rc/servers
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects 1 Releases Wiki Activity

netbox: factor out redis role

Browse source
This commit is contained in:
Timotej Lazar 2024-06-25 00:52:57 +02:00
parent f1f9d6fa34
commit 74cb31e243
4 changed files with 155 additions and 157 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

147
roles/netbox/tasks/app.yml
View file

@ -1,147 +0,0 @@
- name: Install dependencies
package:
name:
- git
- python3
- python3-dev
- py3-pip
- py3-virtualenv
- bash # for upgrade script
- build-base # to build psycopg if not available
- postgresql-dev # likewise
- name: Checkout repo
become: yes
become_user: '{{ user }}'
git:
repo: https://github.com/netbox-community/netbox.git
dest: '{{ user_info.home }}/app'
version: 'v{{ netbox_version }}'
notify: run migrations
- name: Copy default config
copy:
dest: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
src: '{{ user_info.home }}/app/netbox/netbox/configuration_example.py'
remote_src: yes
owner: '{{ user_info.uid }}'
group: '{{ user_info.group }}'
force: no
notify: run migrations
- name: Restrict access to config
file:
path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
mode: 0600
- name: Configure secret key
lineinfile:
path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
regexp: "^SECRET_KEY = ''"
line: "SECRET_KEY = '{{ lookup('password', '/dev/null', length=50) }}'"
backrefs: yes # don’t set if set already
- name: Configure base settings and database
lineinfile:
path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
regexp: '{{ item.key }}'
line: '{{ item.line }}'
loop:
- key: '^ALLOWED_HOSTS = '
line: "ALLOWED_HOSTS = ['{{ dns_name }}']"
- key: 'USER.*PostgreSQL username'
line: " 'USER': '{{ user }}', # PostgreSQL username"
# XXX unnecessary?
#- key: '(OPTIONS|PASSWORD).*PostgreSQL password'
# line: " 'OPTIONS': { 'passfile': '{{ user_info.home }}/.pgpass' }, # PostgreSQL password"
# not yet compatible, see https://github.com/netbox-community/netbox-topology-views/issues/503
#- key: '^PLUGINS = '
# line: "PLUGINS = ['netbox_topology_views']"
notify: run migrations
- name: Configure OIDC authentication
lineinfile:
path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
regexp: '{{ item.key }}'
line: '{{ item.line }}'
loop:
- key: "^REMOTE_AUTH_ENABLED ="
line: "REMOTE_AUTH_ENABLED = True"
- key: "^REMOTE_AUTH_BACKEND ="
line: "REMOTE_AUTH_BACKEND = 'social_core.backends.open_id_connect.OpenIdConnectAuth'"
- key: "^SOCIAL_AUTH_OIDC_OIDC_ENDPOINT ="
line: "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='oidc_endpoint') }}'"
- key: "^SOCIAL_AUTH_OIDC_KEY ="
line: "SOCIAL_AUTH_OIDC_KEY = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='oidc_client_id') }}'"
- key: "^SOCIAL_AUTH_OIDC_SECRET ="
line: "SOCIAL_AUTH_OIDC_SECRET = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='oidc_client_secret') }}'"
# TODO the key should really be upn but it doesn’t seem to work
- key: "^SOCIAL_AUTH_OIDC_USERNAME_KEY ="
line: "SOCIAL_AUTH_OIDC_USERNAME_KEY = 'email'"
notify: run migrations
- name: Set additional requirements
become: yes
become_user: '{{ user }}'
copy:
dest: '{{ user_info.home }}/app/'
src: local_requirements.txt
notify: run migrations
- meta: flush_handlers
- name: Create superuser
become: yes
become_user: '{{ user }}'
command:
cmd: '{{ user_info.home }}/app/venv/bin/python {{ user_info.home }}/app/netbox/manage.py shell --interface python'
stdin: |
import sys
from users.models import User
#from django.contrib.auth.models import User
username = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='admin_user') }}'
if not User.objects.filter(username=username):
User.objects.create_superuser(username, '', # TODO email
'{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='admin_pass') }}')
sys.exit(1)
register: result
changed_when: result.rc != 0
- name: Set up gunicorn
copy:
dest: /srv/netbox/gunicorn.py
src: /srv/netbox/app/contrib/gunicorn.py
remote_src: yes
force: no
owner: netbox
group: netbox
- name: Set up cron job
file:
dest: /etc/periodic/daily/netbox-housekeeping.sh
src: /srv/netbox/app/contrib/netbox-housekeeping.sh
state: link
- name: Install services
template:
dest: '/etc/init.d/{{ item }}'
src: '{{ item }}.initd.j2'
mode: 0755
loop:
- netbox
- netbox-rq
- name: Enable services
service:
name: '{{ item }}'
enabled: true
state: started
loop:
- netbox
- netbox-rq
- name: Set up nginx site
template:
dest: '/etc/nginx/http.d/netbox.conf'
src: 'netbox.conf.j2'
notify: reload nginx

155
roles/netbox/tasks/main.yml
View file

@ -1,12 +1,14 @@
- name: Install redis - name: Install dependencies
package: package:
name: redis name:
- git
- name: Enable redis service - python3
service: - python3-dev
name: redis - py3-pip
enabled: true - py3-virtualenv
state: started - bash # for upgrade script
- build-base # to build psycopg if not available
- postgresql-dev # likewise
- name: Create group for web service - name: Create group for web service
group: group:
@ -22,5 +24,138 @@
system: yes system: yes
register: user_info register: user_info
- name: Set up app - name: Checkout repo
import_tasks: app.yml become: yes
become_user: '{{ user }}'
git:
repo: https://github.com/netbox-community/netbox.git
dest: '{{ user_info.home }}/app'
version: 'v{{ netbox_version }}'
notify: run migrations
- name: Copy default config
copy:
dest: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
src: '{{ user_info.home }}/app/netbox/netbox/configuration_example.py'
remote_src: yes
owner: '{{ user_info.uid }}'
group: '{{ user_info.group }}'
force: no
notify: run migrations
- name: Restrict access to config
file:
path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
mode: 0600
- name: Configure secret key
lineinfile:
path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
regexp: "^SECRET_KEY = ''"
line: "SECRET_KEY = '{{ lookup('password', '/dev/null', length=50) }}'"
backrefs: yes # don’t set if set already
- name: Configure base settings and database
lineinfile:
path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
regexp: '{{ item.key }}'
line: '{{ item.line }}'
loop:
- key: '^ALLOWED_HOSTS = '
line: "ALLOWED_HOSTS = ['{{ dns_name }}']"
- key: 'USER.*PostgreSQL username'
line: " 'USER': '{{ user }}', # PostgreSQL username"
# XXX unnecessary?
#- key: '(OPTIONS|PASSWORD).*PostgreSQL password'
# line: " 'OPTIONS': { 'passfile': '{{ user_info.home }}/.pgpass' }, # PostgreSQL password"
# not yet compatible, see https://github.com/netbox-community/netbox-topology-views/issues/503
#- key: '^PLUGINS = '
# line: "PLUGINS = ['netbox_topology_views']"
notify: run migrations
- name: Configure OIDC authentication
lineinfile:
path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
regexp: '{{ item.key }}'
line: '{{ item.line }}'
loop:
- key: "^REMOTE_AUTH_ENABLED ="
line: "REMOTE_AUTH_ENABLED = True"
- key: "^REMOTE_AUTH_BACKEND ="
line: "REMOTE_AUTH_BACKEND = 'social_core.backends.open_id_connect.OpenIdConnectAuth'"
- key: "^SOCIAL_AUTH_OIDC_OIDC_ENDPOINT ="
line: "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='oidc_endpoint') }}'"
- key: "^SOCIAL_AUTH_OIDC_KEY ="
line: "SOCIAL_AUTH_OIDC_KEY = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='oidc_client_id') }}'"
- key: "^SOCIAL_AUTH_OIDC_SECRET ="
line: "SOCIAL_AUTH_OIDC_SECRET = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='oidc_client_secret') }}'"
# TODO the key should really be upn but it doesn’t seem to work
- key: "^SOCIAL_AUTH_OIDC_USERNAME_KEY ="
line: "SOCIAL_AUTH_OIDC_USERNAME_KEY = 'email'"
notify: run migrations
- name: Set additional requirements
become: yes
become_user: '{{ user }}'
copy:
dest: '{{ user_info.home }}/app/'
src: local_requirements.txt
notify: run migrations
- meta: flush_handlers
- name: Create superuser
become: yes
become_user: '{{ user }}'
command:
cmd: '{{ user_info.home }}/app/venv/bin/python {{ user_info.home }}/app/netbox/manage.py shell --interface python'
stdin: |
import sys
from users.models import User
#from django.contrib.auth.models import User
username = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='admin_user') }}'
if not User.objects.filter(username=username):
User.objects.create_superuser(username, '', # TODO email
'{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='admin_pass') }}')
sys.exit(1)
register: result
changed_when: result.rc != 0
- name: Set up gunicorn
copy:
dest: /srv/netbox/gunicorn.py
src: /srv/netbox/app/contrib/gunicorn.py
remote_src: yes
force: no
owner: netbox
group: netbox
- name: Set up cron job
file:
dest: /etc/periodic/daily/netbox-housekeeping.sh
src: /srv/netbox/app/contrib/netbox-housekeeping.sh
state: link
- name: Install services
template:
dest: '/etc/init.d/{{ item }}'
src: '{{ item }}.initd.j2'
mode: 0755
loop:
- netbox
- netbox-rq
- name: Enable services
service:
name: '{{ item }}'
enabled: true
state: started
loop:
- netbox
- netbox-rq
- name: Set up nginx site
template:
dest: '/etc/nginx/http.d/netbox.conf'
src: 'netbox.conf.j2'
notify: reload nginx

9
roles/redis/tasks/main.yml Normal file
View file

@ -0,0 +1,9 @@
- name: Install redis
package:
name: redis
- name: Enable redis service
service:
name: redis
enabled: true
state: started

1
setup.yml
View file

@ -25,6 +25,7 @@
roles: roles:
- alpine - alpine
- postgres - postgres
- redis
- nginx - nginx
- netbox - netbox
vars: vars: