Added pfsense upgrade roles

inventories/client_template/group_vars/pfsense.yml

@@ -0,0 +1,30 @@
+---
+# inventory/group_vars/pfsense.yml
+# Applied to all hosts in the [pfsense] group.
+
+# pfSense runs FreeBSD — Python may not be installed.
+# Using 'raw' module throughout the role avoids this entirely,
+# but set the interpreter discovery to auto for safety.
+ansible_python_interpreter: auto_silent
+
+# SSH connection settings tuned for pfSense/FreeBSD
+ansible_connection: ssh
+ansible_ssh_common_args: >-
+  -o StrictHostKeyChecking=no
+  -o UserKnownHostsFile=/dev/null
+  -o ConnectTimeout=15
+  -o ServerAliveInterval=10
+  -o ServerAliveCountMax=3
+
+# pfSense's shell is tcsh by default; force sh for compatibility
+ansible_shell_type: sh
+ansible_shell_executable: /bin/sh
+
+# Set to your SSH key or use ansible_password
+# ansible_ssh_private_key_file: ~/.ssh/pfsense_rsa
+
+# Default upgrade settings (can be overridden per host in host_vars/)
+perform_upgrade: false
+allow_major_upgrade: false
+auto_reboot: true
+pkg_repo_update: true

inventories/client_template/hosts.yml

@@ -11,7 +11,7 @@ all:
     human_estimate_seconds: 2700
     change_freeze: false
     ansible_ssh_extra_args: "-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
-    
+
   children:
     # --- NETWORK LAYER ---
     firewalls:
@@ -20,11 +20,14 @@ all:
           hosts:
             client-fw-01:
               ansible_host: "{{ FW_HOST }}"
-              
+
         pfsense:
           hosts:
             client-fw-01:
               ansible_host: "{{ FW_HOST }}"
+              ansible_port: 22222
+              ha_role: "primary"
+              #ha_peer: "client-fw-02"  # Uncomment if this node is part an HA pair
 
     # --- INFRASTRUCTURE ---
     hypervisors:
@@ -37,7 +40,7 @@ all:
           hosts:
             client-xcp-01:
               ansible_host: "{{ XCP_HOST }}"
-                  
+
     # --- WORKSTATIONS/SERVERS ---
     linux_hosts:
       hosts: {}
@@ -54,4 +57,3 @@ all:
         ansible_winrm_transport: ntlm
         ansible_winrm_server_cert_validation: validate
         ansible_port: 5986
-  

inventories/clients/brenex/group_vars/pfsense.yml

@@ -0,0 +1,30 @@
+---
+# inventory/group_vars/pfsense.yml
+# Applied to all hosts in the [pfsense] group.
+
+# pfSense runs FreeBSD — Python may not be installed.
+# Using 'raw' module throughout the role avoids this entirely,
+# but set the interpreter discovery to auto for safety.
+ansible_python_interpreter: auto_silent
+
+# SSH connection settings tuned for pfSense/FreeBSD
+ansible_connection: ssh
+ansible_ssh_common_args: >-
+  -o StrictHostKeyChecking=no
+  -o UserKnownHostsFile=/dev/null
+  -o ConnectTimeout=15
+  -o ServerAliveInterval=10
+  -o ServerAliveCountMax=3
+
+# pfSense's shell is tcsh by default; force sh for compatibility
+ansible_shell_type: sh
+ansible_shell_executable: /bin/sh
+
+# Set to your SSH key or use ansible_password
+# ansible_ssh_private_key_file: ~/.ssh/pfsense_rsa
+
+# Default upgrade settings (can be overridden per host in host_vars/)
+perform_upgrade: false
+allow_major_upgrade: false
+auto_reboot: true
+pkg_repo_update: true

inventories/clients/brenex/hosts.yml

@@ -22,7 +22,9 @@ all:
               vendor: "pfsense"
               ansible_host: "fw.brenex.com"
               ansible_port: 22222
-              
+              ha_role: "primary"
+              #ha_peer: "fw-ha-secondary"  # Uncomment if this node is part of an HA pair
+
     xcpng_pools:
       vars:
         ansible_become: false
@@ -32,7 +34,7 @@ all:
         shared_storage: false
       upgrade_order:
         - brenex-pool-01
-        
+
       hosts:
         brenex-pool-01:
           ansible_host: 192.168.123.11
@@ -41,7 +43,7 @@ all:
       vars:
         ansible_user: root
         os_family: "debian"
-      
+
       hosts:
         caddy-server:
           ansible_host: 192.168.123.16
@@ -52,7 +54,7 @@ all:
           ansible_host: 192.168.123.146
         graylog-server:
           ansible_host: 192.168.123.16
-    
+
 
 
     windows_hosts: