netbox: bump to 2.10.1 and add systemd service

2020-12-16 19:32:58 +01:00 · 2020-12-16 19:32:58 +01:00 · d4a9ccf43d
commit d4a9ccf43d
parent 0484e91693
7 changed files with 99 additions and 13 deletions
--- a/roles/netbox/defaults/main.yml
+++ b/roles/netbox/defaults/main.yml
@ -2,4 +2,4 @@

 netbox_group: netbox
 netbox_user: netbox
-netbox_version: 2.8.7
+netbox_version: 2.10.1
--- a/roles/netbox/handlers/main.yml
+++ b/roles/netbox/handlers/main.yml
@ -0,0 +1,10 @@
+---
+
+- name: Reload systemd
+  systemd: daemon_reload=yes
+
+- name: Restart netbox
+  service: name=netbox state=restarted
+
+- name: Restart netbox-rq
+  service: name=netbox-rq state=restarted
--- a/roles/netbox/tasks/main.yml
+++ b/roles/netbox/tasks/main.yml
@ -62,6 +62,13 @@
    owner: '{{ netbox_user }}'
    group: '{{ netbox_group }}'

+- name: Configure gunicorn
+  template:
+    src: gunicorn.py.j2
+    dest: '/opt/netbox-{{ netbox_version }}/gunicorn.py'
+    owner: '{{ netbox_user }}'
+    group: '{{ netbox_group }}'
+
 - name: Install venv
  pip:
    requirements: '/opt/netbox-{{ netbox_version }}/requirements.txt'
@ -73,17 +80,12 @@
    path: '/opt/netbox-{{ netbox_version }}'
    owner: '{{ netbox_user }}'
    group: '{{ netbox_group }}'
-    mode: preserve
-    state: directory
-    recursive: yes
-    create: no
+    recurse: yes

 # TODO - still manual work
 # * Run Database Migrations
 # * Create a Super User
 # * Collect Static Files
-# * Gunicorn Configuration
-# * systemd Configuration

 - name: Ensure certificates are available
  command:
@ -111,6 +113,20 @@
    src: /etc/nginx/sites-available/netbox
    dest: /etc/nginx/sites-enabled/netbox
    state: link
-    owner: root
-    mode: preserve
  notify: Restart nginx
+
+- name: Install systemd units
+  template: src={{ item }}.service.j2 dest=/lib/systemd/system/{{ item }}.service
+  with_items:
+  - netbox
+  - netbox-rq
+  notify:
+  - Reload systemd
+  - Restart netbox
+  - Restart netbox-rq
+
+- name: Enable services
+  service: name={{ item }} state=started enabled=yes
+  with_items:
+  - netbox
+  - netbox-rq
--- a/roles/netbox/templates/configuration.py.j2
+++ b/roles/netbox/templates/configuration.py.j2
@ -33,7 +33,6 @@ REDIS = {
        # 'SENTINEL_SERVICE': 'netbox',
        'PASSWORD': '',
        'DATABASE': 0,
-        'DEFAULT_TIMEOUT': 300,
        'SSL': False,
    },
    'caching': {
@ -44,7 +43,6 @@ REDIS = {
        # 'SENTINEL_SERVICE': 'netbox',
        'PASSWORD': '',
        'DATABASE': 1,
-        'DEFAULT_TIMEOUT': 300,
        'SSL': False,
    }
 }
@ -214,11 +212,11 @@ RACK_ELEVATION_DEFAULT_UNIT_WIDTH = 220

 # Remote authentication support
 REMOTE_AUTH_ENABLED = False
-REMOTE_AUTH_BACKEND = 'utilities.auth_backends.RemoteUserBackend'
+REMOTE_AUTH_BACKEND = 'netbox.authentication.RemoteUserBackend'
 REMOTE_AUTH_HEADER = 'HTTP_REMOTE_USER'
 REMOTE_AUTH_AUTO_CREATE_USER = True
 REMOTE_AUTH_DEFAULT_GROUPS = []
-REMOTE_AUTH_DEFAULT_PERMISSIONS = []
+REMOTE_AUTH_DEFAULT_PERMISSIONS = {}

 # This determines how often the GitHub API is called to check the latest release of NetBox. Must be at least 1 hour.
 RELEASE_CHECK_TIMEOUT = 24 * 3600
@ -232,6 +230,9 @@ RELEASE_CHECK_URL = None
 # this setting is derived from the installed location.
 # REPORTS_ROOT = '/opt/netbox/netbox/reports'

+# Maximum execution time for background tasks, in seconds.
+RQ_DEFAULT_TIMEOUT = 300
+
 # The file path where custom scripts will be stored. A trailing slash is not needed. Note that the default value of
 # this setting is derived from the installed location.
 # SCRIPTS_ROOT = '/opt/netbox/netbox/scripts'
--- a/roles/netbox/templates/gunicorn.py.j2
+++ b/roles/netbox/templates/gunicorn.py.j2
@ -0,0 +1,16 @@
+# The IP address (typically localhost) and port that the Netbox WSGI process should listen on
+bind = '127.0.0.1:8001'
+
+# Number of gunicorn workers to spawn. This should typically be 2n+1, where
+# n is the number of CPU cores present.
+workers = 5
+
+# Number of threads per worker process
+threads = 3
+
+# Timeout (in seconds) for a request to complete
+timeout = 120
+
+# The maximum number of requests a worker can handle before being respawned
+max_requests = 5000
+max_requests_jitter = 500
--- a/roles/netbox/templates/netbox-rq.service.j2
+++ b/roles/netbox/templates/netbox-rq.service.j2
@ -0,0 +1,21 @@
+[Unit]
+Description=NetBox Request Queue Worker
+Documentation=https://netbox.readthedocs.io/en/stable/
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+
+User=netbox
+Group=netbox
+WorkingDirectory=/opt/netbox-2.10.1
+
+ExecStart=/opt/netbox-2.10.1/venv/bin/python3 /opt/netbox-2.10.1/netbox/manage.py rqworker
+
+Restart=on-failure
+RestartSec=30
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/netbox/templates/netbox.service.j2
+++ b/roles/netbox/templates/netbox.service.j2
@ -0,0 +1,22 @@
+[Unit]
+Description=NetBox WSGI Service
+Documentation=https://netbox.readthedocs.io/en/stable/
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+
+User=netbox
+Group=netbox
+PIDFile=/var/tmp/netbox.pid
+WorkingDirectory=/opt/netbox-{{ netbox_version }}
+
+ExecStart=/opt/netbox-{{ netbox_version }}/venv/bin/gunicorn --pid /var/tmp/netbox.pid --pythonpath /opt/netbox-{{ netbox_version }}/netbox --config /opt/netbox-{{ netbox_version }}/gunicorn.py netbox.wsgi
+
+Restart=on-failure
+RestartSec=30
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target