169 lines
4.7 KiB
YAML
169 lines
4.7 KiB
YAML
- name: Install dependencies
|
|
package:
|
|
name:
|
|
- git
|
|
- python3
|
|
- python3-dev
|
|
- py3-pip
|
|
- py3-virtualenv
|
|
- bash # for upgrade script
|
|
- build-base # to build psycopg if not available
|
|
- postgresql-dev # likewise
|
|
|
|
- name: Create group for web service
|
|
group:
|
|
name: '{{ user }}'
|
|
system: yes
|
|
|
|
- name: Create user for web service
|
|
user:
|
|
name: '{{ user }}'
|
|
group: '{{ user }}'
|
|
home: '/srv/{{ user }}'
|
|
shell: /bin/sh
|
|
system: yes
|
|
register: user_info
|
|
|
|
- name: Checkout repo
|
|
become: yes
|
|
become_user: '{{ user }}'
|
|
git:
|
|
repo: https://github.com/netbox-community/netbox.git
|
|
dest: '{{ user_info.home }}/app'
|
|
version: 'v{{ netbox_version }}'
|
|
notify: run migrations
|
|
|
|
- name: Copy default config
|
|
copy:
|
|
dest: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
|
|
src: '{{ user_info.home }}/app/netbox/netbox/configuration_example.py'
|
|
remote_src: yes
|
|
owner: '{{ user_info.uid }}'
|
|
group: '{{ user_info.group }}'
|
|
force: no
|
|
notify: run migrations
|
|
|
|
- name: Restrict access to config
|
|
file:
|
|
path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
|
|
mode: 0600
|
|
|
|
- name: Configure secret key
|
|
lineinfile:
|
|
path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
|
|
regexp: "^SECRET_KEY = ''"
|
|
line: "SECRET_KEY = '{{ lookup('password', '/dev/null', length=50) }}'"
|
|
backrefs: yes # don’t set if set already
|
|
|
|
- name: Configure base settings and database
|
|
lineinfile:
|
|
path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
|
|
regexp: '{{ item.key }}'
|
|
line: '{{ item.line }}'
|
|
loop:
|
|
- key: '^ALLOWED_HOSTS = '
|
|
line: "ALLOWED_HOSTS = ['{{ dns_name }}']"
|
|
- key: 'USER.*PostgreSQL username'
|
|
line: " 'USER': '{{ user }}', # PostgreSQL username"
|
|
- key: 'PASSWORD.*PostgreSQL password'
|
|
line: " 'PASSWORD': '{{ password.db_pass }}', # PostgreSQL password"
|
|
- key: '^PLUGINS = '
|
|
line: "PLUGINS = ['netbox_topology_views']"
|
|
notify: run migrations
|
|
|
|
- name: Configure OIDC authentication
|
|
lineinfile:
|
|
path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
|
|
regexp: '{{ item.key }}'
|
|
line: '{{ item.line }}'
|
|
loop:
|
|
- key: "^REMOTE_AUTH_ENABLED ="
|
|
line: "REMOTE_AUTH_ENABLED = True"
|
|
- key: "^REMOTE_AUTH_BACKEND ="
|
|
line: "REMOTE_AUTH_BACKEND = 'social_core.backends.open_id_connect.OpenIdConnectAuth'"
|
|
- key: "^SOCIAL_AUTH_OIDC_OIDC_ENDPOINT ="
|
|
line: "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = '{{ password.oidc_endpoint }}'"
|
|
- key: "^SOCIAL_AUTH_OIDC_KEY ="
|
|
line: "SOCIAL_AUTH_OIDC_KEY = '{{ password.oidc_client_id }}'"
|
|
- key: "^SOCIAL_AUTH_OIDC_SECRET ="
|
|
line: "SOCIAL_AUTH_OIDC_SECRET = '{{ password.oidc_client_secret }}'"
|
|
- key: "^SOCIAL_AUTH_OIDC_USERNAME_KEY ="
|
|
line: "SOCIAL_AUTH_OIDC_USERNAME_KEY = 'email'"
|
|
notify: run migrations
|
|
|
|
- name: Configure various settings
|
|
lineinfile:
|
|
path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
|
|
regexp: '{{ item.key }}'
|
|
line: '{{ item.line }}'
|
|
loop:
|
|
- key: "^LOGIN_REQUIRED ="
|
|
line: "LOGIN_REQUIRED = True"
|
|
- key: "^EXEMPT_VIEW_PERMISSIONS = \\[$"
|
|
line: "EXEMPT_VIEW_PERMISSIONS = ['*',"
|
|
notify: restart netbox
|
|
|
|
- name: Set additional requirements
|
|
become: yes
|
|
become_user: '{{ user }}'
|
|
copy:
|
|
dest: '{{ user_info.home }}/app/'
|
|
src: local_requirements.txt
|
|
notify: run migrations
|
|
|
|
- meta: flush_handlers
|
|
|
|
- name: Create superuser
|
|
become: yes
|
|
become_user: '{{ user }}'
|
|
command:
|
|
cmd: '{{ user_info.home }}/app/venv/bin/python {{ user_info.home }}/app/netbox/manage.py shell --interface python'
|
|
stdin: |
|
|
import sys
|
|
from users.models import User
|
|
#from django.contrib.auth.models import User
|
|
username = '{{ password.admin_user }}'
|
|
if not User.objects.filter(username=username):
|
|
User.objects.create_superuser(username, password='{{ password.admin_pass }}')
|
|
sys.exit(1)
|
|
register: result
|
|
changed_when: result.rc != 0
|
|
|
|
- name: Set up gunicorn
|
|
copy:
|
|
dest: /srv/netbox/gunicorn.py
|
|
src: /srv/netbox/app/contrib/gunicorn.py
|
|
remote_src: yes
|
|
force: no
|
|
owner: netbox
|
|
group: netbox
|
|
|
|
- name: Set up cron job
|
|
file:
|
|
dest: /etc/periodic/daily/netbox-housekeeping.sh
|
|
src: /srv/netbox/app/contrib/netbox-housekeeping.sh
|
|
state: link
|
|
|
|
- name: Install services
|
|
template:
|
|
dest: '/etc/init.d/{{ item }}'
|
|
src: '{{ item }}.initd.j2'
|
|
mode: 0755
|
|
loop:
|
|
- netbox
|
|
- netbox-rq
|
|
|
|
- name: Enable services
|
|
service:
|
|
name: '{{ item }}'
|
|
enabled: true
|
|
state: started
|
|
loop:
|
|
- netbox
|
|
- netbox-rq
|
|
|
|
- name: Set up nginx site
|
|
template:
|
|
dest: '/etc/nginx/http.d/netbox.conf'
|
|
src: 'netbox.conf.j2'
|
|
notify: reload nginx
|