Closed KiLLuuuhh closed 3 months ago
While testing your changes against a live opnsense 24.1 installation I found a couple of things. I'm going to report them individually so that you can comment/ close them each on their own.
I was able to set a host alias with spaces in the name. However updating it within opnsense then gave me an error upon save. Here is the ansible snippet that worked:
- name: set google dns alias
puzzle.opnsense.firewall_alias:
name: google DNS Server
type: host
content: 8.8.8.8
description: The dns servers that google uses
state: present
BGP ASN aliases added through ansible do not display a Type, compared to BGP ASN Aliases added through the UI as you can see in the screenshot:
EDIT: fixed by updates to the module :heavy_check_mark:
running ansible against an opnsense instance with a manually added BGP ASN alias errors out like this:
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ValueError: 'FirewallAliasType' enum not found for 'asn'
fatal: [opnsense]: FAILED! => {
"changed": false,
"rc": 1
}
MSG:
MODULE FAILURE
See stdout/stderr for the exact error
MODULE_STDOUT:
Traceback (most recent call last):
File "/root/.ansible/tmp/ansible-tmp-1720813227.9266646-65215-109775695243004/AnsiballZ_firewall_alias.py", line 107, in <module>
_ansiballz_main()
File "/root/.ansible/tmp/ansible-tmp-1720813227.9266646-65215-109775695243004/AnsiballZ_firewall_alias.py", line 99, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/root/.ansible/tmp/ansible-tmp-1720813227.9266646-65215-109775695243004/AnsiballZ_firewall_alias.py", line 47, in invoke_module
runpy.run_module(mod_name='ansible_collections.puzzle.opnsense.plugins.modules.firewall_alias', init_globals=dict(_module_fqn='ansible_collections.puzzle.opnsense.plugins.modules.firewall_alias', _modlib_path=modlib_path),
File "<frozen runpy>", line 226, in run_module
File "<frozen runpy>", line 98, in _run_module_code
File "<frozen runpy>", line 88, in _run_code
File "/tmp/ansible_puzzle.opnsense.firewall_alias_payload_qmsbwmar/ansible_puzzle.opnsense.firewall_alias_payload.zip/ansible_collections/puzzle/opnsense/plugins/modules/firewall_alias.py", line 273, in <module>
File "/tmp/ansible_puzzle.opnsense.firewall_alias_payload_qmsbwmar/ansible_puzzle.opnsense.firewall_alias_payload.zip/ansible_collections/puzzle/opnsense/plugins/modules/firewall_alias.py", line 232, in main
File "/tmp/ansible_puzzle.opnsense.firewall_alias_payload_qmsbwmar/ansible_puzzle.opnsense.firewall_alias_payload.zip/ansible_collections/puzzle/opnsense/plugins/module_utils/firewall_alias_utils.py", line 275, in __init__
File "/tmp/ansible_puzzle.opnsense.firewall_alias_payload_qmsbwmar/ansible_puzzle.opnsense.firewall_alias_payload.zip/ansible_collections/puzzle/opnsense/plugins/module_utils/firewall_alias_utils.py", line 288, in _load_aliases
File "/tmp/ansible_puzzle.opnsense.firewall_alias_payload_qmsbwmar/ansible_puzzle.opnsense.firewall_alias_payload.zip/ansible_collections/puzzle/opnsense/plugins/module_utils/firewall_alias_utils.py", line 288, in <listcomp>
File "/tmp/ansible_puzzle.opnsense.firewall_alias_payload_qmsbwmar/ansible_puzzle.opnsense.firewall_alias_payload.zip/ansible_collections/puzzle/opnsense/plugins/module_utils/firewall_alias_utils.py", line 174, in from_xml
File "/tmp/ansible_puzzle.opnsense.firewall_alias_payload_qmsbwmar/ansible_puzzle.opnsense.firewall_alias_payload.zip/ansible_collections/puzzle/opnsense/plugins/module_utils/firewall_alias_utils.py", line 118, in __init__
File "/tmp/ansible_puzzle.opnsense.firewall_alias_payload_qmsbwmar/ansible_puzzle.opnsense.firewall_alias_payload.zip/ansible_collections/puzzle/opnsense/plugins/module_utils/firewall_alias_utils.py", line 131, in __post_init__
File "/tmp/ansible_puzzle.opnsense.firewall_alias_payload_qmsbwmar/ansible_puzzle.opnsense.firewall_alias_payload.zip/ansible_collections/puzzle/opnsense/plugins/module_utils/enum_utils.py", line 39, in from_string
ValueError: 'FirewallAliasType' enum not found for 'asn'
EDIT: fixed by updates to the module :heavy_check_mark:
We should definitely explain the "refreshfrequency" a bit more. This input is considered fractions of a day. So a value of "0.5" leads to 12 hours, "1.1" to 1d 2.4h. The smallest possible value is "0.0003" which leads to 0.01h in the UI, so a refresh about every minute. This is the opnsense minimum according to https://forum.opnsense.org/index.php?topic=15483.0 I think we should have an example using that key.
Also this value only shows up in the UI if you configure type "urltable" but the module accepts it for other types. Not sure if that could lead to problems down the line?
the BGP ASN type alias offers a selection for IPv4 and/or IPv6 when done through the UI. We do not have that option in our module yet. We should either add that functionality or mention that restriction in the docs to prevent any surprises for users.
BGP ASN aliases added through ansible do not display a Type, compared to BGP ASN Aliases added through the UI as you can see in the screenshot:
fixed in 64ba9b0.
running ansible against an opnsense instance with a manually added BGP ASN alias errors out like this:
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ValueError: 'FirewallAliasType' enum not found for 'asn' fatal: [opnsense]: FAILED! => { "changed": false, "rc": 1 } MSG: MODULE FAILURE See stdout/stderr for the exact error MODULE_STDOUT: Traceback (most recent call last): File "/root/.ansible/tmp/ansible-tmp-1720813227.9266646-65215-109775695243004/AnsiballZ_firewall_alias.py", line 107, in <module> _ansiballz_main() File "/root/.ansible/tmp/ansible-tmp-1720813227.9266646-65215-109775695243004/AnsiballZ_firewall_alias.py", line 99, in _ansiballz_main invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS) File "/root/.ansible/tmp/ansible-tmp-1720813227.9266646-65215-109775695243004/AnsiballZ_firewall_alias.py", line 47, in invoke_module runpy.run_module(mod_name='ansible_collections.puzzle.opnsense.plugins.modules.firewall_alias', init_globals=dict(_module_fqn='ansible_collections.puzzle.opnsense.plugins.modules.firewall_alias', _modlib_path=modlib_path), File "<frozen runpy>", line 226, in run_module File "<frozen runpy>", line 98, in _run_module_code File "<frozen runpy>", line 88, in _run_code File "/tmp/ansible_puzzle.opnsense.firewall_alias_payload_qmsbwmar/ansible_puzzle.opnsense.firewall_alias_payload.zip/ansible_collections/puzzle/opnsense/plugins/modules/firewall_alias.py", line 273, in <module> File "/tmp/ansible_puzzle.opnsense.firewall_alias_payload_qmsbwmar/ansible_puzzle.opnsense.firewall_alias_payload.zip/ansible_collections/puzzle/opnsense/plugins/modules/firewall_alias.py", line 232, in main File "/tmp/ansible_puzzle.opnsense.firewall_alias_payload_qmsbwmar/ansible_puzzle.opnsense.firewall_alias_payload.zip/ansible_collections/puzzle/opnsense/plugins/module_utils/firewall_alias_utils.py", line 275, in __init__ File "/tmp/ansible_puzzle.opnsense.firewall_alias_payload_qmsbwmar/ansible_puzzle.opnsense.firewall_alias_payload.zip/ansible_collections/puzzle/opnsense/plugins/module_utils/firewall_alias_utils.py", line 288, in _load_aliases File "/tmp/ansible_puzzle.opnsense.firewall_alias_payload_qmsbwmar/ansible_puzzle.opnsense.firewall_alias_payload.zip/ansible_collections/puzzle/opnsense/plugins/module_utils/firewall_alias_utils.py", line 288, in <listcomp> File "/tmp/ansible_puzzle.opnsense.firewall_alias_payload_qmsbwmar/ansible_puzzle.opnsense.firewall_alias_payload.zip/ansible_collections/puzzle/opnsense/plugins/module_utils/firewall_alias_utils.py", line 174, in from_xml File "/tmp/ansible_puzzle.opnsense.firewall_alias_payload_qmsbwmar/ansible_puzzle.opnsense.firewall_alias_payload.zip/ansible_collections/puzzle/opnsense/plugins/module_utils/firewall_alias_utils.py", line 118, in __init__ File "/tmp/ansible_puzzle.opnsense.firewall_alias_payload_qmsbwmar/ansible_puzzle.opnsense.firewall_alias_payload.zip/ansible_collections/puzzle/opnsense/plugins/module_utils/firewall_alias_utils.py", line 131, in __post_init__ File "/tmp/ansible_puzzle.opnsense.firewall_alias_payload_qmsbwmar/ansible_puzzle.opnsense.firewall_alias_payload.zip/ansible_collections/puzzle/opnsense/plugins/module_utils/enum_utils.py", line 39, in from_string ValueError: 'FirewallAliasType' enum not found for 'asn'
fixed in https://github.com/puzzle/puzzle.opnsense/commit/64ba9b04fa2a6c3c634a465c1445949d00424fc8.
the BGP ASN type alias offers a selection for IPv4 and/or IPv6 when done through the UI. We do not have that option in our module yet. We should either add that functionality or mention that restriction in the docs to prevent any surprises for users.
fixed in 944146be1f972350e1779d206859dfb40463aa97.
This pull requests introduces the module firewall_alias to the puzzle.opnsense collection.
With this new module, user will be able to:
Disclaimer: We are aware that this module is also offered by Ansibleguy. However, we have decided to develop it independently due to compatibility issues with the different versions we support.