feat(watchguard): debut d'automation, structure tftp
This commit is contained in:
		
							parent
							
								
									411e3ce8cd
								
							
						
					
					
						commit
						231b1cca9f
					
				
							
								
								
									
										18
									
								
								watchguard/ansible/ansible-api-test.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										18
									
								
								watchguard/ansible/ansible-api-test.sh
									
									
									
									
									
										Executable file
									
								
							| @ -0,0 +1,18 @@ | ||||
| #!/bin/bash | ||||
| 
 | ||||
| # You first need to do a few things on opnsense web interface: | ||||
| # - enable ssh | ||||
| # - create a nationtech user (member of admin) with an API key (system / access /users) | ||||
| # - get an API key / secret | ||||
| 
 | ||||
| #ansible-galaxy collection install ansible.posix | ||||
| #ansible-galaxy collection install ansibleguy.opnsense | ||||
| 
 | ||||
| export API_KEY="wQTI+b1VcI2ox3NdB86dySN28TVYusaWUdimFNSMweOeyr++pp6xccPXBBxGoSy9arNhzlTprx5+28IL" | ||||
| export API_SECRET="eOLbAqZkTKMRXEdqjXUdlWLssd7q0bKBt5vNMgPutsc+V2qO4Yh/C9Z1OmBezcuxZdbVCLAjeru1c6zr" | ||||
| 
 | ||||
| ansible-playbook apiCallTest.yml \ | ||||
|   -e API_URL="https://192.168.1.1/api" \ | ||||
|   -e API_KEY="${API_KEY}" \ | ||||
|   -e API_SECRET="${API_SECRET}" | ||||
| 
 | ||||
							
								
								
									
										26
									
								
								watchguard/ansible/apiCallTest.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										26
									
								
								watchguard/ansible/apiCallTest.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,26 @@ | ||||
| --- | ||||
| - name: Make an HTTPS API call with basic auth | ||||
|   hosts: localhost | ||||
|   gather_facts: no | ||||
| 
 | ||||
|   tasks: | ||||
|     - name: Make API call | ||||
|       uri: | ||||
|         #url: "https://192.168.1.1/api/dhcpv4/leases/searchLease/" | ||||
|         #url: "{{ API_URL }}/dhcpv4/leases/searchLease/" | ||||
|         #url: "{{ API_URL }}/core/system/status" | ||||
|         #url: "{{ API_URL }}/core/menu/search/?=1725020077211" | ||||
|         url: "{{ API_URL }}/dhcpv4/service/status/" | ||||
|         #https://192.168.1.1/api/core/menu/search/?_=1725020077211 | ||||
|         method: GET | ||||
|         user: "{{ API_KEY }}" | ||||
|         password: "{{ API_SECRET }}" | ||||
|         force_basic_auth: yes | ||||
|         validate_certs: no | ||||
|         return_content: yes | ||||
|       register: api_response | ||||
| 
 | ||||
|     - name: Print API response | ||||
|       debug: | ||||
|         var: api_response.content | ||||
| 
 | ||||
							
								
								
									
										18
									
								
								watchguard/ansible/configure_dhcp.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										18
									
								
								watchguard/ansible/configure_dhcp.sh
									
									
									
									
									
										Executable file
									
								
							| @ -0,0 +1,18 @@ | ||||
| #!/bin/bash | ||||
| 
 | ||||
| # You first need to do a few things on opnsense web interface: | ||||
| # - enable ssh | ||||
| # - create a nationtech user (member of admin) with an API key (system / access /users) | ||||
| # - get an API key | ||||
| # zJhbadKcWsdY2HM47s1yLp5givIiTln0nf5CTw81igYxvFnvq8n67Ba5/MaLMSZ4EP13wphZTfHh0Nz8	 | ||||
| 
 | ||||
| API_KEY="zJhbadKcWsdY2HM47s1yLp5givIiTln0nf5CTw81igYxvFnvq8n67Ba5/MaLMSZ4EP13wphZTfHh0Nz8" | ||||
| 
 | ||||
| #ansible-galaxy collection install ansible.posix | ||||
| ansible-galaxy collection install ansibleguy.opnsense | ||||
| 
 | ||||
| ansible-playbook network-boot.yml -i 192.168.1.1, \ | ||||
|   -e opnsense_url="https://192.168.1.1/api" \ | ||||
|   -e api_key="${API_KEY}" \ | ||||
|   --connection=ssh | ||||
| 
 | ||||
							
								
								
									
										21
									
								
								watchguard/ansible/configure_netboot.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										21
									
								
								watchguard/ansible/configure_netboot.sh
									
									
									
									
									
										Executable file
									
								
							| @ -0,0 +1,21 @@ | ||||
| #!/bin/bash | ||||
| 
 | ||||
| # You first need to do a few things on opnsense web interface: | ||||
| # - enable ssh | ||||
| # - create a nationtech user (member of admin) with an API key (system / access /users) | ||||
| # - get an API key / secret | ||||
| 
 | ||||
| #ansible-galaxy collection install ansible.posix | ||||
| #ansible-galaxy collection install ansibleguy.opnsense | ||||
| 
 | ||||
| export API_KEY="wQTI+b1VcI2ox3NdB86dySN28TVYusaWUdimFNSMweOeyr++pp6xccPXBBxGoSy9arNhzlTprx5+28IL" | ||||
| export API_SECRET="eOLbAqZkTKMRXEdqjXUdlWLssd7q0bKBt5vNMgPutsc+V2qO4Yh/C9Z1OmBezcuxZdbVCLAjeru1c6zr" | ||||
| 
 | ||||
| ansible-playbook network-boot.yml.startExample \ | ||||
|   -e API_URL="https://192.168.1.1/api" \ | ||||
|   -e API_KEY="${API_KEY}" \ | ||||
|   -e API_SECRET="${API_SECRET}" \ | ||||
|   -e WEBUI_USERNAME="nationtech" \ | ||||
|   -e WEBUI_PASSWORD="opnsense" | ||||
|    | ||||
| 
 | ||||
							
								
								
									
										11
									
								
								watchguard/ansible/configure_tftp.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										11
									
								
								watchguard/ansible/configure_tftp.sh
									
									
									
									
									
										Executable file
									
								
							| @ -0,0 +1,11 @@ | ||||
| #!/bin/bash | ||||
| 
 | ||||
| # You first need to do a few things on opnsense web interface: | ||||
| # - enable ssh | ||||
| # - create a nationtech user (member of admin) with an API key (system / access /users) | ||||
| # - get an API key | ||||
| 
 | ||||
| ansible-galaxy collection install ansible.posix | ||||
| 
 | ||||
| ansible-playbook tftp.yml -i 192.168.1.1, -e ansible_user=root -e ansible_password=opnsense --connection=ssh | ||||
| 
 | ||||
							
								
								
									
										7
									
								
								watchguard/ansible/curl-api-test.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										7
									
								
								watchguard/ansible/curl-api-test.sh
									
									
									
									
									
										Executable file
									
								
							| @ -0,0 +1,7 @@ | ||||
| ## POST example | ||||
| #curl -XPOST -k -u "wQTI+b1VcI2ox3NdB86dySN28TVYusaWUdimFNSMweOeyr++pp6xccPXBBxGoSy9arNhzlTprx5+28IL":"eOLbAqZkTKMRXEdqjXUdlWLssd7q0bKBt5vNMgPutsc+V2qO4Yh/C9Z1OmBezcuxZdbVCLAjeru1c6zr" https://192.168.1.1/api/core/firmware/update | ||||
| 
 | ||||
| ## GET Examples | ||||
| #curl -k -u "wQTI+b1VcI2ox3NdB86dySN28TVYusaWUdimFNSMweOeyr++pp6xccPXBBxGoSy9arNhzlTprx5+28IL":"eOLbAqZkTKMRXEdqjXUdlWLssd7q0bKBt5vNMgPutsc+V2qO4Yh/C9Z1OmBezcuxZdbVCLAjeru1c6zr" https://192.168.1.1/api/core/firmware/status | ||||
| 
 | ||||
| curl -k -u "wQTI+b1VcI2ox3NdB86dySN28TVYusaWUdimFNSMweOeyr++pp6xccPXBBxGoSy9arNhzlTprx5+28IL":"eOLbAqZkTKMRXEdqjXUdlWLssd7q0bKBt5vNMgPutsc+V2qO4Yh/C9Z1OmBezcuxZdbVCLAjeru1c6zr" https://192.168.1.1/api/dhcpv4/leases/searchLease/ | ||||
							
								
								
									
										35
									
								
								watchguard/ansible/dhcp-network-boot.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										35
									
								
								watchguard/ansible/dhcp-network-boot.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,35 @@ | ||||
| --- | ||||
| #- hosts: all | ||||
| #  connection: local  # execute modules on controller | ||||
| #  gather_facts: no | ||||
| #  module_defaults: | ||||
| #    - name: Example | ||||
| #      ansibleguy.opnsense.alias: | ||||
| #        firewall: "{{ ansible_host }}" | ||||
| #        api_credential_file: "./opnsense.key" | ||||
| # | ||||
| #    tasks: | ||||
| #    - name: Example | ||||
| #      ansibleguy.opnsense.alias: | ||||
| #        name: 'ANSIBLE_TEST1' | ||||
| #        content: ['1.1.1.1'] | ||||
| 
 | ||||
| - name: Get list of users from OPNsense | ||||
|   hosts: localhost | ||||
|   gather_facts: no | ||||
| 
 | ||||
|   tasks: | ||||
|     - name: Retrieve users | ||||
|       uri: | ||||
|         url: "{{ opnsense_url }}/api/system/user" | ||||
|         method: GET | ||||
|         headers: | ||||
|           Authorization: "Bearer {{ api_key }}" | ||||
|           Content-Type: "application/json" | ||||
|         validate_certs: no | ||||
|       register: users_response | ||||
| 
 | ||||
|     - name: Display list of users | ||||
|       debug: | ||||
|         msg: "{{ users_response.json }}" | ||||
| 
 | ||||
							
								
								
									
										2
									
								
								watchguard/ansible/nationtech-apikey.txt
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										2
									
								
								watchguard/ansible/nationtech-apikey.txt
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,2 @@ | ||||
| key=wQTI+b1VcI2ox3NdB86dySN28TVYusaWUdimFNSMweOeyr++pp6xccPXBBxGoSy9arNhzlTprx5+28IL | ||||
| secret=eOLbAqZkTKMRXEdqjXUdlWLssd7q0bKBt5vNMgPutsc+V2qO4Yh/C9Z1OmBezcuxZdbVCLAjeru1c6zr | ||||
							
								
								
									
										101
									
								
								watchguard/ansible/network-boot.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										101
									
								
								watchguard/ansible/network-boot.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,101 @@ | ||||
| --- | ||||
| - name: Log in to OPNsense and obtain PHPSESSID and CSRF token | ||||
|   hosts: localhost | ||||
|   gather_facts: no | ||||
|   vars: | ||||
|     api_username: "your_username" | ||||
|     api_password: "your_password" | ||||
| 
 | ||||
|   tasks: | ||||
|     - name: Perform GET request to initiate session and retrieve PHPSESSID | ||||
|       uri: | ||||
|         url: "https://192.168.1.1/" | ||||
|         method: GET | ||||
|         user: "{{ WEBUI_USERNAME }}" | ||||
|         password: "{{ WEBUI_PASSWORD }}" | ||||
|         headers: | ||||
|           Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7' | ||||
|         validate_certs: no | ||||
|         return_content: yes | ||||
|       register: login_page | ||||
| 
 | ||||
|     - name: Extract PHPSESSID from response cookies | ||||
|       set_fact: | ||||
|         phpsessid: "{{ login_page.cookies.PHPSESSID }}" | ||||
| 
 | ||||
|     - name: Extract CSRF token name and value from the page content | ||||
|       set_fact: | ||||
|         csrf_tokens: "{{ login_page.content | regex_findall('<input[^>]*type=\"hidden\"[^>]*name=\"([^\"]+)\"[^>]*value=\"([^\"]+)\"') }}" | ||||
| 
 | ||||
|     - name: Set CSRF token name and value | ||||
|       set_fact: | ||||
|         csrf_token_name: "{{ csrf_tokens[0][0] if csrf_tokens | length > 0 else 'Not found' }}" | ||||
|         csrf_token_value: "{{ csrf_tokens[0][1] if csrf_tokens | length > 0 else 'Not found' }}" | ||||
| 
 | ||||
|     - name: Display the PHPSESSID and CSRF token details | ||||
|       debug: | ||||
|         msg: "PHPSESSID is {{ phpsessid }}, CSRF token name is {{ csrf_token_name }}, CSRF token value is {{ csrf_token_value }}" | ||||
| 
 | ||||
|     - name: Construct body | ||||
|       set_fact: | ||||
|         request_body: | | ||||
|           {{ csrf_token_name}}={{ csrf_token_value }}&range_from=192.168.1.10&range_to=192.168.1.245&wins1=&wins2=&dns1=&dns2=&gateway=&domain=&domainsearchlist=&defaultleasetime=&maxleasetime=&minsecs=&interface_mtu=&failover_peerip=&failover_split=&ddnsdomain=&ddnsdomainprimary=&ddnsdomainkeyname=&ddnsdomainkey=&ddnsdomainalgorithm=hmac-md5&mac_allow=&mac_deny=&ntp1=&ntp2=&tftp=&bootfilename=&ldap=&nextserver=192.168.1.1&filename=&filename32=&filename64=bootx64.efi&filename32arm=&filename64arm=&filenameipxe=&rootpath=&omapiport=&omapialgorithm=&omapikey=&numberoptions_number%5B%5D=&numberoptions_type%5B%5D=text&numberoptions_value%5B%5D=&if=lan&submit=Save' | ||||
| 
 | ||||
|     - name: Post data to services_dhcp.php | ||||
|       uri: | ||||
|         url: "https://192.168.1.1/services_dhcp.php?if=lan" | ||||
|         method: POST | ||||
|         headers: | ||||
|           Accept: "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7" | ||||
|           Accept-Language: "en,fr;q=0.9,en-GB;q=0.8,en-US;q=0.7" | ||||
|           Cache-Control: "no-cache" | ||||
|           Content-Type: "application/x-www-form-urlencoded" | ||||
|           Cookie: "PHPSESSID={{ phpsessid }}" | ||||
|           Origin: "https://192.168.1.1" | ||||
|           Pragma: "no-cache" | ||||
|           Priority: "u=0, i" | ||||
|           Referer: "https://192.168.1.1/services_dhcp.php?if=lan" | ||||
|           Sec-Ch-Ua: '"Google Chrome";v="125", "Chromium";v="125", "Not.A/Brand";v="24"' | ||||
|           Sec-Ch-Ua-Mobile: "?0" | ||||
|           Sec-Ch-Ua-Platform: '"Linux"' | ||||
|           Sec-Fetch-Dest: "document" | ||||
|           Sec-Fetch-Mode: "navigate" | ||||
|           Sec-Fetch-Site: "same-origin" | ||||
|           Sec-Fetch-User: "?1" | ||||
|           Upgrade-Insecure-Requests: "1" | ||||
|           User-Agent: "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" | ||||
|         body: | | ||||
|           {{ csrf_token_name }}={{ csrf_token_value }}&range_from=192.168.1.10&range_to=192.168.1.245&wins1=&wins2=&dns1=&dns2=&gateway=&domain=&domainsearchlist=&defaultleasetime=&maxleasetime=&minsecs=&interface_mtu=&failover_peerip=&failover_split=&ddnsdomain=&ddnsdomainprimary=&ddnsdomainkeyname=&ddnsdomainkey=&ddnsdomainalgorithm=hmac-md5&mac_allow=&mac_deny=&ntp1=&ntp2=&tftp=&bootfilename=&ldap=&nextserver=192.168.1.1&filename=&filename32=&filename64=bootx64.efi&filename32arm=&filename64arm=&filenameipxe=&rootpath=&omapiport=&omapialgorithm=&omapikey=&numberoptions_number%5B%5D=&numberoptions_type%5B%5D=text&numberoptions_value%5B%5D=&if=lan&submit=Save | ||||
|         body_format: raw | ||||
|         validate_certs: no | ||||
|       register: response | ||||
| 
 | ||||
| #    - name: Send POST request to update DHCP settings | ||||
| #      uri: | ||||
| #        url: "https://192.168.1.1/services_dhcp.php?if=lan" | ||||
| #        method: POST | ||||
| #        headers: | ||||
| #          Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7' | ||||
| #          Content-Type: 'application/x-www-form-urlencoded' | ||||
| #          Cookie: "PHPSESSID={{ phpsessid }}" | ||||
| #          Origin: "https://192.168.1.1" | ||||
| #          Referer: "https://192.168.1.1/services_dhcp.php?if=lan" | ||||
| #          X-CSRFToken: "{{ csrf_token_value }}" | ||||
| #        body_format: form-urlencoded | ||||
| #        body: "{{ request_body }}" | ||||
| #        validate_certs: no | ||||
| #        return_content: yes | ||||
| #      register: response | ||||
| 
 | ||||
|     - name: Display the response from the DHCP update request | ||||
|       debug: | ||||
|         #msg: "{{ response.content }}" | ||||
|         msg: "{{ response }}" | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| #        request_body: | | ||||
| #          {{ csrf_token_name }}={{ csrf_token_value }}&range_from=192.168.1.10&range_to=192.168.1.245&wins1=&wins2=&dns1=&dns2=&gateway=&domain=&domainsearchlist=&defaultleasetime=&maxleasetime=&minsecs=&interface_mtu=&failover_peerip=&failover_split=&ddnsdomain=&ddnsdomainprimary=&ddnsdomainkeyname=&ddnsdomainkey=&ddnsdomainalgorithm=hmac-md5&mac_allow=&mac_deny=&ntp1=&ntp2=&tftp=&bootfilename=&ldap=&nextserver=192.168.1.1&filename=&filename32=&filename64=bootx64.efi&filename32arm=&filename64arm=&filenameipxe=&rootpath=&omapiport=&omapialgorithm=&omapikey=&numberoptions_number%5B%5D=&numberoptions_type%5B%5D=text&numberoptions_value%5B%5D=&if=lan&submit=Save | ||||
| 
 | ||||
							
								
								
									
										71
									
								
								watchguard/ansible/network-boot.yml.bakMarchePas
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										71
									
								
								watchguard/ansible/network-boot.yml.bakMarchePas
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,71 @@ | ||||
| --- | ||||
| - name: Log in to OPNsense and obtain PHPSESSID and CSRF token | ||||
|   hosts: localhost | ||||
|   gather_facts: no | ||||
|   vars: | ||||
|     api_username: "your_username" | ||||
|     api_password: "your_password" | ||||
| 
 | ||||
|   tasks: | ||||
|     - name: Perform GET request to initiate session and retrieve PHPSESSID | ||||
|       uri: | ||||
|         url: "https://192.168.1.1/" | ||||
|         method: GET | ||||
|         user: "{{ WEBUI_USERNAME }}" | ||||
|         password: "{{ WEBUI_PASSWORD }}" | ||||
|         headers: | ||||
|           Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7' | ||||
|         validate_certs: no | ||||
|         return_content: yes | ||||
|       register: login_page | ||||
| 
 | ||||
|     - name: Extract PHPSESSID from response cookies | ||||
|       set_fact: | ||||
|         phpsessid: "{{ login_page.cookies.PHPSESSID }}" | ||||
| 
 | ||||
|     - name: Extract CSRF token name and value from the page content | ||||
|       set_fact: | ||||
|         csrf_tokens: "{{ login_page.content | regex_findall('<input[^>]*type=\"hidden\"[^>]*name=\"([^\"]+)\"[^>]*value=\"([^\"]+)\"') }}" | ||||
| 
 | ||||
|     - name: Set CSRF token name and value | ||||
|       set_fact: | ||||
|         csrf_token_name: "{{ csrf_tokens[0][0] if csrf_tokens | length > 0 else 'Not found' }}" | ||||
|         csrf_token_value: "{{ csrf_tokens[0][1] if csrf_tokens | length > 0 else 'Not found' }}" | ||||
| 
 | ||||
|     - name: Display the PHPSESSID and CSRF token details | ||||
|       debug: | ||||
|         msg: "PHPSESSID is {{ phpsessid }}, CSRF token name is {{ csrf_token_name }}, CSRF token value is {{ csrf_token_value }}" | ||||
| 
 | ||||
|     - name: Construct body | ||||
|       set_fact: | ||||
|         request_body: | | ||||
|           {{ csrf_token_name}}={{ csrf_token_value }}&range_from=192.168.1.10&range_to=192.168.1.245&wins1=&wins2=&dns1=&dns2=&gateway=&domain=&domainsearchlist=&defaultleasetime=&maxleasetime=&minsecs=&interface_mtu=&failover_peerip=&failover_split=&ddnsdomain=&ddnsdomainprimary=&ddnsdomainkeyname=&ddnsdomainkey=&ddnsdomainalgorithm=hmac-md5&mac_allow=&mac_deny=&ntp1=&ntp2=&tftp=&bootfilename=&ldap=&nextserver=192.168.1.1&filename=&filename32=&filename64=bootx64.efi&filename32arm=&filename64arm=&filenameipxe=&rootpath=&omapiport=&omapialgorithm=&omapikey=&numberoptions_number%5B%5D=&numberoptions_type%5B%5D=text&numberoptions_value%5B%5D=&if=lan&submit=Save' | ||||
| 
 | ||||
|     - name: Send POST request to update DHCP settings | ||||
|       uri: | ||||
|         url: "https://192.168.1.1/services_dhcp.php?if=lan" | ||||
|         method: POST | ||||
|         headers: | ||||
|           Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7' | ||||
|           Content-Type: 'application/x-www-form-urlencoded' | ||||
|           Cookie: "PHPSESSID={{ phpsessid }}" | ||||
|           Origin: "https://192.168.1.1" | ||||
|           Referer: "https://192.168.1.1/services_dhcp.php?if=lan" | ||||
|           X-CSRFToken: "{{ csrf_token_value }}" | ||||
|         body_format: form-urlencoded | ||||
|         body: "{{ request_body }}" | ||||
|         validate_certs: no | ||||
|         return_content: yes | ||||
|       register: dhcp_update_response | ||||
| 
 | ||||
|     - name: Display the response from the DHCP update request | ||||
|       debug: | ||||
|         msg: "{{ dhcp_update_response.content }}" | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| #        request_body: | | ||||
| #          {{ csrf_token_name }}={{ csrf_token_value }}&range_from=192.168.1.10&range_to=192.168.1.245&wins1=&wins2=&dns1=&dns2=&gateway=&domain=&domainsearchlist=&defaultleasetime=&maxleasetime=&minsecs=&interface_mtu=&failover_peerip=&failover_split=&ddnsdomain=&ddnsdomainprimary=&ddnsdomainkeyname=&ddnsdomainkey=&ddnsdomainalgorithm=hmac-md5&mac_allow=&mac_deny=&ntp1=&ntp2=&tftp=&bootfilename=&ldap=&nextserver=192.168.1.1&filename=&filename32=&filename64=bootx64.efi&filename32arm=&filename64arm=&filenameipxe=&rootpath=&omapiport=&omapialgorithm=&omapikey=&numberoptions_number%5B%5D=&numberoptions_type%5B%5D=text&numberoptions_value%5B%5D=&if=lan&submit=Save | ||||
| 
 | ||||
							
								
								
									
										47
									
								
								watchguard/ansible/network-boot.yml.startExample
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										47
									
								
								watchguard/ansible/network-boot.yml.startExample
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,47 @@ | ||||
| --- | ||||
| - name: Make an HTTPS API call with basic auth | ||||
|   hosts: localhost | ||||
|   gather_facts: no | ||||
| 
 | ||||
|   tasks: | ||||
|     - name: Enable network booting via API | ||||
|       uri: | ||||
|         #url: "{{ API_URL }}/dhcpv4/service/reconfigure?if=lan" | ||||
|         #url: "{{ API_URL }}/dhcpv4/service/start" | ||||
|         url: "{{ API_URL }}/dhcpv4/service/reconfigure" | ||||
|         method: POST | ||||
|         user: "{{ API_KEY }}" | ||||
|         password: "{{ API_SECRET }}" | ||||
|         force_basic_auth: yes | ||||
|         headers: | ||||
|           Content-Type: "application/json" | ||||
|         body: > | ||||
|           { | ||||
|               "enable": "no", | ||||
|               "submit": "Save", | ||||
|               "if": "lan" | ||||
|           } | ||||
|         body_format: json | ||||
|         validate_certs: no | ||||
|         return_content: yes | ||||
|       register: api_response | ||||
| 
 | ||||
|     - name: Print API response | ||||
|       debug: | ||||
|         var: api_response.content | ||||
| 
 | ||||
| #          { | ||||
| #            "interface": "lan", | ||||
| #            "next-server": "{{ tftp_server_ip }}", | ||||
| #            "filename": "{{ bootfile }}", | ||||
| #            "root-path": "{{ root_path }}" | ||||
| #          } | ||||
| # | ||||
| #        body: > | ||||
| #          { | ||||
| #            "lan": { | ||||
| #              "enable": "yes", | ||||
| #              "submit": "Save", | ||||
| #              "if": "lan" | ||||
| #            } | ||||
| #          } | ||||
							
								
								
									
										1
									
								
								watchguard/ansible/opnsense.key
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								watchguard/ansible/opnsense.key
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1 @@ | ||||
| zJhbadKcWsdY2HM47s1yLp5givIiTln0nf5CTw81igYxvFnvq8n67Ba5/MaLMSZ4EP13wphZTfHh0Nz8 | ||||
							
								
								
									
										39
									
								
								watchguard/ansible/tftp.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										39
									
								
								watchguard/ansible/tftp.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,39 @@ | ||||
| --- | ||||
| - name: Configure inetd service and uncomment tftp lines | ||||
|   hosts: all | ||||
|   gather_facts: no | ||||
|   tasks: | ||||
|     - name: Enable inetd in /etc/rc.conf | ||||
|       lineinfile: | ||||
|         path: /etc/rc.conf | ||||
|         line: 'inetd_enable="YES"' | ||||
|         create: yes | ||||
|         state: present | ||||
|       become: yes | ||||
| 
 | ||||
|     - name: Uncomment tftp lines in /etc/inetd.conf | ||||
|       lineinfile: | ||||
|         path: /etc/inetd.conf | ||||
|         regexp: '^#\s*(tftp.*)' | ||||
|         line: '\1' | ||||
|         backrefs: yes | ||||
|         state: present | ||||
|       become: yes | ||||
|       with_items: # I don't like that but it works... | ||||
|         - 'tftp' | ||||
|         - 'tftp' | ||||
| 
 | ||||
|     - name: Create /tftpboot directory | ||||
|       file: | ||||
|         path: /tftpboot | ||||
|         state: directory | ||||
|         owner: root | ||||
|         group: wheel | ||||
|         mode: '0755' | ||||
|       become: yes | ||||
| 
 | ||||
|     - name: Restart inetd service | ||||
|       service: | ||||
|         name: inetd | ||||
|         state: restarted | ||||
|       become: yes | ||||
							
								
								
									
										5
									
								
								watchguard/tftpboot/boot/grub/grub.cfg
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								watchguard/tftpboot/boot/grub/grub.cfg
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,5 @@ | ||||
| menuentry "Install Ubuntu Server" { | ||||
|         set gfxpayload=keep | ||||
|         linux   linux iso-url=https://releases.ubuntu.com/23.04/ubuntu-23.04-live-server-amd64.iso ip=dhcp --- | ||||
|         initrd  initrd | ||||
| } | ||||
							
								
								
									
										
											BIN
										
									
								
								watchguard/tftpboot/bootx64.efi
									 (Stored with Git LFS)
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										
											BIN
										
									
								
								watchguard/tftpboot/bootx64.efi
									 (Stored with Git LFS)
									
									
									
									
										Normal file
									
								
							
										
											Binary file not shown.
										
									
								
							
							
								
								
									
										5
									
								
								watchguard/tftpboot/grub.cfg
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								watchguard/tftpboot/grub.cfg
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,5 @@ | ||||
| menuentry "Install Ubuntu Server" { | ||||
|         set gfxpayload=keep | ||||
|         linux   linux iso-url=https://releases.ubuntu.com/23.04/ubuntu-23.04-live-server-amd64.iso ip=dhcp --- | ||||
|         initrd  initrd | ||||
| } | ||||
							
								
								
									
										48
									
								
								watchguard/tftpboot/grub/grub.cfg
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										48
									
								
								watchguard/tftpboot/grub/grub.cfg
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,48 @@ | ||||
| menuentry "Install Ubuntu Server" { | ||||
|         set gfxpayload=keep | ||||
|         linux   linux iso-url=https://releases.ubuntu.com/23.04/ubuntu-23.04-live-server-amd64.iso ip=dhcp --- | ||||
|         initrd  initrd | ||||
| } | ||||
| 
 | ||||
| menuentry 'RHCOS PXE Bootstrap' { | ||||
|     set http_server="http://192.168.1.1" | ||||
|     set version="4.7.0" | ||||
|     set architecture="x86_64" | ||||
| 
 | ||||
|     #linux ${http_server}/rhcos-${version}-live-kernel-${architecture} coreos.live.rootfs_url=${http_server}/rhcos-${version}-live-rootfs.${architecture}.img coreos.inst.install_dev=/dev/sda coreos.inst.ignition_url=${http_server}/bootstrap.ign | ||||
|     linux okd/fedora-coreos-38.20231002.3.1-live-kernel-x86_64 coreos.live.rootfs_url=http://192.168.3.102:/ks/okd/fedora-coreos-38.20231002.3.1-live-rootfs.x86_64.img coreos.inst.install_dev=/dev/sda coreos.inst.ignition_url=http://192.168.3.102:/ks/okd/bootstrap.ign | ||||
|     initrd okd/fedora-coreos-38.20231002.3.1-live-initramfs.x86_64.img | ||||
| } | ||||
| 
 | ||||
| menuentry 'RHCOS PXE Master' { | ||||
|     set http_server="http://192.168.1.1" | ||||
|     set version="4.7.0" | ||||
|     set architecture="x86_64" | ||||
| 
 | ||||
|     #linux ${http_server}/rhcos-${version}-live-kernel-${architecture} coreos.live.rootfs_url=${http_server}/rhcos-${version}-live-rootfs.${architecture}.img coreos.inst.install_dev=/dev/sda coreos.inst.ignition_url=${http_server}/master.ign | ||||
|     linux okd/fedora-coreos-38.20231002.3.1-live-kernel-x86_64 coreos.live.rootfs_url=http://192.168.3.102:/ks/okd/fedora-coreos-38.20231002.3.1-live-rootfs.x86_64.img coreos.inst.install_dev=/dev/sda coreos.inst.ignition_url=http://192.168.3.102:/ks/okd/master.ign | ||||
|     initrd okd/fedora-coreos-38.20231002.3.1-live-initramfs.x86_64.img | ||||
|     #initrd https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/38.20231002.3.1/x86_64/fedora-coreos-38.20231002.3.1-live-initramfs.x86_64.img | ||||
| } | ||||
| 
 | ||||
| menuentry 'RHCOS PXE Worker sda' { | ||||
|     set http_server="http://192.168.1.1" | ||||
|     set version="4.7.0" | ||||
|     set architecture="x86_64" | ||||
| 
 | ||||
|     #linux ${http_server}/rhcos-${version}-live-kernel-${architecture} coreos.live.rootfs_url=${http_server}/rhcos-${version}-live-rootfs.${architecture}.img coreos.inst.install_dev=/dev/sda coreos.inst.ignition_url=${http_server}/worker.ign | ||||
|     linux okd/fedora-coreos-38.20231002.3.1-live-kernel-x86_64 coreos.live.rootfs_url=http://192.168.3.102:/ks/okd/fedora-coreos-38.20231002.3.1-live-rootfs.x86_64.img coreos.inst.install_dev=/dev/sda coreos.inst.ignition_url=http://192.168.3.102:/ks/okd/worker.ign | ||||
|     initrd okd/fedora-coreos-38.20231002.3.1-live-initramfs.x86_64.img | ||||
|     #initrd https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/38.20231002.3.1/x86_64/fedora-coreos-38.20231002.3.1-live-initramfs.x86_64.img | ||||
| } | ||||
| 
 | ||||
| menuentry 'RHCOS PXE Worker sdh' { | ||||
|     set http_server="http://192.168.1.1" | ||||
|     set version="4.7.0" | ||||
|     set architecture="x86_64" | ||||
| 
 | ||||
|     #linux ${http_server}/rhcos-${version}-live-kernel-${architecture} coreos.live.rootfs_url=${http_server}/rhcos-${version}-live-rootfs.${architecture}.img coreos.inst.install_dev=/dev/sda coreos.inst.ignition_url=${http_server}/worker.ign | ||||
|     linux okd/fedora-coreos-38.20231002.3.1-live-kernel-x86_64 coreos.live.rootfs_url=http://192.168.3.102:/ks/okd/fedora-coreos-38.20231002.3.1-live-rootfs.x86_64.img coreos.inst.install_dev=/dev/sdh coreos.inst.ignition_url=http://192.168.3.102:/ks/okd/worker.ign | ||||
|     initrd okd/fedora-coreos-38.20231002.3.1-live-initramfs.x86_64.img | ||||
|     #initrd https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/38.20231002.3.1/x86_64/fedora-coreos-38.20231002.3.1-live-initramfs.x86_64.img | ||||
| } | ||||
							
								
								
									
										
											BIN
										
									
								
								watchguard/tftpboot/grubx64.efi
									 (Stored with Git LFS)
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										
											BIN
										
									
								
								watchguard/tftpboot/grubx64.efi
									 (Stored with Git LFS)
									
									
									
									
										Normal file
									
								
							
										
											Binary file not shown.
										
									
								
							
							
								
								
									
										
											BIN
										
									
								
								watchguard/tftpboot/initrd
									 (Stored with Git LFS)
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										
											BIN
										
									
								
								watchguard/tftpboot/initrd
									 (Stored with Git LFS)
									
									
									
									
										Normal file
									
								
							
										
											Binary file not shown.
										
									
								
							
							
								
								
									
										
											BIN
										
									
								
								watchguard/tftpboot/ldlinux.c32
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										
											BIN
										
									
								
								watchguard/tftpboot/ldlinux.c32
									
									
									
									
									
										Normal file
									
								
							
										
											Binary file not shown.
										
									
								
							
							
								
								
									
										
											BIN
										
									
								
								watchguard/tftpboot/linux
									 (Stored with Git LFS)
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										
											BIN
										
									
								
								watchguard/tftpboot/linux
									 (Stored with Git LFS)
									
									
									
									
										Normal file
									
								
							
										
											Binary file not shown.
										
									
								
							
							
								
								
									
										
											BIN
										
									
								
								watchguard/tftpboot/memtest/memtest86+
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										
											BIN
										
									
								
								watchguard/tftpboot/memtest/memtest86+
									
									
									
									
									
										Normal file
									
								
							
										
											Binary file not shown.
										
									
								
							| @ -0,0 +1 @@ | ||||
| ../../images-nogit/fedora-coreos-38.20231002.3.1-live-initramfs.x86_64.img | ||||
| @ -0,0 +1 @@ | ||||
| ../../images-nogit/fedora-coreos-38.20231002.3.1-live-kernel-x86_64 | ||||
| @ -0,0 +1 @@ | ||||
| ../../images-nogit/fedora-coreos-38.20231002.3.1-live-rootfs.x86_64.img | ||||
							
								
								
									
										
											BIN
										
									
								
								watchguard/tftpboot/pxelinux.0
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										
											BIN
										
									
								
								watchguard/tftpboot/pxelinux.0
									
									
									
									
									
										Normal file
									
								
							
										
											Binary file not shown.
										
									
								
							
							
								
								
									
										5
									
								
								watchguard/tftpboot/pxelinux.cfg/default
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								watchguard/tftpboot/pxelinux.cfg/default
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,5 @@ | ||||
| DEFAULT install | ||||
| LABEL install | ||||
|   KERNEL linux | ||||
|   INITRD initrd | ||||
|   APPEND root=/dev/ram0 ramdisk_size=1500000 ip=dhcp iso-url=https://releases.ubuntu.com/23.04/ubuntu-23.04-live-server-amd64.iso --- | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user