diff --git a/.gitignore b/.gitignore index 5c199eb..6431c61 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ # ---> Ansible *.retry +vault.yml \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..beaa292 --- /dev/null +++ b/Makefile @@ -0,0 +1,42 @@ +# NetBox Ansible Deployment Makefile + +.PHONY: help install-collections deploy update backup check-syntax encrypt-vault decrypt-vault + +help: ## Show this help message + @echo "NetBox Ansible Deployment" + @echo "========================" + @echo "" + @echo "Available commands:" + @awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf " %-20s %s\n", $$1, $$2}' $(MAKEFILE_LIST) + +install-collections: ## Install required Ansible collections + ansible-galaxy collection install -r requirements.yml + +deploy: ## Deploy NetBox (requires vault password) + ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --ask-vault-pass + +update: ## Update NetBox + ansible-playbook -i inventory/hosts.yml playbooks/update-netbox.yml + +backup: ## Backup NetBox + ansible-playbook -i inventory/hosts.yml playbooks/backup-netbox.yml + +check-syntax: ## Check Ansible playbook syntax + ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --syntax-check + ansible-playbook -i inventory/hosts.yml playbooks/update-netbox.yml --syntax-check + ansible-playbook -i inventory/hosts.yml playbooks/backup-netbox.yml --syntax-check + +encrypt-vault: ## Encrypt vault file + ansible-vault encrypt group_vars/netbox/vault.yml + +decrypt-vault: ## Decrypt vault file + ansible-vault decrypt group_vars/netbox/vault.yml + +edit-vault: ## Edit encrypted vault file + ansible-vault edit group_vars/netbox/vault.yml + +dry-run: ## Run playbook in check mode (dry run) + ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --check --ask-vault-pass + +test-connection: ## Test connection to hosts + ansible netbox -i inventory/hosts.yml -m ping diff --git a/README.md b/README.md index 297e4b9..35ad641 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,231 @@ -# netbox-ansible +# NetBox Ansible Deployment -Ansible playbook for managing the netbox server \ No newline at end of file +This Ansible project deploys NetBox using Docker Compose on Ubuntu servers. It follows Ansible best practices with modular roles, idempotent operations, and comprehensive configuration management. + +## Features + +- **Modular Design**: Separate roles for system updates, Docker installation, and NetBox deployment +- **Idempotent**: Safe to run multiple times without side effects +- **Ubuntu Only**: Specifically designed for Ubuntu distributions (Focal, Jammy, Noble) +- **Docker Compose**: Uses the official NetBox Docker repository +- **Configuration Management**: Templated environment files with Ansible variables +- **Security**: Support for Ansible Vault for sensitive data +- **Backup Support**: Built-in backup playbook for data protection + +## Project Structure + +``` +netbox-ansible/ +├── ansible.cfg # Ansible configuration +├── inventory/ +│ └── hosts.yml # Inventory file +├── group_vars/ +│ ├── netbox.yml # Group variables +│ └── netbox/ +│ └── vault.yml # Encrypted sensitive variables +├── playbooks/ +│ ├── deploy-netbox.yml # Main deployment playbook +│ ├── update-netbox.yml # Update NetBox playbook +│ └── backup-netbox.yml # Backup NetBox playbook +├── roles/ +│ ├── system-update/ # System package updates +│ ├── docker-install/ # Docker and Docker Compose installation +│ └── netbox-deploy/ # NetBox deployment and configuration +└── templates/ # Additional templates if needed +``` + +## Prerequisites + +- Ansible 2.9 or later +- Target servers running Ubuntu (Focal, Jammy, or Noble) +- SSH access to target servers with sudo privileges +- Python 3 on target servers + +## Quick Start + +1. **Configure Inventory** + ```bash + # Edit inventory/hosts.yml + vim inventory/hosts.yml + ``` + Add your server(s): + ```yaml + [netbox] + netbox-server ansible_host=192.168.1.100 ansible_user=ubuntu + ``` + +2. **Configure Variables** + ```bash + # Edit group variables + vim group_vars/netbox.yml + + # Encrypt sensitive variables + ansible-vault encrypt group_vars/netbox/vault.yml + ``` + +3. **Deploy NetBox** + ```bash + # Run the deployment playbook + ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml + ``` + +## Configuration + +### Group Variables (`group_vars/netbox.yml`) + +Key configuration options: + +- `netbox_install_dir`: Directory for NetBox installation (default: `/opt/netbox-docker`) +- `netbox_data_dir`: Directory for persistent data (default: `/opt/netbox-data`) +- `netbox_backup_dir`: Directory for backups (default: `/opt/netbox-backups`) +- `netbox_allowed_hosts`: Allowed hosts for NetBox +- `netbox_superuser_*`: Superuser configuration +- `netbox_db_*`: Database configuration +- `netbox_redis_*`: Redis configuration + +### Vault Variables (`group_vars/netbox/vault.yml`) + +Sensitive data should be encrypted: + +```bash +# Encrypt vault file +ansible-vault encrypt group_vars/netbox/vault.yml + +# Edit encrypted vault file +ansible-vault edit group_vars/netbox/vault.yml +``` + +### Docker Compose Overrides + +Customize Docker Compose configuration via `netbox_docker_compose_overrides`: + +```yaml +netbox_docker_compose_overrides: + services: + netbox: + ports: + - "8000:8080" + db: + volumes: + - "/opt/netbox-data/postgres:/var/lib/postgresql/data" +``` + +## Playbooks + +### Main Deployment (`deploy-netbox.yml`) + +Deploys NetBox from scratch: +- Updates system packages +- Installs Docker and Docker Compose +- Clones NetBox Docker repository +- Configures environment files +- Starts NetBox services +- Creates superuser account + +### Update NetBox (`update-netbox.yml`) + +Updates existing NetBox installation: +- Updates repository +- Pulls latest Docker images +- Restarts services + +### Backup NetBox (`backup-netbox.yml`) + +Creates comprehensive backup: +- Database dump +- Media files +- Configuration files + +## Roles + +### system-update +- Updates apt package cache +- Upgrades all packages +- Installs required packages +- Optional reboot if needed + +### docker-install +- Adds Docker GPG key and repository +- Installs Docker CE and Docker Compose +- Configures Docker daemon +- Adds users to docker group + +### netbox-deploy +- Creates necessary directories +- Clones NetBox Docker repository +- Generates configuration files +- Starts NetBox services +- Creates superuser account + +## Usage Examples + +### Deploy NetBox +```bash +ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml +``` + +### Update NetBox +```bash +ansible-playbook -i inventory/hosts.yml playbooks/update-netbox.yml +``` + +### Backup NetBox +```bash +ansible-playbook -i inventory/hosts.yml playbooks/backup-netbox.yml +``` + +### Run with Vault +```bash +ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --ask-vault-pass +``` + +### Run Specific Tags +```bash +ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --tags "docker-install" +``` + +## Security Considerations + +1. **Encrypt Sensitive Data**: Use `ansible-vault` for passwords and secrets +2. **SSH Key Authentication**: Use SSH keys instead of passwords +3. **Firewall Rules**: Configure appropriate firewall rules +4. **Regular Updates**: Keep NetBox and dependencies updated +5. **Backup Strategy**: Implement regular backup procedures + +## Troubleshooting + +### Common Issues + +1. **Permission Denied**: Ensure user has sudo privileges +2. **Docker Not Found**: Check Docker installation and user group membership +3. **Port Conflicts**: Verify port 8000 is available +4. **Database Connection**: Check database configuration and connectivity + +### Logs and Debugging + +```bash +# Enable verbose output +ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml -vvv + +# Check Docker Compose logs +ansible netbox -i inventory/hosts.yml -m shell -a "cd /opt/netbox-docker && docker compose logs" +``` + +## Contributing + +1. Follow Ansible best practices +2. Ensure idempotency +3. Add appropriate tags +4. Update documentation +5. Test on multiple Ubuntu versions + +## License + +MIT License - see LICENSE file for details. + +## Support + +For issues and questions: +- Check NetBox documentation: https://docs.netbox.dev/ +- NetBox Community: https://github.com/netbox-community/netbox +- NetBox Docker: https://github.com/netbox-community/netbox-docker \ No newline at end of file diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..12a4b31 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,33 @@ +[defaults] +# Basic configuration +inventory = inventory/ +host_key_checking = False +timeout = 30 +forks = 10 +gathering = smart +fact_caching = memory + +# Logging +log_path = ./ansible.log +stdout_callback = yaml +bin_ansible_callbacks = True + +# SSH settings +ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no +pipelining = True + +# Performance +host_key_checking = False +retry_files_enabled = False + +# Colors +force_color = 1 + +[inventory] +enable_plugins = host_list, script, auto, yaml, ini, toml + +[privilege_escalation] +become = True +become_method = sudo +become_user = root +become_ask_pass = False diff --git a/group_vars/netbox.yml b/group_vars/netbox.yml new file mode 100644 index 0000000..4551e5b --- /dev/null +++ b/group_vars/netbox.yml @@ -0,0 +1,85 @@ +--- +# Group variables for NetBox deployment +# These variables apply to all hosts in the netbox group + +# System Update Configuration +system_update_reboot_if_needed: false +system_update_autoremove: true + +# Docker Configuration +docker_users: + - "{{ ansible_user }}" +docker_daemon_config: + log-driver: "json-file" + log-opts: + max-size: "10m" + max-file: "3" + +# NetBox Configuration +netbox_install_dir: "/opt/netbox-docker" +netbox_backup_dir: "/opt/netbox-backups" +netbox_data_dir: "/opt/netbox-data" + +# Database Configuration +netbox_db_host: "db" +netbox_db_name: "netbox" +netbox_db_user: "netbox" +netbox_db_password: "{{ vault_netbox_db_password | default('netbox') }}" +netbox_db_port: "5432" + +# Redis Configuration +netbox_redis_host: "redis" +netbox_redis_port: "6379" +netbox_redis_password: "{{ vault_netbox_redis_password | default('') }}" + +# Redis Cache Configuration +netbox_redis_cache_host: "redis-cache" +netbox_redis_cache_port: "6379" +netbox_redis_cache_password: "{{ vault_netbox_redis_cache_password | default('') }}" + +# NetBox Settings +netbox_allowed_hosts: "{{ ansible_default_ipv4.address }},localhost,127.0.0.1" +netbox_time_zone: "UTC" +netbox_language_code: "en" +netbox_debug: false +netbox_log_level: "INFO" + +# Superuser Configuration +netbox_superuser_name: "admin" +netbox_superuser_email: "admin@{{ ansible_domain | default('example.com') }}" +netbox_superuser_password: "{{ vault_netbox_superuser_password | default('admin') }}" + +netbox_additional_env: + CORS_ORIGIN_ALLOW_ALL: True + EMAIL_FROM: "netbox@jeansburger.net" + EMAIL_PASSWORD: "{{ vault_netbox_email_password | default('') }}" + EMAIL_PORT: 587 + EMAIL_SERVER: "smtp.postmarkapp.com" + EMAIL_TIMEOUT: 5 + EMAIL_USERNAME: "{{ value_netbox_email_username | default('') }}" + # EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`! + EMAIL_USE_SSL: False + EMAIL_USE_TLS: True + GRAPHQL_ENABLED: True + MEDIA_ROOT: "/opt/netbox/netbox/media" + METRICS_ENABLED: True + RELEASE_CHECK_URL: "https://api.github.com/repos/netbox-community/netbox/releases" + SECRET_KEY: "{{ vault_netbox_secret_key | default('') }}" + SKIP_SUPERUSER: True + WEBHOOKS_ENABLED: True + +# Docker Compose Overrides +netbox_docker_compose_overrides: + services: + netbox: + ports: + - "8000:8080" + db: + volumes: + - "{{ netbox_data_dir }}/postgres:/var/lib/postgresql/data" + redis: + volumes: + - "{{ netbox_data_dir }}/redis:/data" + redis-cache: + volumes: + - "{{ netbox_data_dir }}/redis-cache:/data" diff --git a/group_vars/netbox/.gitkeep b/group_vars/netbox/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/host_vars/netbox-server.yml.example b/host_vars/netbox-server.yml.example new file mode 100644 index 0000000..6b4d73d --- /dev/null +++ b/host_vars/netbox-server.yml.example @@ -0,0 +1,11 @@ +--- +# Host-specific variables for NetBox deployment +# This file can be used to override group variables for specific hosts + +# Example host-specific overrides: +# netbox_install_dir: "/custom/netbox/path" +# netbox_allowed_hosts: "custom.domain.com,192.168.1.100" +# netbox_time_zone: "America/New_York" + +# Uncomment and modify as needed for your specific host +# netbox_superuser_email: "admin@yourdomain.com" diff --git a/inventory/hosts.yml b/inventory/hosts.yml new file mode 100644 index 0000000..4119ba4 --- /dev/null +++ b/inventory/hosts.yml @@ -0,0 +1,16 @@ +# NetBox Deployment Inventory +# Example inventory file for NetBox deployment + +[netbox] +# Add your NetBox server(s) here +# Example: +# netbox-server ansible_host=192.168.1.100 ansible_user=ubuntu +# netbox-server-2 ansible_host=192.168.1.101 ansible_user=ubuntu + +# Uncomment and modify the following line to add your server: +# netbox-server ansible_host=YOUR_SERVER_IP ansible_user=YOUR_USERNAME + +[netbox:vars] +# Group variables can be defined here or in group_vars/netbox.yml +ansible_ssh_common_args='-o StrictHostKeyChecking=no' +ansible_python_interpreter=/usr/bin/python3 diff --git a/playbooks/backup-netbox.yml b/playbooks/backup-netbox.yml new file mode 100644 index 0000000..2949dcd --- /dev/null +++ b/playbooks/backup-netbox.yml @@ -0,0 +1,69 @@ +--- +- name: Backup NetBox Data + hosts: netbox + become: yes + gather_facts: no + + tasks: + - name: Create backup directory with timestamp + file: + path: "{{ netbox_backup_dir }}/{{ ansible_date_time.iso8601_basic_short }}" + state: directory + mode: '0755' + register: backup_dir + tags: + - backup + + - name: Backup PostgreSQL database + docker_compose: + project_src: "{{ netbox_install_dir }}" + command: "db pg_dump -U {{ netbox_db_user }} {{ netbox_db_name }}" + register: db_backup + tags: + - backup + + - name: Save database backup to file + copy: + content: "{{ db_backup.stdout }}" + dest: "{{ backup_dir.path }}/netbox_db_backup.sql" + mode: '0644' + tags: + - backup + + - name: Backup Redis data + archive: + path: "{{ netbox_data_dir }}/redis" + dest: "{{ backup_dir.path }}/redis-data.tar.gz" + format: gz + ignore_errors: yes + tags: + - backup + + - name: Backup Redis Cache data + archive: + path: "{{ netbox_data_dir }}/redis-cache" + dest: "{{ backup_dir.path }}/redis-cache-data.tar.gz" + format: gz + ignore_errors: yes + tags: + - backup + + - name: Backup Docker Compose configuration + copy: + src: "{{ netbox_install_dir }}/" + dest: "{{ backup_dir.path }}/docker-compose-config/" + mode: '0644' + tags: + - backup + + - name: Display backup information + debug: + msg: + - "Backup completed successfully!" + - "Backup location: {{ backup_dir.path }}" + - "Database backup: {{ backup_dir.path }}/netbox_db_backup.sql" + - "Redis data backup: {{ backup_dir.path }}/redis-data.tar.gz" + - "Redis Cache data backup: {{ backup_dir.path }}/redis-cache-data.tar.gz" + - "Config backup: {{ backup_dir.path }}/docker-compose-config/" + tags: + - backup diff --git a/playbooks/deploy-netbox.yml b/playbooks/deploy-netbox.yml new file mode 100644 index 0000000..a96c802 --- /dev/null +++ b/playbooks/deploy-netbox.yml @@ -0,0 +1,67 @@ +--- +- name: Deploy NetBox with Docker Compose + hosts: netbox + become: yes + gather_facts: yes + + pre_tasks: + - name: Verify Ubuntu distribution + fail: + msg: "This playbook only supports Ubuntu distributions" + when: ansible_distribution != "Ubuntu" + tags: always + + - name: Display deployment information + debug: + msg: + - "Deploying NetBox to {{ inventory_hostname }}" + - "OS: {{ ansible_distribution }} {{ ansible_distribution_version }}" + - "Architecture: {{ ansible_architecture }}" + - "Installation directory: {{ netbox_install_dir }}" + tags: always + + roles: + - role: system-update + tags: + - system-update + - updates + - packages + + - role: docker-install + tags: + - docker-install + - docker + - containers + + - role: netbox-deploy + tags: + - netbox-deploy + - netbox + - application + + post_tasks: + - name: Display NetBox access information + debug: + msg: + - "NetBox deployment completed successfully!" + - "Access NetBox at: http://{{ ansible_default_ipv4.address }}:8000" + - "Default admin credentials:" + - " Username: {{ netbox_superuser_name }}" + - " Email: {{ netbox_superuser_email }}" + - " Password: {{ netbox_superuser_password }}" + - "Installation directory: {{ netbox_install_dir }}" + - "Data directory: {{ netbox_data_dir }}" + tags: always + + - name: Show Docker Compose status + command: docker compose ps + args: + chdir: "{{ netbox_install_dir }}" + register: docker_compose_status + changed_when: false + tags: always + + - name: Display Docker Compose status + debug: + var: docker_compose_status.stdout_lines + tags: always diff --git a/playbooks/update-netbox.yml b/playbooks/update-netbox.yml new file mode 100644 index 0000000..c5a16f2 --- /dev/null +++ b/playbooks/update-netbox.yml @@ -0,0 +1,43 @@ +--- +- name: Update NetBox Docker Repository + hosts: netbox + become: yes + gather_facts: no + + tasks: + - name: Update NetBox Docker repository + git: + repo: "{{ netbox_repo_url }}" + dest: "{{ netbox_install_dir }}" + version: "{{ netbox_repo_branch }}" + update: yes + force: yes + tags: + - update-repo + + - name: Pull latest Docker images + docker_compose: + project_src: "{{ netbox_install_dir }}" + pull: yes + tags: + - pull-images + + - name: Restart NetBox services + docker_compose: + project_src: "{{ netbox_install_dir }}" + state: present + recreate: yes + tags: + - restart-services + + - name: Wait for NetBox to be ready + uri: + url: "http://localhost:8000/" + method: GET + status_code: 200 + register: netbox_ready + until: netbox_ready.status == 200 + retries: 30 + delay: 10 + tags: + - health-check diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..4a7d763 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,7 @@ +--- +# Ansible Collections Requirements +collections: + - name: community.docker + version: ">=3.0.0" + - name: ansible.posix + version: ">=1.0.0" diff --git a/roles/docker-install/defaults/main.yml b/roles/docker-install/defaults/main.yml new file mode 100644 index 0000000..0b79e98 --- /dev/null +++ b/roles/docker-install/defaults/main.yml @@ -0,0 +1,7 @@ +--- +# Default variables for docker-install role +docker_compose_version: "2.24.0" +docker_compose_install_path: "/usr/local/bin/docker-compose" +docker_users: [] +docker_daemon_config: {} +docker_install_compose: true diff --git a/roles/docker-install/handlers/main.yml b/roles/docker-install/handlers/main.yml new file mode 100644 index 0000000..27f9043 --- /dev/null +++ b/roles/docker-install/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart docker + systemd: + name: docker + state: restarted diff --git a/roles/docker-install/meta/main.yml b/roles/docker-install/meta/main.yml new file mode 100644 index 0000000..d2a9f8f --- /dev/null +++ b/roles/docker-install/meta/main.yml @@ -0,0 +1,19 @@ +--- +galaxy_info: + author: NetBox Ansible Deployment + description: Installs Docker and Docker Compose on Ubuntu + company: Internal + license: MIT + min_ansible_version: 2.9 + platforms: + - name: Ubuntu + versions: + - focal + - jammy + - noble + galaxy_tags: + - docker + - ubuntu + - containers + +dependencies: [] diff --git a/roles/docker-install/tasks/main.yml b/roles/docker-install/tasks/main.yml new file mode 100644 index 0000000..36d9e4b --- /dev/null +++ b/roles/docker-install/tasks/main.yml @@ -0,0 +1,70 @@ +--- +- name: Add Docker GPG key + apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + state: present + tags: + - docker-install + - gpg-key + +- name: Add Docker repository + apt_repository: + repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" + state: present + update_cache: yes + tags: + - docker-install + - repository + +- name: Install Docker packages + apt: + name: + - docker-ce + - docker-ce-cli + - containerd.io + - docker-buildx-plugin + - docker-compose-plugin + state: present + tags: + - docker-install + - packages + +- name: Start and enable Docker service + systemd: + name: docker + state: started + enabled: yes + tags: + - docker-install + - service + +- name: Add users to docker group + user: + name: "{{ item }}" + groups: docker + append: yes + loop: "{{ docker_users }}" + tags: + - docker-install + - users + +- name: Install Docker Compose standalone (if enabled) + get_url: + url: "https://github.com/docker/compose/releases/download/v{{ docker_compose_version }}/docker-compose-linux-x86_64" + dest: "{{ docker_compose_install_path }}" + mode: '0755' + when: docker_install_compose + tags: + - docker-install + - compose + +- name: Configure Docker daemon (if config provided) + copy: + content: "{{ docker_daemon_config | to_nice_json }}" + dest: /etc/docker/daemon.json + mode: '0644' + when: docker_daemon_config is defined and docker_daemon_config | length > 0 + notify: restart docker + tags: + - docker-install + - daemon-config diff --git a/roles/docker-install/vars/main.yml b/roles/docker-install/vars/main.yml new file mode 100644 index 0000000..c215aed --- /dev/null +++ b/roles/docker-install/vars/main.yml @@ -0,0 +1,7 @@ +--- +# Variables for docker-install role +docker_compose_version: "2.24.0" +docker_compose_install_path: "/usr/local/bin/docker-compose" +docker_users: [] +docker_daemon_config: {} +docker_install_compose: true diff --git a/roles/netbox-deploy/defaults/main.yml b/roles/netbox-deploy/defaults/main.yml new file mode 100644 index 0000000..4a474a6 --- /dev/null +++ b/roles/netbox-deploy/defaults/main.yml @@ -0,0 +1,40 @@ +--- +# Default variables for netbox-deploy role +netbox_install_dir: "/opt/netbox-docker" +netbox_repo_url: "https://github.com/netbox-community/netbox-docker.git" +netbox_repo_branch: "release" +netbox_repo_update: true +netbox_backup_dir: "/opt/netbox-backups" +netbox_data_dir: "/opt/netbox-data" + +# NetBox configuration +netbox_superuser_name: "admin" +netbox_superuser_email: "admin@example.com" +netbox_superuser_password: "admin" +netbox_secret_key: "" + +# Database configuration +netbox_db_host: "db" +netbox_db_name: "netbox" +netbox_db_user: "netbox" +netbox_db_password: "netbox" +netbox_db_port: "5432" + +# Redis configuration +netbox_redis_host: "redis" +netbox_redis_port: "6379" +netbox_redis_password: "" + +# NetBox settings +netbox_allowed_hosts: "localhost,127.0.0.1" +netbox_time_zone: "UTC" +netbox_language_code: "en" +netbox_debug: false +netbox_log_level: "INFO" + +# Docker Compose overrides +netbox_docker_compose_overrides: + services: + netbox: + ports: + - "8000:8080" diff --git a/roles/netbox-deploy/meta/main.yml b/roles/netbox-deploy/meta/main.yml new file mode 100644 index 0000000..d6e9860 --- /dev/null +++ b/roles/netbox-deploy/meta/main.yml @@ -0,0 +1,19 @@ +--- +galaxy_info: + author: NetBox Ansible Deployment + description: Deploys NetBox using Docker Compose + company: Internal + license: MIT + min_ansible_version: 2.9 + platforms: + - name: Ubuntu + versions: + - focal + - jammy + - noble + galaxy_tags: + - netbox + - docker + - deployment + +dependencies: [] diff --git a/roles/netbox-deploy/tasks/main.yml b/roles/netbox-deploy/tasks/main.yml new file mode 100644 index 0000000..9e37348 --- /dev/null +++ b/roles/netbox-deploy/tasks/main.yml @@ -0,0 +1,144 @@ +--- +- name: Create NetBox installation directory + file: + path: "{{ netbox_install_dir }}" + state: directory + owner: root + group: root + mode: '0755' + tags: + - netbox-deploy + - directories + +- name: Create NetBox data directory + file: + path: "{{ netbox_data_dir }}" + state: directory + owner: root + group: root + mode: '0755' + tags: + - netbox-deploy + - directories + +- name: Create NetBox backup directory + file: + path: "{{ netbox_backup_dir }}" + state: directory + owner: root + group: root + mode: '0755' + tags: + - netbox-deploy + - directories + +- name: Clone NetBox Docker repository + git: + repo: "{{ netbox_repo_url }}" + dest: "{{ netbox_install_dir }}" + version: "{{ netbox_repo_branch }}" + update: "{{ netbox_repo_update }}" + force: yes + tags: + - netbox-deploy + - git-clone + +- name: Generate NetBox secret key + set_fact: + netbox_secret_key: "{{ netbox_secret_key | default(128 | random_string) }}" + when: netbox_secret_key == "" + tags: + - netbox-deploy + - config + +- name: Create NetBox environment file + template: + src: netbox.env.j2 + dest: "{{ netbox_install_dir }}/env/netbox.env" + mode: '0644' + tags: + - netbox-deploy + - config + +- name: Create PostgreSQL environment file + template: + src: postgres.env.j2 + dest: "{{ netbox_install_dir }}/env/postgres.env" + mode: '0644' + tags: + - netbox-deploy + - config + +- name: Create Redis environment file + template: + src: redis.env.j2 + dest: "{{ netbox_install_dir }}/env/redis.env" + mode: '0644' + tags: + - netbox-deploy + - config + +- name: Create Redis Cache environment file + template: + src: redis-cache.env.j2 + dest: "{{ netbox_install_dir }}/env/redis-cache.env" + mode: '0644' + tags: + - netbox-deploy + - config + +- name: Create Docker Compose override file + template: + src: docker-compose.override.yml.j2 + dest: "{{ netbox_install_dir }}/docker-compose.override.yml" + mode: '0644' + tags: + - netbox-deploy + - config + +- name: Pull Docker images + docker_compose: + project_src: "{{ netbox_install_dir }}" + pull: yes + tags: + - netbox-deploy + - docker-pull + +- name: Start NetBox services + docker_compose: + project_src: "{{ netbox_install_dir }}" + state: present + tags: + - netbox-deploy + - docker-start + +- name: Wait for NetBox to be ready + uri: + url: "http://localhost:8000/" + method: GET + status_code: 200 + register: netbox_ready + until: netbox_ready.status == 200 + retries: 30 + delay: 10 + tags: + - netbox-deploy + - health-check + +- name: Create NetBox superuser + docker_compose: + project_src: "{{ netbox_install_dir }}" + command: "netbox /opt/netbox/netbox/manage.py createsuperuser --noinput --username {{ netbox_superuser_name }} --email {{ netbox_superuser_email }}" + register: superuser_result + failed_when: superuser_result.rc != 0 and "already exists" not in superuser_result.stderr + tags: + - netbox-deploy + - superuser + +- name: Set NetBox superuser password + docker_compose: + project_src: "{{ netbox_install_dir }}" + command: "netbox /opt/netbox/netbox/manage.py shell -c \"from django.contrib.auth import get_user_model; User = get_user_model(); u = User.objects.get(username='{{ netbox_superuser_name }}'); u.set_password('{{ netbox_superuser_password }}'); u.save()\"" + tags: + - netbox-deploy + - superuser diff --git a/roles/netbox-deploy/templates/docker-compose.override.yml.j2 b/roles/netbox-deploy/templates/docker-compose.override.yml.j2 new file mode 100644 index 0000000..9c040ba --- /dev/null +++ b/roles/netbox-deploy/templates/docker-compose.override.yml.j2 @@ -0,0 +1,4 @@ +# Docker Compose Override Configuration +# Generated by Ansible - DO NOT EDIT MANUALLY + +{{ netbox_docker_compose_overrides | to_nice_yaml }} diff --git a/roles/netbox-deploy/templates/netbox.env.j2 b/roles/netbox-deploy/templates/netbox.env.j2 new file mode 100644 index 0000000..004c85a --- /dev/null +++ b/roles/netbox-deploy/templates/netbox.env.j2 @@ -0,0 +1,43 @@ +# NetBox Configuration +# Generated by Ansible - DO NOT EDIT MANUALLY + +# Database Configuration +DB_HOST={{ netbox_db_host }} +DB_NAME={{ netbox_db_name }} +DB_USER={{ netbox_db_user }} +DB_PASSWORD={{ netbox_db_password }} +DB_PORT={{ netbox_db_port }} + +# Redis Configuration (Main Redis) +REDIS_HOST={{ netbox_redis_host }} +REDIS_PORT={{ netbox_redis_port }} +{% if netbox_redis_password %} +REDIS_PASSWORD={{ netbox_redis_password }} +{% endif %} + +# Redis Cache Configuration +REDIS_CACHE_HOST={{ netbox_redis_cache_host }} +REDIS_CACHE_PORT={{ netbox_redis_cache_port }} +{% if netbox_redis_cache_password %} +REDIS_CACHE_PASSWORD={{ netbox_redis_cache_password }} +{% endif %} + +# NetBox Settings +SECRET_KEY={{ netbox_secret_key }} +ALLOWED_HOSTS={{ netbox_allowed_hosts }} +TIME_ZONE={{ netbox_time_zone }} +LANGUAGE_CODE={{ netbox_language_code }} +DEBUG={{ netbox_debug | lower }} +LOG_LEVEL={{ netbox_log_level }} + +# Superuser Configuration +SUPERUSER_NAME={{ netbox_superuser_name }} +SUPERUSER_EMAIL={{ netbox_superuser_email }} +SUPERUSER_PASSWORD={{ netbox_superuser_password }} + +# Additional NetBox Configuration +{% if netbox_additional_env is defined %} +{% for key, value in netbox_additional_env.items() %} +{{ key }}={{ value }} +{% endfor %} +{% endif %} diff --git a/roles/netbox-deploy/templates/postgres.env.j2 b/roles/netbox-deploy/templates/postgres.env.j2 new file mode 100644 index 0000000..32f8d60 --- /dev/null +++ b/roles/netbox-deploy/templates/postgres.env.j2 @@ -0,0 +1,14 @@ +# PostgreSQL Configuration +# Generated by Ansible - DO NOT EDIT MANUALLY + +POSTGRES_DB={{ netbox_db_name }} +POSTGRES_USER={{ netbox_db_user }} +POSTGRES_PASSWORD={{ netbox_db_password }} +POSTGRES_PORT={{ netbox_db_port }} + +# Additional PostgreSQL Configuration +{% if netbox_postgres_additional_env is defined %} +{% for key, value in netbox_postgres_additional_env.items() %} +{{ key }}={{ value }} +{% endfor %} +{% endif %} diff --git a/roles/netbox-deploy/templates/redis-cache.env.j2 b/roles/netbox-deploy/templates/redis-cache.env.j2 new file mode 100644 index 0000000..feba3ff --- /dev/null +++ b/roles/netbox-deploy/templates/redis-cache.env.j2 @@ -0,0 +1,13 @@ +# Redis Cache Configuration +# Generated by Ansible - DO NOT EDIT MANUALLY + +{% if netbox_redis_cache_password %} +REDIS_PASSWORD={{ netbox_redis_cache_password }} +{% endif %} + +# Additional Redis Cache Configuration +{% if netbox_redis_cache_additional_env is defined %} +{% for key, value in netbox_redis_cache_additional_env.items() %} +{{ key }}={{ value }} +{% endfor %} +{% endif %} diff --git a/roles/netbox-deploy/templates/redis.env.j2 b/roles/netbox-deploy/templates/redis.env.j2 new file mode 100644 index 0000000..38a1d6b --- /dev/null +++ b/roles/netbox-deploy/templates/redis.env.j2 @@ -0,0 +1,13 @@ +# Redis Configuration (Main Redis) +# Generated by Ansible - DO NOT EDIT MANUALLY + +{% if netbox_redis_password %} +REDIS_PASSWORD={{ netbox_redis_password }} +{% endif %} + +# Additional Redis Configuration +{% if netbox_redis_additional_env is defined %} +{% for key, value in netbox_redis_additional_env.items() %} +{{ key }}={{ value }} +{% endfor %} +{% endif %} \ No newline at end of file diff --git a/roles/netbox-deploy/vars/main.yml b/roles/netbox-deploy/vars/main.yml new file mode 100644 index 0000000..e9e4496 --- /dev/null +++ b/roles/netbox-deploy/vars/main.yml @@ -0,0 +1,8 @@ +--- +# Variables for netbox-deploy role +netbox_install_dir: "/opt/netbox-docker" +netbox_repo_url: "https://github.com/netbox-community/netbox-docker.git" +netbox_repo_branch: "release" +netbox_repo_update: true +netbox_backup_dir: "/opt/netbox-backups" +netbox_data_dir: "/opt/netbox-data" diff --git a/roles/system-update/defaults/main.yml b/roles/system-update/defaults/main.yml new file mode 100644 index 0000000..748d53d --- /dev/null +++ b/roles/system-update/defaults/main.yml @@ -0,0 +1,12 @@ +--- +# Default variables for system-update role +system_update_packages: + - apt-transport-https + - ca-certificates + - curl + - gnupg + - lsb-release + - software-properties-common + +system_update_reboot_if_needed: false +system_update_autoremove: true diff --git a/roles/system-update/meta/main.yml b/roles/system-update/meta/main.yml new file mode 100644 index 0000000..e7df1e0 --- /dev/null +++ b/roles/system-update/meta/main.yml @@ -0,0 +1,19 @@ +--- +galaxy_info: + author: NetBox Ansible Deployment + description: Updates Ubuntu system packages + company: Internal + license: MIT + min_ansible_version: 2.9 + platforms: + - name: Ubuntu + versions: + - focal + - jammy + - noble + galaxy_tags: + - system + - ubuntu + - updates + +dependencies: [] diff --git a/roles/system-update/tasks/main.yml b/roles/system-update/tasks/main.yml new file mode 100644 index 0000000..492188b --- /dev/null +++ b/roles/system-update/tasks/main.yml @@ -0,0 +1,47 @@ +--- +- name: Update apt package cache + apt: + update_cache: yes + cache_valid_time: 3600 + tags: + - system-update + - apt-update + +- name: Upgrade all packages + apt: + upgrade: dist + autoremove: "{{ system_update_autoremove }}" + register: apt_upgrade_result + tags: + - system-update + - apt-upgrade + +- name: Install required packages + apt: + name: "{{ system_update_packages }}" + state: present + tags: + - system-update + - packages + +- name: Check if reboot is required + stat: + path: /var/run/reboot-required + register: reboot_required + tags: + - system-update + - reboot-check + +- name: Reboot if required and enabled + reboot: + msg: "Reboot initiated by Ansible for system updates" + connect_timeout: 5 + reboot_timeout: 600 + pre_reboot_delay: 0 + post_reboot_delay: 30 + when: + - reboot_required.stat.exists + - system_update_reboot_if_needed + tags: + - system-update + - reboot diff --git a/roles/system-update/vars/main.yml b/roles/system-update/vars/main.yml new file mode 100644 index 0000000..aca38f7 --- /dev/null +++ b/roles/system-update/vars/main.yml @@ -0,0 +1,9 @@ +--- +# Variables for system-update role +system_update_packages: + - apt-transport-https + - ca-certificates + - curl + - gnupg + - lsb-release + - software-properties-common