From 1665198e66100fd4d2169582c62bde0d93bd082d Mon Sep 17 00:00:00 2001
From: jeangab <jeangabriel.gc@gmail.com>
Date: Sat, 11 Jan 2025 13:52:57 -0500
Subject: [PATCH] "Update Harmony Opnsense Configuration"

Improved configuration handling for Harmony Opnsense setup. Implemented changes to opnsense-config module to support various settings, including load balancer configuration and DHCP server settings. This update enhances the overall stability and functionality of the Harmony Opnsense setup process.
---
 harmony-rs/harmony/src/infra/hp_ilo/mod.rs    |  2 +-
 .../src/infra/opnsense/load_balancer.rs       |  2 +-
 .../modules/okd/bootstrap_load_balancer.rs    | 40 ++++++++++---------
 .../opnsense-config-xml/src/data/dhcpd.rs     |  2 +
 .../src/data/interfaces.rs                    |  1 +
 .../opnsense-config-xml/src/data/opnsense.rs  |  2 +-
 .../opnsense-config/src/config/config.rs      |  4 +-
 .../opnsense-config/src/modules/dhcp.rs       |  2 +
 .../src/modules/load_balancer.rs              |  1 +
 9 files changed, 33 insertions(+), 23 deletions(-)

diff --git a/harmony-rs/harmony/src/infra/hp_ilo/mod.rs b/harmony-rs/harmony/src/infra/hp_ilo/mod.rs
index b7fc1a2..798b2cd 100644
--- a/harmony-rs/harmony/src/infra/hp_ilo/mod.rs
+++ b/harmony-rs/harmony/src/infra/hp_ilo/mod.rs
@@ -15,6 +15,6 @@ impl ManagementInterface for HPIlo {
     }
 
     fn get_supported_protocol_names(&self) -> String {
-        todo!()
+        "ipmi,redfish".to_string()
     }
 }
diff --git a/harmony-rs/harmony/src/infra/opnsense/load_balancer.rs b/harmony-rs/harmony/src/infra/opnsense/load_balancer.rs
index a314c1c..c92698d 100644
--- a/harmony-rs/harmony/src/infra/opnsense/load_balancer.rs
+++ b/harmony-rs/harmony/src/infra/opnsense/load_balancer.rs
@@ -23,6 +23,7 @@ impl LoadBalancer for OPNSenseFirewall {
     }
 
     async fn add_service(&self, service: &LoadBalancerService) -> Result<(), ExecutorError> {
+        warn!("TODO : the current implementation does not check / cleanup / merge with existing haproxy services properly. Make sure to manually verify that the configuration is correct after executing any operation here");
         let mut config = self.opnsense_config.write().await;
         let (frontend, backend, servers, healthcheck) =
             harmony_load_balancer_service_to_haproxy_xml(service);
@@ -66,7 +67,6 @@ impl LoadBalancer for OPNSenseFirewall {
                     "Executor failed when trying to install os-haproxy package with error {e:?}"
                 ))
             })?;
-            todo!()
         }
 
         config.load_balancer().enable(true);
diff --git a/harmony-rs/harmony/src/modules/okd/bootstrap_load_balancer.rs b/harmony-rs/harmony/src/modules/okd/bootstrap_load_balancer.rs
index ca0e063..b372be3 100644
--- a/harmony-rs/harmony/src/modules/okd/bootstrap_load_balancer.rs
+++ b/harmony-rs/harmony/src/modules/okd/bootstrap_load_balancer.rs
@@ -18,38 +18,24 @@ impl OKDBootstrapLoadBalancerScore {
     pub fn new(topology: &HAClusterTopology) -> Self {
         let private_ip = topology.router.get_gateway();
 
-        let bootstrap_host = &topology.bootstrap_host;
-
         let private_services = vec![
             LoadBalancerService {
-                backend_servers: vec![BackendServer {
-                    address: bootstrap_host.ip.to_string(),
-                    port: 80,
-                }],
+                backend_servers: Self::topology_to_backend_server(topology, 80),
                 listening_port: SocketAddr::new(private_ip, 80),
                 health_check: Some(HealthCheck::TCP(None)),
             },
             LoadBalancerService {
-                backend_servers: vec![BackendServer {
-                    address: bootstrap_host.ip.to_string(),
-                    port: 443,
-                }],
+                backend_servers: Self::topology_to_backend_server(topology, 443),
                 listening_port: SocketAddr::new(private_ip, 443),
                 health_check: Some(HealthCheck::TCP(None)),
             },
             LoadBalancerService {
-                backend_servers: vec![BackendServer {
-                    address: bootstrap_host.ip.to_string(),
-                    port: 22623,
-                }],
+                backend_servers: Self::topology_to_backend_server(topology, 22623),
                 listening_port: SocketAddr::new(private_ip, 22623),
                 health_check: Some(HealthCheck::TCP(None)),
             },
             LoadBalancerService {
-                backend_servers: vec![BackendServer {
-                    address: bootstrap_host.ip.to_string(),
-                    port: 6443,
-                }],
+                backend_servers: Self::topology_to_backend_server(topology, 6443),
                 listening_port: SocketAddr::new(private_ip, 6443),
                 health_check: Some(HealthCheck::HTTP(
                     "/readyz".to_string(),
@@ -65,6 +51,24 @@ impl OKDBootstrapLoadBalancerScore {
             },
         }
     }
+    fn topology_to_backend_server(
+        topology: &HAClusterTopology,
+        port: u16,
+    ) -> Vec<BackendServer> {
+        let mut backend: Vec<_> = topology
+            .control_plane
+            .iter()
+            .map(|cp| BackendServer {
+                address: cp.ip.to_string(),
+                port,
+            })
+            .collect();
+        backend.push(BackendServer {
+            address: topology.bootstrap_host.ip.to_string(),
+            port,
+        });
+        backend
+    }
 }
 
 impl Score for OKDBootstrapLoadBalancerScore {
diff --git a/harmony-rs/opnsense-config-xml/src/data/dhcpd.rs b/harmony-rs/opnsense-config-xml/src/data/dhcpd.rs
index c215263..6e694b5 100644
--- a/harmony-rs/opnsense-config-xml/src/data/dhcpd.rs
+++ b/harmony-rs/opnsense-config-xml/src/data/dhcpd.rs
@@ -16,6 +16,8 @@ pub struct DhcpInterface {
     pub enable: Option<MaybeString>,
     pub gateway: Option<MaybeString>,
     pub domain: Option<MaybeString>,
+    pub tftp: Option<String>,
+    pub bootfilename: Option<String>,
     pub netboot: Option<u32>,
     pub nextserver: Option<String>,
     pub filename64: Option<String>,
diff --git a/harmony-rs/opnsense-config-xml/src/data/interfaces.rs b/harmony-rs/opnsense-config-xml/src/data/interfaces.rs
index 56b2dea..2da5e7f 100644
--- a/harmony-rs/opnsense-config-xml/src/data/interfaces.rs
+++ b/harmony-rs/opnsense-config-xml/src/data/interfaces.rs
@@ -32,6 +32,7 @@ pub struct Interface {
     pub dhcp6_ia_pd_len: Option<MaybeString>,
     pub networks: Option<MaybeString>,
     pub subnetv6: Option<MaybeString>,
+    pub gateway: Option<MaybeString>,
     pub media: Option<MaybeString>,
     pub mediaopt: Option<MaybeString>,
     #[yaserde(rename = "track6-interface")]
diff --git a/harmony-rs/opnsense-config-xml/src/data/opnsense.rs b/harmony-rs/opnsense-config-xml/src/data/opnsense.rs
index 36a85f4..797a2a7 100644
--- a/harmony-rs/opnsense-config-xml/src/data/opnsense.rs
+++ b/harmony-rs/opnsense-config-xml/src/data/opnsense.rs
@@ -1380,7 +1380,7 @@ pub struct StaticRoutes {
     #[yaserde(attribute)]
     pub version: String,
     #[yaserde(rename = "route")]
-    pub route: MaybeString,
+    pub route: Option<MaybeString>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
diff --git a/harmony-rs/opnsense-config/src/config/config.rs b/harmony-rs/opnsense-config/src/config/config.rs
index bef244b..6681ad9 100644
--- a/harmony-rs/opnsense-config/src/config/config.rs
+++ b/harmony-rs/opnsense-config/src/config/config.rs
@@ -68,7 +68,7 @@ impl Config {
     pub async fn install_package(&mut self, package_name: &str) -> Result<(), Error> {
         info!("Installing opnsense package {package_name}");
         let output = self.shell
-            .exec(&format!("/usr/local/opnsense/scripts/firmware/install.sh {package_name}"))
+            .exec(&format!("/bin/sh -c \"export LOCKFILE=/dev/stdout && /usr/local/opnsense/scripts/firmware/install.sh {package_name}\""))
             .await?;
         info!("Installation output {output}");
         self.reload_config().await?;
@@ -107,7 +107,7 @@ impl Config {
         password: &str,
     ) -> Self {
         let config = Arc::new(client::Config {
-            inactivity_timeout: Some(Duration::from_secs(5)),
+            inactivity_timeout: None,
             ..<_>::default()
         });
 
diff --git a/harmony-rs/opnsense-config/src/modules/dhcp.rs b/harmony-rs/opnsense-config/src/modules/dhcp.rs
index a53f646..83d8487 100644
--- a/harmony-rs/opnsense-config/src/modules/dhcp.rs
+++ b/harmony-rs/opnsense-config/src/modules/dhcp.rs
@@ -201,11 +201,13 @@ impl<'a> DhcpConfig<'a> {
     pub fn set_next_server(&mut self, ip: Ipv4Addr) {
         self.enable_netboot();
         self.get_lan_dhcpd().nextserver = Some(ip.to_string());
+        self.get_lan_dhcpd().tftp = Some(ip.to_string());
     }
 
     pub fn set_boot_filename(&mut self, boot_filename: &str) {
         self.enable_netboot();
         self.get_lan_dhcpd().filename64 = Some(boot_filename.to_string());
+        self.get_lan_dhcpd().bootfilename = Some(boot_filename.to_string());
     }
 }
 
diff --git a/harmony-rs/opnsense-config/src/modules/load_balancer.rs b/harmony-rs/opnsense-config/src/modules/load_balancer.rs
index d30dcdb..ef2c078 100644
--- a/harmony-rs/opnsense-config/src/modules/load_balancer.rs
+++ b/harmony-rs/opnsense-config/src/modules/load_balancer.rs
@@ -61,6 +61,7 @@ impl<'a> LoadBalancerConfig<'a> {
         self.opnsense_shell.exec("configctl haproxy stop").await?;
         self.opnsense_shell.exec("configctl template reload OPNsense/HAProxy").await?;
         self.opnsense_shell.exec("configctl template reload OPNsense/Syslog").await?;
+        self.opnsense_shell.exec("/usr/local/sbin/haproxy -c -f /usr/local/etc/haproxy.conf.staging").await?;
 
         // This script copies the staging config to production config. I am not 100% sure it is
         // required in the context