Puppet Class: profile::netbox::scripts

Defined in:
modules/profile/manifests/netbox/scripts.pp

Overview

Class: profile::netbox::scripts

This profile configures a small proxy for retrieving results from Netbox CustomScripts

Actions:

Setup uwsgi-netbox-scriptproxy as a proxy.
Create an apache site with limited access to proxy to the above.

Requires:

Sample Usage:

include profile::netbox::scripts

Parameters:

  • deploy_acme (Boolean) (defaults to: lookup('profile::netbox::acme', {'default_value' => true}))
  • acme_certificate (String) (defaults to: lookup('profile::netbox::acme_certificate', {'default_value' => 'netbox'}))
  • prometheus_nodes (Array[Stdlib::Fqdn]) (defaults to: lookup('prometheus_nodes', {'default_value' => []}))


14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# File 'modules/profile/manifests/netbox/scripts.pp', line 14

class profile::netbox::scripts (
    Boolean $deploy_acme = lookup('profile::netbox::acme', {'default_value' => true}),
    String $acme_certificate = lookup('profile::netbox::acme_certificate', {'default_value' => 'netbox'}),
    Array[Stdlib::Fqdn] $prometheus_nodes = lookup('prometheus_nodes', {'default_value' => []}),
) {
    $uwsgi_environ=[
        'LANG=C.UTF-8',
        'PYTHONENCODING=utf-8',
    ]
    $venv_path = '/srv/deployment/netbox/venv'
    $script_path = '/srv/deployment/netbox-extras/tools/custom_script_proxy.py'
    $service_port=8002
    $apache_port=8443

    service::uwsgi { 'netbox-scriptproxy':
        port            => $service_port,
        deployment_user => 'netbox',
        deployment      => '',
        config          => {
            need-plugins => 'python3',
            venv         => $venv_path,
            wsgi-file    => $script_path,
            vacuum       => true,
            http-socket  => "127.0.0.1:${service_port}",
            # T170189: make sure Python has a sane default encoding
            env          => $uwsgi_environ,
            max-requests => 300,
        },
        icinga_check    => false,
        core_limit      => '30G',
        require         => [Scap::Target['netbox/deploy'], Git::Clone['operations/software/netbox-extras']],
    }

    $ssl_settings = ssl_ciphersuite('apache', 'strong', true)

    $prometheus_nodes_ferm = join($prometheus_nodes, ' ')

    ferm::service { 'netbox_scripts_https':
        proto  => 'tcp',
        port   => $apache_port,
        desc   => 'Semi-restricted access to Netbox script proxy',
        srange => "(@resolve((${prometheus_nodes_ferm})) @resolve((${prometheus_nodes_ferm}), AAAA))",
    }

    httpd::site { $::fqdn:
        content => template('profile/netbox/netbox-scripts.erb'),
    }

    if !defined(Acme_chief::Cert[$acme_certificate]) and $deploy_acme {
      acme_chief::cert { $acme_certificate:
            puppet_svc => 'apache2',
        }
    }

}