core icon indicating copy to clipboard operation
core copied to clipboard

Published 20 hours ago verified publisher icon opnsense

Create OpnSense Installer Automation (Config- or Solution File, SSH for Ansible,...)

Open uvulpos opened this issue 1 year ago • 5 comments

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

  • [x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
  • [x] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Is your feature request related to a problem? Please describe.

For the purpose of having a working Infrastructure as Code Pipeline for my internal network, I am missing a solution that will install opnsense on my system automatically. That means, e.g. setup the default network interface "vtnet0", use the entire disk to install opnsense and stuff like that, so I can connect via ansible and pfsensible afterwards to configure opnsense.

Describe the solution you like

I see two possible solutions here:

  1. 📄 A installer file: The probably easier solution would be to have some sort of config or solution file with all required answers or settings in it, Opnsense can read and apply. So you just have to document, how the file has to look like
  2. 🛜 Internet configuration tools: Use a default network interface during the installation process and start a communication interface. Like a REST api, or a ssh deamon for ansible, ...
  3. 💡 Something else: You have an even better solution to propse than I do (ideas welcome)

Describe alternatives you considered

  1. Use Keystrokes to enter installation data -> ❌ I use Hetzner so it's qemu but I also have no access to that solution anyway
  2. Snapshots -> ❌ Cannot recreate snapshot to a working status
  3. Do Installation process via Ansible -> ❌ no internet until network interface was set to "vtnet0". Neither ssh nor ping works

Additional context

Add any other context or screenshots about the feature request here or links to relevant forum thread or similar

But it is already possible to connect to the machine via ssh!

Screenshot 2024-08-18 at 14 56 59

I can't ping the machine :(

Screenshot 2024-08-18 at 14 58 48

uvulpos avatar Aug 18 '24 12:08 uvulpos

See https://github.com/opnsense/core/issues/18 - this did not go anywhere but FreeBSD moved a bit since then. Perhaps if that works, you could use generic FreeBSD and bootstrap OPNsense from there.

For automating the FreeBSD part, allegedly someone got it working

doktornotor avatar Aug 18 '24 15:08 doktornotor

@doktornotor interesting, thanks for sharing. I haven't thought this was an option 🤔

Do I have to consider something special when I want to secure FreeBSD myself compared to linux? I've never worked with FreeBSD yet

uvulpos avatar Aug 18 '24 15:08 uvulpos

The bootstrap is described here. Should get you the result you want very easily once you've managed the FreeBSD automated install part. Don't think it needs any particular securing during that process.

doktornotor avatar Aug 18 '24 15:08 doktornotor

@doktornotor will look into it later. Thanks m8!

I would close the issue myself after I looked into the documentation. Would that be ok for you?

uvulpos avatar Aug 18 '24 15:08 uvulpos

Well whatever, I'm not an OPNsense developer. Just interested in the result. 😉

doktornotor avatar Aug 18 '24 17:08 doktornotor

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.

OPNsense-bot avatar Feb 14 '25 12:02 OPNsense-bot