Merge branch 'add_netbox_installation_process' into 'main'

Add netbox installation process

See merge request digit-c4/netbox-operations!43

playbooks/application_netbox.yml

+- name: Service deployment
+  hosts: "service_netbox"
+  gather_facts: true
+  become: true
+
+  roles:
+    - docker_login
+    - {role: netbox, when: traefik is not defined or traefik}
+    - {role: netbox_no_traefik, when: traefik is defined and not traefik}

playbooks/roles/netbox/defaults/main.yml

+---
+# defaults file for ipam_netbox

playbooks/roles/netbox/handlers/main.yml

+---
+# handlers file for ipam_netbox

playbooks/roles/netbox/tasks/docker.yml

+---
+- name: Docker login
+  ansible.builtin.include_role:
+    name: docker_login
+
+- name: Pull image
+  community.docker.docker_compose_v2_pull:
+    project_src: /opt/SNet/container/netbox-docker
+  register: _pull
+  retries: 5
+  delay: 30
+  until: _pull is succeeded
+
+- name: Netbox | Clone repo
+  environment:
+    http_proxy: "{{ http_proxy }}"
+    https_proxy: "{{ http_proxy }}"
+  ansible.builtin.git:
+    repo: https://github.com/netbox-community/netbox-docker.git
+    dest: /opt/SNet/container/netbox-docker
+    force: true
+  # Ignore the ansible-lint warning as the command cannot be idempotent
+  tags:
+    - skip_ansible_lint
+
+- name: Docker-compose | deploy files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: root
+    group: root
+    mode: '0644'
+  loop:
+    - { src: 'opt_SNet_container_netbox_docker_docker_compose_override_yml.j2', dest: '/opt/SNet/container/netbox-docker/docker-compose.override.yml' }
+    - { src: 'opt_SNet_container_netbox_docker_docker_compose_yml.j2', dest: '/opt/SNet/container/netbox-docker/docker-compose.yml' }
+
+- name: Tear down existing services
+  community.docker.docker_compose_v2:
+    project_src: /opt/SNet/container/netbox-docker
+    state: absent
+
+- name: Start container
+  community.docker.docker_compose_v2:
+    project_src: /opt/SNet/container/netbox-docker
+    state: present
+    build: never
+
+- name: Wait for application to be available
+  ansible.builtin.uri:
+    url: "https://{{ ansible_fqdn }}"
+    return_content: true
+  register: response
+  until: response.status == 200
+  retries: 180
+  delay: 10

playbooks/roles/netbox/tasks/main.yml

+---
+- name: Install docker
+  ansible.builtin.include_tasks:
+    file: docker.yml

playbooks/roles/netbox/templates/opt_SNet_container_netbox_docker_docker_compose_override_yml.j2

+{{ ansible_managed | comment }}
+
+services:
+  netbox:
+    volumes:
+      - /etc/ssl/certs:/etc/ssl/certs:ro
+      - /etc/ldap:/etc/ldap:ro
+      - /usr/local/share/ca-certificates/snetroot/:/usr/local/share/ca-certificates/snetroot/
+      - ./configuration/configuration.py:/etc/netbox/config/configuration.py:z,ro
+      - ./configuration/extra.py:/etc/netbox/config/extra.py:z,ro
+      - ./configuration/ldap:/etc/netbox/config/ldap:z,ro
+      - ./configuration/logging.py:/etc/netbox/config/logging.py:z,ro
+      - netbox-media-files:/opt/netbox/netbox/media:z,rw
+      - netbox-reports-files:/opt/netbox/netbox/reports:z,rw
+      - netbox-scripts-files:/opt/netbox/netbox/scripts:z,rw
+    ports:
+      - '8080'
+    labels:
+      - "traefik.http.routers.netbox-http.rule=Host(`{{ansible_fqdn}}`)"
+      - "traefik.http.routers.netbox-http.entrypoints=web-secure"
+      - "traefik.http.routers.netbox-http.tls=true"
+    networks:
+      - traefik_traefiknet
+    image: "code.europa.eu:4567/digit-c4/netbox-plugins:{{ TAG|default("latest", true) }}"
+    environment:
+      LDAP_IGNORE_CERT_ERRORS: "True"
+      POSTGRES_PASSWORD: "{{ POSTGRES_PASSWORD }}"
+      SUPERUSER_NAME: "{{ SUPERUSER_NAME }}"
+      SUPERUSER_EMAIL: toto@example.com
+      SUPERUSER_PASSWORD: "{{ SUPERUSER_PASSWORD }}"
+      SKIP_SUPERUSER: "false"
+      LOGLEVEL: "DEBUG"
+      TIME_ZONE: "Europe/Paris"
+      REMOTE_AUTH_ENABLED: "{{ REMOTE_AUTH_ENABLED|default("false", true) }}"
+      REMOTE_AUTH_AUTO_CREATE_USER: "false"
+      BANNER_LOGIN: "{{ BANNER_LOGIN|default("", true) }}"
+      METRICS_ENABLED: "{{ METRICS_ENABLED|default("true", true) }}"
+    restart: unless-stopped
+  netbox-worker:
+    image: "code.europa.eu:4567/digit-c4/netbox-plugins:{{ TAG|default("latest", true) }}"
+    restart: unless-stopped
+    depends_on:
+      - netbox
+    networks:
+      - traefik_traefiknet
+  netbox-housekeeping:
+    image: "code.europa.eu:4567/digit-c4/netbox-plugins:{{ TAG|default("latest", true) }}"
+    restart: unless-stopped
+    depends_on:
+      - netbox
+    networks:
+      - traefik_traefiknet
+  postgres:
+    ports:
+      - 5432:5432
+    restart: unless-stopped
+    networks:
+      - traefik_traefiknet
+  redis:
+    restart: unless-stopped
+    networks:
+      - traefik_traefiknet
+  redis-cache:
+    restart: unless-stopped
+    networks:
+      - traefik_traefiknet
+
+networks:
+  traefik_traefiknet:
+    external: true

playbooks/roles/netbox/templates/opt_SNet_container_netbox_docker_docker_compose_yml.j2

+services:
+  netbox: &netbox
+    image: docker.io/netboxcommunity/netbox:${VERSION-v3.5-2.6.1}
+    depends_on:
+    - postgres
+    - redis
+    - redis-cache
+    env_file: env/netbox.env
+    user: 'unit:root'
+    healthcheck:
+      start_period: 60s
+      timeout: 3s
+      interval: 15s
+      test: "curl -f http://localhost:8080 || exit 1"
+    volumes:
+    - ./configuration/configuration.py:/etc/netbox/config/configuration.py:z,ro
+    - ./configuration/extra.py:/etc/netbox/config/extra.py:z,ro
+    - ./configuration/ldap:/etc/netbox/config/ldap:z,ro
+    - ./configuration/logging.py:/etc/netbox/config/logging.py:z,ro
+    - netbox-media-files:/opt/netbox/netbox/media:z,rw
+    - netbox-reports-files:/opt/netbox/netbox/reports:z,rw
+    - netbox-scripts-files:/opt/netbox/netbox/scripts:z,rw
+  netbox-worker:
+    <<: *netbox
+    depends_on:
+      netbox:
+        condition: service_healthy
+    command:
+    - /opt/netbox/venv/bin/python
+    - /opt/netbox/netbox/manage.py
+    - rqworker
+    healthcheck:
+      start_period: 20s
+      timeout: 3s
+      interval: 15s
+      test: "ps -aux | grep -v grep | grep -q rqworker || exit 1"
+  netbox-housekeeping:
+    <<: *netbox
+    depends_on:
+      netbox:
+        condition: service_healthy
+    command:
+    - /opt/netbox/housekeeping.sh
+    healthcheck:
+      start_period: 20s
+      timeout: 3s
+      interval: 15s
+      test: "ps -aux | grep -v grep | grep -q housekeeping || exit 1"
+
+  # postgres
+  postgres:
+    image: docker.io/postgres:15-alpine
+    env_file: env/postgres.env
+    volumes:
+    - netbox-postgres-data:/var/lib/postgresql/data
+    - netbox-postgres-dump:/dumps
+
+  # redis
+  redis:
+    image: docker.io/redis:7-alpine
+    command:
+    - sh
+    - -c # this is to evaluate the $REDIS_PASSWORD from the env
+    - redis-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
+    env_file: env/redis.env
+    volumes:
+    - netbox-redis-data:/data
+  redis-cache:
+    image: docker.io/redis:7-alpine
+    command:
+    - sh
+    - -c # this is to evaluate the $REDIS_PASSWORD from the env
+    - redis-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
+    env_file: env/redis-cache.env
+    volumes:
+    - netbox-redis-cache-data:/data
+
+volumes:
+  netbox-media-files:
+    driver: local
+  netbox-postgres-data:
+    driver: local
+  netbox-postgres-dump:
+    driver: local
+  netbox-redis-cache-data:
+    driver: local
+  netbox-redis-data:
+    driver: local
+  netbox-reports-files:
+    driver: local
+  netbox-scripts-files:
+    driver: local
+

playbooks/roles/netbox/vars/main.yml

+---
+# vars file for ipam_netbox

playbooks/roles/netbox_no_traefik/defaults/main.yml

+---
+# defaults file for ipam_netbox

playbooks/roles/netbox_no_traefik/handlers/main.yml

+---
+# handlers file for ipam_netbox

playbooks/roles/netbox_no_traefik/tasks/docker.yml

+---
+- name: Docker login
+  ansible.builtin.include_role:
+    name: docker_login
+
+- name: Pull image
+  community.docker.docker_compose_v2_pull:
+    project_src: /opt/SNet/container/netbox-docker
+  register: _pull
+  retries: 5
+  delay: 30
+  until: _pull is succeeded
+
+- name: Netbox | Clone repo
+  environment:
+    https_proxy: "{{ https_proxy }}"
+  ansible.builtin.git:
+    repo: https://github.com/netbox-community/netbox-docker.git
+    dest: /opt/SNet/container/netbox-docker
+    force: true
+  # Ignore the ansible-lint warning as the command cannot be idempotent
+  tags:
+    - skip_ansible_lint
+
+- name: Docker-compose | deploy files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: root
+    group: root
+    mode: '0644'
+  loop:
+    - { src: 'opt_SNet_container_netbox_docker_docker_compose_override_yml.j2', dest: '/opt/SNet/container/netbox-docker/docker-compose.override.yml' }
+    - { src: 'opt_SNet_container_netbox_docker_docker_compose_yml.j2', dest: '/opt/SNet/container/netbox-docker/docker-compose.yml' }
+
+- name: Tear down existing services
+  community.docker.docker_compose_v2:
+    project_src: /opt/SNet/container/netbox-docker
+    state: absent
+
+- name: Start container
+  community.docker.docker_compose_v2:
+    project_src: /opt/SNet/container/netbox-docker
+    state: present
+    build: never
+
+- name: Wait for application to be available
+  ansible.builtin.uri:
+    url: "http://{{ ansible_fqdn }}:8080"
+    return_content: true
+  register: response
+  until: response.status == 200
+  retries: 180
+  delay: 10

playbooks/roles/netbox_no_traefik/tasks/main.yml

+---
+- name: Install docker
+  ansible.builtin.include_tasks:
+    file: docker.yml

playbooks/roles/netbox_no_traefik/templates/opt_SNet_container_netbox_docker_docker_compose_override_yml.j2

+{{ ansible_managed | comment }}
+
+services:
+  netbox:
+    volumes:
+      - /etc/ssl/certs:/etc/ssl/certs:ro
+      - /etc/ldap:/etc/ldap:ro
+      - /usr/local/share/ca-certificates/snetroot/:/usr/local/share/ca-certificates/snetroot/
+      - ./configuration/configuration.py:/etc/netbox/config/configuration.py:z,ro
+      - ./configuration/extra.py:/etc/netbox/config/extra.py:z,ro
+      - ./configuration/ldap:/etc/netbox/config/ldap:z,ro
+      - ./configuration/logging.py:/etc/netbox/config/logging.py:z,ro
+      - netbox-media-files:/opt/netbox/netbox/media:z,rw
+      - netbox-reports-files:/opt/netbox/netbox/reports:z,rw
+      - netbox-scripts-files:/opt/netbox/netbox/scripts:z,rw
+    ports:
+      - '8080:8080'
+    image: "code.europa.eu:4567/digit-c4/netbox-plugins:{{ TAG|default("latest", true) }}"
+    environment:
+      LDAP_IGNORE_CERT_ERRORS: "True"
+      POSTGRES_PASSWORD: "{{ POSTGRES_PASSWORD }}"
+      SUPERUSER_NAME: "{{ SUPERUSER_NAME }}"
+      SUPERUSER_EMAIL: toto@example.com
+      SUPERUSER_PASSWORD: "{{ SUPERUSER_PASSWORD }}"
+      SKIP_SUPERUSER: "false"
+      LOGLEVEL: "DEBUG"
+      TIME_ZONE: "Europe/Paris"
+      REMOTE_AUTH_ENABLED: "{{ REMOTE_AUTH_ENABLED|default("false", true) }}"
+      REMOTE_AUTH_AUTO_CREATE_USER: "false"
+      BANNER_LOGIN: "{{ BANNER_LOGIN|default("", true) }}"
+      METRICS_ENABLED: "{{ METRICS_ENABLED|default("true", true) }}"
+    restart: unless-stopped
+  netbox-worker:
+    image: "code.europa.eu:4567/digit-c4/netbox-plugins:{{ TAG|default("latest", true) }}"
+    restart: unless-stopped
+    depends_on:
+      - netbox
+  netbox-housekeeping:
+    image: "code.europa.eu:4567/digit-c4/netbox-plugins:{{ TAG|default("latest", true) }}"
+    restart: unless-stopped
+    depends_on:
+      - netbox
+  postgres:
+    ports:
+      - 5432:5432
+    restart: unless-stopped
+  redis:
+    restart: unless-stopped
+  redis-cache:
+    restart: unless-stopped

playbooks/roles/netbox_no_traefik/templates/opt_SNet_container_netbox_docker_docker_compose_yml.j2

+services:
+  netbox: &netbox
+    image: docker.io/netboxcommunity/netbox:${VERSION-v3.5-2.6.1}
+    depends_on:
+    - postgres
+    - redis
+    - redis-cache
+    env_file: env/netbox.env
+    user: 'unit:root'
+    healthcheck:
+      start_period: 60s
+      timeout: 3s
+      interval: 15s
+      test: "curl -f http://localhost:8080 || exit 1"
+    volumes:
+    - ./configuration/configuration.py:/etc/netbox/config/configuration.py:z,ro
+    - ./configuration/extra.py:/etc/netbox/config/extra.py:z,ro
+    - ./configuration/ldap:/etc/netbox/config/ldap:z,ro
+    - ./configuration/logging.py:/etc/netbox/config/logging.py:z,ro
+    - netbox-media-files:/opt/netbox/netbox/media:z,rw
+    - netbox-reports-files:/opt/netbox/netbox/reports:z,rw
+    - netbox-scripts-files:/opt/netbox/netbox/scripts:z,rw
+  netbox-worker:
+    <<: *netbox
+    depends_on:
+      netbox:
+        condition: service_healthy
+    command:
+    - /opt/netbox/venv/bin/python
+    - /opt/netbox/netbox/manage.py
+    - rqworker
+    healthcheck:
+      start_period: 20s
+      timeout: 3s
+      interval: 15s
+      test: "ps -aux | grep -v grep | grep -q rqworker || exit 1"
+  netbox-housekeeping:
+    <<: *netbox
+    depends_on:
+      netbox:
+        condition: service_healthy
+    command:
+    - /opt/netbox/housekeeping.sh
+    healthcheck:
+      start_period: 20s
+      timeout: 3s
+      interval: 15s
+      test: "ps -aux | grep -v grep | grep -q housekeeping || exit 1"
+
+  # postgres
+  postgres:
+    image: docker.io/postgres:15-alpine
+    env_file: env/postgres.env
+    volumes:
+    - netbox-postgres-data:/var/lib/postgresql/data
+    - netbox-postgres-dump:/dumps
+
+  # redis
+  redis:
+    image: docker.io/redis:7-alpine
+    command:
+    - sh
+    - -c # this is to evaluate the $REDIS_PASSWORD from the env
+    - redis-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
+    env_file: env/redis.env
+    volumes:
+    - netbox-redis-data:/data
+  redis-cache:
+    image: docker.io/redis:7-alpine
+    command:
+    - sh
+    - -c # this is to evaluate the $REDIS_PASSWORD from the env
+    - redis-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
+    env_file: env/redis-cache.env
+    volumes:
+    - netbox-redis-cache-data:/data
+
+volumes:
+  netbox-media-files:
+    driver: local
+  netbox-postgres-data:
+    driver: local
+  netbox-postgres-dump:
+    driver: local
+  netbox-redis-cache-data:
+    driver: local
+  netbox-redis-data:
+    driver: local
+  netbox-reports-files:
+    driver: local
+  netbox-scripts-files:
+    driver: local
+

playbooks/roles/netbox_no_traefik/vars/main.yml

+---
+# vars file for ipam_netbox