Puppet Class: pfsense_autoupdate

Defined in:
manifests/init.pp

Overview

Class: pfsense_autoupdate

This module handles unattended updates of pfSense firewalls.

Examples

class { 'pfsense_autoupdate':
  update_hours => ['2-4', '6-8', 22],
  update_weekdays => ['6-7'],
  firmware_url => 'http://example.com/pfsense/firmware/',
  major_updates => true,
  random_sleep => false,
  sig_verification => false,
}

Parameters:

  • update_hours (Any) (defaults to: ['*'])
  • update_weekdays (Any) (defaults to: ['*'])
  • firmware_url (Any) (defaults to: undef)
  • major_updates (Any) (defaults to: false)
  • quiet (Any) (defaults to: false)
  • random_sleep (Any) (defaults to: true)
  • sig_verification (Any) (defaults to: true)
  • real_group (Any) (defaults to: 'nobody') 


16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'manifests/init.pp', line 16

class pfsense_autoupdate(
  # class
  $update_hours     = ['*'],
  $update_weekdays  = ['*'],
  $firmware_url     = undef,
  $major_updates    = false,
  $quiet            = false,
  $random_sleep     = true,
  $sig_verification = true,
  # pfsense
  $real_group       = 'nobody',
) {

  # Input validation
  include stdlib
  validate_array($update_hours)
  validate_array($update_weekdays)
  validate_bool($major_updates)
  validate_bool($quiet)
  validate_bool($sig_verification)
  validate_string($firmware_url)

  case $::operatingsystem {
    'FreeBSD': { }
    default: { fail("OS $::operatingsystem is not supported") }
  }

  if ! $::pfsense {
    fail("Requires a pfSense appliance")
  }

  $directory = '/usr/local/sbin'
  $updater = 'autoupdate.php'

  file { "${directory}/${updater}":
    ensure  => file,
    source  => "puppet:///modules/${module_name}/${updater}",
    owner   => root,
    group   => wheel,
    mode    => '0744',
  }

  file { "/usr/local/etc/autoupdate.ini":
    ensure  => file,
    content => template('pfsense_autoupdate/autoupdate.ini.erb'),
    owner   => root,
    group   => wheel,
    mode    => '0644',
  }

  # XXX: I consider this to be a temporary workaround. Ideally we'd use
  #      a new 'pfsense_cron' provider to create proper pfSense cronjobs.
  cron { 'pfsense_autoupdate':
    command  => "${directory}/${updater}",
    user     => root,
    hour     => $update_hours,
    minute   => '10',
    month    => '*',
    monthday => '*',
    weekday  => $update_weekdays,
  }

}