Added pfsense upgrade roles

2026-04-27 13:15:56 -07:00
parent 1e26dd304b
commit 03e889051e
35 changed files with 956 additions and 8 deletions
--- a/inventories/client_template/group_vars/pfsense.yml
+++ b/inventories/client_template/group_vars/pfsense.yml
@@ -0,0 +1,30 @@
+---
+# inventory/group_vars/pfsense.yml
+# Applied to all hosts in the [pfsense] group.
+
+# pfSense runs FreeBSD — Python may not be installed.
+# Using 'raw' module throughout the role avoids this entirely,
+# but set the interpreter discovery to auto for safety.
+ansible_python_interpreter: auto_silent
+
+# SSH connection settings tuned for pfSense/FreeBSD
+ansible_connection: ssh
+ansible_ssh_common_args: >-
+  -o StrictHostKeyChecking=no
+  -o UserKnownHostsFile=/dev/null
+  -o ConnectTimeout=15
+  -o ServerAliveInterval=10
+  -o ServerAliveCountMax=3
+
+# pfSense's shell is tcsh by default; force sh for compatibility
+ansible_shell_type: sh
+ansible_shell_executable: /bin/sh
+
+# Set to your SSH key or use ansible_password
+# ansible_ssh_private_key_file: ~/.ssh/pfsense_rsa
+
+# Default upgrade settings (can be overridden per host in host_vars/)
+perform_upgrade: false
+allow_major_upgrade: false
+auto_reboot: true
+pkg_repo_update: true
--- a/inventories/client_template/hosts.yml
+++ b/inventories/client_template/hosts.yml
@@ -11,7 +11,7 @@ all:
    human_estimate_seconds: 2700
    change_freeze: false
    ansible_ssh_extra_args: "-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
-    
+
  children:
    # --- NETWORK LAYER ---
    firewalls:
@@ -20,11 +20,14 @@ all:
          hosts:
            client-fw-01:
              ansible_host: "{{ FW_HOST }}"
-              
+
        pfsense:
          hosts:
            client-fw-01:
              ansible_host: "{{ FW_HOST }}"
+              ansible_port: 22222
+              ha_role: "primary"
+              #ha_peer: "client-fw-02"  # Uncomment if this node is part an HA pair

    # --- INFRASTRUCTURE ---
    hypervisors:
@@ -37,7 +40,7 @@ all:
          hosts:
            client-xcp-01:
              ansible_host: "{{ XCP_HOST }}"
-                  
+
    # --- WORKSTATIONS/SERVERS ---
    linux_hosts:
      hosts: {}
@@ -54,4 +57,3 @@ all:
        ansible_winrm_transport: ntlm
        ansible_winrm_server_cert_validation: validate
        ansible_port: 5986
-