From 84dd6e21ef302254d5ee5acafd7f3d3f9a98a872 Mon Sep 17 00:00:00 2001
From: Erin Moon <erin@hashbang.sh>
Date: Wed, 8 Jan 2020 17:59:16 -0600
Subject: [PATCH] write netbox role and provision it

---
 provision.yml                                    |   6 +-
 roles/netbox/defaults/main.yml                   |   4 +
 roles/netbox/tasks/main.yml                      | 165 +++++++++++++++++++++++
 roles/netbox/templates/netbox/configuration.py   |  24 ++++
 roles/netbox/templates/netbox/gunicorn_config.py |   5 +
 roles/netbox/templates/nginx/netbox.conf         |  19 +++
 roles/netbox/templates/supervisor/netbox.conf    |   9 ++
 7 files changed, 230 insertions(+), 2 deletions(-)
 create mode 100644 roles/netbox/defaults/main.yml
 create mode 100644 roles/netbox/tasks/main.yml
 create mode 100644 roles/netbox/templates/netbox/configuration.py
 create mode 100644 roles/netbox/templates/netbox/gunicorn_config.py
 create mode 100644 roles/netbox/templates/nginx/netbox.conf
 create mode 100644 roles/netbox/templates/supervisor/netbox.conf

diff --git a/provision.yml b/provision.yml
index 6bbd87c..01bff69 100644
--- a/provision.yml
+++ b/provision.yml
@@ -1,4 +1,6 @@
 - hosts: aux.lab.uncomfortably.online
   tasks:
-    - include_role:
-        name: unifi
\ No newline at end of file
+    - import_role:
+        name: unifi
+    - import_role:
+        name: netbox
diff --git a/roles/netbox/defaults/main.yml b/roles/netbox/defaults/main.yml
new file mode 100644
index 0000000..8f5ce7e
--- /dev/null
+++ b/roles/netbox/defaults/main.yml
@@ -0,0 +1,4 @@
+netbox_db: netbox
+netbox_pg_username: netbox
+netbox_release: '2.6.1'
+netbox_user: netbox
diff --git a/roles/netbox/tasks/main.yml b/roles/netbox/tasks/main.yml
new file mode 100644
index 0000000..a8539bb
--- /dev/null
+++ b/roles/netbox/tasks/main.yml
@@ -0,0 +1,165 @@
+- name: install postgres
+  apt:
+    package: [postgresql, libpq-dev, python-psycopg2]
+    state: present
+  become: yes
+
+- name: create netbox database
+  postgresql_db:
+    name: "{{netbox_db}}"
+    state: present
+  become: yes
+  become_user: postgres
+
+- name: create netbox postgres user
+  postgresql_user:
+    db: "{{netbox_db}}"
+    name: "{{netbox_pg_username}}"
+    password: "{{netbox_pg_password}}"
+  become: yes
+  become_user: postgres
+
+- name: install dependencies
+  apt:
+    package: [python3, python3-setuptools, python-setuptools, python3-dev, build-essential, libxml2-dev, libxslt1-dev,
+              libffi-dev, graphviz, libpq-dev, libssl-dev, redis-server, zlib1g-dev, libopenjp2-7, supervisor, nginx]
+    state: present
+  become: yes
+
+- name: remove system pip
+  apt:
+    package: python3-pip
+    state: absent
+  become: yes
+
+- name: install pip via get-pip.py
+  shell: curl https://bootstrap.pypa.io/get-pip.py | python3 -
+  become: yes
+
+- name: grab the netbox release
+  unarchive:
+    src: https://github.com/digitalocean/netbox/archive/v{{netbox_release}}.tar.gz
+    remote_src: yes
+    dest: /opt
+    owner: root
+    group: root
+    mode: u=rwX,g=rX,o=rX
+  become: yes
+
+- name: alias it to /opt/netbox
+  file:
+    src: /opt/netbox-{{netbox_release}}
+    dest: /opt/netbox
+    state: link
+  become: yes
+
+- name: create netbox user
+  user:
+    name: "{{netbox_user}}"
+    state: present
+  become: yes
+
+- name: chown netbox/media to netbox user
+  file:
+    path: /opt/netbox/netbox/media
+    recurse: yes
+    owner: "{{netbox_user}}"
+    group: "{{netbox_user}}"
+  become: yes
+
+- name: install dependencies via pip
+  pip:
+    requirements: /opt/netbox/requirements.txt
+    executable: pip3
+  become: yes
+
+- name: install napalm, Pillow, gunicorn
+  pip:
+    name: [napalm, Pillow, gunicorn]
+    state: present
+    executable: pip3
+  become: yes
+
+- name: template netbox config
+  template:
+    src: netbox/configuration.py
+    dest: /opt/netbox/netbox/netbox/configuration.py
+    owner: "{{netbox_user}}"
+    group: "{{netbox_user}}"
+  become: yes
+
+- name: run migrations
+  shell: python3 manage.py migrate
+  args:
+    chdir: /opt/netbox/netbox/
+  become: yes
+  become_user: "{{netbox_user}}"
+
+- name: create netbox superuser
+  shell: >
+    echo "from django.contrib.auth import get_user_model; User = get_user_model(); User.objects.create_superuser('{{netbox_superuser_username}}', '{{netbox_superuser_email}}', '{{netbox_superuser_password}}')" \
+      | python3 manage.py shell
+  args:
+    chdir: /opt/netbox/netbox/
+  become: yes
+  become_user: "{{netbox_user}}"
+
+- name: collect static files
+  shell: python3 manage.py collectstatic --no-input
+  args:
+    chdir: /opt/netbox/netbox/
+  become: yes
+
+- name: load seed data
+  shell: python3 manage.py loaddata initial_data
+  args:
+    chdir: /opt/netbox/netbox/
+  become: yes
+
+- name: template nginx config
+  template:
+    src: nginx/netbox.conf
+    dest: /etc/nginx/sites-available/netbox
+    owner: root
+    group: root
+    mode: 0644
+  become: yes
+
+- name: link nginx config
+  file:
+    src: /etc/nginx/sites-available/netbox
+    dest: /etc/nginx/sites-enabled/netbox
+    state: link
+    owner: root
+    group: root
+    mode: 0644
+  become: yes
+
+- name: install gunicorn config
+  template:
+    src: netbox/gunicorn_config.py
+    dest: /opt/netbox/gunicorn_config.py
+    owner: "{{netbox_user}}"
+    group: "{{netbox_user}}"
+  become: yes
+
+- name: install gunicorn supervisord config
+  template:
+    src: supervisor/netbox.conf
+    dest: /etc/supervisor/conf.d/netbox.conf
+    owner: root
+    group: root
+    mode: 0644
+  become: yes
+
+- name: restart supervisord
+  service:
+    name: supervisor
+    state: restarted
+  become: yes
+
+- name: restart nginx
+  service:
+    name: nginx
+    state: restarted
+  become: yes
\ No newline at end of file
diff --git a/roles/netbox/templates/netbox/configuration.py b/roles/netbox/templates/netbox/configuration.py
new file mode 100644
index 0000000..1cfaf9f
--- /dev/null
+++ b/roles/netbox/templates/netbox/configuration.py
@@ -0,0 +1,24 @@
+ALLOWED_HOSTS = ['{{netbox_host}}']
+
+DATABASE = {
+    'NAME': '{{netbox_db}}',                        # Database name
+    'USER': '{{netbox_pg_username}}',               # PostgreSQL username
+    'PASSWORD': '{{netbox_pg_password}}',           # PostgreSQL password
+    'HOST': 'localhost',                            # Database server
+    'PORT': '',                                     # Database port (leave blank for default)
+}
+
+SECRET_KEY = '{{netbox_secret_key}}'
+
+# Redis database settings. The Redis database is used for caching and background processing such as webhooks
+REDIS = {
+    'HOST': 'localhost',
+    'PORT': 6379,
+    'PASSWORD': '',
+    'DATABASE': 0,
+    'CACHE_DATABASE': 1,
+    'DEFAULT_TIMEOUT': 300,
+    'SSL': False,
+}
+
+WEBHOOKS_ENABLED = True
diff --git a/roles/netbox/templates/netbox/gunicorn_config.py b/roles/netbox/templates/netbox/gunicorn_config.py
new file mode 100644
index 0000000..fefcb18
--- /dev/null
+++ b/roles/netbox/templates/netbox/gunicorn_config.py
@@ -0,0 +1,5 @@
+command = '/usr/bin/gunicorn'
+pythonpath = '/opt/netbox/netbox'
+bind = '127.0.0.1:8001'
+workers = 3
+user = '{{netbox_user}}'
diff --git a/roles/netbox/templates/nginx/netbox.conf b/roles/netbox/templates/nginx/netbox.conf
new file mode 100644
index 0000000..11b1d6e
--- /dev/null
+++ b/roles/netbox/templates/nginx/netbox.conf
@@ -0,0 +1,19 @@
+server {
+    listen 80;
+
+    server_name {{netbox_host}};
+
+    client_max_body_size 25m;
+
+    location /static/ {
+        alias /opt/netbox/netbox/static/;
+    }
+
+    location / {
+        proxy_pass http://127.0.0.1:8001;
+        proxy_set_header X-Forwarded-Host $server_name;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
+    }
+}
\ No newline at end of file
diff --git a/roles/netbox/templates/supervisor/netbox.conf b/roles/netbox/templates/supervisor/netbox.conf
new file mode 100644
index 0000000..e0c1b95
--- /dev/null
+++ b/roles/netbox/templates/supervisor/netbox.conf
@@ -0,0 +1,9 @@
+[program:netbox]
+command = gunicorn -c /opt/netbox/gunicorn_config.py netbox.wsgi
+directory = /opt/netbox/netbox/
+user = {{netbox_user}}
+
+[program:netbox-rqworker]
+command = python3 /opt/netbox/netbox/manage.py rqworker
+directory = /opt/netbox/netbox/
+user = {{netbox_user}}
\ No newline at end of file