The pfSense Store

Author Topic: Packages and XMLRPC Sync  (Read 4678 times)

0 Members and 1 Guest are viewing this topic.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 16290
  • Karma: +300/-1
    • View Profile
Packages and XMLRPC Sync
« on: April 24, 2013, 02:50:45 pm »
As many of us know, packages aren't included in the XMLRPC sync used in pfSense's base system. This is on purpose, because some packages (most?) would need different configs on each host, or they may not support binding to CARP VIPs, etc.

What I'm not sure if is why current package maintainers have separate sync sections for credentials and sync IPs rather than using the system's own settings from the system directly.

Is the current trend only done because that's what other packages are doing? Or is there an advantage that I'm missing to having separate settings? Why not just have a checkbox to enable sync and use the system settings? Are there really that many people using the package sync options but not the main system's sync options?

Main reason I'm asking is that from time to time people forget to update the sync settings in one of the half-dozen places they've entered them when something changes, and it would be best to use the system settings rather than duplicating the information. It would certainly make things easier for users if they didn't have to enter things multiple times.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 11164
  • Karma: +257/-2
    • View Profile
Re: Packages and XMLRPC Sync
« Reply #1 on: April 24, 2013, 04:18:51 pm »
Hi Jimp,

The pfsense system settings enable only one host to sync and at least on packages I'm maintaining I need a list of hosts to sync and in some cases the host do not has the same password.

I could add a checkbox to use the system sync settings user and password or a custom list of servers or password.
« Last Edit: April 24, 2013, 04:21:27 pm by marcelloc »

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 16290
  • Karma: +300/-1
    • View Profile
Re: Packages and XMLRPC Sync
« Reply #2 on: April 24, 2013, 04:26:01 pm »
Well the packages should really conform to the system design where possible.

Overriding is fine in special cases, as long as there is a way to use the system settings.

Multiple sync hosts could still be done by cascading, but if the package's sync code is being used separately from the firewall's built-in sync, then that would be a special case anyhow.

Eventually it would be nice to support multiple sync hosts in the firewall directly, but that's a bit of a different issue. Hammer for another nail.

I suspect more often than not, the built-in sync settings would be sufficient for people wanting to use them in an HA/CARP type setup.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 11164
  • Karma: +257/-2
    • View Profile
Re: Packages and XMLRPC Sync
« Reply #3 on: April 24, 2013, 04:58:18 pm »
Good point. I'll update packages I'm maintaining.

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 11164
  • Karma: +257/-2
    • View Profile
Re: Packages and XMLRPC Sync
« Reply #4 on: April 25, 2013, 05:56:02 am »
Take a look on squid3 new sync gui.  :)

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 16290
  • Karma: +300/-1
    • View Profile
Re: Packages and XMLRPC Sync
« Reply #5 on: April 25, 2013, 02:53:31 pm »
Looks great  ;D
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline Nachtfalke

  • Hero Member
  • *****
  • Posts: 2792
  • Karma: +11/-0
    • View Profile
Re: Packages and XMLRPC Sync
« Reply #6 on: April 25, 2013, 03:23:05 pm »
Hi,

the XMLRPC sync settings I did for freeradius2 and squidguard were simple copies of another package because I do not really know what happens exactly in the code.  ::)

What seems to be usefull (request from users on forum) is the fact to sync to different hosts and the option to temporarily disable this host. (freeradius2).

So if I could speak just for me I just need the ability to sync to different hosts with different passwords and to globally enable/disable syncing this package or not.

If there is a "pfsense-way" to build XMLRPC pages I will try to do that for freeradius2 package and squidguard. :)

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 16290
  • Karma: +300/-1
    • View Profile
Re: Packages and XMLRPC Sync
« Reply #7 on: April 25, 2013, 03:24:52 pm »
marcelloc seems to be the best.

Give the user the option to use the system settings if they wish, and if they'd prefer custom options, then they can use that instead.

Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 16290
  • Karma: +300/-1
    • View Profile
Re: Packages and XMLRPC Sync
« Reply #8 on: July 12, 2013, 07:56:56 am »
Bumping this and making it sticky to get some more attention. If you maintain a package that has sync code, please consider using the system's existing sync settings at least as an option.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline adam65535

  • Full Member
  • ***
  • Posts: 269
  • Karma: +5/-0
    • View Profile
Re: Packages and XMLRPC Sync
« Reply #9 on: February 05, 2014, 04:46:04 pm »
This thread was very informative.

I do wish the users/groups and certificates had the same option as these packages to sync to multiple ips with different passwords.  It would make setting up multiple sites owned by 1 company (without VPN, radius, ldap, connectivity) much easier.  The users, groups, certificates are mainly used for remote management by a groups of people using openvpn.

I wonder if it would be easy to do with a script using the built in sync code.