From 7c5921c80a93ee14dd72da89b2fc79e007d69102 Mon Sep 17 00:00:00 2001 From: florianow Date: Sat, 27 Mar 2021 10:22:05 +0100 Subject: [PATCH 01/12] create a superuser token bool --- defaults/main.yml | 1 + molecule/default/converge.yml | 33 +++++++++++++++++++++++++++++++++ tasks/deploy_netbox.yml | 9 +++++++++ vars/main.yml | 8 ++++++++ 4 files changed, 51 insertions(+) create mode 100644 molecule/default/converge.yml diff --git a/defaults/main.yml b/defaults/main.yml index c23b50e..86d3b80 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -13,6 +13,7 @@ netbox_install_epel: true netbox_superuser_username: admin # netbox_superuser_password: changeme netbox_superuser_email: admin@localhost +netbox_superuser_token_enabled: false netbox_database: netbox netbox_database_user: netbox diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..d0278cf --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,33 @@ +--- +- name: Converge + hosts: all + become: true + vars: + redis_version: 6.2.1 + netbox_stable_version: 2.10.8 + netbox_stable: true + netbox_socket: "0.0.0.0:80" + netbox_superuser_password: netbox + netbox_superuser_token_enabled: true + netbox_config: + ALLOWED_HOSTS: + - "{{ inventory_hostname }}" + # The following should not be used in production, probably. + # This playbook gets used by Vagrant where we don't know the actual hostname. + - "*" + MEDIA_ROOT: "{{ netbox_shared_path }}/media" + REPORTS_ROOT: "{{ netbox_shared_path }}/reports" + SCRIPTS_ROOT: "{{ netbox_shared_path }}/scripts" + netbox_database_socket: "{{ postgresql_unix_socket_directories[0] }}" + # webhooks + netbox_webhooks_enabled: true + # db + postgresql_users: + - name: "{{ netbox_database_user }}" + role_attr_flags: CREATEDB,NOSUPERUSER + ## REDIS server install + redis_bind: 127.0.0.1 + roles: + - geerlingguy.postgresql + - davidwittman.redis + - ansible-role-netbox diff --git a/tasks/deploy_netbox.yml b/tasks/deploy_netbox.yml index e9de628..8d3736f 100644 --- a/tasks/deploy_netbox.yml +++ b/tasks/deploy_netbox.yml @@ -130,6 +130,15 @@ when: - not netbox_ldap_enabled + - name: Create a super user token for NetBox + shell: "printf '{{ netbox_superuser_token }}' |\ + {{ netbox_virtualenv_path }}/bin/python {{ netbox_current_path }}/netbox/manage.py shell" + register: _netbox_superuser_token + changed_when: "'changed' in _netbox_superuser_token.stdout" + when: + - not netbox_ldap_enabled + - netbox_superuser_token_enabled + - name: Generate static assets for NetBox django_manage: command: collectstatic diff --git a/vars/main.yml b/vars/main.yml index 3a576bf..981a4b9 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -29,3 +29,11 @@ netbox_superuser_script: | user.set_password(password) user.save() print("changed") + +netbox_superuser_token: | + from users.models import Token + from django.contrib.auth.models import User + user = User.objects.get(username="{{ netbox_superuser_username }}") + token = Token.objects.create(user=user) + print("api-token: " + token.key) + print("changed") \ No newline at end of file From 4ea71b9fe1b840556e354a9473f9840efe820c60 Mon Sep 17 00:00:00 2001 From: florianow Date: Sat, 27 Mar 2021 10:33:29 +0100 Subject: [PATCH 02/12] new feature for api token --- molecule/default/molecule.yml | 13 +++++++++---- molecule/default/playbook.yml | 30 ------------------------------ 2 files changed, 9 insertions(+), 34 deletions(-) delete mode 100644 molecule/default/playbook.yml diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 033dc38..60decc6 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -2,17 +2,22 @@ dependency: name: galaxy driver: - name: vagrant + name: docker provider: - name: virtualbox + name: centos8 lint: | set -e yamllint . ansible-lint flake8 platforms: - - name: debian-9 - box: generic/debian9 + - name: centos8 + image: geerlingguy/docker-centos8-ansible:latest + command: /sbin/init + privileged: True + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + pre_build_image: true provisioner: name: ansible log: true diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml deleted file mode 100644 index 1f20ae6..0000000 --- a/molecule/default/playbook.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - vars: - netbox_stable: true - netbox_socket: "0.0.0.0:80" - netbox_superuser_password: netbox - netbox_config: - ALLOWED_HOSTS: - - "{{ inventory_hostname }}" - # The following should not be used in production, probably. - # This playbook gets used by Vagrant where we don't know the actual hostname. - - "*" - MEDIA_ROOT: "{{ netbox_shared_path }}/media" - REPORTS_ROOT: "{{ netbox_shared_path }}/reports" - SCRIPTS_ROOT: "{{ netbox_shared_path }}/scripts" - netbox_database_socket: "{{ postgresql_unix_socket_directories[0] }}" - # webhooks - netbox_webhooks_enabled: true - # db - postgresql_users: - - name: "{{ netbox_database_user }}" - role_attr_flags: CREATEDB,NOSUPERUSER - ## REDIS server install - redis_bind: 127.0.0.1 - roles: - - geerlingguy.postgresql - - davidwittman.redis - - ansible-role-netbox From 9ea17b9d156ccec5aac7147e8c4d6851720cdb3d Mon Sep 17 00:00:00 2001 From: florianow Date: Sat, 27 Mar 2021 10:53:01 +0100 Subject: [PATCH 03/12] Revert "new feature for api token" This reverts commit 4ea71b9fe1b840556e354a9473f9840efe820c60. --- molecule/default/molecule.yml | 13 ++++--------- molecule/default/playbook.yml | 30 ++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 9 deletions(-) create mode 100644 molecule/default/playbook.yml diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 60decc6..033dc38 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -2,22 +2,17 @@ dependency: name: galaxy driver: - name: docker + name: vagrant provider: - name: centos8 + name: virtualbox lint: | set -e yamllint . ansible-lint flake8 platforms: - - name: centos8 - image: geerlingguy/docker-centos8-ansible:latest - command: /sbin/init - privileged: True - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - pre_build_image: true + - name: debian-9 + box: generic/debian9 provisioner: name: ansible log: true diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml new file mode 100644 index 0000000..1f20ae6 --- /dev/null +++ b/molecule/default/playbook.yml @@ -0,0 +1,30 @@ +--- +- name: Converge + hosts: all + become: true + vars: + netbox_stable: true + netbox_socket: "0.0.0.0:80" + netbox_superuser_password: netbox + netbox_config: + ALLOWED_HOSTS: + - "{{ inventory_hostname }}" + # The following should not be used in production, probably. + # This playbook gets used by Vagrant where we don't know the actual hostname. + - "*" + MEDIA_ROOT: "{{ netbox_shared_path }}/media" + REPORTS_ROOT: "{{ netbox_shared_path }}/reports" + SCRIPTS_ROOT: "{{ netbox_shared_path }}/scripts" + netbox_database_socket: "{{ postgresql_unix_socket_directories[0] }}" + # webhooks + netbox_webhooks_enabled: true + # db + postgresql_users: + - name: "{{ netbox_database_user }}" + role_attr_flags: CREATEDB,NOSUPERUSER + ## REDIS server install + redis_bind: 127.0.0.1 + roles: + - geerlingguy.postgresql + - davidwittman.redis + - ansible-role-netbox From 072d188ef6d7934042bebbd98d0859df22a01a83 Mon Sep 17 00:00:00 2001 From: florianow Date: Sat, 27 Mar 2021 10:58:09 +0100 Subject: [PATCH 04/12] rename playbook moecule in converge --- molecule/default/playbook.yml | 30 ------------------------------ 1 file changed, 30 deletions(-) delete mode 100644 molecule/default/playbook.yml diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml deleted file mode 100644 index 1f20ae6..0000000 --- a/molecule/default/playbook.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - vars: - netbox_stable: true - netbox_socket: "0.0.0.0:80" - netbox_superuser_password: netbox - netbox_config: - ALLOWED_HOSTS: - - "{{ inventory_hostname }}" - # The following should not be used in production, probably. - # This playbook gets used by Vagrant where we don't know the actual hostname. - - "*" - MEDIA_ROOT: "{{ netbox_shared_path }}/media" - REPORTS_ROOT: "{{ netbox_shared_path }}/reports" - SCRIPTS_ROOT: "{{ netbox_shared_path }}/scripts" - netbox_database_socket: "{{ postgresql_unix_socket_directories[0] }}" - # webhooks - netbox_webhooks_enabled: true - # db - postgresql_users: - - name: "{{ netbox_database_user }}" - role_attr_flags: CREATEDB,NOSUPERUSER - ## REDIS server install - redis_bind: 127.0.0.1 - roles: - - geerlingguy.postgresql - - davidwittman.redis - - ansible-role-netbox From 0a3406069747435634c2647bbc9d3cfac16ea4ed Mon Sep 17 00:00:00 2001 From: florianow Date: Sat, 27 Mar 2021 16:21:00 +0100 Subject: [PATCH 05/12] change readme because new api token feature --- README.adoc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.adoc b/README.adoc index f041135..52b051b 100644 --- a/README.adoc +++ b/README.adoc @@ -129,12 +129,15 @@ netbox_git_uri: "https://github.com/netbox-community/netbox.git" netbox_superuser_username: admin #netbox_superuser_password: changeme netbox_superuser_email: admin@localhost +netbox_superuser_token: false ---- It is *required* to set the superuser password. This role will create a new superuser if the user does not exist, or will modify an existing user if they're not a superuser/have a different email or password. (Yes, you can use this to -reset your superuser password if you forget it.) +reset your superuser password if you forget it.) it is possible to set a random +generate API-token for the superuser. + [source,yaml] ---- From 7702e1dabf55741db2a9e38c894d8767e7125e2c Mon Sep 17 00:00:00 2001 From: florianow Date: Sat, 27 Mar 2021 16:25:38 +0100 Subject: [PATCH 06/12] new api token feature --- defaults/main.yml | 2 +- molecule/default/converge.yml | 2 +- tasks/deploy_netbox.yml | 2 +- tests/group_vars/netbox | 1 + vars/main.yml | 8 +++++--- 5 files changed, 9 insertions(+), 6 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 86d3b80..3f044a9 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -13,7 +13,7 @@ netbox_install_epel: true netbox_superuser_username: admin # netbox_superuser_password: changeme netbox_superuser_email: admin@localhost -netbox_superuser_token_enabled: false +netbox_superuser_create_token: false netbox_database: netbox netbox_database_user: netbox diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index d0278cf..994c37c 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -8,7 +8,7 @@ netbox_stable: true netbox_socket: "0.0.0.0:80" netbox_superuser_password: netbox - netbox_superuser_token_enabled: true + netbox_superuser_create_token: true netbox_config: ALLOWED_HOSTS: - "{{ inventory_hostname }}" diff --git a/tasks/deploy_netbox.yml b/tasks/deploy_netbox.yml index 8d3736f..ad7d7a5 100644 --- a/tasks/deploy_netbox.yml +++ b/tasks/deploy_netbox.yml @@ -137,7 +137,7 @@ changed_when: "'changed' in _netbox_superuser_token.stdout" when: - not netbox_ldap_enabled - - netbox_superuser_token_enabled + - netbox_superuser_create_token - name: Generate static assets for NetBox django_manage: diff --git a/tests/group_vars/netbox b/tests/group_vars/netbox index 25bf1b7..87b1cc6 100644 --- a/tests/group_vars/netbox +++ b/tests/group_vars/netbox @@ -23,6 +23,7 @@ netbox_reports: name: nothing netbox_napalm_enabled: true netbox_superuser_password: netbox +netbox_superuser_token: true netbox_database: "netbox_{{ inventory_hostname_short }}" netbox_database_host: 10.0.3.1 netbox_database_password: diff --git a/vars/main.yml b/vars/main.yml index 981a4b9..cdd93fb 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -34,6 +34,8 @@ netbox_superuser_token: | from users.models import Token from django.contrib.auth.models import User user = User.objects.get(username="{{ netbox_superuser_username }}") - token = Token.objects.create(user=user) - print("api-token: " + token.key) - print("changed") \ No newline at end of file + query = Token.objects.filter(user=user) + if not query.exists(): + token = Token.objects.create(user=user) + print("api-token: " + token.key) + print("changed") From 7f4859bf4791b10352d22d7acc06c9cff2276666 Mon Sep 17 00:00:00 2001 From: florianow Date: Sat, 27 Mar 2021 17:13:39 +0100 Subject: [PATCH 07/12] LDAP and superuser are together possible --- README.adoc | 3 ++- defaults/main.yml | 1 + tasks/deploy_netbox.yml | 4 ++-- tests/group_vars/netbox | 1 + 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/README.adoc b/README.adoc index 52b051b..f539d8b 100644 --- a/README.adoc +++ b/README.adoc @@ -129,6 +129,7 @@ netbox_git_uri: "https://github.com/netbox-community/netbox.git" netbox_superuser_username: admin #netbox_superuser_password: changeme netbox_superuser_email: admin@localhost +superuser_enabled: false netbox_superuser_token: false ---- @@ -136,7 +137,7 @@ It is *required* to set the superuser password. This role will create a new superuser if the user does not exist, or will modify an existing user if they're not a superuser/have a different email or password. (Yes, you can use this to reset your superuser password if you forget it.) it is possible to set a random -generate API-token for the superuser. +generate API-token for the superuser. You can create a superuser and configure LDAP. [source,yaml] diff --git a/defaults/main.yml b/defaults/main.yml index 3f044a9..192eb53 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -10,6 +10,7 @@ netbox_git_uri: "https://github.com/netbox-community/netbox.git" netbox_install_epel: true +netbox_superuser_enabled: false netbox_superuser_username: admin # netbox_superuser_password: changeme netbox_superuser_email: admin@localhost diff --git a/tasks/deploy_netbox.yml b/tasks/deploy_netbox.yml index ad7d7a5..156d5c6 100644 --- a/tasks/deploy_netbox.yml +++ b/tasks/deploy_netbox.yml @@ -128,7 +128,7 @@ register: _netbox_superuser_result changed_when: "'changed' in _netbox_superuser_result.stdout" when: - - not netbox_ldap_enabled + - (not netbox_ldap_enabled) or (superuser_enabled) - name: Create a super user token for NetBox shell: "printf '{{ netbox_superuser_token }}' |\ @@ -136,8 +136,8 @@ register: _netbox_superuser_token changed_when: "'changed' in _netbox_superuser_token.stdout" when: - - not netbox_ldap_enabled - netbox_superuser_create_token + - (not netbox_ldap_enabled) or (superuser_enabled) - name: Generate static assets for NetBox django_manage: diff --git a/tests/group_vars/netbox b/tests/group_vars/netbox index 87b1cc6..46ef86a 100644 --- a/tests/group_vars/netbox +++ b/tests/group_vars/netbox @@ -22,6 +22,7 @@ netbox_reports: - src: reports/nothing.py name: nothing netbox_napalm_enabled: true +netbox_superuser_enabled: false netbox_superuser_password: netbox netbox_superuser_token: true netbox_database: "netbox_{{ inventory_hostname_short }}" From 92b3af542c80b611302c8eb7cccdce9629962df2 Mon Sep 17 00:00:00 2001 From: florianow Date: Sat, 27 Mar 2021 17:30:08 +0100 Subject: [PATCH 08/12] or condtion for ldap and superuser --- .cache/roles/Musee Ullah.netbox | 1 + tasks/deploy_netbox.yml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) create mode 120000 .cache/roles/Musee Ullah.netbox diff --git a/.cache/roles/Musee Ullah.netbox b/.cache/roles/Musee Ullah.netbox new file mode 120000 index 0000000..c25bddb --- /dev/null +++ b/.cache/roles/Musee Ullah.netbox @@ -0,0 +1 @@ +../.. \ No newline at end of file diff --git a/tasks/deploy_netbox.yml b/tasks/deploy_netbox.yml index 156d5c6..49d3ee6 100644 --- a/tasks/deploy_netbox.yml +++ b/tasks/deploy_netbox.yml @@ -128,7 +128,7 @@ register: _netbox_superuser_result changed_when: "'changed' in _netbox_superuser_result.stdout" when: - - (not netbox_ldap_enabled) or (superuser_enabled) + - (not netbox_ldap_enabled) or (netbox_superuser_enabled) - name: Create a super user token for NetBox shell: "printf '{{ netbox_superuser_token }}' |\ @@ -137,7 +137,7 @@ changed_when: "'changed' in _netbox_superuser_token.stdout" when: - netbox_superuser_create_token - - (not netbox_ldap_enabled) or (superuser_enabled) + - (not netbox_ldap_enabled) or (netbox_superuser_enabled) - name: Generate static assets for NetBox django_manage: From 8b53fc50ce9a25c6bf6d99fdda9e576375a20c65 Mon Sep 17 00:00:00 2001 From: Florianow Date: Fri, 21 May 2021 16:00:06 +0200 Subject: [PATCH 09/12] readme and testing group_vars --- README.adoc | 6 ++++-- tests/group_vars/netbox | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/README.adoc b/README.adoc index f539d8b..1bb1f7f 100644 --- a/README.adoc +++ b/README.adoc @@ -129,8 +129,10 @@ netbox_git_uri: "https://github.com/netbox-community/netbox.git" netbox_superuser_username: admin #netbox_superuser_password: changeme netbox_superuser_email: admin@localhost -superuser_enabled: false -netbox_superuser_token: false +netbox_superuser_enabled: false +netbox_superuser_create_token: false + + ---- It is *required* to set the superuser password. This role will create a new diff --git a/tests/group_vars/netbox b/tests/group_vars/netbox index 46ef86a..6373b58 100644 --- a/tests/group_vars/netbox +++ b/tests/group_vars/netbox @@ -24,7 +24,7 @@ netbox_reports: netbox_napalm_enabled: true netbox_superuser_enabled: false netbox_superuser_password: netbox -netbox_superuser_token: true +netbox_superuser_create_token: true netbox_database: "netbox_{{ inventory_hostname_short }}" netbox_database_host: 10.0.3.1 netbox_database_password: From efcbeb119e90d66fd589d12eb58fb14e28981ac6 Mon Sep 17 00:00:00 2001 From: florianow <64468897+florianow@users.noreply.github.com> Date: Fri, 21 May 2021 16:27:34 +0200 Subject: [PATCH 10/12] Update netbox --- tests/group_vars/netbox | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/group_vars/netbox b/tests/group_vars/netbox index 6373b58..bc642e0 100644 --- a/tests/group_vars/netbox +++ b/tests/group_vars/netbox @@ -22,7 +22,7 @@ netbox_reports: - src: reports/nothing.py name: nothing netbox_napalm_enabled: true -netbox_superuser_enabled: false +netbox_superuser_enabled: true netbox_superuser_password: netbox netbox_superuser_create_token: true netbox_database: "netbox_{{ inventory_hostname_short }}" From 6f10dae41dfdf3fab06c48d06b96795bc803b993 Mon Sep 17 00:00:00 2001 From: florianow <64468897+florianow@users.noreply.github.com> Date: Fri, 21 May 2021 16:34:01 +0200 Subject: [PATCH 11/12] Update deploy_netbox.yml --- tasks/deploy_netbox.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/deploy_netbox.yml b/tasks/deploy_netbox.yml index 49d3ee6..66b6a38 100644 --- a/tasks/deploy_netbox.yml +++ b/tasks/deploy_netbox.yml @@ -128,7 +128,7 @@ register: _netbox_superuser_result changed_when: "'changed' in _netbox_superuser_result.stdout" when: - - (not netbox_ldap_enabled) or (netbox_superuser_enabled) + - netbox_superuser_enabled - name: Create a super user token for NetBox shell: "printf '{{ netbox_superuser_token }}' |\ @@ -137,7 +137,7 @@ changed_when: "'changed' in _netbox_superuser_token.stdout" when: - netbox_superuser_create_token - - (not netbox_ldap_enabled) or (netbox_superuser_enabled) + - netbox_superuser_enabled - name: Generate static assets for NetBox django_manage: From 777329fef2485e15ca8d4dee2abf1d5ff377f96f Mon Sep 17 00:00:00 2001 From: florianow <64468897+florianow@users.noreply.github.com> Date: Fri, 21 May 2021 18:24:44 +0200 Subject: [PATCH 12/12] Delete .cache directory --- .cache/roles/Musee Ullah.netbox | 1 - 1 file changed, 1 deletion(-) delete mode 120000 .cache/roles/Musee Ullah.netbox diff --git a/.cache/roles/Musee Ullah.netbox b/.cache/roles/Musee Ullah.netbox deleted file mode 120000 index c25bddb..0000000 --- a/.cache/roles/Musee Ullah.netbox +++ /dev/null @@ -1 +0,0 @@ -../.. \ No newline at end of file