ViMaSter/ansible-infra
0
0
Fork 0
forked from CCCHH/ansible-infra
Code Pull requests Activity
ansible-infra/ansible_collections/debops/debops/roles/netbox/defaults/main.yml

1129 lines
46 KiB
YAML
Raw Blame History

---
# .. vim: foldmarker=[[[,]]]:foldmethod=marker
# .. Copyright (C) 2016 Maciej Delmanowski <drybjed@gmail.com>
# .. Copyright (C) 2016 DebOps <https://debops.org/>
# .. SPDX-License-Identifier: GPL-3.0-only
# .. _netbox__ref_defaults:
# debops.netbox default variables [[[
# ===================================
# .. contents:: Sections
# :local:
#
# .. include:: ../../../../includes/global.rst
# Domain name configuration [[[
# -----------------------------
# .. envvar:: netbox__fqdn [[[
#
# String or list of the Fully Qualified domain names on which the NetBox
# application will be available, used by the webserver. The first item will be
# used as the e-mail sender domain name.
netbox__fqdn: [ 'dcim.{{ netbox__domain }}', 'ipam.{{ netbox__domain }}' ]
# ]]]
# .. envvar:: netbox__domain [[[
#
# The DNS domain used by other variables in the ``debops.netbox`` role.
netbox__domain: '{{ ansible_domain }}'
# ]]]
# ]]]
# Primary/Standby configuration [[[
# -----------------------------
# .. envvar:: netbox__primary [[[
#
# Boolean to define if the instance of NetBox will be primary or not.
# True: This instance will become primary and needs read and write
# database access.
# False: This instance will become standby,
# "netbox__config_maintenance_mode" will be set to True and
# "netbox__config_session_file_path" will be populated.
netbox__primary: True
# ]]]
# ]]]
# APT packages [[[
# ----------------
# .. envvar:: netbox__base_packages [[[
#
# List of APT packages which are required by the NetBox application.
netbox__base_packages:
- 'git'
- 'build-essential'
- 'libxml2-dev'
- 'libxslt1-dev'
- 'libffi-dev'
- 'graphviz'
- 'libpq-dev'
- 'libssl-dev'
- '{{ ["libldap2-dev", "libsasl2-dev"]
if netbox__ldap_enabled | bool
else [] }}'
# ]]]
# .. envvar:: netbox__packages [[[
#
# List of additional APT packages to install with NetBox.
netbox__packages: []
# ]]]
# ]]]
# Application user, group, home [[[
# ---------------------------------
# .. envvar:: netbox__user [[[
#
# Name of the UNIX system account used to manage NetBox.
netbox__user: 'netbox'
# ]]]
# .. envvar:: netbox__group [[[
#
# Name of the UNIX primary group used to manage NetBox.
netbox__group: 'netbox'
# ]]]
# .. envvar:: netbox__gecos [[[
#
# Contents of the GECOS field set for the NetBox account.
netbox__gecos: 'NetBox'
# ]]]
# .. envvar:: netbox__shell [[[
#
# The default shell set on the NetBox account.
netbox__shell: '/usr/sbin/nologin'
# ]]]
# .. envvar:: netbox__napalm_ssh_generate [[[
#
# Generate :file:`~/.ssh/id_rsa` SSH private and public key if it doesn't
# exist.
netbox__napalm_ssh_generate: False
# ]]]
# .. envvar:: netbox__napalm_ssh_generate_bits [[[
#
# Size of the generated SSH key.
netbox__napalm_ssh_generate_bits: '2048'
# ]]]
# ]]]
# Directory paths [[[
# -------------------
# .. envvar:: netbox__home [[[
#
# The NetBox account home directory.
netbox__home: '{{ (ansible_local.fhs.home | d("/var/local"))
+ "/" + netbox__user }}'
# ]]]
# .. envvar:: netbox__src [[[
#
# Directory where the role stores NetBox sources from GitHub.
netbox__src: '{{ (ansible_local.fhs.src | d("/usr/local/src"))
+ "/" + netbox__user }}'
# ]]]
# .. envvar:: netbox__lib [[[
#
# Directory where the NetBox application directory is located.
netbox__lib: '{{ (ansible_local.fhs.lib | d("/usr/local/lib"))
+ "/" + netbox__user }}'
# ]]]
# .. envvar:: netbox__data [[[
#
# Directory where custom NetBox data (images, scripts) outside of the database
# is stored.
netbox__data: '{{ (ansible_local.fhs.data | d("/srv"))
+ "/" + netbox__user }}'
# ]]]
# .. envvar:: netbox__bin [[[
#
# Directory where helper scripts for NetBox power users are stored.
netbox__bin: '{{ ansible_local.fhs.bin | d("/usr/local/bin") }}'
# ]]]
# ]]]
# Application sources and deployment [[[
# --------------------------------------
# .. envvar:: netbox__git_gpg_key_id [[[
#
# The GPG ID of the key used for signing NetBox releases. At the moment the
# releases are signed using GitHub GPG key.
netbox__git_gpg_key_id: '5DE3 E050 9C47 EA3C F04A 42D3 4AEE 18F8 3AFD EB23'
# ]]]
# .. envvar:: netbox__git_repo [[[
#
# The URI of the NetBox :command:`git` source repository.
netbox__git_repo: 'https://github.com/netbox-community/netbox.git'
# ]]]
# .. envvar:: netbox__git_version [[[
#
# The :command:`git` branch or tag which will be installed.
netbox__git_version: 'v4.4.1'
# ]]]
# .. envvar:: netbox__git_dest [[[
#
# Path where the :command:`git` source bare repository will be stored.
netbox__git_dest: '{{ netbox__src + "/" + netbox__git_repo.split("://")[1] }}'
# ]]]
# .. envvar:: netbox__git_checkout [[[
#
# Path where NetBox sources will be checked out (installation path).
netbox__git_checkout: '{{ netbox__virtualenv + "/app" }}'
# ]]]
# ]]]
# Python virtualenv configuration [[[
# -----------------------------------
# .. envvar:: netbox__virtualenv_version [[[
#
# Beginning with v2.5, NetBox will no longer support Python 2.
# When this is set to `3` a **new** Python 3 `virtualenv` environment will be
# created next to the old one.
# Valid values are `3` or an empty string.
# This option is scheduled for removal in 2022-12.
netbox__virtualenv_version: '{{ ""
if (netbox__git_version | regex_search("^v?[0-9\.]+")
and netbox__git_version | replace("v", "") is version("2.5", "<"))
else "3" }}'
# ]]]
# .. envvar:: netbox__virtualenv [[[
#
# Path where the NetBox ``virtualenv`` directory will be stored.
netbox__virtualenv: '{{ netbox__lib + "/virtualenv" }}'
# ]]]
# .. envvar:: netbox__virtualenv_env_path [[[
#
# The contents of the ``$PATH`` environment variable set for the Ansible tasks
# which are executed inside of the NetBox Python environment.
netbox__virtualenv_env_path: '{{ netbox__virtualenv }}/bin:/usr/local/bin:/usr/bin:/bin'
# ]]]
# .. envvar:: netbox__virtualenv_pip_packages [[[
#
# List of additional Python modules installed inside of the NetBox
# ``virtualenv`` environment. See :ref:`netbox__ref_virtualenv_pip_packages`
# for more details.
netbox__virtualenv_pip_packages:
- name: 'gunicorn'
version: '{{ ansible_local.gunicorn.version | d(omit) }}'
- 'setproctitle'
- name: 'django-auth-ldap'
state: '{{ "present" if netbox__ldap_enabled | bool else "ignore" }}'
# ]]]
# ]]]
# PostgreSQL database configuration [[[
# -------------------------------------
# The NetBox database configuration is managed by the :ref:`debops.postgresql`
# Ansible role. See its documentation for details about the default variable
# values used in the NetBox role.
# .. envvar:: netbox__database_host [[[
#
# The hostname or IP address of the PostgreSQL database server to use for the
# NetBox database.
netbox__database_host: '{{ ansible_local.postgresql.server | d("localhost") }}'
# ]]]
# .. envvar:: netbox__database_port [[[
#
# The TCP port of the PostgreSQL database server which should be used by NetBox.
netbox__database_port: '{{ ansible_local.postgresql.port | d("5432") }}'
# ]]]
# .. envvar:: netbox__database_name [[[
#
# Name of the PostgreSQL database and its corresponding role used by NetBox.
# This role won't be able to login to the database server directly.
netbox__database_name: 'netbox_production'
# ]]]
# .. envvar:: netbox__database_user [[[
#
# Name of the PostgreSQL role used by NetBox. This role will be able to login
# to the PostgreSQL server and access the NetBox database.
netbox__database_user: '{{ netbox__user }}'
# ]]]
# .. envvar:: netbox__database_password [[[
#
# Autogenerated password to the NetBox PostgreSQL user role.
netbox__database_password: '{{ lookup("password", secret + "/postgresql/" +
(ansible_local.postgresql.delegate_to | d("localhost")) + "/" +
(ansible_local.postgresql.port | d("5432")) + "/credentials/" +
netbox__database_user + "/password") }}'
# ]]]
# .. envvar:: netbox__load_initial_data [[[
#
# If ``True``, the role will populate the NetBox database with the initial data
# provided with the application on installation.
netbox__load_initial_data: True
# ]]]
# ]]]
# Redis database configuration [[[
# --------------------------------
# The Redis database configuration is managed by the :ref:`debops.redis_server`
# Ansible role. See its documentation for details about the default variable
# values used in the NetBox role.
# .. envvar:: netbox__redis_host [[[
#
# Define hostname of the Redis server to use.
netbox__redis_host: '{{ ansible_local.redis_server.host | d("localhost") }}'
# ]]]
# .. envvar:: netbox__redis_port [[[
#
# Define port of Redis server to use.
netbox__redis_port: '{{ ansible_local.redis_server.port | d("6379") }}'
# ]]]
# .. envvar:: netbox__redis_password [[[
#
# Define the Redis authentication password to use.
netbox__redis_password: '{{ ansible_local.redis_server.password | d("") }}'
# ]]]
# .. envvar:: netbox__redis_database [[[
#
# Specify which Redis database to use for NetBox.
netbox__redis_database: '0'
# ]]]
# .. envvar:: netbox__redis_cache_database [[[
#
# Specify which Redis database to use for NetBox cache.
netbox__redis_cache_database: '{{ (netbox__redis_database | int + 1) }}'
# ]]]
# .. envvar:: netbox__redis_ssl [[[
#
# Enable or disable support for encrypted connections to Redis. Currently this
# option has no support in DebOps.
netbox__redis_ssl: False
# ]]]
# ]]]
# LDAP environment [[[
# --------------------
# .. envvar:: netbox__ldap_enabled [[[
#
# Enable or disable support for LDAP authentication in NetBox.
netbox__ldap_enabled: '{{ True
if (ansible_local | d() and ansible_local.ldap | d() and
(ansible_local.ldap.enabled | d()) | bool)
else False }}'
# ]]]
# .. envvar:: netbox__ldap_base_dn [[[
#
# The base Distinguished Name which should be used to create Distinguished
# Names of the LDAP directory objects, defined as a YAML list. If this variable
# is empty, LDAP configuration will not be performed.
netbox__ldap_base_dn: '{{ ansible_local.ldap.base_dn | d([]) }}'
# ]]]
# .. envvar:: netbox__ldap_device_dn [[[
#
# The Distinguished Name of the current host LDAP object, defined as a YAML
# list. It will be used as a base for the NetBox service account LDAP
# object. If the list is empty, the role will not create the account LDAP
# object automatically.
netbox__ldap_device_dn: '{{ ansible_local.ldap.device_dn | d([]) }}'
# ]]]
# .. envvar:: netbox__ldap_self_rdn [[[
#
# The Relative Distinguished Name of the account LDAP object used by the
# NetBox service to access the LDAP directory.
netbox__ldap_self_rdn: 'uid=netbox'
# ]]]
# .. envvar:: netbox__ldap_self_object_classes [[[
#
# List of the LDAP object classes which will be used to create the LDAP object
# used by the NetBox service to access the LDAP directory.
netbox__ldap_self_object_classes: [ 'account', 'simpleSecurityObject' ]
# ]]]
# .. envvar:: netbox__ldap_self_attributes [[[
#
# YAML dictionary that defines the attributes of the LDAP object used by the
# NetBox service to access the LDAP directory.
netbox__ldap_self_attributes:
uid: '{{ netbox__ldap_self_rdn.split("=")[1] }}'
userPassword: '{{ netbox__ldap_bindpw }}'
host: '{{ [ansible_fqdn, ansible_hostname] | unique }}'
description: 'Account used by the "NetBox" service to access the LDAP directory'
# ]]]
# .. envvar:: netbox__ldap_binddn [[[
#
# The Distinguished Name of the account LDAP object used by the
# NetBox service to bind to the LDAP directory.
netbox__ldap_binddn: '{{ ([netbox__ldap_self_rdn] + netbox__ldap_device_dn) | join(",") }}'
# ]]]
# .. envvar:: netbox__ldap_bindpw [[[
#
# The password stored in the account LDAP object used by the NetBox service
# to bind to the LDAP directory.
netbox__ldap_bindpw: '{{ (lookup("password", secret + "/ldap/credentials/"
+ netbox__ldap_binddn | to_uuid + ".password length=32"))
if netbox__ldap_enabled | bool
else "" }}'
# ]]]
# .. envvar:: netbox__ldap_people_rdn [[[
#
# The Relative Distinguished Name of the LDAP object which contains the user
# accounts stored in LDAP.
netbox__ldap_people_rdn: '{{ ansible_local.ldap.people_rdn | d("ou=People") }}'
# ]]]
# .. envvar:: netbox__ldap_people_dn [[[
#
# The Distinguished Name of the LDAP object which contains the user accounts
# used by NetBox.
netbox__ldap_people_dn: '{{ [netbox__ldap_people_rdn] + netbox__ldap_base_dn }}'
# ]]]
# .. envvar:: netbox__ldap_group_authentication_enabled [[[
#
# Enable or disable user authentication using LDAP groups.
netbox__ldap_group_authentication_enabled: True
# ]]]
# .. envvar:: netbox__ldap_private_groups [[[
#
# When this variable is enabled, the :ref:`debops.ldap` role will create
# a separate LDAP objects that manage the NetBox groups as subtree of the
# NetBox service LDAP object. If you set this parameter to ``False``, the
# role will use the global ``ou=Groups,dc=example,dc=org`` subtree instead.
netbox__ldap_private_groups: True
# ]]]
# .. envvar:: netbox__ldap_groups_rdn [[[
#
# The Relative Distinguished Name of the LDAP object which contains the groups
# stored in LDAP.
netbox__ldap_groups_rdn: '{{ ansible_local.ldap.groups_rdn | d("ou=Groups") }}'
# ]]]
# .. envvar:: netbox__ldap_groups_dn [[[
#
# The Distinguished Name of the LDAP object which contains the groups used by
# NetBox. If private groups are enabled, this object will be created
# automatically.
netbox__ldap_groups_dn: '{{ ([netbox__ldap_groups_rdn, netbox__ldap_self_rdn]
+ netbox__ldap_device_dn)
if netbox__ldap_private_groups | bool
else ([netbox__ldap_groups_rdn] + netbox__ldap_base_dn) }}'
# ]]]
# .. envvar:: netbox__ldap_user_group_rdn [[[
#
# The Relative Distinguished Name of the LDAP object which defines the group of
# NetBox users on a given NetBox instance.
netbox__ldap_user_group_rdn: 'cn=NetBox Users'
# ]]]
# .. envvar:: netbox__ldap_user_group_dn [[[
#
# The Distinguished Name of the LDAP object which defines who defines the group
# of NetBox users on a given NetBox instance.
netbox__ldap_user_group_dn: '{{ [netbox__ldap_user_group_rdn]
+ netbox__ldap_groups_dn }}'
# ]]]
# .. envvar:: netbox__ldap_user_active_group_rdn [[[
#
# The Relative Distinguished Name of the LDAP object which defines who has
# active access to a given NetBox instance.
netbox__ldap_user_active_group_rdn: 'cn=NetBox Active Users'
# ]]]
# .. envvar:: netbox__ldap_user_active_group_dn [[[
#
# The Distinguished Name of the LDAP object which defines who has
# access to a given NetBox instance.
netbox__ldap_user_active_group_dn: '{{ [netbox__ldap_user_active_group_rdn]
+ netbox__ldap_groups_dn }}'
# ]]]
# .. envvar:: netbox__ldap_user_staff_group_rdn [[[
#
# The Relative Distinguished Name of the LDAP object which defines who has
# staff access level to a given NetBox instance and can have permissions in
# NetBox ACL system.
netbox__ldap_user_staff_group_rdn: 'cn=NetBox Staff'
# ]]]
# .. envvar:: netbox__ldap_user_staff_group_dn [[[
#
# The Distinguished Name of the LDAP object which defines who has
# staff access level to a given NetBox instance and can have permissions in
# NetBox ACL system.
netbox__ldap_user_staff_group_dn: '{{ [netbox__ldap_user_staff_group_rdn]
+ netbox__ldap_groups_dn }}'
# ]]]
# .. envvar:: netbox__ldap_user_admin_group_rdn [[[
#
# The Relative Distinguished Name of the LDAP object which defines who has
# superuser access level to a given NetBox instance.
netbox__ldap_user_admin_group_rdn: 'cn=NetBox Administrators'
# ]]]
# .. envvar:: netbox__ldap_user_admin_group_dn [[[
#
# The Distinguished Name of the LDAP object which defines who has
# superuser access level to a given NetBox instance.
netbox__ldap_user_admin_group_dn: '{{ [netbox__ldap_user_admin_group_rdn]
+ netbox__ldap_groups_dn }}'
# ]]]
# .. envvar:: netbox__ldap_object_owner_rdn [[[
#
# The Relative Distinguished Name of the LDAP object of the person who
# installed a given NetBox instance and is used as the owner of the "NetBox
# Administrators" group.
netbox__ldap_object_owner_rdn: 'uid={{ lookup("env", "USER") }}'
# ]]]
# .. envvar:: netbox__ldap_object_ownerdn [[[
#
# The Distinguished Name of the LDAP object of the person who installed a given
# NetBox instance and is used as the owner of the "NetBox Administrators"
# group, defined as a string.
netbox__ldap_object_ownerdn: '{{ ([netbox__ldap_object_owner_rdn, netbox__ldap_people_rdn]
+ netbox__ldap_base_dn) | join(",") }}'
# ]]]
# ]]]
# LDAP connection options [[[
# ---------------------------
# .. envvar:: netbox__ldap_server_uri [[[
#
# The URI address of the LDAP server used by NetBox.
netbox__ldap_server_uri: '{{ ansible_local.ldap.uri | d([""]) | first }}'
# ]]]
# .. envvar:: netbox__ldap_server_port [[[
#
# The TCP port which should be used for connections to the LDAP server.
netbox__ldap_server_port: '{{ ansible_local.ldap.port | d("389" if netbox__ldap_start_tls | bool else "636") }}'
# ]]]
# .. envvar:: netbox__ldap_start_tls [[[
#
# If ``True``, NetBox will use STARTTLS extension to make encrypted
# connections to the LDAP server.
netbox__ldap_start_tls: '{{ ansible_local.ldap.start_tls
if (ansible_local | d() and ansible_local.ldap | d() and
(ansible_local.ldap.start_tls | d()) | bool)
else True }}'
# ]]]
# .. envvar:: netbox__ldap_user_filter [[[
#
# The LDAP filter used to look up user accounts in the directory.
netbox__ldap_user_filter: '(uid=%(user)s)'
# ]]]
# ]]]
# NetBox configuration options [[[
# --------------------------------
# .. envvar:: netbox__config_allowed_hosts [[[
#
# List of domain names under which the NetBox application will accept
# connections. Specify ``*`` to accept connections to any domain name.
netbox__config_allowed_hosts: '{{ netbox__fqdn }}'
# ]]]
# .. envvar:: netbox__config_secret_key [[[
#
# The Django secret key used by the NetBox application. It will be shared by
# all hosts on the same domain.
netbox__config_secret_key: '{{ lookup("password", secret + "/netbox/" +
netbox__domain + "/config/secret_key length=64") }}'
# ]]]
# .. envvar:: netbox__config_admins [[[
#
# A YAML list of tuples, ``[ 'Name', 'email' ]``, of the NetBox administrators.
# They will receive e-mail messages about NetBox application errors.
#
# By default the role uses the list of private admin e-mails from the
# :ref:`debops.core` Ansible role.
netbox__config_admins: '{{ lookup("template", "lookup/netbox__config_admins.j2") | from_yaml }}'
# ]]]
# .. envvar:: netbox__config_changelog_retention [[[
#
# Maximum number of days to retain logged changes. Set to 0 to retain changes
# indefinitely.
# This overwrites potentially existing `dynamic configuration settings <https://netbox.readthedocs.io/en/stable/configuration/dynamic-settings/>`__.
netbox__config_changelog_retention: 90
# ]]]
# .. envvar:: netbox__config_cors_origin_allow_all [[[
#
# API Cross-Origin Resource Sharing configuration. If ``True``, all origins are
# allowed. See https://github.com/ottoyiu/django-cors-headers for more details.
netbox__config_cors_origin_allow_all: False
# ]]]
# .. envvar:: netbox__config_cors_origin_whitelist [[[
#
# List of allowed CORS origin hostnames.
netbox__config_cors_origin_whitelist: []
# ]]]
# .. envvar:: netbox__config_cors_origin_regex_whitelist [[[
#
# List of allowed CORS origin regex hostnames.
netbox__config_cors_origin_regex_whitelist: []
# ]]]
# .. envvar:: netbox__config_default_language [[[
#
# Set the default preferred language/locale.
netbox__config_default_language: 'en-us'
# ]]]
# .. envvar:: netbox__config_email_server [[[
#
# The address of the SMTP server used by NetBox. By default the application
# uses a locally-installed SMTP server.
netbox__config_email_server: 'localhost'
# ]]]
# .. envvar:: netbox__config_email_port [[[
#
# The TCP port of the SMTP server used by NetBox.
netbox__config_email_port: '25'
# ]]]
# .. envvar:: netbox__config_email_username [[[
#
# The username used to login to the SMTP server.
netbox__config_email_username: ''
# ]]]
# .. envvar:: netbox__config_email_password [[[
#
# The password used to login to the SMTP server.
netbox__config_email_password: ''
# ]]]
# .. envvar:: netbox__config_email_use_tls [[[
#
# Use TLS (previously known as SSL) when connecting to the SMTP server.
netbox__config_email_use_tls: True
# ]]]
# .. envvar:: netbox__config_email_timeout [[[
#
# The SMTP server connection timeout, in seconds.
netbox__config_email_timeout: '10'
# ]]]
# .. envvar:: netbox__config_email_from [[[
#
# The e-mail address for the NetBox application, it will be used in the
# ``From:`` header of the NetBox e-mail messages.
netbox__config_email_from: '{{ netbox__user }}@{{ netbox__fqdn
if netbox__fqdn is string
else netbox__fqdn[0] }}'
# ]]]
# .. envvar:: netbox__config_logging [[[
#
# Optional, custom logging configuration specified as YAML dictionary.
# See https://docs.djangoproject.com/en/1.11/topics/logging for more details.
netbox__config_logging: {}
# ]]]
# .. envvar:: netbox__config_login_required [[[
#
# If ``True``, access to NetBox is only allowed for logged-in users. If
# ``False``, some information stored in the NetBox database is accessible in
# the read-only mode for anonymous users.
netbox__config_login_required: True
# ]]]
# .. envvar:: netbox__config_login_timeout [[[
#
# The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to
# re-authenticate. (Default: 14 days)
netbox__config_login_timeout: '{{ (60 * 60 * 24 * 14) }}'
# ]]]
# .. envvar:: netbox__config_base_path [[[
#
# Set the "base path" of the NetBox application if it's installed in
# a subdirectory of the webserver.
netbox__config_base_path: ''
# ]]]
# .. envvar:: netbox__config_maintenance_mode [[[
#
# Enable or disable maintenance mode banner.
# This overwrites potentially existing `dynamic configuration settings <https://netbox.readthedocs.io/en/stable/configuration/dynamic-settings/>`__.
netbox__config_maintenance_mode: '{{ not netbox__primary | bool }}'
# ]]]
# .. envvar:: netbox__config_paginate_count [[[
#
# Specify maximum number of list items per page.
# This overwrites potentially existing `dynamic configuration settings <https://netbox.readthedocs.io/en/stable/configuration/dynamic-settings/>`__.
netbox__config_paginate_count: '50'
# ]]]
# .. envvar:: netbox__config_max_page_size [[[
#
# Maximum number of objects returned in an API call.
# This overwrites potentially existing `dynamic configuration settings <https://netbox.readthedocs.io/en/stable/configuration/dynamic-settings/>`__.
netbox__config_max_page_size: '1000'
# ]]]
# .. envvar:: netbox__config_maps_url [[[
#
# The URL to use when mapping physical addresses or GPS coordinates.
# Note that NetBox defaults to Google Maps and has no interest in changing or
# even documenting OpenStreetMap.
# See `PR 6272 <https://github.com/netbox-community/netbox/pull/6272>`__.
# This overwrites potentially existing `dynamic configuration settings <https://netbox.readthedocs.io/en/stable/configuration/dynamic-settings/>`__.
netbox__config_maps_url: 'https://www.openstreetmap.org/search?query='
# ]]]
# .. envvar:: netbox__config_time_zone [[[
#
# Specify the timezone used by NetBox.
netbox__config_time_zone: '{{ ansible_local.tzdata.timezone | d("Etc/UTC") }}'
# ]]]
# .. envvar:: netbox__config_date_format [[[
#
# Specify the date format which NetBox uses to display information.
# See https://docs.djangoproject.com/en/dev/ref/templates/builtins/#date for
# more details.
netbox__config_date_format: 'N j, Y'
# ]]]
# .. envvar:: netbox__config_short_date_format [[[
#
# Specify the short date format used by NetBox to display information.
netbox__config_short_date_format: 'Y-m-d'
# ]]]
# .. envvar:: netbox__config_time_format [[[
#
# Specify the time format used by NetBox to display information.
netbox__config_time_format: 'g:i a'
# ]]]
# .. envvar:: netbox__config_short_time_format [[[
#
# Specify the short time format used by NetBox to display information.
netbox__config_short_time_format: 'H:i:s'
# ]]]
# .. envvar:: netbox__config_datetime_format [[[
#
# Specify the date and time format used by NetBox to display information.
netbox__config_datetime_format: 'N j, Y g:i a'
# ]]]
# .. envvar:: netbox__config_short_datetime_format [[[
#
# Specify the short date and time format used by NetBox to display information.
netbox__config_short_datetime_format: 'Y-m-d H:i'
# ]]]
# .. envvar:: netbox__config_banner_top [[[
#
# Specify a custom message displayed on the top of every page.
# This overwrites potentially existing `dynamic configuration settings <https://netbox.readthedocs.io/en/stable/configuration/dynamic-settings/>`__.
netbox__config_banner_top: ''
# ]]]
# .. envvar:: netbox__config_banner_bottom [[[
#
# Specify a custom message displayed on the bottom of every page.
# This overwrites potentially existing `dynamic configuration settings <https://netbox.readthedocs.io/en/stable/configuration/dynamic-settings/>`__.
netbox__config_banner_bottom: ''
# ]]]
# .. envvar:: netbox__config_banner_login [[[
#
# Specify a custom message displayed on the login page above the login from.
# This overwrites potentially existing `dynamic configuration settings <https://netbox.readthedocs.io/en/stable/configuration/dynamic-settings/>`__.
netbox__config_banner_login: ''
# ]]]
# .. envvar:: netbox__config_prefer_ipv4 [[[
#
# By default NetBox prefers to use IPv6 addresses as primary device addresses.
# Set this variable to ``True`` to change that to IPv4 instead.
# This overwrites potentially existing `dynamic configuration settings <https://netbox.readthedocs.io/en/stable/configuration/dynamic-settings/>`__.
netbox__config_prefer_ipv4: False
# ]]]
# .. envvar:: netbox__config_census_reporting [[[
#
# Enables anonymous census reporting. To opt out of census reporting, set this
# to ``False``.
netbox__config_census_reporting: True
# ]]]
# .. envvar:: netbox__config_enforce_global_unique [[[
#
# If enabled, NetBox will enforce unique IP space in the "global" table (all
# prefixes and IP addresses not included in a VRF).
# This overwrites potentially existing `dynamic configuration settings <https://netbox.readthedocs.io/en/stable/configuration/dynamic-settings/>`__.
netbox__config_enforce_global_unique: False
# ]]]
# .. envvar:: netbox__config_exempt_view_permissions [[[
#
# Exempt certain models from the enforcement of view permissions. Models listed
# here will be viewable by all users and by anonymous users. List models in the
# form `<app>.<model>`. Add '*' to this list to exempt all models.
netbox__config_exempt_view_permissions: []
# ]]]
# .. envvar:: netbox__config_metrics_enabled [[[
#
# When enabled, expose Prometheus monitoring metrics at the HTTP endpoint
# '/metrics'.
netbox__config_metrics_enabled: False
# ]]]
# .. envvar:: netbox__config_session_file_path [[[
#
# By default, NetBox will store session data in the database. Alternatively,
# a file path can be specified here to use local file storage instead. (This
# can be useful for enabling authentication on a standby instance with
# read-only database access.) Note that the user as which NetBox runs must have
# read and write permissions to this path.
netbox__config_session_file_path: '{{ "" if netbox__primary | bool else netbox__data + "/sessions" }}'
# ]]]
# .. envvar:: netbox__config_media_root [[[
#
# Absolute path where NetBox stores uploaded media files.
netbox__config_media_root: '{{ netbox__data + "/media" }}'
# ]]]
# .. envvar:: netbox__config_reports_root [[[
#
# Absolute path where NetBox reports (Python modules) are stored.
netbox__config_reports_root: '{{ netbox__data + "/reports" }}'
# ]]]
# .. envvar:: netbox__config_scripts_root [[[
#
# Absolute path where NetBox scripts (Python modules) are stored.
netbox__config_scripts_root: '{{ netbox__data + "/scripts" }}'
# ]]]
# .. envvar:: netbox__config_plugins [[[
#
# List of NetBox plugins.
netbox__config_plugins: []
# ]]]
# .. envvar:: netbox__config_plugins_config [[[
#
# NetBox plugins configuration settings.
# See :ref:`netbox__config_plugins_config` for more details.
netbox__config_plugins_config: {}
# ]]]
# .. envvar:: netbox__config_custom [[[
#
# Additional configuration not directly supported by this role can be specified
# with this string variable.
netbox__config_custom: ''
# ]]]
# ]]]
# Initial superuser account [[[
# -----------------------------
# .. envvar:: netbox__superuser_name [[[
#
# Name of the initial admin account created by the role.
netbox__superuser_name: '{{ ansible_local.core.admin_users[0] | d("admin") }}'
# ]]]
# .. envvar:: netbox__superuser_email [[[
#
# E-mail address of the initial admin account created by the role.
netbox__superuser_email: '{{ ansible_local.core.admin_private_email[0]
| d("root@" + netbox__domain) }}'
# ]]]
# .. envvar:: netbox__superuser_password [[[
#
# Password set for the initial admin account created by the role.
netbox__superuser_password: '{{ lookup("password", secret + "/netbox/" +
netbox__domain + "/superuser/" +
netbox__superuser_name + "/password") }}'
# ]]]
# ]]]
# Internal application settings [[[
# ---------------------------------
# .. envvar:: netbox__app_internal_appserver [[[
#
# Enable or disable support for internal ``gunicorn`` application server.
netbox__app_internal_appserver: '{{ ansible_local.gunicorn.installed
| d(ansible_service_mgr == "systemd") | bool }}'
# ]]]
# .. envvar:: netbox__app_name [[[
#
# Name of the NetBox application processes (workers) set by the master process.
netbox__app_name: '{{ netbox__user }}'
# ]]]
# .. envvar:: netbox__app_runtime_dir [[[
#
# Name of the subdirectory in the :file:`/run/` directory where the NetBox
# application will bind its UNIX socket. The default is selected so that
# configuration of the ``gunicorn`` service is idempotent.
netbox__app_runtime_dir: '{{ "gunicorn"
if (ansible_distribution_release in
["trusty", "xenial"])
else "gunicorn-netbox" }}'
# ]]]
# .. envvar:: netbox__app_bind [[[
#
# Specify either an UNIX or TCP socket on which the NetBox application should
# bind and listen for connections.
netbox__app_bind: 'unix:/run/{{ netbox__app_runtime_dir }}/netbox.sock'
# ]]]
# .. envvar:: netbox__app_workers [[[
#
# Number of worker threads to start for NetBox application.
netbox__app_workers: '{{ ansible_processor_vcpus | int + 1 }}'
# ]]]
# .. envvar:: netbox__app_timeout [[[
#
# Number of seconds after which non-responsive worker threads will be killed
# and restarted. NetBox installations with lots of objects might require longer
# timeouts for API access.
netbox__app_timeout: '900'
# ]]]
# .. envvar:: netbox__app_params [[[
#
# List of parameters passed to the ``gunicorn`` process manager.
netbox__app_params:
- '--name={{ netbox__app_name }}'
- '--bind={{ netbox__app_bind }}'
- '--workers={{ netbox__app_workers }}'
- '--timeout={{ netbox__app_timeout }}'
- 'netbox.wsgi'
# ]]]
# ]]]
# Configuration variables for other Ansible roles [[[
# ---------------------------------------------------
# .. envvar:: netbox__keyring__dependent_gpg_keys [[[
#
# Configuration for the :ref:`debops.keyring` Ansible role.
netbox__keyring__dependent_gpg_keys:
- user: '{{ netbox__user }}'
group: '{{ netbox__group }}'
home: '{{ netbox__home }}'
id: '{{ netbox__git_gpg_key_id }}'
# ]]]
# .. envvar:: netbox__python__dependent_packages3 [[[
#
# Configuration for the :ref:`debops.python` Ansible role.
netbox__python__dependent_packages3:
- 'python3-dev'
# ]]]
# .. envvar:: netbox__python__dependent_packages2 [[[
#
# Configuration for the :ref:`debops.python` Ansible role.
netbox__python__dependent_packages2:
- 'python-dev'
# ]]]
# .. envvar:: netbox__ldap__dependent_tasks [[[
#
# Configuration for the :ref:`debops.ldap` Ansible role.
netbox__ldap__dependent_tasks:
- name: 'Create NetBox account for {{ netbox__ldap_device_dn | join(",") }}'
dn: '{{ netbox__ldap_binddn }}'
objectClass: '{{ netbox__ldap_self_object_classes }}'
attributes: '{{ netbox__ldap_self_attributes }}'
no_log: '{{ debops__no_log | d(True) }}'
state: '{{ "present" if netbox__ldap_device_dn | d() else "ignore" }}'
- name: 'Create NetBox group container for {{ netbox__ldap_device_dn | join(",") }}'
dn: '{{ netbox__ldap_groups_dn }}'
objectClass: 'organizationalStructure'
attributes:
ou: '{{ netbox__ldap_groups_rdn.split("=")[1] }}'
description: 'User groups used in NetBox'
state: '{{ "present"
if (netbox__ldap_device_dn | d() and
netbox__ldap_private_groups | bool)
else "ignore" }}'
- name: 'Create NetBox user group for {{ netbox__ldap_device_dn | join(",") }}'
dn: '{{ netbox__ldap_user_group_dn }}'
objectClass: 'groupOfNames'
attributes:
cn: '{{ netbox__ldap_user_group_rdn.split("=")[1] }}'
owner: '{{ netbox__ldap_object_ownerdn }}'
member: '{{ netbox__ldap_object_ownerdn }}'
state: '{{ "present" if netbox__ldap_device_dn | d() else "ignore" }}'
- name: 'Create NetBox active user group for {{ netbox__ldap_device_dn | join(",") }}'
dn: '{{ netbox__ldap_user_active_group_dn }}'
objectClass: 'groupOfNames'
attributes:
cn: '{{ netbox__ldap_user_active_group_rdn.split("=")[1] }}'
owner: '{{ netbox__ldap_object_ownerdn }}'
member: '{{ netbox__ldap_object_ownerdn }}'
state: '{{ "present" if netbox__ldap_device_dn | d() else "ignore" }}'
- name: 'Create NetBox staff group for {{ netbox__ldap_device_dn | join(",") }}'
dn: '{{ netbox__ldap_user_staff_group_dn }}'
objectClass: 'groupOfNames'
attributes:
cn: '{{ netbox__ldap_user_staff_group_rdn.split("=")[1] }}'
owner: '{{ netbox__ldap_object_ownerdn }}'
member: '{{ netbox__ldap_object_ownerdn }}'
state: '{{ "present" if netbox__ldap_device_dn | d() else "ignore" }}'
- name: 'Create NetBox admin group for {{ netbox__ldap_device_dn | join(",") }}'
dn: '{{ netbox__ldap_user_admin_group_dn }}'
objectClass: 'groupOfNames'
attributes:
cn: '{{ netbox__ldap_user_admin_group_rdn.split("=")[1] }}'
owner: '{{ netbox__ldap_object_ownerdn }}'
member: '{{ netbox__ldap_object_ownerdn }}'
state: '{{ "present" if netbox__ldap_device_dn | d() else "ignore" }}'
# ]]]
# .. envvar:: netbox__gunicorn__dependent_applications [[[
#
# Configuration for the :ref:`debops.gunicorn` Ansible role.
netbox__gunicorn__dependent_applications:
- name: 'netbox'
mode: 'wsgi'
working_dir: '{{ netbox__git_checkout + "/netbox" }}'
python: '{{ netbox__virtualenv + "/bin/python" }}'
user: '{{ netbox__user }}'
group: '{{ netbox__group }}'
home: '{{ netbox__home }}'
system: True
timeout: '{{ netbox__app_timeout }}'
workers: '{{ netbox__app_workers }}'
args: '{{ netbox__app_params }}'
# ]]]
# .. envvar:: netbox__postgresql__dependent_roles [[[
#
# Role configuration for the :ref:`debops.postgresql` Ansible role.
netbox__postgresql__dependent_roles:
- name: '{{ netbox__database_user }}'
- name: '{{ netbox__database_name }}'
flags: [ 'NOLOGIN' ]
# ]]]
# .. envvar:: netbox__postgresql__dependent_groups [[[
#
# Group configuration for the :ref:`debops.postgresql` Ansible role.
netbox__postgresql__dependent_groups:
- roles: [ '{{ netbox__database_user }}' ]
groups: [ '{{ netbox__database_name }}' ]
database: '{{ netbox__database_name }}'
# ]]]
# .. envvar:: netbox__postgresql__dependent_databases [[[
#
# Database configuration for the :ref:`debops.postgresql` Ansible role.
netbox__postgresql__dependent_databases:
- name: '{{ netbox__database_name }}'
owner: '{{ netbox__database_name }}'
# ]]]
# .. envvar:: netbox__postgresql__dependent_pgpass [[[
#
# ``~/.pgpass`` configuration for the :ref:`debops.postgresql` Ansible role.
netbox__postgresql__dependent_pgpass:
- owner: '{{ netbox__user }}'
group: '{{ netbox__group }}'
home: '{{ netbox__home }}'
system: True
# ]]]
# .. envvar:: netbox__nginx__dependent_upstreams [[[
#
# Upstream configuration for the :ref:`debops.nginx` Ansible role.
netbox__nginx__dependent_upstreams:
- name: 'netbox'
server: '{{ netbox__app_bind }}'
# ]]]
# .. envvar:: netbox__nginx__dependent_servers [[[
#
# Server configuration for the :ref:`debops.nginx` Ansible role.
netbox__nginx__dependent_servers:
- name: '{{ netbox__fqdn }}'
by_role: 'debops.netbox'
filename: 'debops.netbox'
options: |
client_max_body_size 25m;
location:
'/static/': |
alias {{ netbox__git_checkout }}/netbox/static/;
'/': |
proxy_pass http://netbox;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout {{ netbox__app_timeout }};
proxy_send_timeout {{ netbox__app_timeout }};
proxy_read_timeout {{ netbox__app_timeout }};
add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
# ]]]
# ]]]
# ]]]
View git blame Copy permalink