Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pfSense config file XML encoding #61

Open
robertkarsai opened this issue Apr 19, 2023 · 4 comments
Open

pfSense config file XML encoding #61

robertkarsai opened this issue Apr 19, 2023 · 4 comments

Comments

@robertkarsai
Copy link

robertkarsai commented Apr 19, 2023

Hello,

I've noticed that the pfsense config file XML encoding differs from the default pfSense XML encoding when I use pfsensible.core. Example (start of the config file right after a change over pfsensible):

<?xml version='1.0' encoding='us-ascii'?> <pfsense> <version>22.9</version> <lastchange></lastchange> <system> <optimization>normal</optimization> <hostname>testfw-1</hostname> <domain>test.group</domain> <group> <name>Network Admins</name> <description>RADIUS Group</description> <scope>remote</scope> <gid>2000</gid> <priv>page-all</priv> </group> <group> <name>admins</name> <description>System Administrators</description> <scope>system</scope> <gid>1999</gid> <member>0</member> <priv>page-all</priv> </group> <group> <name>all</name> <description>All Users</description> <scope>system</scope> <gid>1998</gid> </group>

Start of the config file right after a change done in the webgui:

<?xml version="1.0"?> <pfsense> <version>22.9</version> <lastchange></lastchange> <system> <optimization>normal</optimization> <hostname>testfw-1</hostname> <domain>test.group</domain> <group> <name>Network Admins</name> <description><![CDATA[RADIUS Group]]></description> <scope>remote</scope> <gid>2000</gid> <priv>page-all</priv> </group> <group> <name>admins</name> <description><![CDATA[System Administrators]]></description> <scope>system</scope> <gid>1999</gid> <member>0</member> <priv>page-all</priv> </group> <group> <name>all</name> <description><![CDATA[All Users]]></description> <scope>system</scope> <gid>1998</gid> </group>

While this encoding change has not caused any troubles I'm aware of, if you have a config management system that keeps track of your pfsense config changes then doing even just a slight adjustment with pfsensible causes hundreds of changes in the config file because of the encoding differences.

BR
Robert

@opoplawski
Copy link
Contributor

This is a known issue and noted at the bottom of the README:

core/README.md

Line 106 in 77349af

Some formatting is lost, and CDATA items are converted to normal entries,

I have as yet found no way to replicate the pfSense XML format with the standard Python XML libraries. If you have a fix, it would be most welcome.

@robertkarsai
Copy link
Author

robertkarsai commented Apr 20, 2023

I haven't noticed that one at the bottom of the README, sorry man. Unfortunately I'm not much of a Python guy, however I've tried to workaround it with a new feature in pfsense+ 23.01 (https://docs.netgate.com/pfsense/en/latest/development/php-shell.html#upgradeconfig). This could have been a oneliner shell task at the end of my playbooks reverting all the CDATA and all, the problem is, that this upgradeconfig feature of the pfsense PHP shell doesn't seem touch the encoding of the config file.

@robertkarsai
Copy link
Author

robertkarsai commented Apr 22, 2023

Hi, I have a workaround for the XML encoding. If I put a task like this at the end of my pfsense playbooks, the XML encoding is changed back by pfsense native tools:

- name: Revert XML encoding
  shell: pfSsh.php playback enablesshd

@opoplawski
Copy link
Contributor

I don't think I want modules to rewrite the config automatically, but I added a simple pfsense_rewrite_config task for people to use at the end of their plays like you did above.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants