init netbox playbook
This commit is contained in:
parent
634f6a7ca7
commit
2f1aa4e4cd
54
role-rocky-netbox.yml
Normal file
54
role-rocky-netbox.yml
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
---
|
||||||
|
# MirrorManager2
|
||||||
|
- name: Install and configure netbox
|
||||||
|
hosts: netbox
|
||||||
|
become: false
|
||||||
|
vars_files:
|
||||||
|
# This playbook requires vaults!
|
||||||
|
# vars/vaults/hostman.yml
|
||||||
|
# vars/mounts/netbox.yml # we don't know if we'll have uploads
|
||||||
|
- vars/vaults/netbox.yml
|
||||||
|
- vars/netbox.yml
|
||||||
|
|
||||||
|
# This is to try to avoid the handler issue in pre/post tasks
|
||||||
|
handlers:
|
||||||
|
- import_tasks: handlers/main.yml
|
||||||
|
|
||||||
|
pre_tasks:
|
||||||
|
- name: Check if ansible cannot be run here
|
||||||
|
stat:
|
||||||
|
path: /etc/no-ansible
|
||||||
|
register: no_ansible
|
||||||
|
|
||||||
|
- name: Verify if we can run ansible
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- "not no_ansible.stat.exists"
|
||||||
|
success_msg: "We are able to run on this node"
|
||||||
|
fail_msg: "/etc/no-ansible exists - skipping run on this node"
|
||||||
|
|
||||||
|
#tasks:
|
||||||
|
#- include_tasks: tasks/efs_mount.yml
|
||||||
|
# loop: "{{ mounts }}"
|
||||||
|
# tags: ["mounts"]
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- role: rockylinux.ipagetcert
|
||||||
|
become: true
|
||||||
|
state: present
|
||||||
|
tags: ['certs']
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Perform netbox installation
|
||||||
|
ansible.builtin.import_tasks: tasks/netbox/netbox.yml
|
||||||
|
|
||||||
|
post_tasks:
|
||||||
|
- name: Touching run file that ansible has ran here
|
||||||
|
become: true
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /var/log/ansible.run
|
||||||
|
state: touch
|
||||||
|
mode: '0644'
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
...
|
3
tasks/netbox/cleanup.yml
Normal file
3
tasks/netbox/cleanup.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
# no tasks
|
||||||
|
...
|
5
tasks/netbox/install.yml
Normal file
5
tasks/netbox/install.yml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
- name: Download netbox
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url:
|
||||||
|
...
|
10
tasks/netbox/netbox.yml
Normal file
10
tasks/netbox/netbox.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
- name: Pre-game setup
|
||||||
|
ansible.builtin.import_tasks: presetup.yml
|
||||||
|
|
||||||
|
- name: Installation
|
||||||
|
ansible.builtin.import_tasks: install.yml
|
||||||
|
|
||||||
|
- name: Cleanup
|
||||||
|
ansible.builtin.import_tasks: cleanup.yml
|
||||||
|
...
|
29
tasks/netbox/presetup.yml
Normal file
29
tasks/netbox/presetup.yml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
---
|
||||||
|
- name: Install git and nginx
|
||||||
|
become: true
|
||||||
|
ansible.builtin.package:
|
||||||
|
name:
|
||||||
|
- git
|
||||||
|
- nginx
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Install required software to build python libs
|
||||||
|
become: true
|
||||||
|
ansible.builtin.package:
|
||||||
|
name:
|
||||||
|
- gcc
|
||||||
|
- libxml2-devel
|
||||||
|
- libxslt-devel
|
||||||
|
- libffi-devel
|
||||||
|
- libpq-devel
|
||||||
|
- openssl-devel
|
||||||
|
- redhat-rpm-config
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Setup initial netbox user
|
||||||
|
become: true
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: netbox
|
||||||
|
comment: "NetBox"
|
||||||
|
system: true
|
||||||
|
...
|
29
templates/etc/nginx/conf.d/netbox.conf.j2
Normal file
29
templates/etc/nginx/conf.d/netbox.conf.j2
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
server {
|
||||||
|
listen [::]:443 ssl ipv6only=off;
|
||||||
|
|
||||||
|
# CHANGE THIS TO YOUR SERVER'S NAME
|
||||||
|
server_name {{ netbox_server_name }};
|
||||||
|
|
||||||
|
ssl_certificate /etc/pki/tls/certs/{{ netbox_server_name }}.crt;
|
||||||
|
ssl_certificate_key /etc/pki/tls/certs/{{ netbox_server_name }}.crt;
|
||||||
|
|
||||||
|
client_max_body_size 25m;
|
||||||
|
|
||||||
|
location /static/ {
|
||||||
|
alias /opt/netbox/netbox/static/;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://127.0.0.1:8001;
|
||||||
|
proxy_set_header X-Forwarded-Host $http_host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
# Redirect HTTP traffic to HTTPS
|
||||||
|
listen [::]:80 ipv6only=off;
|
||||||
|
server_name _;
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
}
|
248
templates/opt/netbox/netbox/netbox/configuration.py.j2
Normal file
248
templates/opt/netbox/netbox/netbox/configuration.py.j2
Normal file
@ -0,0 +1,248 @@
|
|||||||
|
#########################
|
||||||
|
# #
|
||||||
|
# Required settings #
|
||||||
|
# #
|
||||||
|
#########################
|
||||||
|
|
||||||
|
# This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write
|
||||||
|
# access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.
|
||||||
|
#
|
||||||
|
# Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']
|
||||||
|
ALLOWED_HOSTS = ['{{ netbox_server_name }}', '{{ ansible_fqdn }}']
|
||||||
|
|
||||||
|
# PostgreSQL database configuration. See the Django documentation for a complete list of available parameters:
|
||||||
|
# https://docs.djangoproject.com/en/stable/ref/settings/#databases
|
||||||
|
DATABASE = {
|
||||||
|
'ENGINE': 'django.db.backends.postgresql', # Database engine
|
||||||
|
'NAME': '{{ netbox_db_name }}',
|
||||||
|
'USER': '{{ netbox_db_user }}',
|
||||||
|
'PASSWORD': '{{ netbox_db_password }}',
|
||||||
|
'HOST': '{{ netbox_db_host }}', # Database server
|
||||||
|
'PORT': '{{ netbox_db_port|default('5432') }}', # Database port (leave blank for default)
|
||||||
|
'CONN_MAX_AGE': 300, # Max database connection age
|
||||||
|
}
|
||||||
|
|
||||||
|
# Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate
|
||||||
|
# configuration exists for each. Full connection details are required in both sections, and it is strongly recommended
|
||||||
|
# to use two separate database IDs.
|
||||||
|
REDIS = {
|
||||||
|
'tasks': {
|
||||||
|
'HOST': 'localhost',
|
||||||
|
'PORT': 6379,
|
||||||
|
# Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
|
||||||
|
# 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
|
||||||
|
# 'SENTINEL_SERVICE': 'netbox',
|
||||||
|
'USERNAME': '',
|
||||||
|
'PASSWORD': '',
|
||||||
|
'DATABASE': 0,
|
||||||
|
'SSL': False,
|
||||||
|
# Set this to True to skip TLS certificate verification
|
||||||
|
# This can expose the connection to attacks, be careful
|
||||||
|
# 'INSECURE_SKIP_TLS_VERIFY': False,
|
||||||
|
# Set a path to a certificate authority, typically used with a self signed certificate.
|
||||||
|
# 'CA_CERT_PATH': '/etc/ssl/certs/ca.crt',
|
||||||
|
},
|
||||||
|
'caching': {
|
||||||
|
'HOST': 'localhost',
|
||||||
|
'PORT': 6379,
|
||||||
|
# Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
|
||||||
|
# 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
|
||||||
|
# 'SENTINEL_SERVICE': 'netbox',
|
||||||
|
'USERNAME': '',
|
||||||
|
'PASSWORD': '',
|
||||||
|
'DATABASE': 1,
|
||||||
|
'SSL': False,
|
||||||
|
# Set this to True to skip TLS certificate verification
|
||||||
|
# This can expose the connection to attacks, be careful
|
||||||
|
# 'INSECURE_SKIP_TLS_VERIFY': False,
|
||||||
|
# Set a path to a certificate authority, typically used with a self signed certificate.
|
||||||
|
# 'CA_CERT_PATH': '/etc/ssl/certs/ca.crt',
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# This key is used for secure generation of random numbers and strings. It must never be exposed outside of this file.
|
||||||
|
# For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and
|
||||||
|
# symbols. NetBox will not run without this defined. For more information, see
|
||||||
|
# https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY
|
||||||
|
SECRET_KEY = '{{ netbox_secret_key }}'
|
||||||
|
|
||||||
|
|
||||||
|
#########################
|
||||||
|
# #
|
||||||
|
# Optional settings #
|
||||||
|
# #
|
||||||
|
#########################
|
||||||
|
|
||||||
|
# Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of
|
||||||
|
# application errors (assuming correct email settings are provided).
|
||||||
|
ADMINS = [
|
||||||
|
('{{ netbox_admin_name }}', '{{ netbox_admin_contact }}'),
|
||||||
|
]
|
||||||
|
|
||||||
|
# Permit the retrieval of API tokens after their creation.
|
||||||
|
ALLOW_TOKEN_RETRIEVAL = False
|
||||||
|
|
||||||
|
# Enable any desired validators for local account passwords below. For a list of included validators, please see the
|
||||||
|
# Django documentation at https://docs.djangoproject.com/en/stable/topics/auth/passwords/#password-validation.
|
||||||
|
AUTH_PASSWORD_VALIDATORS = [
|
||||||
|
# {
|
||||||
|
# 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
|
||||||
|
# 'OPTIONS': {
|
||||||
|
# 'min_length': 10,
|
||||||
|
# }
|
||||||
|
# },
|
||||||
|
]
|
||||||
|
|
||||||
|
# Base URL path if accessing NetBox within a directory. For example, if installed at https://example.com/netbox/, set:
|
||||||
|
# BASE_PATH = 'netbox/'
|
||||||
|
BASE_PATH = ''
|
||||||
|
|
||||||
|
# API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be
|
||||||
|
# allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or
|
||||||
|
# CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers
|
||||||
|
CORS_ORIGIN_ALLOW_ALL = False
|
||||||
|
CORS_ORIGIN_WHITELIST = [
|
||||||
|
# 'https://hostname.example.com',
|
||||||
|
]
|
||||||
|
CORS_ORIGIN_REGEX_WHITELIST = [
|
||||||
|
# r'^(https?://)?(\w+\.)?example\.com$',
|
||||||
|
]
|
||||||
|
|
||||||
|
# The name to use for the CSRF token cookie.
|
||||||
|
CSRF_COOKIE_NAME = 'csrftoken'
|
||||||
|
|
||||||
|
# Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal
|
||||||
|
# sensitive information about your installation. Only enable debugging while performing testing. Never enable debugging
|
||||||
|
# on a production system.
|
||||||
|
DEBUG = False
|
||||||
|
|
||||||
|
# Set the default preferred language/locale
|
||||||
|
DEFAULT_LANGUAGE = 'en-us'
|
||||||
|
|
||||||
|
# Email settings
|
||||||
|
EMAIL = {
|
||||||
|
'SERVER': 'localhost',
|
||||||
|
'PORT': 25,
|
||||||
|
'USERNAME': '',
|
||||||
|
'PASSWORD': '',
|
||||||
|
'USE_SSL': False,
|
||||||
|
'USE_TLS': False,
|
||||||
|
'TIMEOUT': 10, # seconds
|
||||||
|
'FROM_EMAIL': '',
|
||||||
|
}
|
||||||
|
|
||||||
|
# Localization
|
||||||
|
ENABLE_LOCALIZATION = False
|
||||||
|
|
||||||
|
# Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and
|
||||||
|
# by anonymous users. List models in the form `<app>.<model>`. Add '*' to this list to exempt all models.
|
||||||
|
EXEMPT_VIEW_PERMISSIONS = [
|
||||||
|
# 'dcim.site',
|
||||||
|
# 'dcim.region',
|
||||||
|
# 'ipam.prefix',
|
||||||
|
]
|
||||||
|
|
||||||
|
# HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks).
|
||||||
|
# HTTP_PROXIES = {
|
||||||
|
# 'http': 'http://10.10.1.10:3128',
|
||||||
|
# 'https': 'http://10.10.1.10:1080',
|
||||||
|
# }
|
||||||
|
|
||||||
|
# IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing
|
||||||
|
# NetBox from an internal IP.
|
||||||
|
INTERNAL_IPS = ('127.0.0.1', '::1')
|
||||||
|
|
||||||
|
# Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs:
|
||||||
|
# https://docs.djangoproject.com/en/stable/topics/logging/
|
||||||
|
LOGGING = {}
|
||||||
|
|
||||||
|
# Automatically reset the lifetime of a valid session upon each authenticated request. Enables users to remain
|
||||||
|
# authenticated to NetBox indefinitely.
|
||||||
|
LOGIN_PERSISTENCE = False
|
||||||
|
|
||||||
|
# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users
|
||||||
|
# are permitted to access most data in NetBox but not make any changes.
|
||||||
|
LOGIN_REQUIRED = False
|
||||||
|
|
||||||
|
# The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to
|
||||||
|
# re-authenticate. (Default: 1209600 [14 days])
|
||||||
|
LOGIN_TIMEOUT = None
|
||||||
|
|
||||||
|
# The view name or URL to which users are redirected after logging out.
|
||||||
|
LOGOUT_REDIRECT_URL = 'home'
|
||||||
|
|
||||||
|
# The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. Note that
|
||||||
|
# the default value of this setting is derived from the installed location.
|
||||||
|
# MEDIA_ROOT = '/opt/netbox/netbox/media'
|
||||||
|
|
||||||
|
# Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics'
|
||||||
|
METRICS_ENABLED = False
|
||||||
|
|
||||||
|
# Enable installed plugins. Add the name of each plugin to the list.
|
||||||
|
PLUGINS = []
|
||||||
|
|
||||||
|
# Plugins configuration settings. These settings are used by various plugins that the user may have installed.
|
||||||
|
# Each key in the dictionary is the name of an installed plugin and its value is a dictionary of settings.
|
||||||
|
# PLUGINS_CONFIG = {
|
||||||
|
# 'my_plugin': {
|
||||||
|
# 'foo': 'bar',
|
||||||
|
# 'buzz': 'bazz'
|
||||||
|
# }
|
||||||
|
# }
|
||||||
|
|
||||||
|
# Remote authentication support
|
||||||
|
REMOTE_AUTH_ENABLED = False
|
||||||
|
REMOTE_AUTH_BACKEND = 'netbox.authentication.RemoteUserBackend'
|
||||||
|
REMOTE_AUTH_HEADER = 'HTTP_REMOTE_USER'
|
||||||
|
REMOTE_AUTH_USER_FIRST_NAME = 'HTTP_REMOTE_USER_FIRST_NAME'
|
||||||
|
REMOTE_AUTH_USER_LAST_NAME = 'HTTP_REMOTE_USER_LAST_NAME'
|
||||||
|
REMOTE_AUTH_USER_EMAIL = 'HTTP_REMOTE_USER_EMAIL'
|
||||||
|
REMOTE_AUTH_AUTO_CREATE_USER = True
|
||||||
|
REMOTE_AUTH_DEFAULT_GROUPS = []
|
||||||
|
REMOTE_AUTH_DEFAULT_PERMISSIONS = {}
|
||||||
|
|
||||||
|
# This repository is used to check whether there is a new release of NetBox available. Set to None to disable the
|
||||||
|
# version check or use the URL below to check for release in the official NetBox repository.
|
||||||
|
RELEASE_CHECK_URL = None
|
||||||
|
# RELEASE_CHECK_URL = 'https://api.github.com/repos/netbox-community/netbox/releases'
|
||||||
|
|
||||||
|
# The file path where custom reports will be stored. A trailing slash is not needed. Note that the default value of
|
||||||
|
# this setting is derived from the installed location.
|
||||||
|
# REPORTS_ROOT = '/opt/netbox/netbox/reports'
|
||||||
|
|
||||||
|
# Maximum execution time for background tasks, in seconds.
|
||||||
|
RQ_DEFAULT_TIMEOUT = 300
|
||||||
|
|
||||||
|
# The file path where custom scripts will be stored. A trailing slash is not needed. Note that the default value of
|
||||||
|
# this setting is derived from the installed location.
|
||||||
|
# SCRIPTS_ROOT = '/opt/netbox/netbox/scripts'
|
||||||
|
|
||||||
|
# The name to use for the session cookie.
|
||||||
|
SESSION_COOKIE_NAME = 'sessionid'
|
||||||
|
|
||||||
|
# By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use
|
||||||
|
# local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only
|
||||||
|
# database access.) Note that the user as which NetBox runs must have read and write permissions to this path.
|
||||||
|
SESSION_FILE_PATH = None
|
||||||
|
|
||||||
|
# By default, uploaded media is stored on the local filesystem. Using Django-storages is also supported. Provide the
|
||||||
|
# class path of the storage driver in STORAGE_BACKEND and any configuration options in STORAGE_CONFIG. For example:
|
||||||
|
# STORAGE_BACKEND = 'storages.backends.s3boto3.S3Boto3Storage'
|
||||||
|
# STORAGE_CONFIG = {
|
||||||
|
# 'AWS_ACCESS_KEY_ID': 'Key ID',
|
||||||
|
# 'AWS_SECRET_ACCESS_KEY': 'Secret',
|
||||||
|
# 'AWS_STORAGE_BUCKET_NAME': 'netbox',
|
||||||
|
# 'AWS_S3_REGION_NAME': 'eu-west-1',
|
||||||
|
# }
|
||||||
|
|
||||||
|
# Time zone (default: UTC)
|
||||||
|
TIME_ZONE = 'UTC'
|
||||||
|
|
||||||
|
# Date/time formatting. See the following link for supported formats:
|
||||||
|
# https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date
|
||||||
|
DATE_FORMAT = 'N j, Y'
|
||||||
|
SHORT_DATE_FORMAT = 'Y-m-d'
|
||||||
|
TIME_FORMAT = 'g:i a'
|
||||||
|
SHORT_TIME_FORMAT = 'H:i:s'
|
||||||
|
DATETIME_FORMAT = 'N j, Y g:i a'
|
||||||
|
SHORT_DATETIME_FORMAT = 'Y-m-d H:i'
|
15
vars/netbox.yml
Normal file
15
vars/netbox.yml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
netbox_version: "3.7.4"
|
||||||
|
netbox_checksum: ""
|
||||||
|
netbox_server_name: "netbox.rockylinux.org"
|
||||||
|
netbox_admin_name: "Infrastructure Team"
|
||||||
|
netbox_admin_content: "infrastructure@rockylinux.org"
|
||||||
|
ipa_getcert_requested_hostnames:
|
||||||
|
- name: "{{ ansible_fqdn }}"
|
||||||
|
owner: nginx
|
||||||
|
key_location: "/etc/pki/tls/private/netbox.rockylinux.org.key"
|
||||||
|
cert_location: "/etc/pki/tls/certs/netbox.rockylinux.org.crt"
|
||||||
|
postcmd: "/bin/systemctl restart nginx"
|
||||||
|
cnames:
|
||||||
|
- "netbox.rockylinux.org"
|
||||||
|
...
|
24
vars/rss.yml
24
vars/rss.yml
@ -1,6 +1,30 @@
|
|||||||
---
|
---
|
||||||
feeds_output_dir: "/mnt/repos-production/mirror/pub/feeds"
|
feeds_output_dir: "/mnt/repos-production/mirror/pub/feeds"
|
||||||
|
|
||||||
|
sig_repo_tracking:
|
||||||
|
- release: 8
|
||||||
|
contentdir: "pub/sig"
|
||||||
|
sigs:
|
||||||
|
- name: core
|
||||||
|
arch:
|
||||||
|
- x86_64
|
||||||
|
- aarch64
|
||||||
|
repositories:
|
||||||
|
- name: core-common
|
||||||
|
- name: core-infra
|
||||||
|
- release: 9
|
||||||
|
contentdir: "pub/sig"
|
||||||
|
sigs:
|
||||||
|
- name: core
|
||||||
|
arch:
|
||||||
|
- x86_64
|
||||||
|
- aarch64
|
||||||
|
- ppc64le
|
||||||
|
- s390x
|
||||||
|
repositories:
|
||||||
|
- name: core-common
|
||||||
|
- name: core-infra
|
||||||
|
|
||||||
repo_tracking:
|
repo_tracking:
|
||||||
- release: 8
|
- release: 8
|
||||||
contentdir: "pub/rocky"
|
contentdir: "pub/rocky"
|
||||||
|
Loading…
Reference in New Issue
Block a user