Adding extra repo for easy install 3rd party tool (like smokeping, zsh, BpyTop, LibreNMS...)
-
Dear pfSense Gurus !
How to add one of external repo for easy installing thru CLI (for example by pkg install package_name in pfSense shell) common 3rd party tools like ZSH, BpyTop, SmokePing from what I may find on FreshPorts ?
Because if packet have 1-2 dependences - that's easy, but when are 5-20 dependences - this is tooo much for me :)
-
This is not really something I would suggest anyone do.. Installing 3rd party tools on your "firewall" not a very good idea.. The only thing that should be on your firewall is stuff approved by the maker and maintainer of said firewall.
Sure you "can" install one off ports from freebsd - its not a good idea from a security or stability point of view.. If there is something you want to run/use - do that on something other than your "firewall"
If there is something you "want" to be available - put in a request, pfsense has in the past added packages to their repo.. But in this way there has been some form of vetting that has happened where the maintainers believe that said package does not interfere with operation or lower security, etc.
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-2440 2.4.5p1 | 4x SG-3100 2.4.4p3 | SG-4860 21.05.1 -
@johnpoz said in Adding extra repo for easy install 3rd party tool (like smokeping, LibreNMS...):
This is not really something I would suggest anyone do.. Installing 3rd party tools on your "firewall" not a very good idea.. The only thing that should be on your firewall is stuff approved by the maker and maintainer of said firewall.
Sure you "can" install one off ports from freebsd - its not a good idea from a security or stability point of view.. If there is something you want to run/use - do that on something other than your "firewall"
Thank You for Your opinion!
In general, I STRONGLY AGREE WITH YOU about risk of creating unstable environment for all system, creating potential security breach hole, etc...
And I understand the NetGate about not creating the situation when not 3rd party packages with security issues, etc impact on whole user experience about pfSense as stable product.
If there is something you "want" to be available - put in a request, pfsense has in the past added packages to their repo.. But in this way there has been some form of vetting that has happened where the maintainers believe that said package does not interfere with operation or lower security, etc.
BUT please look from my side: for example ZSH, SmokePing (and LibreNMS also) have very strong good reputation and developed by tears, and most important - they have millions of installs that confirm that this packages are well programmed and stable in many different environments.
P.S. The SmokePing writes by Tobias Oetiker, the author of RRD tool. I hope most of network engineers and SysAdmins respect him and sure about quality of his work.
So, if RRD exist on pfSense, NetGate trust the quality of Tobias Oetiker work ?So my question are how to technically adding repo ?
-
Search are cool :)
I find the solution, this "workaround'https://forum.netgate.com/topic/98082/2-3-how-to-install-other-freebsd-packages-repositories/17
https://forum.netgate.com/topic/97731/freebsd-packages-on-2-3rc/11
https://forum.netgate.com/topic/97553/pfsense-2-3-on-xen-server
As I may see some of requested packs in 2016 are recently added :)
-
It's documented here: https://docs.netgate.com/pfsense/en/latest/recipes/freebsd-pkg-repo.html
But, as it says there, you really shouldn't do it.
If you have something with 20 dependencies it's pulling in if just one of those is something we have a custom version of in pfSense that will overwrite it and potentially break the firewall.
Steve
-
There is one thing like nano or dnstop or something really simple like those - both which were added to the pfsense repo upon request btw.
But something like libreNMS is big piece of software.. Lots of moving parts.. If you want to run something like that - run it on something other than your firewall.. That is my 2 cents..
If you have some rocketship of a box running pfsense - and you want to leverage some of its horse power for other things - then run pfsense as a VM on it.. Then you can run whatever you want in other VMs on the host and not have to worry about messing with your firewall OS stability or security, etc.
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-2440 2.4.5p1 | 4x SG-3100 2.4.4p3 | SG-4860 21.05.1 -
@stephenw10 said in Adding extra repo for easy install 3rd party tool (like smokeping, LibreNMS...):
It's documented here: https://docs.netgate.com/pfsense/en/latest/recipes/freebsd-pkg-repo.html
But, as it says there, you really shouldn't do it.
If you have something with 20 dependencies it's pulling in if just one of those is something we have a custom version of in pfSense that will overwrite it and potentially break the firewall.
Steve
Thank You Steve, I just forgot about official docs...
-
@johnpoz said in Adding extra repo for easy install 3rd party tool (like smokeping, LibreNMS...):
There is one thing like nano or dnstop or something really simple like those - both which were added to the pfsense repo upon request btw.
But something like libreNMS is big piece of software.. Lots of moving parts.. If you want to run something like that - run it on something other than your firewall.. That is my 2 cents..
Again one time: I STRONGLY AGREE WITH YOU and say the same fo my clients each time.
I just use
nano + zsh = easy operate from local & remote VGA / ssh console
bpytop = easy on-screen monitoring from local & remote VGA / ssh console + having a saved screenshot as a pre-failure system state snapshot in BMC controller (this is advantage of brandname servers like IBM, Dell, HP, Fujitsu against of cheaper SOHO desktops or most of Microstar, Lanner, etc...)
SmokePing = monitoring of MAIN UPLINKS (ie WANs)And of course LibreNMS as a BIG and complexity SNMP monitoring system - is not to be placed on pfSense or other FW. I wrote it as example of very well written piece of software...
Need to be placed on SEPARATE standalone server with a 1Geth as minimum... -
@johnpoz said in Adding extra repo for easy install 3rd party tool (like smokeping, LibreNMS...):
There is one thing like nano or dnstop or something really simple like those - both which were added to the pfsense repo upon request btw.
But something like libreNMS is big piece of software.. Lots of moving parts.. If you want to run something like that - run it on something other than your firewall.. That is my 2 cents..
BTW I am a little bit confused: why exist a lot (min 4 packages !) of SNMP monitoring on FW ?
All books with best practices for network engineers, architectors and SysAdmins strongly suggest to KEEP SNMP MONITORING ON SEPARATE STANDALONE SERVER.
(and better with 1Geth NIC, SSD drives and 48Gb of RAM, because SNMP - this is about REALTIME measurement), and NOT ON MAIN FW... -
There are packages for sending snmp data, allowing external collectors to query the firewall, but not for using the firewall as a collector itself.
