense to OPNsense
LuminatiHD Aug 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
89 changes: 78 additions & 11 deletions molecule/system_high_availability_settings/converge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@
- cron
- dhcpd
- dhcpdv6
- dhcrelay6
- dhcrelay
- widgets
- dnsforwarder
Expand All @@ -36,6 +35,15 @@
- virtualip
- webgui
tasks:
- name: Converge - Get OPNsense version
ansible.builtin.command: opnsense-version -O
register: opnsense_version_cmd
changed_when: false

- name: Converge - Set OPNsense version fact
ansible.builtin.set_fact:
opnsense_version: "{{ (opnsense_version_cmd.stdout | from_json)['product_version'] }}"

- name: Converge - Test all Parameters
puzzle.opnsense.system_high_availability_settings:
synchronize_interface: LAN
Expand Down Expand Up @@ -65,12 +73,33 @@
- "'<pfsyncenabled>on</pfsyncenabled>' in ( current_config.content | b64decode )"
- "'<disablepreempt>on</disablepreempt>' in ( current_config.content | b64decode )"
- "'<disconnectppps>on</disconnectppps>' in ( current_config.content | b64decode )"
when: opnsense_version is version('24.7', '<')

- name: Converge - Check that Parameters changed
ansible.builtin.assert:
that:
- "'<pfsyncinterface>lan</pfsyncinterface>' in ( current_config.content | b64decode )"
- "'<synchronizetoip>224.0.0.240</synchronizetoip>' in ( current_config.content | b64decode )"
- "'<username>opnsense</username>' in ( current_config.content | b64decode )"
- "'<password>v3rys3cure</password>' in ( current_config.content | b64decode )"
- "'<pfsyncpeerip>224.0.0.241</pfsyncpeerip>' in ( current_config.content | b64decode )"
- "'<pfsyncenabled>1</pfsyncenabled>' in ( current_config.content | b64decode )"
- "'<disablepreempt>1</disablepreempt>' in ( current_config.content | b64decode )"
- "'<disconnectppps>1</disconnectppps>' in ( current_config.content | b64decode )"
when: opnsense_version is version('24.7', '>=')

- name: Converge - Check that services changed
ansible.builtin.assert:
that:
- "'<synchronize{{ item }}>on</synchronize{{ item }}>' in ( current_config.content | b64decode )"
loop: "{{ services }}"
when: opnsense_version is version('24.7', '<')

- name: Converge - Check that services changed
ansible.builtin.assert:
that:
- "'<syncitems>{{ services | join(',') }}</syncitems>' in ( current_config.content | b64decode )"
when: opnsense_version is version('24.7', '>=')

- name: Converge - check idempotence
puzzle.opnsense.system_high_availability_settings:
Expand Down Expand Up @@ -123,13 +152,29 @@
that:
- "'<synchronize{{ item }}>on</synchronize{{ item }}>' not in ( current_config.content | b64decode )"
loop: "{{ services }}"
when: opnsense_version is version('24.7', '<')

- name: Converge - Check that services changed
ansible.builtin.assert:
that:
- "'<syncitems>{{ services | join(',') }}</syncitems>' not in ( current_config.content | b64decode )"
when: opnsense_version is version('24.7', '>=')

- name: Converge - Check that all settings in question are removed
ansible.builtin.assert:
that:
- "'<pfsyncenabled>on</pfsyncenabled>' not in ( current_config.content | b64decode )"
- "'<disablepreempt>on</disablepreempt>' not in ( current_config.content | b64decode )"
- "'<disconnectppps>on</disconnectppps>' not in ( current_config.content | b64decode )"
when: opnsense_version is version('24.7', '<')

- name: Converge - (24.7) Check that all settings in question have changed
ansible.builtin.assert:
that:
- "'<pfsyncenabled>0</pfsyncenabled>' in ( current_config.content | b64decode )"
- "'<disablepreempt>0</disablepreempt>' in ( current_config.content | b64decode )"
- "'<disconnectppps>0</disconnectppps>' in ( current_config.content | b64decode )"
when: opnsense_version is version('24.7', '>=')

- name: Converge - check idempotence
puzzle.opnsense.system_high_availability_settings:
Expand Down Expand Up @@ -158,15 +203,6 @@
- unsupported_service_output is failed
- unsupported_service_output.msg.startswith("Service blabla could not be found in your Opnsense installation. These are all the available services:")

- name: Converge - Get OPNsense version
ansible.builtin.command: opnsense-version -O
register: opnsense_version_cmd
changed_when: false

- name: Converge - Set OPNsense version fact
ansible.builtin.set_fact:
opnsense_version: "{{ (opnsense_version_cmd.stdout | from_json)['product_version'] }}"

- name: Converge - Set service on unsupported Version
puzzle.opnsense.system_high_availability_settings:
synchronize_interface: LAN
Expand Down Expand Up @@ -213,7 +249,6 @@
fail_msg: Services Kea DHCP and WireGuard should not be supported for Versions 23.7 and below
when: opnsense_version is version('24.1', '<')


- name: Converge - Set synchronize_interface to nonexistent Interface
puzzle.opnsense.system_high_availability_settings:
synchronize_interface: silly
Expand All @@ -237,3 +272,35 @@
that:
- virtual_interface_output is failed
- virtual_interface_output.msg == "'openvpn' is not a valid interface. If the interface exists, ensure it is enabled and also not virtual."

- name: Converge - Test sync_compatibility
puzzle.opnsense.system_high_availability_settings:
synchronize_interface: LAN
sync_compatibility: 24.1
when: opnsense_version is version('24.7', '>=')

- name: Converge - get config
ansible.builtin.slurp:
src: /conf/config.xml
register: current_config

- name: Converge - Test sync_compatibility
ansible.builtin.assert:
that:
- "'<pfsyncversion>1301</pfsyncversion>' in ( current_config.content | b64decode )"
when: opnsense_version is version('24.7', '>=')

- name: Converge - Test sync_compatibility on unsupported version
puzzle.opnsense.system_high_availability_settings:
synchronize_interface: LAN
sync_compatibility: 24.1
register: sync_compatibility_output
ignore_errors: true
when: opnsense_version is version('24.7', '<')

- name: Converge - Verify that sync_compatibility failed
ansible.builtin.assert:
that:
- sync_compatibility_output is failed
- sync_compatibility_output.msg == "Setting sync_compatibility is only supported for opnsense versions 24.7 and above"
when: opnsense_version is version('24.7', '<')
13 changes: 12 additions & 1 deletion molecule/system_high_availability_settings/molecule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,10 +56,21 @@ platforms:
- 'ssh.sudo_command = "%c"'
- 'ssh.shell = "/bin/sh"'

- name: "24.7"
box: puzzle/opnsense
hostname: false
box_version: "24.7"
memory: 1024
cpus: 2
instance_raw_config_args:
- 'vm.guest = :freebsd'
- 'ssh.sudo_command = "%c"'
- 'ssh.shell = "/bin/sh"'

provisioner:
name: ansible
env:
ANSIBLE_VERBOSITY: 3
ANSIBLE_VERBOSITY: 0
verifier:
name: ansible
options:
Expand Down
149 changes: 149 additions & 0 deletions plugins/module_utils/module_index.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -614,4 +614,153 @@
"configure_functions": {},
},
},
"24.7": {
KiLLuuuhh marked this conversation as resolved.
Show resolved Hide resolved
"system_settings_general": {
"hostname": "system/hostname",
"domain": "system/domain",
"timezone": "system/timezone",
# Add other mappings here
"php_requirements": [
"/usr/local/etc/inc/config.inc",
"/usr/local/etc/inc/util.inc",
"/usr/local/etc/inc/filter.inc",
"/usr/local/etc/inc/system.inc",
"/usr/local/etc/inc/interfaces.inc",
],
"configure_functions": {
"system_timezone_configure": {
"name": "system_timezone_configure",
"configure_params": ["true"],
},
"system_trust_configure": {
"name": "system_trust_configure",
"configure_params": ["true"],
},
"system_hostname_configure": {
"name": "system_hostname_configure",
"configure_params": ["true"],
},
"system_hosts_generate": {
"name": "system_hosts_generate",
"configure_params": ["true"],
},
"system_resolvconf_generate": {
"name": "system_resolvconf_generate",
"configure_params": ["true"],
},
"plugins_configure_dns": {
"name": "plugins_configure",
"configure_params": ["'dns'", "true"],
},
"plugins_configure_dhcp": {
"name": "plugins_configure",
"configure_params": ["'dhcp'", "true"],
},
"filter_configure": {
"name": "filter_configure",
"configure_params": ["true"],
},
},
},
"system_settings_logging": {
"preserve_logs": "syslog/preservelogs",
"max_log_file_size_mb": "syslog/maxfilesize",
# Add other mappings here
"php_requirements": [
"/usr/local/etc/inc/config.inc",
"/usr/local/etc/inc/util.inc",
"/usr/local/etc/inc/system.inc",
],
"configure_functions": {
"system_settings_logging": {
"name": "system_syslog_start",
"configure_params": ["true"],
}
},
},
"system_access_users": {
"users": "system/user",
"uid": "system/nextuid",
"gid": "system/nextgid",
"system": "system",
"php_requirements": [
"/usr/local/etc/inc/system.inc",
],
"configure_functions": {},
},
"password": {
"php_requirements": [
"/usr/local/etc/inc/auth.inc",
],
"configure_functions": {
"password": {
"name": "echo password_hash",
"configure_params": [
"'password'",
"PASSWORD_BCRYPT",
"[ 'cost' => 11 ]",
],
},
},
},
"firewall_rules": {
"rules": "filter",
"php_requirements": [
"/usr/local/etc/inc/interfaces.inc",
"/usr/local/etc/inc/config.inc",
"/usr/local/etc/inc/util.inc",
"/usr/local/etc/inc/system.inc",
"/usr/local/etc/inc/filter.inc",
],
"configure_functions": {
"system_cron_configure": {
"name": "system_cron_configure",
"configure_params": ["true"],
},
"filter_configure": {
"name": "filter_configure",
"configure_params": [],
},
},
},
"interfaces_assignments": {
"interfaces": "interfaces",
# Add other mappings here.
"php_requirements": [
"/usr/local/etc/inc/config.inc",
"/usr/local/etc/inc/util.inc",
"/usr/local/etc/inc/filter.inc",
"/usr/local/etc/inc/system.inc",
"/usr/local/etc/inc/rrd.inc",
"/usr/local/etc/inc/interfaces.inc",
],
"configure_functions": {
"filter_configure": {
"name": "filter_configure",
"configure_params": [],
},
},
},
"system_high_availability_settings": {
# Add other mappings here
"hasync": "hasync",
"synchronize_states": "hasync/pfsyncenabled",
"synchronize_interface": "hasync/pfsyncinterface",
"synchronize_peer_ip": "hasync/pfsyncpeerip",
"synchronize_config_to_ip": "hasync/synchronizetoip",
"remote_system_username": "hasync/username",
"sync_compatibility": "hasync/pfsyncversion",
"remote_system_password": "hasync/password",
"disable_preempt": "hasync/disablepreempt",
"disconnect_dialup_interfaces": "hasync/disconnectppps",
"sync_services": "hasync/syncitems",
"php_requirements": [
"/usr/local/etc/inc/interfaces.inc",
"/usr/local/etc/inc/util.inc",
"/usr/local/etc/inc/config.inc",
"/usr/local/etc/inc/plugins.inc",
],
"configure_functions": {},
},
},
}
Loading