Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    automate deployment

    Scheduled Pinned Locked Moved
    Problems Installing or Upgrading pfSense Software
    2
    3
    375
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      camepp
      last edited by

      I'm looking for a way to automate the install and config of our pfsense appliance(s).

      Has anyone had any experience using either the ECL with a custom config.xml, or using the PHP shell commands (with ansible or something like that), to get a zero-touch deployment working?
      Even better - has anyone done this in AWS? Or with Terraform?

      I found an old post with this question, but it didn't have any responses, so I'm making a new one.

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @camepp
        last edited by

        @camepp I thought about just doing a restore once but a few defaults differ on different Netgate models, sometimes (power settings, etc.) Plus we tweak a few things from time to time. If it was more consistent hardware/VM it would probably be easier.

        If you do this be careful not to restore SSH/ACB keys.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        C 1 Reply Last reply Reply Quote 0
        • C
          camepp @SteveITS
          last edited by

          @SteveITS We are working with the AWS pfsense appliance, so we can be confident that the basic configuration will be stable (unless I add NICs or something like that).

          Our goal is to be able to deploy or restore the firewall without a human having to log in to load a backup file or look up a password or anything like that - just have the config.xml available and loaded automatically.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post