Changeset View
Changeset View
Standalone View
Standalone View
site-modules/profile/manifests/netbox.pp
- This file was added.
# deploy a netbox instance | |||||
class profile::netbox { | |||||
$version = lookup('netbox::version') | |||||
$netbox_user = lookup('netbox::user') | |||||
$db_host = lookup('netbox::db::host') | |||||
$db_port = lookup('netbox::db::port') | |||||
$db_database = lookup('netbox::db::database') | |||||
$db_username = lookup('netbox::db::username') | |||||
$db_password = lookup('netbox::db::password') | |||||
$secret_key = lookup('netbox::secret_key') | |||||
$allowed_hosts = lookup('netbox::allowed_hosts') | |||||
$redis_host = lookup('netbox::redis::host') | |||||
$redis_port = lookup('netbox::redis::port') | |||||
$redis_password = lookup('netbox::redis::password') | |||||
$smtp_host = lookup('netbox::mail::host') | |||||
$email_from = lookup('netbox::mail::from') | |||||
$gunicorn_binding = lookup('netbox::gunicorn::binding') | |||||
$gunicorn_port = lookup('netbox::gunicorn::port') | |||||
$archive_url = "https://github.com/netbox-community/netbox/archive/v${version}.tar.gz" | |||||
$archive_path = "/opt/netbox-v${version}.tar.gz" | |||||
$install_path = "/opt/netbox-${version}" | |||||
$netbox_home = '/opt/netbox' | |||||
$upgrade_flag_path = "${netbox_home}/.upgrade_done" | |||||
ensure_packages ('python3-venv') | |||||
include ::postgresql::server | |||||
::postgresql::server::db {$db_database: | |||||
user => $db_username, | |||||
password => postgresql_password($db_username, $db_password) | |||||
} | |||||
class { '::redis' : | |||||
requirepass => $redis_password, | |||||
bind => '127.0.0.1', | |||||
port => $redis_port, | |||||
} | |||||
user {$netbox_user: | |||||
ensure => present, | |||||
system => true, | |||||
shell => '/bin/bash', | |||||
home => $netbox_home, | |||||
} | |||||
exec { 'netbox-archive' : | |||||
command => "wget --quiet ${archive_url} -O ${archive_path}", | |||||
path => '/usr/bin', | |||||
creates => $install_path, | |||||
notify => Exec['extract-netbox-archive'], | |||||
} | |||||
exec { 'extract-netbox-archive' : | |||||
command => "tar xvzf ${archive_path}", | |||||
cwd => '/opt/', | |||||
creates => $install_path, | |||||
refreshonly => true, | |||||
path => '/usr/bin', | |||||
notify => Exec['netbox-update-files-owner'], | |||||
} | |||||
file { $netbox_home : | |||||
ensure => link, | |||||
target => $install_path, | |||||
owner => $netbox_user, | |||||
group => $netbox_user, | |||||
require => User[$netbox_user], | |||||
} | |||||
exec { 'netbox-update-files-owner' : | |||||
command => "chown -R netbox:netbox ${install_path}", | |||||
path => '/usr/bin', | |||||
refreshonly => true, | |||||
require => User[$netbox_user], | |||||
notify => Exec['netbox-upgrade'] | |||||
} | |||||
file { 'netbox-configuration': | |||||
ensure => present, | |||||
path => "${netbox_home}/netbox/netbox/configuration.py", | |||||
owner => $netbox_user, | |||||
group => $netbox_user, | |||||
content => template('profile/netbox/configuration.py.erb'), | |||||
require => User[$netbox_user], | |||||
notify => Service['netbox'], | |||||
} | |||||
file { 'netbox-gunicorn-config': | |||||
ensure => present, | |||||
path => "${netbox_home}/gunicorn.py", | |||||
owner => $netbox_user, | |||||
group => $netbox_user, | |||||
content => template('profile/netbox/gunicorn.py.erb'), | |||||
require => User[$netbox_user], | |||||
notify => Service['netbox'], | |||||
} | |||||
exec { 'netbox-upgrade': | |||||
command => "${netbox_home}/upgrade.sh", | |||||
cwd => $netbox_home, | |||||
creates => $upgrade_flag_path, | |||||
require => File['netbox-configuration'], | |||||
notify => Exec['netbox-flag-upgrade-done'], | |||||
} | |||||
exec {'netbox-flag-upgrade-done': | |||||
command => "touch ${upgrade_flag_path}", | |||||
path => '/usr/bin', | |||||
refreshonly => true, | |||||
} | |||||
::systemd::unit_file {'netbox.service': | |||||
ensure => present, | |||||
content => template('profile/netbox/netbox.service.erb'), | |||||
} ~> service {'netbox': | |||||
ensure => 'running', | |||||
enable => true, | |||||
require => File['netbox-gunicorn-config'] | |||||
} | |||||
$vhost_name = lookup('netbox::vhost::name') | |||||
$cert_name = lookup('netbox::vhost::letsencrypt_cert') | |||||
$vhost_docroot = "${netbox_home}/netbox" | |||||
$vhost_ssl_protocol = lookup('netbox::vhost::ssl_protocol') | |||||
$vhost_ssl_honorcipherorder = lookup('netbox::vhost::ssl_honorcipherorder') | |||||
$vhost_ssl_cipher = lookup('netbox::vhost::ssl_cipher') | |||||
$vhost_hsts_header = lookup('netbox::vhost::hsts_header') | |||||
include ::profile::apache::common | |||||
::apache::vhost {"${vhost_name}_non-ssl": | |||||
servername => $vhost_name, | |||||
port => '80', | |||||
docroot => $vhost_docroot, | |||||
manage_docroot => false, | |||||
redirect_status => 'permanent', | |||||
redirect_dest => "https://${vhost_name}/", | |||||
} | |||||
::profile::letsencrypt::certificate {$vhost_name:} | |||||
$cert_paths = ::profile::letsencrypt::certificate_paths($vhost_name) | |||||
::apache::vhost {"${vhost_name}_ssl": | |||||
servername => $vhost_name, | |||||
port => '443', | |||||
ssl => true, | |||||
ssl_protocol => $vhost_ssl_protocol, | |||||
ssl_honorcipherorder => $vhost_ssl_honorcipherorder, | |||||
ssl_cipher => $vhost_ssl_cipher, | |||||
ssl_cert => $cert_paths['cert'], | |||||
ssl_chain => $cert_paths['chain'], | |||||
ssl_key => $cert_paths['privkey'], | |||||
headers => [$vhost_hsts_header], | |||||
docroot => $vhost_docroot, | |||||
manage_docroot => false, | |||||
directories => [ | |||||
{ | |||||
'path' => $vhost_docroot, | |||||
'require' => 'all granted', | |||||
'options' => ['Indexes', 'FollowSymLinks', 'MultiViews'], | |||||
}, | |||||
], | |||||
proxy_pass => [ | |||||
{ path => '/static', | |||||
url => '!', | |||||
}, | |||||
{ path => '/', | |||||
url => "http://${gunicorn_binding}:${gunicorn_port}/", | |||||
}, | |||||
], | |||||
aliases => [ | |||||
{ alias => '/static', | |||||
path => "${netbox_home}/netbox/static", | |||||
}, | |||||
], | |||||
require => [ | |||||
File[$ssl_cert], | |||||
File[$ssl_chain], | |||||
File[$ssl_key], | |||||
], | |||||
} | |||||
File[$cert_paths['cert'], $cert_paths['chain'], $cert_paths['privkey']] ~> Class['Apache::Service'] | |||||
} |