Added pfsense upgrade roles

inventories/clients/brenex/group_vars/pfsense.yml

@@ -0,0 +1,30 @@
+---
+# inventory/group_vars/pfsense.yml
+# Applied to all hosts in the [pfsense] group.
+
+# pfSense runs FreeBSD — Python may not be installed.
+# Using 'raw' module throughout the role avoids this entirely,
+# but set the interpreter discovery to auto for safety.
+ansible_python_interpreter: auto_silent
+
+# SSH connection settings tuned for pfSense/FreeBSD
+ansible_connection: ssh
+ansible_ssh_common_args: >-
+  -o StrictHostKeyChecking=no
+  -o UserKnownHostsFile=/dev/null
+  -o ConnectTimeout=15
+  -o ServerAliveInterval=10
+  -o ServerAliveCountMax=3
+
+# pfSense's shell is tcsh by default; force sh for compatibility
+ansible_shell_type: sh
+ansible_shell_executable: /bin/sh
+
+# Set to your SSH key or use ansible_password
+# ansible_ssh_private_key_file: ~/.ssh/pfsense_rsa
+
+# Default upgrade settings (can be overridden per host in host_vars/)
+perform_upgrade: false
+allow_major_upgrade: false
+auto_reboot: true
+pkg_repo_update: true

inventories/clients/brenex/hosts.yml

@@ -22,7 +22,9 @@ all:
               vendor: "pfsense"
               ansible_host: "fw.brenex.com"
               ansible_port: 22222
-              
+              ha_role: "primary"
+              #ha_peer: "fw-ha-secondary"  # Uncomment if this node is part of an HA pair
+
     xcpng_pools:
       vars:
         ansible_become: false
@@ -32,7 +34,7 @@ all:
         shared_storage: false
       upgrade_order:
         - brenex-pool-01
-        
+
       hosts:
         brenex-pool-01:
           ansible_host: 192.168.123.11
@@ -41,7 +43,7 @@ all:
       vars:
         ansible_user: root
         os_family: "debian"
-      
+
       hosts:
         caddy-server:
           ansible_host: 192.168.123.16
@@ -52,7 +54,7 @@ all:
           ansible_host: 192.168.123.146
         graylog-server:
           ansible_host: 192.168.123.16
-    
+
 
 
     windows_hosts: