Puppet Class: netbox

Defined in:
modules/netbox/manifests/init.pp

Overview

Class: netbox::base

Installs Netbox

Parameters

service_hostname

The external hostname for this service.

secret_key

Django secret key

ldap_password

Password of the LDAP bind user

db_host

The database host address.

db_password

Password of the database user

db_port

The port on which the database is listening.

db_user

The user to connect to the database as.

debug

Turn on django debugging

port

Port the python app listen on

config_path

Path to the deploy directory

venv_path

Path to the python virtualenv

directory

Path to the netbox app

extras_path

The path which the extras repository will be cloned to

ensure

installs/removes config files

ldap_server

The LDAP server to specify in the configuration

include_ldap

Enable/disable LDAP authentication

swift_auth_url

The authentication URL to be used for image storage. Setting this to undef will prevent swift form being configured.

swift_user

The user to connect to SWIFT for image storage as.

swift_key

The key for the above user.

swift_container

The name of the SWIFT container to store images to

swift_ca

The path to the CA that signs the SWIFT api endpoint.

redis_host

The hostname of the Redis instance to use for caching.

redis_port

The port of the Redis instance to use for caching.

redis_password

The password to authenticate to Redis with.

redis_database

The database to select in the Redis host.

redis_cache_database

The database to select in the Redis host for caching.

Parameters:

  • service_hostname (Stdlib::Fqdn)
  • secret_key (String)
  • ldap_password (String)
  • db_host (Stdlib::Fqdn)
  • db_password (String)
  • db_port (Stdlib::Port) (defaults to: 5432)
  • db_user (String) (defaults to: 'netbox')
  • debug (Boolean) (defaults to: false)
  • port (Stdlib::Port) (defaults to: 8001)
  • config_path (Stdlib::Unixpath) (defaults to: '/srv/deployment/netbox/deploy')
  • venv_path (Stdlib::Unixpath) (defaults to: '/srv/deployment/netbox/venv')
  • directory (Stdlib::Unixpath) (defaults to: '/srv/deployment/netbox/deploy/src')
  • extras_path (Stdlib::Unixpath) (defaults to: '/srv/deployment/netbox-extras')
  • ensure (Wmflib::Ensure) (defaults to: 'present')
  • ldap_server (Optional[Stdlib::Fqdn]) (defaults to: undef)
  • include_ldap (Boolean) (defaults to: false)
  • swift_auth_url (Optional[Stdlib::HTTPUrl]) (defaults to: undef)
  • swift_user (Optional[String]) (defaults to: undef)
  • swift_key (Optional[String]) (defaults to: undef)
  • swift_container (Optional[String]) (defaults to: undef)
  • swift_url_key (Optional[String]) (defaults to: undef)
  • swift_ca (Optional[Stdlib::Unixpath]) (defaults to: undef)
  • redis_host (Stdlib::Fqdn) (defaults to: undef)
  • redis_port (Stdlib::Port) (defaults to: undef)
  • redis_password (String) (defaults to: undef)
  • redis_database (Integer) (defaults to: 0)
  • redis_cache_database (Integer) (defaults to: 1)


87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
# File 'modules/netbox/manifests/init.pp', line 87

class netbox(
    Stdlib::Fqdn $service_hostname,
    String $secret_key,
    String $ldap_password,
    Stdlib::Fqdn $db_host,
    String $db_password,
    Stdlib::Port $db_port = 5432,
    String $db_user = 'netbox',
    Boolean $debug=false,
    Stdlib::Port $port=8001,
    Stdlib::Unixpath $config_path = '/srv/deployment/netbox/deploy',
    Stdlib::Unixpath $venv_path = '/srv/deployment/netbox/venv',
    Stdlib::Unixpath $directory = '/srv/deployment/netbox/deploy/src',
    Stdlib::Unixpath $extras_path = '/srv/deployment/netbox-extras',
    Wmflib::Ensure $ensure='present',
    Optional[Stdlib::Fqdn] $ldap_server = undef,
    Boolean $include_ldap = false,
    Optional[Stdlib::HTTPUrl] $swift_auth_url = undef,
    Optional[String] $swift_user = undef,
    Optional[String] $swift_key = undef,
    Optional[String] $swift_container = undef,
    Optional[String] $swift_url_key = undef,
    Optional[Stdlib::Unixpath] $swift_ca = undef,
    Stdlib::Fqdn $redis_host = undef,
    Stdlib::Port $redis_port = undef,
    String $redis_password = undef,
    Integer $redis_database = 0,
    Integer $redis_cache_database = 1,
) {
    require_package('virtualenv', 'python3-pip', 'python3-pynetbox')
    $home_path = '/var/lib/netbox'

    file { $home_path:
        ensure => directory,
        owner  => 'netbox',
        group  => 'netbox',
        mode   => '0755',
    }

    user { 'netbox':
        ensure  => $ensure,
        comment => 'This is the global owner for all Netbox things.',
        system  => true,
        home    => $home_path,
        shell   => '/bin/bash'
    }

    file { '/etc/netbox/configuration.py':
        ensure  => $ensure,
        owner   => 'netbox',
        group   => 'www-data',
        mode    => '0440',
        content => template('netbox/configuration.py.erb'),
        require => [Scap::Target['netbox/deploy'],
                    User['netbox']],
        before  => Uwsgi::App['netbox'],
        notify  => [Service['uwsgi-netbox'], Service['rq-netbox']],
    }

    if $include_ldap {
        file { '/etc/netbox/ldap.py':
            ensure  => $ensure,
            owner   => 'netbox',
            group   => 'www-data',
            mode    => '0440',
            content => template('netbox/ldap_config.py.erb'),
            require => Scap::Target['netbox/deploy'],
            before  => Uwsgi::App['netbox'],
            notify  => [Service['uwsgi-netbox'], Service['rq-netbox']],
        }
    }

    # Netbox is controlled via a custom systemd unit (uwsgi-netbox),
    # so avoid the generic uwsgi sysvinit script shipped in the package
    exec { 'mask_default_uwsgi':
        command => '/bin/systemctl mask uwsgi.service',
        creates => '/etc/systemd/system/uwsgi.service',
    }

  $base_uwsgi_environ=[
      'LANG=C.UTF-8',
      'PYTHONENCODING=utf-8',
  ]
  if $swift_ca {
      $uwsgi_environ = concat($base_uwsgi_environ, "REQUESTS_CA_BUNDLE=${swift_ca}")
  }
  else {
      $uwsgi_environ = $base_uwsgi_environ
  }
  service::uwsgi { 'netbox':
      port            => $port,
      deployment_user => 'netbox',
      config          => {
          need-plugins => 'python3',
          chdir        => "${directory}/netbox",
          venv         => $venv_path,
          wsgi         => 'netbox.wsgi',
          vacuum       => true,
          http-socket  => "127.0.0.1:${port}",
          # T170189: make sure Python has a sane default encoding
          env          => $uwsgi_environ,
          max-requests => 300,
      },
      healthcheck_url => '/login/',
      icinga_check    => false,
      sudo_rules      => [
          'ALL=(root) NOPASSWD: /usr/sbin/service uwsgi-netbox restart',
          'ALL=(root) NOPASSWD: /usr/sbin/service uwsgi-netbox start',
          'ALL=(root) NOPASSWD: /usr/sbin/service uwsgi-netbox status',
          'ALL=(root) NOPASSWD: /usr/sbin/service uwsgi-netbox stop',
      ],
      core_limit      => '30G',
  }

  systemd::service { 'rq-netbox':
      ensure  => $ensure,
      content => file('netbox/rq-netbox.service'),
  }

  base::service_auto_restart { 'uwsgi-netbox': }
  base::service_auto_restart { 'rq-netbox': }

}