This repository has been archived by the owner on Mar 1, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathinstallNB.yml
325 lines (284 loc) · 7.87 KB
/
installNB.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
---
- name: "PLAY 1: INSTALL & INIT REQUIREMENTS"
hosts: netboxhost
tags: ['init']
tasks:
- name: INSTALL DEPENDENCIES
dnf:
name:
- epel-release
- postgresql
- postgresql-server
- postgresql-devel
- gcc
- python36
- python36-devel
- python3-setuptools
- libxml2-devel
- libxslt-devel
- libffi-devel
- openssl-devel
- redhat-rpm-config
- redis
- git
- httpd
- python3-psycopg2
- python3-pexpect
state: latest
- name: UPGRADE PIP TO LATEST
pip:
name: pip
executable: pip3
state: latest
- name: CHECK IF POSTGRESQL IS INITIALIZED
stat:
path: /var/lib/pgsql/data/postgresql.conf
register: init_test
# - debug:
# var: init_test.stat.exists
# tags: ['debug']
- name: INITIALIZE POSTGRESQL
command: /usr/bin/postgresql-setup --initdb --unit postgresql
when: init_test.stat.exists == false
- name: CONFIG POSTGRESQL TO ACCEPT PW-BASED AUTH
postgresql_pg_hba:
dest: /var/lib/pgsql/data/pg_hba.conf
contype: host
users: all
databases: all
method: md5
- name: START POSTGRESQL SERVICE
service:
name: postgresql
state: started
enabled: yes
- name: "PLAY 2: CREATE THE NETBOX DATABASE"
hosts: netboxhost
become_user: postgres
vars_files:
- vars/config.yml
tags: ['db']
tasks:
- name: CREATE DB
postgresql_db:
name: netbox
- name: CREATE DB USER
postgresql_user:
name: netbox
db: netbox
password: "{{ auth['password'] }}"
priv: ALL
- name: VERIFY DB STATUS
postgresql_info:
login_host: localhost
login_user: netbox
login_password: "{{ auth['password'] }}"
filter: all
register: status
failed_when: status['failed'] != false
- name: "PLAY 3: START AND VERIFY REDIS SERVICE"
hosts: netboxhost
tags: ['redis']
tasks:
- name: START REDIS SERVICE
service:
name: redis
state: started
enabled: yes
- name: TEST REDIS SERVICE STATUS
command: redis-cli ping
register: redis_resp
failed_when: redis_resp['stdout'] != "PONG"
changed_when: false
# - debug:
# # var: redis_resp
# msg: Redis response to ping is {{ redis_resp.stdout }}
- name: "PLAY 4: INSTALL & CONFIGURE NETBOX APP"
hosts: netboxhost
vars_files:
- vars/config.yml
tags: ['nbinstall']
tasks:
- name: CLONE GIT REPO
git:
repo: https://github.com/netbox-community/netbox.git
dest: /opt/netbox
- name: CREATE NETBOX SYSTEM GROUP
group:
name: netbox
state: present
system: yes
- name: CREATE NETBOX SYSTEM USER
user:
name: netbox
groups: netbox
state: present
system: yes
- name: SET NETBOX FILE PERMISSIONS
file:
path: /opt/netbox/netbox/media
owner: netbox
recurse: true
- name: CHECK FOR CONFIG FILE
stat:
path: /opt/netbox/netbox/netbox/configuration.py
register: conf_test
# - debug:
# var: conf_test.stat
- name: POPULATE NETBOX CONFIGURATION FILE
block:
- name: GENERATE SECRET KEY
command: python3 /opt/netbox/netbox/generate_secret_key.py
register: secret_key
# - debug:
# msg: secret key is {{ secret_key }}
# tags: ['debug', 'never']
- name: STORE KEY FOR TEMPLATE USE
set_fact:
nbconf_key: "{{ secret_key.stdout }}"
cacheable: yes
# - debug:
# msg: "{{ ansible_facts['nbconf_key'] }}"
# tags: ['debug','never']
- name: POPULATE NETBOX CONFIG FROM TEMPLATE
template:
src: templates/dbconf.j2
dest: /opt/netbox/netbox/netbox/configuration.py
mode: '0644'
when: conf_test.stat.exists == false
- name: CHECK IF UPGRADE.SH MUST RUN
stat:
path: /opt/netbox/venv
register: venv_test
- name: RUN UPGRADE SCRIPT & CREATE SUPER USER
block:
- name: RUN UPGRADE.SH
command: /opt/netbox/upgrade.sh
- name: CREATE SUPER USER
expect:
command: /bin/bash -c "source /opt/netbox/venv/bin/activate && python3 /opt/netbox/netbox/manage.py createsuperuser"
responses: "{{ app }}"
when: venv_test.stat.exists == false
- name: RUN TEST INSTANCE
shell: >
source /opt/netbox/venv/bin/activate
&& python3 /opt/netbox/netbox/manage.py runserver 0.0.0.0:8000 --insecure
async: 15
poll: 0
- name: WAIT FOR TEST INSTANCE START
pause:
seconds: 5
- name: TEST SERVER RESPONSE
uri:
url: "http://{{ config['ip'] }}:8000"
return_content: yes
register: uri_resp
failed_when: "'<title>Home - NetBox</title>' not in uri_resp.content"
- name: "PLAY 5: CONFIG GUINICORN & INITIALIZE NETBOX"
hosts: netboxhost
tags: ['nbinstall', 'gunicorn']
tasks:
- name: COPY DEFAULT GUINICORN CONFIG
copy:
src: /opt/netbox/contrib/gunicorn.py
dest: /opt/netbox/gunicorn.py
remote_src: yes
- name: COPY SYSTEMD FILES & RELOAD DAEMON
find:
paths: /opt/netbox/contrib
file_type: file
patterns: '*.service'
register: service_file
- copy:
src: "{{ item }}"
dest: /etc/systemd/system/
remote_src: yes
with_items:
- "{{ service_file.files[0].path }}"
- "{{ service_file.files[1].path }}"
- systemd:
daemon_reload: yes
- name: START & ENABLE NETBOX SERVICE
service:
name: "{{ item }}"
state: started
enabled: yes
loop:
- netbox-rq
- netbox
- name: "PLAY 6: HTTPD SERVER SETUP"
hosts: netboxhost
vars_files:
- vars/config.yml
tags: ['webserver', 'httpd']
tasks:
- name: CHECK FOR SELF-SIGNED CERTS
stat:
path: /etc/ssl/private/netbox.key
register: cert_test
- name: GENERATE CERTS
block:
- name: CREATE CERTS DIR
file:
path: /etc/ssl/private
state: directory
- name: GENERATE SELF SIGNED CERTIFICATE
expect:
command: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/netbox.key -out /etc/ssl/certs/netbox.crt
responses: "{{ ssl }}"
when: cert_test.stat.exists == false
- name: POPULATE HTTPD CONFIG FROM TEMPLATE
template:
src: templates/httpdconf.j2
dest: /etc/httpd/conf.d/netbox.conf
mode: '0644'
- name: INSTALL MOD_SSL HTTPD MODULE
dnf:
name: certwatch-mod_ssl
state: present
- name: ENABLE HTTPD MODULES
blockinfile:
path: /etc/httpd/conf.modules.d/02-netbox.conf
create: yes
mode: '0644'
block: |
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule headers_module modules/mod_headers.so
- name: CONFIGURE FIREWALLD TO ALLOW HTTPS TRAFFIC
ansible.posix.firewalld:
service: https
state: enabled
permanent: yes
immediate: yes
- name: CONFIURE SELINUX TO ALLOW HTTPD TRAFFIC
seboolean:
name: httpd_can_network_connect
state: on
persistent: yes
- name: START HTTPD SERVICE
service:
name: httpd
state: restarted
enabled: yes
- name: "PLAY 7: INSTALL ANSIBLE MODULES"
hosts: netboxhost
vars_files:
- vars/config.yml
tags: ['modules']
tasks:
- name: INSTALL ANSIBLE & PYNETBOX
dnf:
name:
- ansible
- python3-pynetbox
state: latest
- name: INSTALL NETBOX.NETBOX COLLECTION
command: ansible-galaxy collection install netbox.netbox -c
- name: NETBOX SETUP COMPLETE
debug:
msg:
- Access your Netbox server at https://{{ config['ip'] }} or https://{{ config['domain'] }} if you've setup dns.
- Playbook by Adam Woolhether | https://github.com/adamwoolhether | [email protected]
- Thanks to NetBox team and DigitalOcean for such a great tool!