This is a set of modules to allow you to configure HAProxy on pfSense firewalls with ansible.

To install:

ansible-galaxy collection install pfsensible.haproxy

Optionally, you can specify the path of the collection installation with the -p option.

ansible-galaxy collection install pfsensible.haproxy -p ./collections

Additionally, you can set the collections_paths option in your ansible.cfg file to automatically designate install locations.

# ansible.cfg
[defaults]
collections_paths=collections

If Python discovery fails, you can set ansible_python_interpreter in your playbook or hosts vars:

pfSense >= 2.5.2:

ansible_python_interpreter: /usr/local/bin/python3.8

pfSense >= 2.4.5, < 2.5.2:

ansible_python_interpreter: /usr/local/bin/python3.7

Modules must run as root in order to make changes to the system. By default pfSense does not have sudo capability so become will not work. You can install it with:

  - name: "Install packages"
    package:
      name:
        - pfSense-pkg-sudo
      state: present

and then configure sudo so that your user has permission to use sudo.

The following modules are currently available:

• pfsense_haproxy_backend for HAProxy backends
• pfsense_haproxy_backend_server for HAProxy backends servers

The modules assume that you have already installed the haproxy pfSense package.

Modules in the collection work by editing /cf/conf/config.xml using xml.etree.ElementTree, then calling the appropriate PHP update function via the pfSense PHP developer shell.

Some formatting is lost, and CDATA items are converted to normal entries, but so far no problems with that have been noted.

GPLv3.0 or later