From d4a9ccf43d9f0b68fb57933b9bb20bac6cf6a219 Mon Sep 17 00:00:00 2001
From: Markus Hauschild <markus@moepman.eu>
Date: Wed, 16 Dec 2020 19:32:58 +0100
Subject: [PATCH] netbox: bump to 2.10.1 and add systemd service

---
 roles/netbox/defaults/main.yml              |  2 +-
 roles/netbox/handlers/main.yml              | 10 +++++++
 roles/netbox/tasks/main.yml                 | 32 +++++++++++++++------
 roles/netbox/templates/configuration.py.j2  |  9 +++---
 roles/netbox/templates/gunicorn.py.j2       | 16 +++++++++++
 roles/netbox/templates/netbox-rq.service.j2 | 21 ++++++++++++++
 roles/netbox/templates/netbox.service.j2    | 22 ++++++++++++++
 7 files changed, 99 insertions(+), 13 deletions(-)
 create mode 100644 roles/netbox/handlers/main.yml
 create mode 100644 roles/netbox/templates/gunicorn.py.j2
 create mode 100644 roles/netbox/templates/netbox-rq.service.j2
 create mode 100644 roles/netbox/templates/netbox.service.j2

diff --git a/roles/netbox/defaults/main.yml b/roles/netbox/defaults/main.yml
index d5c3805..742035c 100644
--- a/roles/netbox/defaults/main.yml
+++ b/roles/netbox/defaults/main.yml
@@ -2,4 +2,4 @@
 
 netbox_group: netbox
 netbox_user: netbox
-netbox_version: 2.8.7
+netbox_version: 2.10.1
diff --git a/roles/netbox/handlers/main.yml b/roles/netbox/handlers/main.yml
new file mode 100644
index 0000000..86a10c6
--- /dev/null
+++ b/roles/netbox/handlers/main.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Reload systemd
+  systemd: daemon_reload=yes
+
+- name: Restart netbox
+  service: name=netbox state=restarted
+
+- name: Restart netbox-rq
+  service: name=netbox-rq state=restarted
diff --git a/roles/netbox/tasks/main.yml b/roles/netbox/tasks/main.yml
index f9a9b48..47cff63 100644
--- a/roles/netbox/tasks/main.yml
+++ b/roles/netbox/tasks/main.yml
@@ -62,6 +62,13 @@
     owner: '{{ netbox_user }}'
     group: '{{ netbox_group }}'
 
+- name: Configure gunicorn
+  template:
+    src: gunicorn.py.j2
+    dest: '/opt/netbox-{{ netbox_version }}/gunicorn.py'
+    owner: '{{ netbox_user }}'
+    group: '{{ netbox_group }}'
+
 - name: Install venv
   pip:
     requirements: '/opt/netbox-{{ netbox_version }}/requirements.txt'
@@ -73,17 +80,12 @@
     path: '/opt/netbox-{{ netbox_version }}'
     owner: '{{ netbox_user }}'
     group: '{{ netbox_group }}'
-    mode: preserve
-    state: directory
-    recursive: yes
-    create: no
+    recurse: yes
 
 # TODO - still manual work
 # * Run Database Migrations
 # * Create a Super User
 # * Collect Static Files
-# * Gunicorn Configuration
-# * systemd Configuration
 
 - name: Ensure certificates are available
   command:
@@ -111,6 +113,20 @@
     src: /etc/nginx/sites-available/netbox
     dest: /etc/nginx/sites-enabled/netbox
     state: link
-    owner: root
-    mode: preserve
   notify: Restart nginx
+
+- name: Install systemd units
+  template: src={{ item }}.service.j2 dest=/lib/systemd/system/{{ item }}.service
+  with_items:
+  - netbox
+  - netbox-rq
+  notify:
+  - Reload systemd
+  - Restart netbox
+  - Restart netbox-rq
+
+- name: Enable services
+  service: name={{ item }} state=started enabled=yes
+  with_items:
+  - netbox
+  - netbox-rq
diff --git a/roles/netbox/templates/configuration.py.j2 b/roles/netbox/templates/configuration.py.j2
index 62136ff..1e2d764 100644
--- a/roles/netbox/templates/configuration.py.j2
+++ b/roles/netbox/templates/configuration.py.j2
@@ -33,7 +33,6 @@ REDIS = {
         # 'SENTINEL_SERVICE': 'netbox',
         'PASSWORD': '',
         'DATABASE': 0,
-        'DEFAULT_TIMEOUT': 300,
         'SSL': False,
     },
     'caching': {
@@ -44,7 +43,6 @@ REDIS = {
         # 'SENTINEL_SERVICE': 'netbox',
         'PASSWORD': '',
         'DATABASE': 1,
-        'DEFAULT_TIMEOUT': 300,
         'SSL': False,
     }
 }
@@ -214,11 +212,11 @@ RACK_ELEVATION_DEFAULT_UNIT_WIDTH = 220
 
 # Remote authentication support
 REMOTE_AUTH_ENABLED = False
-REMOTE_AUTH_BACKEND = 'utilities.auth_backends.RemoteUserBackend'
+REMOTE_AUTH_BACKEND = 'netbox.authentication.RemoteUserBackend'
 REMOTE_AUTH_HEADER = 'HTTP_REMOTE_USER'
 REMOTE_AUTH_AUTO_CREATE_USER = True
 REMOTE_AUTH_DEFAULT_GROUPS = []
-REMOTE_AUTH_DEFAULT_PERMISSIONS = []
+REMOTE_AUTH_DEFAULT_PERMISSIONS = {}
 
 # This determines how often the GitHub API is called to check the latest release of NetBox. Must be at least 1 hour.
 RELEASE_CHECK_TIMEOUT = 24 * 3600
@@ -232,6 +230,9 @@ RELEASE_CHECK_URL = None
 # this setting is derived from the installed location.
 # REPORTS_ROOT = '/opt/netbox/netbox/reports'
 
+# Maximum execution time for background tasks, in seconds.
+RQ_DEFAULT_TIMEOUT = 300
+
 # The file path where custom scripts will be stored. A trailing slash is not needed. Note that the default value of
 # this setting is derived from the installed location.
 # SCRIPTS_ROOT = '/opt/netbox/netbox/scripts'
diff --git a/roles/netbox/templates/gunicorn.py.j2 b/roles/netbox/templates/gunicorn.py.j2
new file mode 100644
index 0000000..363dbc2
--- /dev/null
+++ b/roles/netbox/templates/gunicorn.py.j2
@@ -0,0 +1,16 @@
+# The IP address (typically localhost) and port that the Netbox WSGI process should listen on
+bind = '127.0.0.1:8001'
+
+# Number of gunicorn workers to spawn. This should typically be 2n+1, where
+# n is the number of CPU cores present.
+workers = 5
+
+# Number of threads per worker process
+threads = 3
+
+# Timeout (in seconds) for a request to complete
+timeout = 120
+
+# The maximum number of requests a worker can handle before being respawned
+max_requests = 5000
+max_requests_jitter = 500
diff --git a/roles/netbox/templates/netbox-rq.service.j2 b/roles/netbox/templates/netbox-rq.service.j2
new file mode 100644
index 0000000..c4856b6
--- /dev/null
+++ b/roles/netbox/templates/netbox-rq.service.j2
@@ -0,0 +1,21 @@
+[Unit]
+Description=NetBox Request Queue Worker
+Documentation=https://netbox.readthedocs.io/en/stable/
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+
+User=netbox
+Group=netbox
+WorkingDirectory=/opt/netbox-2.10.1
+
+ExecStart=/opt/netbox-2.10.1/venv/bin/python3 /opt/netbox-2.10.1/netbox/manage.py rqworker
+
+Restart=on-failure
+RestartSec=30
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/netbox/templates/netbox.service.j2 b/roles/netbox/templates/netbox.service.j2
new file mode 100644
index 0000000..5fae0f9
--- /dev/null
+++ b/roles/netbox/templates/netbox.service.j2
@@ -0,0 +1,22 @@
+[Unit]
+Description=NetBox WSGI Service
+Documentation=https://netbox.readthedocs.io/en/stable/
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+
+User=netbox
+Group=netbox
+PIDFile=/var/tmp/netbox.pid
+WorkingDirectory=/opt/netbox-{{ netbox_version }}
+
+ExecStart=/opt/netbox-{{ netbox_version }}/venv/bin/gunicorn --pid /var/tmp/netbox.pid --pythonpath /opt/netbox-{{ netbox_version }}/netbox --config /opt/netbox-{{ netbox_version }}/gunicorn.py netbox.wsgi
+
+Restart=on-failure
+RestartSec=30
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target