diff --git a/roles/netbox/defaults/main.yml b/roles/netbox/defaults/main.yml index e2403ef..65ec354 100644 --- a/roles/netbox/defaults/main.yml +++ b/roles/netbox/defaults/main.yml @@ -2,4 +2,4 @@ netbox_group: netbox netbox_user: netbox -netbox_version: 2.11.11 +netbox_version: 3.0.0 diff --git a/roles/netbox/tasks/main.yml b/roles/netbox/tasks/main.yml index b41746e..eea69e6 100644 --- a/roles/netbox/tasks/main.yml +++ b/roles/netbox/tasks/main.yml @@ -46,8 +46,6 @@ - name: Install redis apt: name=redis-server -# TODO configure redis? - - name: Unpack netbox unarchive: src: 'https://github.com/netbox-community/netbox/archive/v{{ netbox_version }}.tar.gz' @@ -89,6 +87,12 @@ # * Create a super user # * Migrate media files +- name: Install netbox housekeeping cronjob + template: + src: netbox-housekeeping.sh.j2 + dest: /etc/cron.daily/netbox-housekeeping.sh + mode: 0755 + - name: Ensure certificates are available command: cmd: > diff --git a/roles/netbox/templates/configuration.py.j2 b/roles/netbox/templates/configuration.py.j2 index 1e2d764..3e92a39 100644 --- a/roles/netbox/templates/configuration.py.j2 +++ b/roles/netbox/templates/configuration.py.j2 @@ -34,6 +34,9 @@ REDIS = { 'PASSWORD': '', 'DATABASE': 0, 'SSL': False, + # Set this to True to skip TLS certificate verification + # This can expose the connection to attacks, be careful + # 'INSECURE_SKIP_TLS_VERIFY': False, }, 'caching': { 'HOST': 'localhost', @@ -44,6 +47,9 @@ REDIS = { 'PASSWORD': '', 'DATABASE': 1, 'SSL': False, + # Set this to True to skip TLS certificate verification + # This can expose the connection to attacks, be careful + # 'INSECURE_SKIP_TLS_VERIFY': False, } } @@ -83,9 +89,6 @@ BANNER_LOGIN = '' # BASE_PATH = 'netbox/' BASE_PATH = '' -# Cache timeout in seconds. Set to 0 to dissable caching. Defaults to 900 (15 minutes) -CACHE_TIMEOUT = 900 - # Maximum number of days to retain logged changes. Set to 0 to retain changes indefinitely. (Default: 90) CHANGELOG_RETENTION = 90 @@ -100,6 +103,20 @@ CORS_ORIGIN_REGEX_WHITELIST = [ # r'^(https?://)?(\w+\.)?example\.com$', ] +# Specify any custom validators here, as a mapping of model to a list of validators classes. Validators should be +# instances of or inherit from CustomValidator. +# from extras.validators import CustomValidator +CUSTOM_VALIDATORS = { + # 'dcim.site': [ + # CustomValidator({ + # 'name': { + # 'min_length': 10, + # 'regex': r'\d{3}$', + # } + # }) + # ], +} + # Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal # sensitive information about your installation. Only enable debugging while performing testing. Never enable debugging # on a production system. @@ -129,6 +146,9 @@ EXEMPT_VIEW_PERMISSIONS = [ # 'ipam.prefix', ] +# Enable the GraphQL API +GRAPHQL_ENABLED = True + # HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks). # HTTP_PROXIES = { # 'http': 'http://10.10.1.10:3128', @@ -143,8 +163,12 @@ INTERNAL_IPS = ('127.0.0.1', '::1') # https://docs.djangoproject.com/en/stable/topics/logging/ LOGGING = {} +# Automatically reset the lifetime of a valid session upon each authenticated request. Enables users to remain +# authenticated to NetBox indefinitely. +LOGIN_PERSISTENCE = False + # Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users -# are permitted to access most data in NetBox (excluding secrets) but not make any changes. +# are permitted to access most data in NetBox but not make any changes. LOGIN_REQUIRED = True # The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to @@ -154,6 +178,9 @@ LOGIN_TIMEOUT = None # Setting this to True will display a "maintenance mode" banner at the top of every page. MAINTENANCE_MODE = False +# The URL to use when mapping physical addresses or GPS coordinates +MAPS_URL = 'https://maps.google.com/?q=' + # An API consumer can request an arbitrary number of objects =by appending the "limit" parameter to the URL (e.g. # "?limit=1000"). This setting defines the maximum limit. Setting it to 0 or None will allow an API consumer to request # all objects by specifying "?limit=0". @@ -183,7 +210,7 @@ NAPALM_PASSWORD = '' # NAPALM timeout (in seconds). (Default: 30) NAPALM_TIMEOUT = 30 -# NAPALM optional arguments (see http://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must +# NAPALM optional arguments (see https://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must # be provided as a dictionary. NAPALM_ARGS = {} @@ -218,9 +245,6 @@ REMOTE_AUTH_AUTO_CREATE_USER = True REMOTE_AUTH_DEFAULT_GROUPS = [] REMOTE_AUTH_DEFAULT_PERMISSIONS = {} -# This determines how often the GitHub API is called to check the latest release of NetBox. Must be at least 1 hour. -RELEASE_CHECK_TIMEOUT = 24 * 3600 - # This repository is used to check whether there is a new release of NetBox available. Set to None to disable the # version check or use the URL below to check for release in the official NetBox repository. RELEASE_CHECK_URL = None @@ -237,6 +261,9 @@ RQ_DEFAULT_TIMEOUT = 300 # this setting is derived from the installed location. # SCRIPTS_ROOT = '/opt/netbox/netbox/scripts' +# The name to use for the session cookie. +SESSION_COOKIE_NAME = 'sessionid' + # By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use # local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only # database access.) Note that the user as which NetBox runs must have read and write permissions to this path. diff --git a/roles/netbox/templates/netbox-housekeeping.sh.j2 b/roles/netbox/templates/netbox-housekeeping.sh.j2 new file mode 100644 index 0000000..318e591 --- /dev/null +++ b/roles/netbox/templates/netbox-housekeeping.sh.j2 @@ -0,0 +1,9 @@ +#!/bin/sh +# This shell script invokes NetBox's housekeeping management command, which +# intended to be run nightly. This script can be copied into your system's +# daily cron directory (e.g. /etc/cron.daily), or referenced directly from +# within the cron configuration file. +# +# If NetBox has been installed into a nonstandard location, update the paths +# below. +/opt/netbox-{{ netbox_version }}/venv/bin/python /opt/netbox-{{ netbox_version }}/netbox/manage.py housekeeping diff --git a/roles/netbox/templates/vhost.j2 b/roles/netbox/templates/vhost.j2 index 35082b5..bad6aa5 100644 --- a/roles/netbox/templates/vhost.j2 +++ b/roles/netbox/templates/vhost.j2 @@ -30,9 +30,9 @@ server { location / { client_max_body_size 32M; + proxy_pass http://localhost:8001; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://localhost:8001; } }