rc/servers
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects 1 Releases Wiki Activity
servers/roles/netbox/tasks/app.yml
Timotej Lazar c7a3513fa1 Add netbox role 
Kinda ouroborosish if you think about it. Better don’t.
2024-05-28 12:32:28 +02:00

151 lines
4.7 KiB
YAML
Raw Blame History

- name: Install dependencies
package:
name:
- git
- python3
- python3-dev
- py3-pip
- py3-virtualenv
- bash # for upgrade script
- build-base # to build psycopg if not available
- postgresql-dev # likewise
- name: Checkout repo
become: yes
become_method: su
become_user: '{{ user }}'
git:
repo: https://github.com/netbox-community/netbox.git
dest: '{{ user_info.home }}/app'
version: 'v{{ netbox_version }}'
notify: run migrations
- name: Copy default config
copy:
dest: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
src: '{{ user_info.home }}/app/netbox/netbox/configuration_example.py'
remote_src: yes
owner: '{{ user_info.uid }}'
group: '{{ user_info.group }}'
force: no
notify: run migrations
- name: Restrict access to config
file:
path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
mode: 0600
- name: Configure secret key
lineinfile:
path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
regexp: "^SECRET_KEY = ''"
line: "SECRET_KEY = '{{ lookup('password', '/dev/null', length=50) }}'"
backrefs: yes # don’t set if set already
- name: Configure base settings and database
lineinfile:
path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
regexp: '{{ item.key }}'
line: '{{ item.line }}'
loop:
- key: '^ALLOWED_HOSTS = '
line: "ALLOWED_HOSTS = [{{ fqdns | map('regex_replace', '^(.*)$', '\"\\1\"') | join(', ') }}]"
- key: 'USER.*PostgreSQL username'
line: " 'USER': '{{ user }}', # PostgreSQL username"
# XXX unnecessary?
#- key: '(OPTIONS|PASSWORD).*PostgreSQL password'
# line: " 'OPTIONS': { 'passfile': '{{ user_info.home }}/.pgpass' }, # PostgreSQL password"
# not yet compatible, see https://github.com/netbox-community/netbox-topology-views/issues/503
#- key: '^PLUGINS = '
# line: "PLUGINS = ['netbox_topology_views']"
notify: run migrations
- name: Configure OIDC authentication
lineinfile:
path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
regexp: '{{ item.key }}'
line: '{{ item.line }}'
loop:
- key: "^REMOTE_AUTH_ENABLED ="
line: "REMOTE_AUTH_ENABLED = True"
- key: "^REMOTE_AUTH_BACKEND ="
line: "REMOTE_AUTH_BACKEND = 'social_core.backends.open_id_connect.OpenIdConnectAuth'"
- key: "^SOCIAL_AUTH_OIDC_OIDC_ENDPOINT ="
line: "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='oidc_endpoint') }}'"
- key: "^SOCIAL_AUTH_OIDC_KEY ="
line: "SOCIAL_AUTH_OIDC_KEY = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='oidc_client_id') }}'"
- key: "^SOCIAL_AUTH_OIDC_SECRET ="
line: "SOCIAL_AUTH_OIDC_SECRET = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='oidc_client_secret') }}'"
# TODO the key should really be upn but it doesn’t seem to work
- key: "^SOCIAL_AUTH_OIDC_USERNAME_KEY ="
line: "SOCIAL_AUTH_OIDC_USERNAME_KEY = 'email'"
notify: run migrations
- name: Set additional requirements
become: yes
become_method: su
become_user: '{{ user }}'
copy:
dest: '{{ user_info.home }}/app/'
src: local_requirements.txt
notify: run migrations
- meta: flush_handlers
- name: Create superuser
become: yes
become_method: su
become_user: '{{ user }}'
command:
cmd: '{{ user_info.home }}/app/venv/bin/python {{ user_info.home }}/app/netbox/manage.py shell --interface python'
stdin: |
import sys
from users.models import User
#from django.contrib.auth.models import User
username = '{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='admin_user') }}'
if not User.objects.filter(username=username):
User.objects.create_superuser(username, '', # TODO email
'{{ lookup('passwordstore', 'vm/'~inventory_hostname, subkey='admin_pass') }}')
sys.exit(1)
register: result
changed_when: result.rc != 0
- name: Set up gunicorn
copy:
dest: /srv/netbox/gunicorn.py
src: /srv/netbox/app/contrib/gunicorn.py
remote_src: yes
force: no
owner: netbox
group: netbox
- name: Set up cron job
file:
dest: /etc/periodic/daily/netbox-housekeeping.sh
src: /srv/netbox/app/contrib/netbox-housekeeping.sh
state: link
- name: Install services
template:
dest: '/etc/init.d/{{ item }}'
src: '{{ item }}.initd.j2'
mode: 0755
loop:
- netbox
- netbox-rq
- name: Enable services
service:
name: '{{ item }}'
enabled: true
state: started
loop:
- netbox
- netbox-rq
- name: Set up nginx site
template:
dest: '/etc/nginx/http.d/netbox.conf'
src: 'netbox.conf.j2'
notify: reload nginx
Reference in a new issue View git blame Copy permalink