puzzle.opnsense.system_high_availability_settings module – Configure high availability settings

Note

This module is part of the puzzle.opnsense collection (version 1.4.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install puzzle.opnsense.

To use it in a playbook, specify: puzzle.opnsense.system_high_availability_settings.

New in puzzle.opnsense 1.2.0

Synopsis

  • Module to configure high availability system settings

Parameters

Parameter

Comments

disable_preempt

boolean

When this device is configured as CARP master it will try to switch to master when powering up, this option will keep this one slave if there already is a master on the network. A reboot is required to take effect.

Choices:

  • false ← (default)

  • true

disconnect_dialup_interfaces

boolean

When this device is configured as CARP backup it will disconnect all PPP type interfaces and try to reconnect them when becoming master again.

Choices:

  • false ← (default)

  • true

remote_system_password

string

Enter the web GUI password of the system entered above for synchronizing your configuration.

remote_system_username

string

Enter the web GUI username of the system entered above for synchronizing your configuration.

services_to_synchronize

list / elements=string

List of config items to synchronize to the other firewall.

sync_compatibility

string

Newer versions of OPNsense offer additional attributes in the state synchronization, for compatibility reasons you can optionally choose an older version here. Always make sure both nodes use the same version to avoid inconsistent state tables.

Choices:

  • ">24.7"

  • "<24.7"

synchronize_config_to_ip

string

IP address of the firewall to which the selected configuration sections should be synchronized.

synchronize_interface

string / required

If Synchronize States is enabled, it will utilize this interface for communication.

synchronize_peer_ip

string

Setting this option will force pfsync to synchronize its state table to this IP address. The default is directed multicast.

synchronize_states

boolean

pfsync transfers state insertion, update, and deletion messages between firewalls. Each firewall sends these messages out via multicast on a specified interface, using the PFSYNC protocol ([IP Protocol 240](https://www.openbsd.org/faq/pf/carp.html)). It also listens on that interface for similar messages from other firewalls, and imports them into the local state table. This setting should be enabled on all members of a failover group.

Choices:

  • false ← (default)

  • true

Examples

---
- name: Enable State sync via CARP
  puzzle.opnsense.system_high_availability_settings:
    synchronize_interface: "sync"
    synchronize_states: true

- name: Synchronize Configuration Settings
  puzzle.opnsense.system_high_availability_settings:
    synchronize_interface: LAN
    synchronize_config_to_ip: 192.168.1.3
    remote_system_username: root
    remote_system_password: v3rys3cure
    services_to_synchronize:
      - "Dashboard"
      - "Users and Groups"
      - "Auth Servers"
      - "Certificates"
      - "Virtual IPs"
      - "OpenVPN"
      - "Firewall Groups"
      - "Firewall Rules"
      - "Firewall Schedules"
      - "Aliases"
      - "NAT"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

opnsense_configure_output

list / elements=string

A List of the executed OPNsense configure function along with their respective stdout, stderr and rc

Returned: always

Sample: [{"function": "opnsense_configure_output", "params": [], "rc": 0, "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}]

Authors

  • Yoan Müller (@LuminatiHD)