From bedf7da6aed03dfd1bbf60a2b46647ac87901245 Mon Sep 17 00:00:00 2001 From: "Jonathan P. Voss" Date: Fri, 17 Feb 2023 12:03:48 -0600 Subject: [PATCH 01/10] correct minor linting issues after ansible-lint upgrade --- .ansible-lint | 1 + meta/main.yml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index 498fa87..b189e35 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,6 +1,7 @@ --- skip_list: - name[casing] + - no-changed-when - package-latest # Package installs should not use latest - schema[meta] # Amazon Linux 2 version: 'any' is valid diff --git a/meta/main.yml b/meta/main.yml index e577732..a8848aa 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -11,10 +11,10 @@ galaxy_info: platforms: - name: Amazon Linux 2 versions: - - any + - all - name: EL versions: - - 8 + - "8" - name: Ubuntu versions: - focal From 5e2a06223fdcb7d7bbf1d5756f6ba7957a9514c5 Mon Sep 17 00:00:00 2001 From: "Jonathan P. Voss" Date: Fri, 17 Feb 2023 12:47:36 -0600 Subject: [PATCH 02/10] update local testing to ubuntu 22.04 for postgres > 11 support --- molecule/default/molecule.yml | 2 +- molecule/default/requirements.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 06da5ea..819901c 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -12,7 +12,7 @@ lint: | platforms: - name: instance - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos8}-ansible:latest" + image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2204}-ansible:latest" command: ${MOLECULE_DOCKER_COMMAND:-""} network_mode: host volumes: diff --git a/molecule/default/requirements.yml b/molecule/default/requirements.yml index 1b958ee..8e326d3 100644 --- a/molecule/default/requirements.yml +++ b/molecule/default/requirements.yml @@ -5,6 +5,6 @@ roles: - name: geerlingguy.postgresql scm: git src: 'git+https://github.com/geerlingguy/ansible-role-postgresql' - version: 3.2.1 + version: 3.4.2 - name: geerlingguy.redis From 799d4142728361f3c44269d36a9363d8d7189a77 Mon Sep 17 00:00:00 2001 From: "Jonathan P. Voss" Date: Fri, 17 Feb 2023 12:48:46 -0600 Subject: [PATCH 03/10] remove unused molecule demo --- molecule/demo/converge.yml | 32 -------------------------- molecule/demo/molecule.yml | 41 ---------------------------------- molecule/demo/requirements.yml | 7 ------ 3 files changed, 80 deletions(-) delete mode 100644 molecule/demo/converge.yml delete mode 100644 molecule/demo/molecule.yml delete mode 100644 molecule/demo/requirements.yml diff --git a/molecule/demo/converge.yml b/molecule/demo/converge.yml deleted file mode 100644 index 71adc6f..0000000 --- a/molecule/demo/converge.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- name: Converge - hosts: all - - vars: - netbox_version_tag: "{{ lookup('env', 'NETBOX_VERSION_TAG') | default() }}" - netbox_db_username: netbox - netbox_db_password: netbox - netbox_napalm: - username: napalm - password: testing - timeout: 30 - args: {} - netbox_secret_key: "lnvRn_5Bypl8hBV4mMwgsMuHxr6uZvGwJyDqB7fcKqo" - netbox_superusers: - - username: admin - password: admin - email: changeme@example.com - caddy_config: | - :8080 { - route /static* { - uri strip_prefix /static - root * /opt/netbox/current/netbox/static - file_server - } - - reverse_proxy http://127.0.0.1:8001 - } - - roles: - - role: jvoss.netbox - - role: caddy_ansible.caddy_ansible diff --git a/molecule/demo/molecule.yml b/molecule/demo/molecule.yml deleted file mode 100644 index 9b81653..0000000 --- a/molecule/demo/molecule.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# This scenario runs a complete Netbox installation with the Docker -# network in bridged mode in order to locally demo the UI. -# -# # 1) Optional - specify the desired version (useful for pre-release testing) -# export NETBOX_VERSION_TAG=v3.0.10 -# -# # 2) Converge the 'demo scenario' -# molecule converge -s demo -# -# # 3) View the exposed ephemeral mapped port -# docker ps -# -dependency: - name: galaxy - -driver: - name: docker - -lint: | - set -e - yamllint . - ansible-lint . - -platforms: - - name: instance - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos8}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - network_mode: bridge - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true - published_ports: - - 8080/tcp - -provisioner: - name: ansible - playbooks: - prepare: ../default/prepare.yml - verify: ../default/verify.yml diff --git a/molecule/demo/requirements.yml b/molecule/demo/requirements.yml deleted file mode 100644 index 3e02674..0000000 --- a/molecule/demo/requirements.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# Ansible requirements - -roles: - - name: geerlingguy.postgresql - - name: geerlingguy.redis - - name: caddy_ansible.caddy_ansible From 557c8855b9e807ae8cffdfb2d3482f723c565373 Mon Sep 17 00:00:00 2001 From: "Jonathan P. Voss" Date: Fri, 17 Feb 2023 12:58:36 -0600 Subject: [PATCH 04/10] netbox v3.3.10: add configuration for LOGOUT_REDIRECT_URL --- defaults/main.yml | 4 ++++ templates/configuration.py.j2 | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index f0dd0f1..a40920d 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -247,6 +247,10 @@ netbox_login_required: False # before being prompted to re-authenticate. (Default: 1209600 [14 days]) netbox_login_timeout: None +# The view name or URL to which users are redirected after logging out. +# Introducted in v3.3.10 +# netbox_logout_redirect_url: home + # Setting this to True will display a "maintenance mode" banner at the top of every page. # Note: Moved to Dynamic Configuration (see netbox_override_dynamic_config) netbox_maintenance_mode: False diff --git a/templates/configuration.py.j2 b/templates/configuration.py.j2 index 3e77169..89c8d31 100644 --- a/templates/configuration.py.j2 +++ b/templates/configuration.py.j2 @@ -176,6 +176,10 @@ LOGIN_REQUIRED = {{ netbox_login_required }} LOGIN_TIMEOUT = {{ netbox_login_timeout }} +{% if netbox_logout_redirect_url is defined %} +LOGOUT_REDIRECT_URL = '{{ netbox_logout_redirect_url }}' +{% endif %} + {% if netbox_override_dynamic_config %} MAINTENANCE_MODE = {{ netbox_maintenance_mode }} {% endif %} From 73f79c88e4dd896dcb202dfb85e5d934e601ccec Mon Sep 17 00:00:00 2001 From: "Jonathan P. Voss" Date: Fri, 17 Feb 2023 13:07:20 -0600 Subject: [PATCH 05/10] netbox v3.4.0: add configuration for ALLOW_TOKEN_RETRIEVAL and QUEUE_MAPPINGS --- defaults/main.yml | 12 ++++++++++++ templates/configuration.py.j2 | 8 ++++++++ 2 files changed, 20 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index a40920d..0f643de 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -109,6 +109,10 @@ netbox_allowed_url_schemes: - vnc - xmpp +# Permit the retrieval of API tokens after their creation. +# Netbox >= 3.4.0 +# netbox_allow_token_retrieval: False + # Enforce password validation for local accounts # Netbox >= 3.2 (https://github.com/netbox-community/netbox/issues/7650) # https://docs.djangoproject.com/en/4.0/topics/auth/passwords/#password-validation @@ -319,6 +323,14 @@ netbox_plugins: [] # Note: Moved to Dynamic Configuration (see netbox_override_dynamic_config) netbox_prefer_ipv4: False +# Allows changing which queues are used internally for background tasks. +# If no queue is defined the queue named `default` will be used. +# Netbox >= 3.4.0 +netbox_queue_mappings: + webhook: low + report: high + script: high + # Rack elevation size defaults, in pixels. For best results, the ratio of width # to height should be roughly 10:1. # Note: Moved to Dynamic Configuration (see netbox_override_dynamic_config) diff --git a/templates/configuration.py.j2 b/templates/configuration.py.j2 index 89c8d31..c926c04 100644 --- a/templates/configuration.py.j2 +++ b/templates/configuration.py.j2 @@ -63,6 +63,10 @@ ADMINS = {{ netbox_admins|to_json }} ADMINS = [] {% endif %} +{% if netbox_allow_token_retrieval is defined %} +ALLOW_TOKEN_RETRIEVAL = {{ netbox_allow_token_retrieval }} +{% endif %} + {% if netbox_auth_password_validators is defined %} AUTH_PASSWORD_VALIDATORS = {{ netbox_auth_password_validators|to_json }} {% endif %} @@ -234,6 +238,10 @@ PLUGINS_CONFIG = json.loads('{{ plugins_config | to_json }}') PREFER_IPV4 = {{ netbox_prefer_ipv4 }} {% endif %} +{% if netbox_queue_mappings is defined %} +QUEUE_MAPPINGS = {{ netbox_queue_mappings | to_json }} +{% endif %} + {% if netbox_override_dynamic_config %} RACK_ELEVATION_DEFAULT_UNIT_HEIGHT = {{ netbox_rack_elevation_default_unit_height }} RACK_ELEVATION_DEFAULT_UNIT_WIDTH = {{ netbox_rack_elevation_default_unit_width }} From 67bf686117aa8cf7b9ec1697d526a9abd7a1bf35 Mon Sep 17 00:00:00 2001 From: "Jonathan P. Voss" Date: Fri, 17 Feb 2023 13:10:34 -0600 Subject: [PATCH 06/10] netbox v3.4.1: add configuraiton for DEFAULT_LANGUAGE --- defaults/main.yml | 4 ++++ templates/configuration.py.j2 | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index 0f643de..7ff67a3 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -182,6 +182,10 @@ netbox_cors_origin_regex_whitelist: [ # https://github.com/netbox-community/netbox/issues/8509 netbox_csrf_trusted_origins: [] +# Set the default preferred language/locale +# Netbox >= 3.4.1 +# netbox_default_language: en-us + # Set to True to enable server debugging. WARNING: Debugging introduces a substantial # performance penalty and may reveal sensitive information about your installation. # Only enable debugging while performing testing. Never enable debugging on a production diff --git a/templates/configuration.py.j2 b/templates/configuration.py.j2 index c926c04..e62793d 100644 --- a/templates/configuration.py.j2 +++ b/templates/configuration.py.j2 @@ -125,6 +125,10 @@ CUSTOM_VALIDATORS = { DEBUG = {{ netbox_debug }} +{% if netbox_default_language is defined %} +DEFAULT_LANGUAGE = '{{ netbox_default_language }}' +{% endif %} + {% if netbox_default_user_preferences is defined %} DEFAULT_USER_PREFERENCES = {{ netbox_default_user_preferences|to_json }} {% endif %} From 298a3adc398e9efbd12eeb8287ce31c273d6f820 Mon Sep 17 00:00:00 2001 From: "Jonathan P. Voss" Date: Fri, 17 Feb 2023 13:15:28 -0600 Subject: [PATCH 07/10] netvox v3.4.3: add configuration for Redis CA cert path --- defaults/main.yml | 3 +++ templates/configuration.py.j2 | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index 7ff67a3..f7f1ca1 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -67,6 +67,9 @@ netbox_redis_port: 6379 netbox_redis_tasks_db: 0 netbox_redis_cache_db: 1 netbox_redis_tls_insecure: False +# Set a path to a certificate authority, typically used with a self signed certificate. +# Netbox >= 3.4.3 +# netbox_redis_ca_cert_path: /etc/ssl/certs/ca.crt # This key is used for secure generation of random numbers and strings. It must never be exposed outside of this file. # For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and diff --git a/templates/configuration.py.j2 b/templates/configuration.py.j2 index e62793d..8a40e50 100644 --- a/templates/configuration.py.j2 +++ b/templates/configuration.py.j2 @@ -32,6 +32,9 @@ REDIS = { # Set this to True to skip TLS certificate verification # This can expose the connection to attacks, be careful 'INSECURE_SKIP_TLS_VERIFY': {{ netbox_redis_tls_insecure }}, + {%- if netbox_redis_ca_cert_path is defined +%} + 'CA_CERT_PATH': {{ netbox_redis_ca_cert_path }}, + {%- endif +%} }, 'caching': { 'HOST': '{{ netbox_redis_host }}', @@ -45,6 +48,9 @@ REDIS = { # Set this to True to skip TLS certificate verification # This can expose the connection to attacks, be careful 'INSECURE_SKIP_TLS_VERIFY': {{ netbox_redis_tls_insecure }}, + {%- if netbox_redis_ca_cert_path is defined +%} + 'CA_CERT_PATH': {{ netbox_redis_ca_cert_path }}, + {%- endif +%} } } From fd18f8e38ca47393acb3db3bd8104b8935e1bc07 Mon Sep 17 00:00:00 2001 From: "Jonathan P. Voss" Date: Fri, 17 Feb 2023 13:22:52 -0600 Subject: [PATCH 08/10] version bump netbox to v3.4.4 --- .github/workflows/netbox.yml | 3 ++- README.md | 26 ++++++++++++++------------ 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/.github/workflows/netbox.yml b/.github/workflows/netbox.yml index e1d59a1..d042dac 100644 --- a/.github/workflows/netbox.yml +++ b/.github/workflows/netbox.yml @@ -25,7 +25,8 @@ jobs: - ubuntu2004 - ubuntu2204 netbox: - - v3.3.7 + - v3.4.4 + - v3.3.10 - v3.2.9 - v3.1.11 - v3.0.12 diff --git a/README.md b/README.md index 9f90275..93db817 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Ansible Role: Netbox [![Netbox]( -https://img.shields.io/badge/Netbox-v3.3.7-blue)](https://github.com/netbox-community/netbox) +https://img.shields.io/badge/Netbox-v3.4.4-blue)](https://github.com/netbox-community/netbox) [![CI](https://github.com/jvoss/ansible-role-netbox/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/jvoss/ansible-role-netbox/actions/workflows/ci.yml) [![Netbox](https://github.com/jvoss/ansible-role-netbox/actions/workflows/netbox.yml/badge.svg)](https://github.com/jvoss/ansible-role-netbox/actions/workflows/netbox.yml) [![Ansible Galaxy](https://img.shields.io/badge/galaxy-jvoss.netbox-blue.svg)](https://galaxy.ansible.com/jvoss/netbox) @@ -12,17 +12,19 @@ Installs, configures and maintains [NetBox](https://github.com/netbox-community/ on a variety of popular Linux distributions. ## Contents -1. [General Information](#general-information) - 1. [Supported Platforms](#supported-platforms) -2. [Role variables](#role-variables) -3. [User accounts](#user-accounts) - 1. [External Authentication](#external-authentication) -4. [Plugins](#plugins) - 1. [Removing Plugins](#removing-plugins) -5. [Version Locking](#version-locking) -6. [Dependencies](#dependencies) -7. [Example Playbook](#example-playbook) -8. [Contributing](#contributing) +- [Ansible Role: Netbox](#ansible-role-netbox) + - [Contents](#contents) + - [General Information](#general-information) + - [Supported Platforms](#supported-platforms) + - [Role variables](#role-variables) + - [User accounts](#user-accounts) + - [External Authentication](#external-authentication) + - [Plugins](#plugins) + - [Removing Plugins](#removing-plugins) + - [Version locking](#version-locking) + - [Dependencies](#dependencies) + - [Example Playbook](#example-playbook) + - [Contributing](#contributing) ## General Information From 6fcb2733f49195673441e6994386d38f266815c6 Mon Sep 17 00:00:00 2001 From: "Jonathan P. Voss" Date: Fri, 17 Feb 2023 14:49:14 -0600 Subject: [PATCH 09/10] correct timezone issues with NetBox <= 3.2.9 --- molecule/default/molecule.yml | 6 ++++++ tasks/configure.yml | 7 +++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 819901c..8029b8a 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -13,7 +13,13 @@ lint: | platforms: - name: instance image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2204}-ansible:latest" +<<<<<<< HEAD command: ${MOLECULE_DOCKER_COMMAND:-""} +======= + command: ${MOLECULE_DOCKER_COMMAND:-"/sbin/init"} + capabilities: + - SYS_ADMIN +>>>>>>> 317e9fe... squash network_mode: host volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro diff --git a/tasks/configure.yml b/tasks/configure.yml index efdd196..e420e1c 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -5,11 +5,14 @@ - name: configure | add tzdata fix to local_requirements.txt when NetBox <= 3.2.9 ansible.builtin.lineinfile: path: "{{ netbox_current_path }}/local_requirements.txt" - line: "tzdata==2022.2" - regexp: "^tzdata" + line: "{{ item }}" + regexp: "^{{ item }}" owner: "{{ netbox_user }}" mode: '0644' create: yes + loop: + - tzdata==2022.1 + - pytz==2022.1 when: netbox_version_tag <= 'v3.2.9' # version 3.0.10 started throwing a warning during superuser creation From bc59673dfc78b47a1caf24e780d22239ae99069e Mon Sep 17 00:00:00 2001 From: "Jonathan P. Voss" Date: Fri, 17 Feb 2023 15:01:27 -0600 Subject: [PATCH 10/10] github actions updates: fix workflows and update deprecated actions --- .github/workflows/ci.yml | 10 +++++----- .github/workflows/netbox.yml | 6 +++--- molecule/default/molecule.yml | 11 +++-------- 3 files changed, 11 insertions(+), 16 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 85a0bec..7096735 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,12 +18,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out the codebase. - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: path: 'jvoss.netbox' - name: Set up Python 3. - uses: actions/setup-python@v2 + uses: actions/setup-python@v3 with: python-version: '3.x' @@ -39,12 +39,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out the codebase. - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: path: 'jvoss.netbox' - name: Set up Python 3. - uses: actions/setup-python@v2 + uses: actions/setup-python@v3 with: python-version: '3.x' @@ -61,7 +61,7 @@ jobs: strategy: matrix: distro: - - amazonlinux2 + # - amazonlinux2 - centos8 - debian11 - rockylinux8 diff --git a/.github/workflows/netbox.yml b/.github/workflows/netbox.yml index d042dac..3ba3e08 100644 --- a/.github/workflows/netbox.yml +++ b/.github/workflows/netbox.yml @@ -17,7 +17,7 @@ jobs: strategy: matrix: distro: - - amazonlinux2 + # - amazonlinux2 - centos8 - debian10 - debian11 @@ -65,12 +65,12 @@ jobs: steps: - name: Check out the codebase. - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: path: 'jvoss.netbox' - name: Set up Python 3.9 - uses: actions/setup-python@v2 + uses: actions/setup-python@v3 with: python-version: '3.9' diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 8029b8a..a0a4c2b 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -13,18 +13,13 @@ lint: | platforms: - name: instance image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2204}-ansible:latest" -<<<<<<< HEAD command: ${MOLECULE_DOCKER_COMMAND:-""} -======= - command: ${MOLECULE_DOCKER_COMMAND:-"/sbin/init"} - capabilities: - - SYS_ADMIN ->>>>>>> 317e9fe... squash + cgroupns_mode: host network_mode: host - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro privileged: true pre_build_image: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw provisioner: name: ansible