Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update README.md #147

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update README.md #147

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 44 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,15 +48,56 @@ pfSense < 2.4.5:
ansible_python_interpreter: /usr/local/bin/python2.7
```

Modules must run as root in order to make changes to the system. By default pfSense does not have sudo capability so `become` will not work. You can install it with:
```
To set up pfSense to be managed by Ansible, ensure the `pfSense-pkg-sudo` package is installed. This package is necessary because Ansible requires root privileges to make changes, and the default pfSense setup lacks sudo capabilities, meaning `become` will not function without it. You can install the package using the following Ansible code or manually install it by navigating to System > Package Manager > Available Packages.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't want to say that you have to install the sudo package - users could still connect to pfsense as root.


```yaml
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see now that this play would need the inventory setup first. Also, it would definitely need to connect as root.

- name: "Install packages"
package:
name:
- pfSense-pkg-sudo
state: present
```
and then configure sudo so that your user has permission to use sudo.

Next create a user account under System > User Manager > Users. This account will be used by Ansible to interact with the pfSense firewall. Assign the user to the admins group and configure it with an SSH key for secure access.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could there be an ansible task for this?


Once the account is created, navigate to System > Sudo and ensure the newly created account is configured to RunAs `root`, granting it the necessary privileges for Ansible management.

You only now need to configure your `inventory.ini`

```ini
[pfsense]
192.168.0.1 ansible_user=ansible ansible_ssh_private_key_file="id_rsa" ansible_become_pass="ansible"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I really don't like suggesting people store passwords in plain text files.

```

Example First Play

```yaml
---
- name: Test and retrieve pfSense system status
hosts: pfsense
gather_facts: false
become: true

tasks:
- name: Retrieve system uptime
command: uptime
register: uptime_result

- name: Display system uptime
debug:
msg: "System uptime: {{ uptime_result.stdout }}"

- name: Check pfSense version
shell: "cat /etc/version"
register: version_result

- name: Display pfSense version
debug:
msg: "pfSense version: {{ version_result.stdout }}"
```

The setup for using Ansible with pfSense is now complete. You can begin creating Ansible playbooks to manage your pfSense firewalls using the modules outlined below.

## Modules
The following modules are currently available:

Expand Down