Netbox_Ansible/provisioning/playbook.yml

---
- name: Update web servers
  hosts: all
  become: yes
  vars:
    netbox_ver: 4.3.1
    timezone: Europe/Moscow
    db_name: netbox
    db_user: netbox
    db_user_password: "J5brHrAXFLQSif0K"
    postgres_admin_user: postgres
    postgres_admin_password: postgres
    superuser_username: admin
    superuser_email: admin@example.com
    superuser_password: "P@ssw0rd"
    gunicorn_systemd:
      - netbox
      - netbox-rq
    required_packages:
      - postgresql-14
      - postgresql-contrib
      - redis
      - python3-pip
      - libpq-dev
    netbox_packages:
      - python3.10
      - python3.10-venv
      - python3.10-dev
      - build-essential
      - libxml2-dev
      - libxslt1-dev
      - libffi-dev
      - libssl-dev
      - zlib1g-dev
      - git

  tasks:
    - name: Stop PostgreSQL 12 cluster if running
      command: pg_ctlcluster 12 main stop
      ignore_errors: yes
      tags: database
    - name: Disable auto-start of PostgreSQL 12 cluster
      systemd:
        name: postgresql@12-main
        enabled: no
        state: stopped
      ignore_errors: yes
      tags: database

    - name: Add key for Postgres repo
      apt_key:
        url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
        state: present
    - name: Add PostgreSQL APT repository (PGDG) with GPG key
      apt_repository:
        repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_lsb.codename }}-pgdg main"
        filename: pgdg
        state: present
      tags: packages

    - name: Add Python repo
      apt_repository:
        repo: ppa:deadsnakes/ppa
        state: present
      tags: packages
    - name: Update apt cache
      apt:
        update_cache: yes
      tags: packages
    - name: Install Postgresql14
      apt:
        name: "{{ item }}"
      loop: "{{ required_packages }}"
      tags: packages
    - name: Create and start PostgreSQL 14 cluster
      become: yes
      command: pg_createcluster 14 main --start
      args:
        creates: /var/lib/postgresql/14/main
      tags: database

    - name: Ensure PostgreSQL service is running
      service:
        name: postgresql@14-main
        state: started
        enabled: yes
      tags: database

    - name: Ensure Redis service is running
      service:
        name: redis
        state: started
        enabled: yes
      tags: redis
    - name: Install psycopg2 python package
      pip:
        name: psycopg2
      tags: post
    - name: Create a new database with name "Netbox"
      become_user: postgres
      community.postgresql.postgresql_db:
        name: "{{ db_name }}"
      tags: database
    - name: Ensure netbox user exists
      become_user: postgres
      community.postgresql.postgresql_user:
        name: "{{ db_user }}"
        password: "{{ db_user_password }}"
      tags: database
    - name: Change owner of the database to netbox user
      become_user: postgres
      community.postgresql.postgresql_db:
        name: "{{ db_name }}"
        owner: "{{ db_user }}"
      tags: database
    - name: Grant CREATE privilege on public schema to netbox
      become_user: postgres
      community.postgresql.postgresql_query:
        db: "{{ db_name }}"
        query: "GRANT CREATE ON SCHEMA public TO {{ db_user }};"
      tags: database
    - name: Install netbox-components
      apt:
        name: "{{ item }}"
      loop: "{{ netbox_packages }}"
      tags: packages

    - name: Download Netbox
      get_url:
        url: "https://github.com/netbox-community/netbox/archive/refs/tags/v{{ netbox_ver }}.tar.gz"
        dest: "/root/v{{ netbox_ver }}.tar.gz"
      tags: netbox
    - name: Extract Netbox
      unarchive:
        src: "/root/v{{ netbox_ver }}.tar.gz"
        dest: "/opt"
        remote_src: yes
      tags: netbox
    - name: Link Netbox files
      file:
        src: "/opt/netbox-{{ netbox_ver }}"
        dest: "/opt/netbox"
        state: link
      tags: netbox
    - name: Create group 'netbox'
      group:
        name: netbox
        system: yes
      tags: netbox
    - name: Create system user
      user:
        name: netbox
        system: yes
        group: netbox
        create_home: no
      tags: netbox
    - name: Change folders own
      file:
        path: "{{ item }}"
        owner: netbox
        recurse: yes
      loop:
        - "/opt/netbox/netbox/media/"
        - "/opt/netbox/netbox/reports/"
        - "/opt/netbox/netbox/scripts/"
      tags: netbox
    - name: Generate NetBox SECRET_KEY if not already set
      shell: "openssl rand -base64 50"
      register: secret_key_output
      changed_when: false
      when: secret_key | default('') == ''

    - name: Set generated SECRET_KEY fact
      set_fact:
        secret_key: "{{ secret_key_output.stdout }}"
      when: secret_key | default('') == ''
    - name: Generate NetBox configuration
      template:
        src: configuration.py.j2
        dest: /opt/netbox/netbox/netbox/configuration.py
        owner: netbox
        group: netbox
        mode: '0640'
      tags: netbox
    - name: Run NetBox upgrade script with Python 3.10
      environment:
        PYTHON: /usr/bin/python3.10
      command: /opt/netbox/upgrade.sh
      tags: netbox
    - name: Create NetBox superuser
      vars:
        netbox_dir: /opt/netbox/netbox
        venv_dir: /opt/netbox/venv
      environment:
        DJANGO_SUPERUSER_USERNAME: "{{ superuser_username }}"
        DJANGO_SUPERUSER_EMAIL: "{{ superuser_email }}"
        DJANGO_SUPERUSER_PASSWORD: "{{ superuser_password }}"
      command: "{{ venv_dir }}/bin/python3 manage.py createsuperuser --no-input"
      args:
        chdir: "{{ netbox_dir }}"
      register: create_superuser
      failed_when: false
      changed_when: "'Superuser created successfully' in create_superuser.stdout"
      tags: netbox

    - name: Debug superuser creation result
      debug:
        var: create_superuser.stderr
      tags: netbox
    - name: Link Netbox-Housekeeping
      file:
        src: "/opt/netbox/contrib/netbox-housekeeping.sh"
        dest: "/etc/cron.daily/netbox-housekeeping"
        state: link
      tags: netbox
    - name: Copy Gunicorn config
      copy:
        src: "/opt/netbox/contrib/gunicorn.py"
        dest: "/opt/netbox/gunicorn.py"
      tags: gunicorn
    - name: Copy Gunicorn-sysctl unit
      copy:
        src: "/opt/netbox/contrib/{{ item }}.service"
        dest: "/etc/systemd/system/{{ item }}.service"
      loop: "{{ gunicorn_systemd }}"
      tags: gunicorn
    - name: Reload systemd daemon to recognize new service
      systemd:
        daemon_reload: yes
      tags: gunicorn
    - name: Enable and start netbox-gunicorn service
      systemd:
        name: "{{ item }}"
        enabled: yes
        state: started
      loop: "{{ gunicorn_systemd }}"
      tags: gunicorn
    - name: Generate self-signed SSL certificate for NetBox
      command: >
        openssl req -x509 -nodes -days 365
        -newkey rsa:2048
        -keyout /etc/ssl/private/netbox.key
        -out /etc/ssl/certs/netbox.crt
        -subj "/C=RU/ST=Moscow/L=Moscow/O=YourOrg/OU=IT/CN=netbox.example.com"
      args:
        creates: /etc/ssl/private/netbox.key
      become: yes
      tags: ssl
    - name: Install Nginx
      apt:
        name: nginx
        state: present
      tags: nginx
    - name: Copy configuration nebox to Nginx
      copy:
        src: "/opt/netbox/contrib/nginx.conf"
        dest: "/etc/nginx/sites-available/netbox"
      tags: nginx
    - name: Enable netbox site in Nginx
      file:
        src: "/etc/nginx/sites-available/netbox"
        dest: "/etc/nginx/sites-enabled/netbox"
        state: link
      tags: nginx
    - name: Restart Nginx
      systemd:
        name: nginx
        state: reloaded
      tags: nginx