init netbox playbook
This commit is contained in:
parent
634f6a7ca7
commit
2f1aa4e4cd
9 changed files with 417 additions and 0 deletions
54
role-rocky-netbox.yml
Normal file
54
role-rocky-netbox.yml
Normal file
|
@ -0,0 +1,54 @@
|
|||
---
|
||||
# MirrorManager2
|
||||
- name: Install and configure netbox
|
||||
hosts: netbox
|
||||
become: false
|
||||
vars_files:
|
||||
# This playbook requires vaults!
|
||||
# vars/vaults/hostman.yml
|
||||
# vars/mounts/netbox.yml # we don't know if we'll have uploads
|
||||
- vars/vaults/netbox.yml
|
||||
- vars/netbox.yml
|
||||
|
||||
# This is to try to avoid the handler issue in pre/post tasks
|
||||
handlers:
|
||||
- import_tasks: handlers/main.yml
|
||||
|
||||
pre_tasks:
|
||||
- name: Check if ansible cannot be run here
|
||||
stat:
|
||||
path: /etc/no-ansible
|
||||
register: no_ansible
|
||||
|
||||
- name: Verify if we can run ansible
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- "not no_ansible.stat.exists"
|
||||
success_msg: "We are able to run on this node"
|
||||
fail_msg: "/etc/no-ansible exists - skipping run on this node"
|
||||
|
||||
#tasks:
|
||||
#- include_tasks: tasks/efs_mount.yml
|
||||
# loop: "{{ mounts }}"
|
||||
# tags: ["mounts"]
|
||||
|
||||
roles:
|
||||
- role: rockylinux.ipagetcert
|
||||
become: true
|
||||
state: present
|
||||
tags: ['certs']
|
||||
|
||||
tasks:
|
||||
- name: Perform netbox installation
|
||||
ansible.builtin.import_tasks: tasks/netbox/netbox.yml
|
||||
|
||||
post_tasks:
|
||||
- name: Touching run file that ansible has ran here
|
||||
become: true
|
||||
ansible.builtin.file:
|
||||
path: /var/log/ansible.run
|
||||
state: touch
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
3
tasks/netbox/cleanup.yml
Normal file
3
tasks/netbox/cleanup.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
# no tasks
|
||||
...
|
5
tasks/netbox/install.yml
Normal file
5
tasks/netbox/install.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- name: Download netbox
|
||||
ansible.builtin.get_url:
|
||||
url:
|
||||
...
|
10
tasks/netbox/netbox.yml
Normal file
10
tasks/netbox/netbox.yml
Normal file
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
- name: Pre-game setup
|
||||
ansible.builtin.import_tasks: presetup.yml
|
||||
|
||||
- name: Installation
|
||||
ansible.builtin.import_tasks: install.yml
|
||||
|
||||
- name: Cleanup
|
||||
ansible.builtin.import_tasks: cleanup.yml
|
||||
...
|
29
tasks/netbox/presetup.yml
Normal file
29
tasks/netbox/presetup.yml
Normal file
|
@ -0,0 +1,29 @@
|
|||
---
|
||||
- name: Install git and nginx
|
||||
become: true
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- git
|
||||
- nginx
|
||||
state: present
|
||||
|
||||
- name: Install required software to build python libs
|
||||
become: true
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- gcc
|
||||
- libxml2-devel
|
||||
- libxslt-devel
|
||||
- libffi-devel
|
||||
- libpq-devel
|
||||
- openssl-devel
|
||||
- redhat-rpm-config
|
||||
state: present
|
||||
|
||||
- name: Setup initial netbox user
|
||||
become: true
|
||||
ansible.builtin.user:
|
||||
name: netbox
|
||||
comment: "NetBox"
|
||||
system: true
|
||||
...
|
29
templates/etc/nginx/conf.d/netbox.conf.j2
Normal file
29
templates/etc/nginx/conf.d/netbox.conf.j2
Normal file
|
@ -0,0 +1,29 @@
|
|||
server {
|
||||
listen [::]:443 ssl ipv6only=off;
|
||||
|
||||
# CHANGE THIS TO YOUR SERVER'S NAME
|
||||
server_name {{ netbox_server_name }};
|
||||
|
||||
ssl_certificate /etc/pki/tls/certs/{{ netbox_server_name }}.crt;
|
||||
ssl_certificate_key /etc/pki/tls/certs/{{ netbox_server_name }}.crt;
|
||||
|
||||
client_max_body_size 25m;
|
||||
|
||||
location /static/ {
|
||||
alias /opt/netbox/netbox/static/;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:8001;
|
||||
proxy_set_header X-Forwarded-Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
# Redirect HTTP traffic to HTTPS
|
||||
listen [::]:80 ipv6only=off;
|
||||
server_name _;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
248
templates/opt/netbox/netbox/netbox/configuration.py.j2
Normal file
248
templates/opt/netbox/netbox/netbox/configuration.py.j2
Normal file
|
@ -0,0 +1,248 @@
|
|||
#########################
|
||||
# #
|
||||
# Required settings #
|
||||
# #
|
||||
#########################
|
||||
|
||||
# This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write
|
||||
# access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.
|
||||
#
|
||||
# Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']
|
||||
ALLOWED_HOSTS = ['{{ netbox_server_name }}', '{{ ansible_fqdn }}']
|
||||
|
||||
# PostgreSQL database configuration. See the Django documentation for a complete list of available parameters:
|
||||
# https://docs.djangoproject.com/en/stable/ref/settings/#databases
|
||||
DATABASE = {
|
||||
'ENGINE': 'django.db.backends.postgresql', # Database engine
|
||||
'NAME': '{{ netbox_db_name }}',
|
||||
'USER': '{{ netbox_db_user }}',
|
||||
'PASSWORD': '{{ netbox_db_password }}',
|
||||
'HOST': '{{ netbox_db_host }}', # Database server
|
||||
'PORT': '{{ netbox_db_port|default('5432') }}', # Database port (leave blank for default)
|
||||
'CONN_MAX_AGE': 300, # Max database connection age
|
||||
}
|
||||
|
||||
# Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate
|
||||
# configuration exists for each. Full connection details are required in both sections, and it is strongly recommended
|
||||
# to use two separate database IDs.
|
||||
REDIS = {
|
||||
'tasks': {
|
||||
'HOST': 'localhost',
|
||||
'PORT': 6379,
|
||||
# Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
|
||||
# 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
|
||||
# 'SENTINEL_SERVICE': 'netbox',
|
||||
'USERNAME': '',
|
||||
'PASSWORD': '',
|
||||
'DATABASE': 0,
|
||||
'SSL': False,
|
||||
# Set this to True to skip TLS certificate verification
|
||||
# This can expose the connection to attacks, be careful
|
||||
# 'INSECURE_SKIP_TLS_VERIFY': False,
|
||||
# Set a path to a certificate authority, typically used with a self signed certificate.
|
||||
# 'CA_CERT_PATH': '/etc/ssl/certs/ca.crt',
|
||||
},
|
||||
'caching': {
|
||||
'HOST': 'localhost',
|
||||
'PORT': 6379,
|
||||
# Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
|
||||
# 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
|
||||
# 'SENTINEL_SERVICE': 'netbox',
|
||||
'USERNAME': '',
|
||||
'PASSWORD': '',
|
||||
'DATABASE': 1,
|
||||
'SSL': False,
|
||||
# Set this to True to skip TLS certificate verification
|
||||
# This can expose the connection to attacks, be careful
|
||||
# 'INSECURE_SKIP_TLS_VERIFY': False,
|
||||
# Set a path to a certificate authority, typically used with a self signed certificate.
|
||||
# 'CA_CERT_PATH': '/etc/ssl/certs/ca.crt',
|
||||
}
|
||||
}
|
||||
|
||||
# This key is used for secure generation of random numbers and strings. It must never be exposed outside of this file.
|
||||
# For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and
|
||||
# symbols. NetBox will not run without this defined. For more information, see
|
||||
# https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY
|
||||
SECRET_KEY = '{{ netbox_secret_key }}'
|
||||
|
||||
|
||||
#########################
|
||||
# #
|
||||
# Optional settings #
|
||||
# #
|
||||
#########################
|
||||
|
||||
# Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of
|
||||
# application errors (assuming correct email settings are provided).
|
||||
ADMINS = [
|
||||
('{{ netbox_admin_name }}', '{{ netbox_admin_contact }}'),
|
||||
]
|
||||
|
||||
# Permit the retrieval of API tokens after their creation.
|
||||
ALLOW_TOKEN_RETRIEVAL = False
|
||||
|
||||
# Enable any desired validators for local account passwords below. For a list of included validators, please see the
|
||||
# Django documentation at https://docs.djangoproject.com/en/stable/topics/auth/passwords/#password-validation.
|
||||
AUTH_PASSWORD_VALIDATORS = [
|
||||
# {
|
||||
# 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
|
||||
# 'OPTIONS': {
|
||||
# 'min_length': 10,
|
||||
# }
|
||||
# },
|
||||
]
|
||||
|
||||
# Base URL path if accessing NetBox within a directory. For example, if installed at https://example.com/netbox/, set:
|
||||
# BASE_PATH = 'netbox/'
|
||||
BASE_PATH = ''
|
||||
|
||||
# API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be
|
||||
# allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or
|
||||
# CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers
|
||||
CORS_ORIGIN_ALLOW_ALL = False
|
||||
CORS_ORIGIN_WHITELIST = [
|
||||
# 'https://hostname.example.com',
|
||||
]
|
||||
CORS_ORIGIN_REGEX_WHITELIST = [
|
||||
# r'^(https?://)?(\w+\.)?example\.com$',
|
||||
]
|
||||
|
||||
# The name to use for the CSRF token cookie.
|
||||
CSRF_COOKIE_NAME = 'csrftoken'
|
||||
|
||||
# Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal
|
||||
# sensitive information about your installation. Only enable debugging while performing testing. Never enable debugging
|
||||
# on a production system.
|
||||
DEBUG = False
|
||||
|
||||
# Set the default preferred language/locale
|
||||
DEFAULT_LANGUAGE = 'en-us'
|
||||
|
||||
# Email settings
|
||||
EMAIL = {
|
||||
'SERVER': 'localhost',
|
||||
'PORT': 25,
|
||||
'USERNAME': '',
|
||||
'PASSWORD': '',
|
||||
'USE_SSL': False,
|
||||
'USE_TLS': False,
|
||||
'TIMEOUT': 10, # seconds
|
||||
'FROM_EMAIL': '',
|
||||
}
|
||||
|
||||
# Localization
|
||||
ENABLE_LOCALIZATION = False
|
||||
|
||||
# Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and
|
||||
# by anonymous users. List models in the form `<app>.<model>`. Add '*' to this list to exempt all models.
|
||||
EXEMPT_VIEW_PERMISSIONS = [
|
||||
# 'dcim.site',
|
||||
# 'dcim.region',
|
||||
# 'ipam.prefix',
|
||||
]
|
||||
|
||||
# HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks).
|
||||
# HTTP_PROXIES = {
|
||||
# 'http': 'http://10.10.1.10:3128',
|
||||
# 'https': 'http://10.10.1.10:1080',
|
||||
# }
|
||||
|
||||
# IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing
|
||||
# NetBox from an internal IP.
|
||||
INTERNAL_IPS = ('127.0.0.1', '::1')
|
||||
|
||||
# Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs:
|
||||
# https://docs.djangoproject.com/en/stable/topics/logging/
|
||||
LOGGING = {}
|
||||
|
||||
# Automatically reset the lifetime of a valid session upon each authenticated request. Enables users to remain
|
||||
# authenticated to NetBox indefinitely.
|
||||
LOGIN_PERSISTENCE = False
|
||||
|
||||
# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users
|
||||
# are permitted to access most data in NetBox but not make any changes.
|
||||
LOGIN_REQUIRED = False
|
||||
|
||||
# The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to
|
||||
# re-authenticate. (Default: 1209600 [14 days])
|
||||
LOGIN_TIMEOUT = None
|
||||
|
||||
# The view name or URL to which users are redirected after logging out.
|
||||
LOGOUT_REDIRECT_URL = 'home'
|
||||
|
||||
# The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. Note that
|
||||
# the default value of this setting is derived from the installed location.
|
||||
# MEDIA_ROOT = '/opt/netbox/netbox/media'
|
||||
|
||||
# Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics'
|
||||
METRICS_ENABLED = False
|
||||
|
||||
# Enable installed plugins. Add the name of each plugin to the list.
|
||||
PLUGINS = []
|
||||
|
||||
# Plugins configuration settings. These settings are used by various plugins that the user may have installed.
|
||||
# Each key in the dictionary is the name of an installed plugin and its value is a dictionary of settings.
|
||||
# PLUGINS_CONFIG = {
|
||||
# 'my_plugin': {
|
||||
# 'foo': 'bar',
|
||||
# 'buzz': 'bazz'
|
||||
# }
|
||||
# }
|
||||
|
||||
# Remote authentication support
|
||||
REMOTE_AUTH_ENABLED = False
|
||||
REMOTE_AUTH_BACKEND = 'netbox.authentication.RemoteUserBackend'
|
||||
REMOTE_AUTH_HEADER = 'HTTP_REMOTE_USER'
|
||||
REMOTE_AUTH_USER_FIRST_NAME = 'HTTP_REMOTE_USER_FIRST_NAME'
|
||||
REMOTE_AUTH_USER_LAST_NAME = 'HTTP_REMOTE_USER_LAST_NAME'
|
||||
REMOTE_AUTH_USER_EMAIL = 'HTTP_REMOTE_USER_EMAIL'
|
||||
REMOTE_AUTH_AUTO_CREATE_USER = True
|
||||
REMOTE_AUTH_DEFAULT_GROUPS = []
|
||||
REMOTE_AUTH_DEFAULT_PERMISSIONS = {}
|
||||
|
||||
# This repository is used to check whether there is a new release of NetBox available. Set to None to disable the
|
||||
# version check or use the URL below to check for release in the official NetBox repository.
|
||||
RELEASE_CHECK_URL = None
|
||||
# RELEASE_CHECK_URL = 'https://api.github.com/repos/netbox-community/netbox/releases'
|
||||
|
||||
# The file path where custom reports will be stored. A trailing slash is not needed. Note that the default value of
|
||||
# this setting is derived from the installed location.
|
||||
# REPORTS_ROOT = '/opt/netbox/netbox/reports'
|
||||
|
||||
# Maximum execution time for background tasks, in seconds.
|
||||
RQ_DEFAULT_TIMEOUT = 300
|
||||
|
||||
# The file path where custom scripts will be stored. A trailing slash is not needed. Note that the default value of
|
||||
# this setting is derived from the installed location.
|
||||
# SCRIPTS_ROOT = '/opt/netbox/netbox/scripts'
|
||||
|
||||
# The name to use for the session cookie.
|
||||
SESSION_COOKIE_NAME = 'sessionid'
|
||||
|
||||
# By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use
|
||||
# local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only
|
||||
# database access.) Note that the user as which NetBox runs must have read and write permissions to this path.
|
||||
SESSION_FILE_PATH = None
|
||||
|
||||
# By default, uploaded media is stored on the local filesystem. Using Django-storages is also supported. Provide the
|
||||
# class path of the storage driver in STORAGE_BACKEND and any configuration options in STORAGE_CONFIG. For example:
|
||||
# STORAGE_BACKEND = 'storages.backends.s3boto3.S3Boto3Storage'
|
||||
# STORAGE_CONFIG = {
|
||||
# 'AWS_ACCESS_KEY_ID': 'Key ID',
|
||||
# 'AWS_SECRET_ACCESS_KEY': 'Secret',
|
||||
# 'AWS_STORAGE_BUCKET_NAME': 'netbox',
|
||||
# 'AWS_S3_REGION_NAME': 'eu-west-1',
|
||||
# }
|
||||
|
||||
# Time zone (default: UTC)
|
||||
TIME_ZONE = 'UTC'
|
||||
|
||||
# Date/time formatting. See the following link for supported formats:
|
||||
# https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date
|
||||
DATE_FORMAT = 'N j, Y'
|
||||
SHORT_DATE_FORMAT = 'Y-m-d'
|
||||
TIME_FORMAT = 'g:i a'
|
||||
SHORT_TIME_FORMAT = 'H:i:s'
|
||||
DATETIME_FORMAT = 'N j, Y g:i a'
|
||||
SHORT_DATETIME_FORMAT = 'Y-m-d H:i'
|
15
vars/netbox.yml
Normal file
15
vars/netbox.yml
Normal file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
netbox_version: "3.7.4"
|
||||
netbox_checksum: ""
|
||||
netbox_server_name: "netbox.rockylinux.org"
|
||||
netbox_admin_name: "Infrastructure Team"
|
||||
netbox_admin_content: "infrastructure@rockylinux.org"
|
||||
ipa_getcert_requested_hostnames:
|
||||
- name: "{{ ansible_fqdn }}"
|
||||
owner: nginx
|
||||
key_location: "/etc/pki/tls/private/netbox.rockylinux.org.key"
|
||||
cert_location: "/etc/pki/tls/certs/netbox.rockylinux.org.crt"
|
||||
postcmd: "/bin/systemctl restart nginx"
|
||||
cnames:
|
||||
- "netbox.rockylinux.org"
|
||||
...
|
24
vars/rss.yml
24
vars/rss.yml
|
@ -1,6 +1,30 @@
|
|||
---
|
||||
feeds_output_dir: "/mnt/repos-production/mirror/pub/feeds"
|
||||
|
||||
sig_repo_tracking:
|
||||
- release: 8
|
||||
contentdir: "pub/sig"
|
||||
sigs:
|
||||
- name: core
|
||||
arch:
|
||||
- x86_64
|
||||
- aarch64
|
||||
repositories:
|
||||
- name: core-common
|
||||
- name: core-infra
|
||||
- release: 9
|
||||
contentdir: "pub/sig"
|
||||
sigs:
|
||||
- name: core
|
||||
arch:
|
||||
- x86_64
|
||||
- aarch64
|
||||
- ppc64le
|
||||
- s390x
|
||||
repositories:
|
||||
- name: core-common
|
||||
- name: core-infra
|
||||
|
||||
repo_tracking:
|
||||
- release: 8
|
||||
contentdir: "pub/rocky"
|
||||
|
|
Loading…
Reference in a new issue