Open MATPOCKuH opened 5 years ago
Yes, as stated in https://github.com/OpenNebula/addon-context-linux/issues/143, the support for pfSense is not finished. I have renamed this ticket to track all the changes to make it working on pfSense.
But this package can't be installed on pfsense host:
Yes, if you build it on different version, you should "force" the installation.
In my opinion, the approach for pfSense is wrong. pfSense has a webgui to manage its components. At the first start it requires an interactive part for the first configuration of the wan part and possibly lan (with or without vlan). The network part among others suffers from a problem with virtio network cards. Although the current FreeBSD kernel supports virtio, a flag is needed in the advanced section about network configuration, "Disable hardware checksum offload". If you do not disable the checksum, the machines under the LAN do not correctly transmit TCP. Besides this patch, I always change the listening https port, thus freeing the classic 443 for use with a load balancer (HAproxy). The rest of the initial customizations are the usual: admin user password, timezone, NTP server, DNS server. NTP and DNS then, depending on the case, I customize them (stratum NTP and DNS resolver or forwarder), but as initial configuration it is sufficient. I also prefer to manage nat and vpn rules manually. pfSense always at the first start searches for a possible disk (vd / hd, cdrom not tested ...) with an msdos / fat32 partition containing a file on the root named "config.xml". If the file is found the first start it ends with correctly configured and reachable pfSense. I therefore recommend working on a config.xml file. This can be generated during the preparation of the image. -pfSense install and won't start -save as image -start pfSense and basic preparation -backup config.xml -point the template on the unconfigured saved image config.zip
I attach my xml with in addition the comments #OPENNEBULA where I highlight the necessary parameters.
Hello.
I agree with @openmilanese about the wrong approach, this is the same problem with OPNsense.
In OPNsense, there is an API to manipulate the configuration which is stored as a single XML file /conf/config.xml
and I think the contextualisation should:
pfsense provides it's own API, that can be used for contextualization. I'm tried to write one-context for pfsense, but it's really not finished yet.
This package will be really helpful.
some thoughts - i'll try to summarize the arguments made above as well
config.xml
/config.xml
on boot feels like the best match with how opennebula does things. the pfsense api should be the best thing for things like hot-plugging a nic (i never tried what happens if you do that).SET_HOSTNAME
could also be supported on boot.DHCP_HOSTNAME
would not work with config.xml while it would work in an API based approachconfig.xml
- you have to press a key during a countdown (but it seems there's also already solutions to that), which will call the opnsense-importer
script. fully unattended installs seem to only work with a modified usb where /usr/local/etc/config.xml
gets replaced. but a golden image using script execution might work.Any updates?
Context wise we are working on a number of issues
After that we will evaluate the open issues we have and work on them accordingly. This is likely to be a top candidate.
Hello!
Target pfsense are broken - pkg/postinstall.freebsd are lost.
I'm tried to replace path to this script with /dev/null and got a package:
But this package can't be installed on pfsense host: