Page MenuHomeSoftware Heritage
Differential D4025 Diff 14238 site-modules/profile/manifests/netbox.pp

Changeset View

Standalone View

View Options

site-modules/profile/manifests/netbox.pp

  • This file was added.
# deploy a netbox instance
class profile::netbox {
$version = lookup('netbox::version')
$netbox_user = lookup('netbox::user')
$db_host = lookup('netbox::db::host')
$db_port = lookup('netbox::db::port')
$db_database = lookup('netbox::db::database')
$db_username = lookup('netbox::db::username')
$db_password = lookup('netbox::db::password')
$secret_key = lookup('netbox::secret_key')
$allowed_hosts = lookup('netbox::allowed_hosts')
$redis_host = lookup('netbox::redis::host')
$redis_port = lookup('netbox::redis::port')
$redis_password = lookup('netbox::redis::password')
$smtp_host = lookup('netbox::mail::host')
$email_from = lookup('netbox::mail::from')
$gunicorn_binding = lookup('netbox::gunicorn::binding')
$gunicorn_port = lookup('netbox::gunicorn::port')
$archive_url = "https://github.com/netbox-community/netbox/archive/v${version}.tar.gz"
$archive_path = "/opt/netbox-v${version}.tar.gz"
$install_path = "/opt/netbox-${version}"
$netbox_home = '/opt/netbox'
$upgrade_flag_path = "${netbox_home}/.upgrade_done"
ensure_packages ('python3-venv')
include ::postgresql::server
::postgresql::server::db {$db_database:
user => $db_username,
password => postgresql_password($db_username, $db_password)
}
class { '::redis' :
requirepass => $redis_password,
bind => '127.0.0.1',
port => $redis_port,
}
user {$netbox_user:
ensure => present,
system => true,
shell => '/bin/bash',
home => $netbox_home,
}
exec { 'netbox-archive' :
command => "wget --quiet ${archive_url} -O ${archive_path}",
path => '/usr/bin',
creates => $install_path,
notify => Exec['extract-netbox-archive'],
}
exec { 'extract-netbox-archive' :
command => "tar xvzf ${archive_path}",
cwd => '/opt/',
creates => $install_path,
refreshonly => true,
path => '/usr/bin',
notify => Exec['netbox-update-files-owner'],
}
file { $netbox_home :
ensure => link,
target => $install_path,
owner => $netbox_user,
group => $netbox_user,
require => User[$netbox_user],
}
exec { 'netbox-update-files-owner' :
command => "chown -R netbox:netbox ${install_path}",
path => '/usr/bin',
refreshonly => true,
require => User[$netbox_user],
notify => Exec['netbox-upgrade']
}
file { 'netbox-configuration':
ensure => present,
path => "${netbox_home}/netbox/netbox/configuration.py",
owner => $netbox_user,
group => $netbox_user,
content => template('profile/netbox/configuration.py.erb'),
require => User[$netbox_user],
notify => Service['netbox'],
}
file { 'netbox-gunicorn-config':
ensure => present,
path => "${netbox_home}/gunicorn.py",
owner => $netbox_user,
group => $netbox_user,
content => template('profile/netbox/gunicorn.py.erb'),
require => User[$netbox_user],
notify => Service['netbox'],
}
exec { 'netbox-upgrade':
command => "${netbox_home}/upgrade.sh",
cwd => $netbox_home,
creates => $upgrade_flag_path,
require => File['netbox-configuration'],
notify => Exec['netbox-flag-upgrade-done'],
}
exec {'netbox-flag-upgrade-done':
command => "touch ${upgrade_flag_path}",
path => '/usr/bin',
refreshonly => true,
}
::systemd::unit_file {'netbox.service':
ensure => present,
content => template('profile/netbox/netbox.service.erb'),
} ~> service {'netbox':
ensure => 'running',
enable => true,
require => File['netbox-gunicorn-config']
}
$vhost_name = lookup('netbox::vhost::name')
$cert_name = lookup('netbox::vhost::letsencrypt_cert')
$vhost_docroot = "${netbox_home}/netbox"
$vhost_ssl_protocol = lookup('netbox::vhost::ssl_protocol')
$vhost_ssl_honorcipherorder = lookup('netbox::vhost::ssl_honorcipherorder')
$vhost_ssl_cipher = lookup('netbox::vhost::ssl_cipher')
$vhost_hsts_header = lookup('netbox::vhost::hsts_header')
include ::profile::apache::common
::apache::vhost {"${vhost_name}_non-ssl":
servername => $vhost_name,
port => '80',
docroot => $vhost_docroot,
manage_docroot => false,
redirect_status => 'permanent',
redirect_dest => "https://${vhost_name}/",
}
::profile::letsencrypt::certificate {$vhost_name:}
$cert_paths = ::profile::letsencrypt::certificate_paths($vhost_name)
::apache::vhost {"${vhost_name}_ssl":
servername => $vhost_name,
port => '443',
ssl => true,
ssl_protocol => $vhost_ssl_protocol,
ssl_honorcipherorder => $vhost_ssl_honorcipherorder,
ssl_cipher => $vhost_ssl_cipher,
ssl_cert => $cert_paths['cert'],
ssl_chain => $cert_paths['chain'],
ssl_key => $cert_paths['privkey'],
headers => [$vhost_hsts_header],
docroot => $vhost_docroot,
manage_docroot => false,
directories => [
{
'path' => $vhost_docroot,
'require' => 'all granted',
'options' => ['Indexes', 'FollowSymLinks', 'MultiViews'],
},
],
proxy_pass => [
{ path => '/static',
url => '!',
},
{ path => '/',
url => "http://${gunicorn_binding}:${gunicorn_port}/",
},
],
aliases => [
{ alias => '/static',
path => "${netbox_home}/netbox/static",
},
],
require => [
File[$ssl_cert],
File[$ssl_chain],
File[$ssl_key],
],
}
File[$cert_paths['cert'], $cert_paths['chain'], $cert_paths['privkey']] ~> Class['Apache::Service']
}
About · Developer information · Legal