automate install from template config

Sparty · Aug 20, 2018, 10:07 PM

I'm looking for a way to install pfsense with zero user interaction from an existing config.xml, I've looked at two existing posts without any success (9 year old posts) https://forum.netgate.com/topic/15711/solved-injecting-config-file-in-embedded-img and this doc (https://www.netgate.com/docs/pfsense/backup/automatically-restore-during-install.html) which also doesn't work. "restore existing config" just resets back to menu.

Are there any current docs describing how to automate these things?

Sparty · Aug 21, 2018, 3:53 PM

I was able to modify these two files to fit my needs, removing all prompts and selecting which options work with my hardware, I would appreciate a standard/supported way to do this.

/etc/rc.local
/usr/libexec/bsdinstall/auto

mdconfig -a -t vnode -f pfSense-2.4.3-Custom.img
mkdir FreeBSD_Install
mount /dev/ufs/FreeBSD_Install FreeBSD_Install

edit the files listed, remove prompts, etc.

umount FreeBSD_Install
mdconfig -du md1

Write your new img file to usb, I also put my config file at /root/ and updated the path check from /tmp/recovered_config to /root/config.xml

if [ -r /root/config.xml ] ; then
        /bin/cp -r /root/config.xml ${BSDINSTALL_CHROOT}/cf/conf/
        # Set a flag to let the installed system know this may need extra processing
        /usr/bin/touch ${BSDINSTALL_CHROOT}/cf/conf/installer_copied_config
        # Only set the package sync flag if the restored config.xml contains active packages
        if [ `/usr/bin/grep -c '<package>' ${BSDINSTALL_CHROOT}/cf/conf/config.xml` -gt 0 ]; then
                /usr/bin/touch ${BSDINSTALL_CHROOT}/cf/conf/needs_package_sync_after_reboot
        fi
        # If there is an existing configuration, then there is no need to run the wizard.
        if [ -r ${BSDINSTALL_CHROOT}/cf/conf/trigger_initial_wizard ]; then
                rm -f ${BSDINSTALL_CHROOT}/cf/conf/trigger_initial_wizard
        fi
fi

allenrobin · Sep 1, 2018, 10:34 PM

This post is deleted!

Visseroth · Jan 26, 2023, 11:07 PM

I know this is a old post but I thought worth waking up.
It certainly would be a major time saver for those that deploy many of these firewalls for customers/clients.
Granted this is generally something only used on new deployments but it would be great to be able to just import a config containing things like General settings, System -> Advanced Settings, DNS settings, Package settings, ect.
While yes I understand you can granularity import by selecting what you want to import from another config but there are things imported that shouldn't be imported.
Basically I'm just saying it would be nice to be able to create a template to use on new installations while still keeping that new installation unique, IE certificates, shell keys, ect.

Again, sorry to wake up a old thread, I thought it worth bringing back to attention as I searched for a option to do a template but seemingly only came up with this thread.

Jarhead · Jan 26, 2023, 11:10 PM

@visseroth You already can.
Google it. You just add a config folder on the flash drive.