search

puzzle / puzzle.opnsense

An Ansible Collection to configure an opnsense Firewall
https://puzzle.github.io/puzzle.opnsense/collections/puzzle/opnsense/index.html
GNU General Public License v3.0
24 stars 12 forks source link

Module Request: system_high_availability_settings #55

Closed ombre8 closed 4 months ago

ombre8 commented 7 months ago

Module Description

This module can be used to configure the settings available in the UI under System -> Settings -> High Availability

2024-03-21-111123_2108x1133_scrot 2024-03-21-111148_2095x1078_scrot 2024-03-21-111217_2087x1149_scrot 2024-03-21-111313_2091x274_scrot

Minimum Viable Product (MVP)

module: system_high_availability_settings
short_description: Configure high availability settings
description:
  - Module to configure high availability system settings
options:
  synchronize_states:
    description: "pfsync transfers state insertion, update, and deletion messages between firewalls.
Each firewall sends these messages out via multicast on a specified interface, using the PFSYNC protocol ([IP Protocol 240](https://www.openbsd.org/faq/pf/carp.html)).
It also listens on that interface for similar messages from other firewalls, and imports them into the local state table.
This setting should be enabled on all members of a failover group."
    type: bool
    default: false
  synchronize_interface:
    description: "If Synchronize States is enabled, it will utilize this interface for communication."
    type: str
    required: true
  synchronize_peer_ip:
    description: "Setting this option will force pfsync to synchronize its state table to this IP address. The default is directed multicast. "
    type: string
    required: false
  synchronize_config_to_ip:
    description: "IP address of the firewall to which the selected configuration sections should be synchronized."
    type: string
    required: false
  remote_system_username:
    description: "Enter the web GUI username of the system entered above for synchronizing your configuration."
    type: string
    required: false
  remote_system_password:
    description: "Enter the web GUI password of the system entered above for synchronizing your configuration."
    type: string
    required: false
  services_to_synchronize:
    description: "List of config items to synchronize to the other firewall."
    type: list
    elements: ["Dashboard", "User and Groups", "Auth Servers", "Certificates", "DHCPD", "DHCPv4: Relay", "DHCPDv6", "DHCPv6: Relay", "Virtual IPs", "Static Routes", "Network Time", "Netflow / Insight", "Cron", "System Tunables", "Web GUI", "Dnsmasq DNS", "FRR", "Shaper", "Captive Portal", "IPsec", "Kea DHCP", "Monit System Monitoring", "OpenSSH", "OpenVPN", "Firewall Groups", "Firewall Rules", "Firewall Schedules", "Firewall Categories", "Firewall Log Templates", "Aliases". "NAT", "Intrusion Detection", "Unbound DNS", "WireGuard" ]
    required: false

Examples

---
- name: Enable State sync via CARP
  puzzle.opnsense.system_high_availability_settings:
    synchronize_interface: "sync"
    synchronize_states: true

- name: Synchronize Configuration Settings
  puzzle.opnsense.system_high_availability_settings:
    synchronize_config_to_ip: 192.168.1.3
    synchronize_system_username: root
    synchroniz_system_passowrd: v3rys3cure
    services_to_synchronize:
      - "Dashboard"
      - "Users and Groups"
      - "Auth Servers"
      - "Certificates"
      - "Virtual IPs"
      - "OpenVPN"
      - "Firewall Groups"
      - "Firewall Rules"
      - "Firewall Schedules"
      - "Aliases"
      - "NAT"

Additional Notes