forked from CCCHH/ansible-infra
June
09a8551c8a
Add option to netbox role for ensuring custom pipeline code for OIDC
group and role mapping is either present or not.
The custom pipeline code is licensed under the Creative Commons: CC
BY-SA 4.0 license.
See:
https://github.com/goauthentik/authentik/blob/main/LICENSE
https://github.com/goauthentik/authentik/blob/main/website/integrations/services/netbox/index.md
https://docs.goauthentik.io/integrations/services/netbox/
5676b1a468
124 lines
3.3 KiB
YAML
124 lines
3.3 KiB
YAML
- name: Ensure all dependencies are installed
|
|
ansible.builtin.apt:
|
|
name:
|
|
- python3
|
|
- python3-pip
|
|
- python3-venv
|
|
- python3-dev
|
|
- build-essential
|
|
- libxml2-dev
|
|
- libxslt1-dev
|
|
- libffi-dev
|
|
- libpq-dev
|
|
- libssl-dev
|
|
- zlib1g-dev
|
|
- git
|
|
become: true
|
|
|
|
- name: Ensure NetBox source is present
|
|
ansible.builtin.git:
|
|
repo: https://github.com/netbox-community/netbox.git
|
|
dest: /opt/netbox/
|
|
version: "{{ netbox__version }}"
|
|
become: true
|
|
notify:
|
|
- Run upgrade script
|
|
- Ensure netbox systemd services are set up and up-to-date
|
|
|
|
- name: Ensures custom pipeline code for OIDC group and role mapping is present
|
|
ansible.builtin.copy:
|
|
src: custom_pipeline_oidc_group_and_role_mapping.py
|
|
dest: /opt/netbox/netbox/netbox/custom_pipeline_oidc_mapping.py
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
when: netbox__custom_pipeline_oidc_group_and_role_mapping
|
|
become: true
|
|
notify:
|
|
- Ensure netbox systemd services are set up and up-to-date
|
|
|
|
- name: Ensures custom pipeline code for OIDC group and role mapping is not present
|
|
ansible.builtin.file:
|
|
path: /opt/netbox/netbox/netbox/custom_pipeline_oidc_mapping.py
|
|
state: absent
|
|
when: not netbox__custom_pipeline_oidc_group_and_role_mapping
|
|
become: true
|
|
notify:
|
|
- Ensure netbox systemd services are set up and up-to-date
|
|
|
|
- name: Ensure netbox user
|
|
block:
|
|
- name: Ensure netbox group exists
|
|
ansible.builtin.group:
|
|
name: netbox
|
|
system: true
|
|
become: true
|
|
|
|
- name: Ensure netbox user exists
|
|
ansible.builtin.user:
|
|
name: netbox
|
|
group: netbox
|
|
password: '!'
|
|
system: true
|
|
become: true
|
|
|
|
- name: Ensure relevant directories are owned by netbox user
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: netbox
|
|
recurse: true
|
|
become: true
|
|
loop:
|
|
- "/opt/netbox/netbox/media/"
|
|
- "/opt/netbox/netbox/reports/"
|
|
- "/opt/netbox/netbox/scripts/"
|
|
|
|
- name: Deploy configuration.py
|
|
ansible.builtin.copy:
|
|
content: "{{ netbox__config }}"
|
|
dest: "/opt/netbox/netbox/netbox/configuration.py"
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
become: true
|
|
notify: Ensure netbox systemd services are set up and up-to-date
|
|
|
|
- name: Ensure provided gunicorn config is copied
|
|
ansible.builtin.copy:
|
|
remote_src: true
|
|
src: "/opt/netbox/contrib/gunicorn.py"
|
|
dest: "/opt/netbox/gunicorn.py"
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
become: true
|
|
notify: Ensure netbox systemd services are set up and up-to-date
|
|
|
|
- name: Ensure provided netbox systemd service files are copied
|
|
ansible.builtin.copy:
|
|
remote_src: true
|
|
src: "/opt/netbox/contrib/{{ item }}"
|
|
dest: "/etc/systemd/system/{{ item }}"
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
become: true
|
|
loop:
|
|
- "netbox.service"
|
|
- "netbox-rq.service"
|
|
notify: Ensure netbox systemd services are set up and up-to-date
|
|
|
|
- name: Ensure provided housekeeping systemd service and timer are copied
|
|
ansible.builtin.copy:
|
|
remote_src: true
|
|
src: "/opt/netbox/contrib/{{ item }}"
|
|
dest: "/etc/systemd/system/{{ item }}"
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
become: true
|
|
loop:
|
|
- "netbox-housekeeping.service"
|
|
- "netbox-housekeeping.timer"
|
|
notify: Ensure netbox housekeeping timer is set up and up-to-date
|