Packages and XMLRPC Sync


  • Rebel Alliance Developer Netgate

    As many of us know, packages aren't included in the XMLRPC sync used in pfSense's base system. This is on purpose, because some packages (most?) would need different configs on each host, or they may not support binding to CARP VIPs, etc.

    What I'm not sure if is why current package maintainers have separate sync sections for credentials and sync IPs rather than using the system's own settings from the system directly.

    Is the current trend only done because that's what other packages are doing? Or is there an advantage that I'm missing to having separate settings? Why not just have a checkbox to enable sync and use the system settings? Are there really that many people using the package sync options but not the main system's sync options?

    Main reason I'm asking is that from time to time people forget to update the sync settings in one of the half-dozen places they've entered them when something changes, and it would be best to use the system settings rather than duplicating the information. It would certainly make things easier for users if they didn't have to enter things multiple times.



  • Hi Jimp,

    The pfsense system settings enable only one host to sync and at least on packages I'm maintaining I need a list of hosts to sync and in some cases the host do not has the same password.

    I could add a checkbox to use the system sync settings user and password or a custom list of servers or password.


  • Rebel Alliance Developer Netgate

    Well the packages should really conform to the system design where possible.

    Overriding is fine in special cases, as long as there is a way to use the system settings.

    Multiple sync hosts could still be done by cascading, but if the package's sync code is being used separately from the firewall's built-in sync, then that would be a special case anyhow.

    Eventually it would be nice to support multiple sync hosts in the firewall directly, but that's a bit of a different issue. Hammer for another nail.

    I suspect more often than not, the built-in sync settings would be sufficient for people wanting to use them in an HA/CARP type setup.



  • Good point. I'll update packages I'm maintaining.



  • Take a look on squid3 new sync gui.  :)



  • Rebel Alliance Developer Netgate

    Looks great  ;D



  • Hi,

    the XMLRPC sync settings I did for freeradius2 and squidguard were simple copies of another package because I do not really know what happens exactly in the code.  ::)

    What seems to be usefull (request from users on forum) is the fact to sync to different hosts and the option to temporarily disable this host. (freeradius2).

    So if I could speak just for me I just need the ability to sync to different hosts with different passwords and to globally enable/disable syncing this package or not.

    If there is a "pfsense-way" to build XMLRPC pages I will try to do that for freeradius2 package and squidguard. :)


  • Rebel Alliance Developer Netgate

    marcelloc seems to be the best.

    Give the user the option to use the system settings if they wish, and if they'd prefer custom options, then they can use that instead.


  • Rebel Alliance Developer Netgate

    Bumping this and making it sticky to get some more attention. If you maintain a package that has sync code, please consider using the system's existing sync settings at least as an option.



  • This thread was very informative.

    I do wish the users/groups and certificates had the same option as these packages to sync to multiple ips with different passwords.  It would make setting up multiple sites owned by 1 company (without VPN, radius, ldap, connectivity) much easier.  The users, groups, certificates are mainly used for remote management by a groups of people using openvpn.

    I wonder if it would be easy to do with a script using the built in sync code.


  • Banned

    @marcelloc: Ever considered splitting this to a separate inc and getting it included into core? I find your code in lots of packages, fixing the same comment typos and code style everywhere. It's most completely identical otherwise, except for some customized log messages… Sounds really like a waste of time to maintain the code in loads of places. In some packages, most of the PHP code is the copy-paste of XMLRPC sync. Example - 2/3 of the actual code are XMLRPC sync.


Log in to reply