- name: Install dependencies package: name: - git - python3 - python3-dev - py3-pip - py3-virtualenv - bash # for upgrade script - build-base # to build psycopg if not available - postgresql-dev # likewise - name: Checkout repo become: yes become_method: su become_user: '{{ user }}' git: repo: https://github.com/netbox-community/netbox.git dest: '{{ user_info.home }}/app' version: 'v{{ netbox_version }}' notify: run migrations - name: Copy default config copy: dest: '{{ user_info.home }}/app/netbox/netbox/configuration.py' src: '{{ user_info.home }}/app/netbox/netbox/configuration_example.py' remote_src: yes owner: '{{ user_info.uid }}' group: '{{ user_info.group }}' force: no notify: run migrations - name: Restrict access to config file: path: '{{ user_info.home }}/app/netbox/netbox/configuration.py' mode: 0600 - name: Configure secret key lineinfile: path: '{{ user_info.home }}/app/netbox/netbox/configuration.py' regexp: "^SECRET_KEY = ''" line: "SECRET_KEY = '{{ lookup('password', '/dev/null', length=50) }}'" backrefs: yes # don’t set if set already - name: Configure base settings and database lineinfile: path: '{{ user_info.home }}/app/netbox/netbox/configuration.py' regexp: '{{ item.key }}' line: '{{ item.line }}' loop: - key: '^ALLOWED_HOSTS = ' line: "ALLOWED_HOSTS = ['{{ dns_name }}']" - key: 'USER.*PostgreSQL username' line: " 'USER': '{{ user }}', # PostgreSQL username" # XXX unnecessary? #- key: '(OPTIONS|PASSWORD).*PostgreSQL password' # line: " 'OPTIONS': { 'passfile': '{{ user_info.home }}/.pgpass' }, # PostgreSQL password" # not yet compatible, see https://github.com/netbox-community/netbox-topology-views/issues/503 #- key: '^PLUGINS = ' # line: "PLUGINS = ['netbox_topology_views']" notify: run migrations - name: Configure OIDC authentication lineinfile: path: '{{ user_info.home }}/app/netbox/netbox/configuration.py' regexp: '{{ item.key }}' line: '{{ item.line }}' loop: - key: "^REMOTE_AUTH_ENABLED =" line: "REMOTE_AUTH_ENABLED = True" - key: "^REMOTE_AUTH_BACKEND =" line: "REMOTE_AUTH_BACKEND = 'social_core.backends.open_id_connect.OpenIdConnectAuth'" - key: "^SOCIAL_AUTH_OIDC_OIDC_ENDPOINT =" line: "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='oidc_endpoint') }}'" - key: "^SOCIAL_AUTH_OIDC_KEY =" line: "SOCIAL_AUTH_OIDC_KEY = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='oidc_client_id') }}'" - key: "^SOCIAL_AUTH_OIDC_SECRET =" line: "SOCIAL_AUTH_OIDC_SECRET = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='oidc_client_secret') }}'" # TODO the key should really be upn but it doesn’t seem to work - key: "^SOCIAL_AUTH_OIDC_USERNAME_KEY =" line: "SOCIAL_AUTH_OIDC_USERNAME_KEY = 'email'" notify: run migrations - name: Set additional requirements become: yes become_method: su become_user: '{{ user }}' copy: dest: '{{ user_info.home }}/app/' src: local_requirements.txt notify: run migrations - meta: flush_handlers - name: Create superuser become: yes become_method: su become_user: '{{ user }}' command: cmd: '{{ user_info.home }}/app/venv/bin/python {{ user_info.home }}/app/netbox/manage.py shell --interface python' stdin: | import sys from users.models import User #from django.contrib.auth.models import User username = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='admin_user') }}' if not User.objects.filter(username=username): User.objects.create_superuser(username, '', # TODO email '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='admin_pass') }}') sys.exit(1) register: result changed_when: result.rc != 0 - name: Set up gunicorn copy: dest: /srv/netbox/gunicorn.py src: /srv/netbox/app/contrib/gunicorn.py remote_src: yes force: no owner: netbox group: netbox - name: Set up cron job file: dest: /etc/periodic/daily/netbox-housekeeping.sh src: /srv/netbox/app/contrib/netbox-housekeeping.sh state: link - name: Install services template: dest: '/etc/init.d/{{ item }}' src: '{{ item }}.initd.j2' mode: 0755 loop: - netbox - netbox-rq - name: Enable services service: name: '{{ item }}' enabled: true state: started loop: - netbox - netbox-rq - name: Set up nginx site template: dest: '/etc/nginx/http.d/netbox.conf' src: 'netbox.conf.j2' notify: reload nginx