From e6a1877020824f90cb2fc93f25d2b6db033a65e0 Mon Sep 17 00:00:00 2001 From: Patrick Neff Date: Fri, 8 Jul 2022 21:51:48 +0200 Subject: [PATCH] Initial commit --- defaults/main.yml | 10 ++ meta/main.yml | 8 ++ tasks/main.yml | 109 ++++++++++++++++ templates/configuration.py.j2 | 228 ++++++++++++++++++++++++++++++++++ templates/nginx.conf.j2 | 23 ++++ 5 files changed, 378 insertions(+) create mode 100644 defaults/main.yml create mode 100644 meta/main.yml create mode 100644 tasks/main.yml create mode 100644 templates/configuration.py.j2 create mode 100644 templates/nginx.conf.j2 diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..1e2c018 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,10 @@ +netbox_user: netbox +netbox_group: netbox +netbox_path: /opt/netbox + +netbox_allowed_hosts: + - '*' + +netbox_configuration: + database: + name: netbox \ No newline at end of file diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..478803a --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,8 @@ +galaxy_info: + role_name: netbox + +dependencies: + - git + - postgresql + - redis + diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..422d051 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,109 @@ +- name: Install packages. + tags: netbox + become: true + ansible.builtin.package: + name: + - python3 + - python3-pip + - python3-venv + - python3-dev + - build-essential + - libxml2-dev + - libxslt1-dev + - libffi-dev + - libpq-dev + - libssl-dev + - zlib1g-dev + +- name: Create service group. + tags: netbox + become: true + ansible.builtin.group: + state: present + name: "{{ netbox_group }}" + system: yes + +- name: Create service user. + tags: netbox + become: true + ansible.builtin.user: + state: present + name: "{{ netbox_user }}" + group: "{{ netbox_group }}" + system: yes + +- name: Create directory. + become: true + ansible.builtin.file: + path: "{{ netbox_path }}" + state: directory + mode: 0700 + owner: "{{ netbox_user }}" + group: "{{ netbox_group }}" + +- name: Git checkout. + become: true + become_user: "{{ netbox_user }}" + ansible.builtin.git: + repo: 'https://github.com/netbox-community/netbox.git' + dest: "{{ netbox_path }}" + version: master + depth: 1 + register: netbox_git_checkout + +- name: Create configuration from template. + become: true + ansible.builtin.template: + src: "configuration.py.j2" + dest: "{{ netbox_path }}/netbox/netbox/configuration.py" + owner: "{{ netbox_user }}" + group: "{{ netbox_user }}" + mode: 0600 + +- name: Run update script. + become: true + become_user: netbox + ansible.builtin.shell: + cmd: "cd {{ netbox_path }} && /opt/netbox/upgrade.sh" + when: netbox_git_checkout.changed == true + +- name: Schedule housekeeping task. + become: true + ansible.builtin.file: + src: "{{ netbox_path }}/contrib/netbox-housekeeping.sh" + dest: /etc/cron.daily/netbox-housekeeping.sh + state: link + +- name: Create Gunicorn config. + become: true + ansible.builtin.copy: + remote_src: true + src: "{{ netbox_path }}/contrib/gunicorn.py" + dest: "{{ netbox_path }}/gunicorn.py" + +- name: Create systemd services. + become: true + ansible.builtin.copy: + remote_src: true + src: "{{ netbox_path }}/contrib/{{ item }}" + dest: "/etc/systemd/system/{{ item }}" + with_items: + - netbox.service + - netbox-rq.service + +- name: Enable systemd services. + become: true + ansible.builtin.systemd: + name: "{{ item }}" + state: started + enabled: true + with_items: + - netbox.service + - netbox-rq.service + +- name: Create nginx site. + become: true + ansible.builtin.template: + src: "nginx.conf.j2" + dest: "/etc/nginx/conf.d/netbox.conf" + notify: reload nginx \ No newline at end of file diff --git a/templates/configuration.py.j2 b/templates/configuration.py.j2 new file mode 100644 index 0000000..630e883 --- /dev/null +++ b/templates/configuration.py.j2 @@ -0,0 +1,228 @@ +# {{ ansible_managed }} + +######################### +# # +# Required settings # +# # +######################### + +# This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write +# access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name. +# +# Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local'] +ALLOWED_HOSTS = {{ netbox_allowed_hosts | to_json }} + +# PostgreSQL database configuration. See the Django documentation for a complete list of available parameters: +# https://docs.djangoproject.com/en/stable/ref/settings/#databases +DATABASE = { + 'NAME': '{{ netbox_configuration.database.name }}', # Database name + 'USER': '{{ netbox_configuration.database.user }}', # PostgreSQL username + 'PASSWORD': '{{ netbox_configuration.database.password | default() }}', # PostgreSQL password + 'HOST': '{{ netbox_configuration.database.host | default() }}', # Database server + 'PORT': '{{ netbox_configuration.database.port | default() }}', # Database port (leave blank for default) + 'CONN_MAX_AGE': 300, # Max database connection age +} + +# Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate +# configuration exists for each. Full connection details are required in both sections, and it is strongly recommended +# to use two separate database IDs. +REDIS = { + 'tasks': { + 'HOST': 'localhost', + 'PORT': 6379, + # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel + # 'SENTINELS': [('mysentinel.redis.example.com', 6379)], + # 'SENTINEL_SERVICE': 'netbox', + 'PASSWORD': '', + 'DATABASE': 0, + 'SSL': False, + # Set this to True to skip TLS certificate verification + # This can expose the connection to attacks, be careful + # 'INSECURE_SKIP_TLS_VERIFY': False, + }, + 'caching': { + 'HOST': 'localhost', + 'PORT': 6379, + # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel + # 'SENTINELS': [('mysentinel.redis.example.com', 6379)], + # 'SENTINEL_SERVICE': 'netbox', + 'PASSWORD': '', + 'DATABASE': 1, + 'SSL': False, + # Set this to True to skip TLS certificate verification + # This can expose the connection to attacks, be careful + # 'INSECURE_SKIP_TLS_VERIFY': False, + } +} + +# This key is used for secure generation of random numbers and strings. It must never be exposed outside of this file. +# For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and +# symbols. NetBox will not run without this defined. For more information, see +# https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY +SECRET_KEY = '{{ netbox_secret_key }}' + + +######################### +# # +# Optional settings # +# # +######################### + +# Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of +# application errors (assuming correct email settings are provided). +ADMINS = [ + # ('John Doe', 'jdoe@example.com'), +] + +# Enable any desired validators for local account passwords below. For a list of included validators, please see the +# Django documentation at https://docs.djangoproject.com/en/stable/topics/auth/passwords/#password-validation. +AUTH_PASSWORD_VALIDATORS = [ + # { + # 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', + # 'OPTIONS': { + # 'min_length': 10, + # } + # }, +] + +# Base URL path if accessing NetBox within a directory. For example, if installed at https://example.com/netbox/, set: +# BASE_PATH = 'netbox/' +BASE_PATH = '' + +# API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be +# allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or +# CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers +CORS_ORIGIN_ALLOW_ALL = False +CORS_ORIGIN_WHITELIST = [ + # 'https://hostname.example.com', +] +CORS_ORIGIN_REGEX_WHITELIST = [ + # r'^(https?://)?(\w+\.)?example\.com$', +] + +# Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal +# sensitive information about your installation. Only enable debugging while performing testing. Never enable debugging +# on a production system. +DEBUG = False + +# Email settings +EMAIL = { + 'SERVER': 'localhost', + 'PORT': 25, + 'USERNAME': '', + 'PASSWORD': '', + 'USE_SSL': False, + 'USE_TLS': False, + 'TIMEOUT': 10, # seconds + 'FROM_EMAIL': '', +} + +# Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and +# by anonymous users. List models in the form `.`. Add '*' to this list to exempt all models. +EXEMPT_VIEW_PERMISSIONS = [ + # 'dcim.site', + # 'dcim.region', + # 'ipam.prefix', +] + +# HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks). +# HTTP_PROXIES = { +# 'http': 'http://10.10.1.10:3128', +# 'https': 'http://10.10.1.10:1080', +# } + +# IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing +# NetBox from an internal IP. +INTERNAL_IPS = ('127.0.0.1', '::1') + +# Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs: +# https://docs.djangoproject.com/en/stable/topics/logging/ +LOGGING = {} + +# Automatically reset the lifetime of a valid session upon each authenticated request. Enables users to remain +# authenticated to NetBox indefinitely. +LOGIN_PERSISTENCE = False + +# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users +# are permitted to access most data in NetBox but not make any changes. +LOGIN_REQUIRED = False + +# The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to +# re-authenticate. (Default: 1209600 [14 days]) +LOGIN_TIMEOUT = None + +# The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. Note that +# the default value of this setting is derived from the installed location. +# MEDIA_ROOT = '/opt/netbox/netbox/media' + +# By default uploaded media is stored on the local filesystem. Using Django-storages is also supported. Provide the +# class path of the storage driver in STORAGE_BACKEND and any configuration options in STORAGE_CONFIG. For example: +# STORAGE_BACKEND = 'storages.backends.s3boto3.S3Boto3Storage' +# STORAGE_CONFIG = { +# 'AWS_ACCESS_KEY_ID': 'Key ID', +# 'AWS_SECRET_ACCESS_KEY': 'Secret', +# 'AWS_STORAGE_BUCKET_NAME': 'netbox', +# 'AWS_S3_REGION_NAME': 'eu-west-1', +# } + +# Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics' +METRICS_ENABLED = False + +# Enable installed plugins. Add the name of each plugin to the list. +PLUGINS = [] + +# Plugins configuration settings. These settings are used by various plugins that the user may have installed. +# Each key in the dictionary is the name of an installed plugin and its value is a dictionary of settings. +# PLUGINS_CONFIG = { +# 'my_plugin': { +# 'foo': 'bar', +# 'buzz': 'bazz' +# } +# } + +# Remote authentication support +REMOTE_AUTH_ENABLED = False +REMOTE_AUTH_BACKEND = 'netbox.authentication.RemoteUserBackend' +REMOTE_AUTH_HEADER = 'HTTP_REMOTE_USER' +REMOTE_AUTH_AUTO_CREATE_USER = True +REMOTE_AUTH_DEFAULT_GROUPS = [] +REMOTE_AUTH_DEFAULT_PERMISSIONS = {} + +# This repository is used to check whether there is a new release of NetBox available. Set to None to disable the +# version check or use the URL below to check for release in the official NetBox repository. +RELEASE_CHECK_URL = None +# RELEASE_CHECK_URL = 'https://api.github.com/repos/netbox-community/netbox/releases' + +# The file path where custom reports will be stored. A trailing slash is not needed. Note that the default value of +# this setting is derived from the installed location. +# REPORTS_ROOT = '/opt/netbox/netbox/reports' + +# Maximum execution time for background tasks, in seconds. +RQ_DEFAULT_TIMEOUT = 300 + +# The file path where custom scripts will be stored. A trailing slash is not needed. Note that the default value of +# this setting is derived from the installed location. +# SCRIPTS_ROOT = '/opt/netbox/netbox/scripts' + +# The name to use for the csrf token cookie. +CSRF_COOKIE_NAME = 'csrftoken' + +# The name to use for the session cookie. +SESSION_COOKIE_NAME = 'sessionid' + +# By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use +# local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only +# database access.) Note that the user as which NetBox runs must have read and write permissions to this path. +SESSION_FILE_PATH = None + +# Time zone (default: UTC) +TIME_ZONE = 'UTC' + +# Date/time formatting. See the following link for supported formats: +# https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date +DATE_FORMAT = 'N j, Y' +SHORT_DATE_FORMAT = 'Y-m-d' +TIME_FORMAT = 'g:i a' +SHORT_TIME_FORMAT = 'H:i:s' +DATETIME_FORMAT = 'N j, Y g:i a' +SHORT_DATETIME_FORMAT = 'Y-m-d H:i' \ No newline at end of file diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 new file mode 100644 index 0000000..bd665a2 --- /dev/null +++ b/templates/nginx.conf.j2 @@ -0,0 +1,23 @@ +# {{ ansible_managed }} + +server { + listen [::]:443 ssl ipv6only=off default; + + # CHANGE THIS TO YOUR SERVER'S NAME + server_name _; + + include snakeoil.conf; + + client_max_body_size 25m; + + location /static/ { + alias {{ netbox_path }}/netbox/static/; + } + + location / { + proxy_pass http://127.0.0.1:8001; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + } +} \ No newline at end of file