netbox: factor out redis role

2024-06-25 00:52:57 +02:00 · 2024-06-25 00:52:57 +02:00 · 74cb31e243
parent f1f9d6fa34
commit 74cb31e243
4 changed files with 155 additions and 157 deletions
--- a/roles/netbox/tasks/app.yml
+++ b/roles/netbox/tasks/app.yml
@ -1,147 +0,0 @@
- name: Install dependencies
-  package:
-    name:
-      - git
-      - python3
-      - python3-dev
-      - py3-pip
-      - py3-virtualenv
-      - bash # for upgrade script
-      - build-base # to build psycopg if not available
-      - postgresql-dev # likewise
-
- name: Checkout repo
-  become: yes
-  become_user: '{{ user }}'
-  git:
-    repo: https://github.com/netbox-community/netbox.git
-    dest: '{{ user_info.home }}/app'
-    version: 'v{{ netbox_version }}'
-  notify: run migrations
-
- name: Copy default config
-  copy:
-    dest: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
-    src: '{{ user_info.home }}/app/netbox/netbox/configuration_example.py'
-    remote_src: yes
-    owner: '{{ user_info.uid }}'
-    group: '{{ user_info.group }}'
-    force: no
-  notify: run migrations
-
- name: Restrict access to config
-  file:
-    path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
-    mode: 0600
-
- name: Configure secret key
-  lineinfile:
-    path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
-    regexp: "^SECRET_KEY = ''"
-    line: "SECRET_KEY = '{{ lookup('password', '/dev/null', length=50) }}'"
-    backrefs: yes # don’t set if set already
-
- name: Configure base settings and database
-  lineinfile:
-    path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
-    regexp: '{{ item.key }}'
-    line: '{{ item.line }}'
-  loop:
-    - key: '^ALLOWED_HOSTS = '
-      line: "ALLOWED_HOSTS = ['{{ dns_name }}']"
-    - key: 'USER.*PostgreSQL username'
-      line: "    'USER': '{{ user }}', # PostgreSQL username"
-    # XXX unnecessary?
-    #- key: '(OPTIONS|PASSWORD).*PostgreSQL password'
-    #  line: "    'OPTIONS': { 'passfile': '{{ user_info.home }}/.pgpass' }, # PostgreSQL password"
-    # not yet compatible, see https://github.com/netbox-community/netbox-topology-views/issues/503
-    #- key: '^PLUGINS = '
-    #  line: "PLUGINS = ['netbox_topology_views']"
-  notify: run migrations
-
- name: Configure OIDC authentication
-  lineinfile:
-    path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
-    regexp: '{{ item.key }}'
-    line: '{{ item.line }}'
-  loop:
-    - key: "^REMOTE_AUTH_ENABLED ="
-      line: "REMOTE_AUTH_ENABLED = True"
-    - key: "^REMOTE_AUTH_BACKEND ="
-      line: "REMOTE_AUTH_BACKEND = 'social_core.backends.open_id_connect.OpenIdConnectAuth'"
-    - key: "^SOCIAL_AUTH_OIDC_OIDC_ENDPOINT ="
-      line: "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='oidc_endpoint') }}'"
-    - key: "^SOCIAL_AUTH_OIDC_KEY ="
-      line: "SOCIAL_AUTH_OIDC_KEY = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='oidc_client_id') }}'"
-    - key: "^SOCIAL_AUTH_OIDC_SECRET ="
-      line: "SOCIAL_AUTH_OIDC_SECRET = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='oidc_client_secret') }}'"
-    # TODO the key should really be upn but it doesn’t seem to work
-    - key: "^SOCIAL_AUTH_OIDC_USERNAME_KEY ="
-      line: "SOCIAL_AUTH_OIDC_USERNAME_KEY = 'email'"
-  notify: run migrations
-
- name: Set additional requirements
-  become: yes
-  become_user: '{{ user }}'
-  copy:
-    dest: '{{ user_info.home }}/app/'
-    src: local_requirements.txt
-  notify: run migrations
-
- meta: flush_handlers
-
- name: Create superuser
-  become: yes
-  become_user: '{{ user }}'
-  command:
-    cmd: '{{ user_info.home }}/app/venv/bin/python {{ user_info.home }}/app/netbox/manage.py shell --interface python'
-    stdin: |
-      import sys
-      from users.models import User
-      #from django.contrib.auth.models import User
-      username = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='admin_user') }}'
-      if not User.objects.filter(username=username):
-          User.objects.create_superuser(username, '', # TODO email
-              '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='admin_pass') }}')
-          sys.exit(1)
-  register: result
-  changed_when: result.rc != 0
-
- name: Set up gunicorn
-  copy:
-    dest: /srv/netbox/gunicorn.py
-    src: /srv/netbox/app/contrib/gunicorn.py
-    remote_src: yes
-    force: no
-    owner: netbox
-    group: netbox
-
- name: Set up cron job
-  file:
-    dest: /etc/periodic/daily/netbox-housekeeping.sh
-    src: /srv/netbox/app/contrib/netbox-housekeeping.sh
-    state: link
-
- name: Install services
-  template:
-    dest: '/etc/init.d/{{ item }}'
-    src: '{{ item }}.initd.j2'
-    mode: 0755
-  loop:
-    - netbox
-    - netbox-rq
-
- name: Enable services
-  service:
-    name: '{{ item }}'
-    enabled: true
-    state: started
-  loop:
-    - netbox
-    - netbox-rq
-
- name: Set up nginx site
-  template:
-    dest: '/etc/nginx/http.d/netbox.conf'
-    src: 'netbox.conf.j2'
-  notify: reload nginx
--- a/roles/netbox/tasks/main.yml
+++ b/roles/netbox/tasks/main.yml
@ -1,12 +1,14 @@
- name: Install redis
+- name: Install dependencies
  package:
-    name: redis
-
- name: Enable redis service
-  service:
-    name: redis
-    enabled: true
-    state: started
+    name:
+      - git
+      - python3
+      - python3-dev
+      - py3-pip
+      - py3-virtualenv
+      - bash # for upgrade script
+      - build-base # to build psycopg if not available
+      - postgresql-dev # likewise

 - name: Create group for web service
  group:
@ -22,5 +24,138 @@
    system: yes
  register: user_info

- name: Set up app
-  import_tasks: app.yml
+- name: Checkout repo
+  become: yes
+  become_user: '{{ user }}'
+  git:
+    repo: https://github.com/netbox-community/netbox.git
+    dest: '{{ user_info.home }}/app'
+    version: 'v{{ netbox_version }}'
+  notify: run migrations
+
+- name: Copy default config
+  copy:
+    dest: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
+    src: '{{ user_info.home }}/app/netbox/netbox/configuration_example.py'
+    remote_src: yes
+    owner: '{{ user_info.uid }}'
+    group: '{{ user_info.group }}'
+    force: no
+  notify: run migrations
+
+- name: Restrict access to config
+  file:
+    path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
+    mode: 0600
+
+- name: Configure secret key
+  lineinfile:
+    path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
+    regexp: "^SECRET_KEY = ''"
+    line: "SECRET_KEY = '{{ lookup('password', '/dev/null', length=50) }}'"
+    backrefs: yes # don’t set if set already
+
+- name: Configure base settings and database
+  lineinfile:
+    path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
+    regexp: '{{ item.key }}'
+    line: '{{ item.line }}'
+  loop:
+    - key: '^ALLOWED_HOSTS = '
+      line: "ALLOWED_HOSTS = ['{{ dns_name }}']"
+    - key: 'USER.*PostgreSQL username'
+      line: "    'USER': '{{ user }}', # PostgreSQL username"
+    # XXX unnecessary?
+    #- key: '(OPTIONS|PASSWORD).*PostgreSQL password'
+    #  line: "    'OPTIONS': { 'passfile': '{{ user_info.home }}/.pgpass' }, # PostgreSQL password"
+    # not yet compatible, see https://github.com/netbox-community/netbox-topology-views/issues/503
+    #- key: '^PLUGINS = '
+    #  line: "PLUGINS = ['netbox_topology_views']"
+  notify: run migrations
+
+- name: Configure OIDC authentication
+  lineinfile:
+    path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
+    regexp: '{{ item.key }}'
+    line: '{{ item.line }}'
+  loop:
+    - key: "^REMOTE_AUTH_ENABLED ="
+      line: "REMOTE_AUTH_ENABLED = True"
+    - key: "^REMOTE_AUTH_BACKEND ="
+      line: "REMOTE_AUTH_BACKEND = 'social_core.backends.open_id_connect.OpenIdConnectAuth'"
+    - key: "^SOCIAL_AUTH_OIDC_OIDC_ENDPOINT ="
+      line: "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='oidc_endpoint') }}'"
+    - key: "^SOCIAL_AUTH_OIDC_KEY ="
+      line: "SOCIAL_AUTH_OIDC_KEY = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='oidc_client_id') }}'"
+    - key: "^SOCIAL_AUTH_OIDC_SECRET ="
+      line: "SOCIAL_AUTH_OIDC_SECRET = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='oidc_client_secret') }}'"
+    # TODO the key should really be upn but it doesn’t seem to work
+    - key: "^SOCIAL_AUTH_OIDC_USERNAME_KEY ="
+      line: "SOCIAL_AUTH_OIDC_USERNAME_KEY = 'email'"
+  notify: run migrations
+
+- name: Set additional requirements
+  become: yes
+  become_user: '{{ user }}'
+  copy:
+    dest: '{{ user_info.home }}/app/'
+    src: local_requirements.txt
+  notify: run migrations
+
+- meta: flush_handlers
+
+- name: Create superuser
+  become: yes
+  become_user: '{{ user }}'
+  command:
+    cmd: '{{ user_info.home }}/app/venv/bin/python {{ user_info.home }}/app/netbox/manage.py shell --interface python'
+    stdin: |
+      import sys
+      from users.models import User
+      #from django.contrib.auth.models import User
+      username = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='admin_user') }}'
+      if not User.objects.filter(username=username):
+          User.objects.create_superuser(username, '', # TODO email
+              '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='admin_pass') }}')
+          sys.exit(1)
+  register: result
+  changed_when: result.rc != 0
+
+- name: Set up gunicorn
+  copy:
+    dest: /srv/netbox/gunicorn.py
+    src: /srv/netbox/app/contrib/gunicorn.py
+    remote_src: yes
+    force: no
+    owner: netbox
+    group: netbox
+
+- name: Set up cron job
+  file:
+    dest: /etc/periodic/daily/netbox-housekeeping.sh
+    src: /srv/netbox/app/contrib/netbox-housekeeping.sh
+    state: link
+
+- name: Install services
+  template:
+    dest: '/etc/init.d/{{ item }}'
+    src: '{{ item }}.initd.j2'
+    mode: 0755
+  loop:
+    - netbox
+    - netbox-rq
+
+- name: Enable services
+  service:
+    name: '{{ item }}'
+    enabled: true
+    state: started
+  loop:
+    - netbox
+    - netbox-rq
+
+- name: Set up nginx site
+  template:
+    dest: '/etc/nginx/http.d/netbox.conf'
+    src: 'netbox.conf.j2'
+  notify: reload nginx
--- a/roles/redis/tasks/main.yml
+++ b/roles/redis/tasks/main.yml
@ -0,0 +1,9 @@
+- name: Install redis
+  package:
+    name: redis
+
+- name: Enable redis service
+  service:
+    name: redis
+    enabled: true
+    state: started
--- a/setup.yml
+++ b/setup.yml
@ -25,6 +25,7 @@
  roles:
    - alpine
    - postgres
+    - redis
    - nginx
    - netbox
  vars: