__netbox: add minimal LDAP support
This commit is contained in:
parent
70047d10b1
commit
ab2c826cc3
4 changed files with 68 additions and 0 deletions
27
type/__netbox/files/ldap_config.py.sh
Executable file
27
type/__netbox/files/ldap_config.py.sh
Executable file
|
@ -0,0 +1,27 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
cat << EOF
|
||||||
|
##############################
|
||||||
|
# LDAP-backed authentication #
|
||||||
|
##############################
|
||||||
|
|
||||||
|
import ldap
|
||||||
|
from django_auth_ldap.config import LDAPSearch
|
||||||
|
|
||||||
|
# Server URI
|
||||||
|
AUTH_LDAP_SERVER_URI = "$LDAP_SERVER"
|
||||||
|
|
||||||
|
# Set the DN and password for the NetBox service account.
|
||||||
|
AUTH_LDAP_BIND_DN = "$LDAP_BIND_DN"
|
||||||
|
AUTH_LDAP_BIND_PASSWORD = "$LDAP_BIND_PASSWORD"
|
||||||
|
|
||||||
|
# If a user's DN is producible from their username, we don't need to search.
|
||||||
|
AUTH_LDAP_USER_DN_TEMPLATE = "$LDAP_USER_DN_TEMPLATE"
|
||||||
|
|
||||||
|
# You can map user attributes to Django attributes as so.
|
||||||
|
AUTH_LDAP_USER_ATTR_MAP = {
|
||||||
|
"first_name": "givenName",
|
||||||
|
"last_name": "sn",
|
||||||
|
"email": "mail"
|
||||||
|
}
|
||||||
|
EOF
|
|
@ -27,18 +27,26 @@ tar xf '$archive'
|
||||||
# Save cdist-upload configuration file.
|
# Save cdist-upload configuration file.
|
||||||
mkdir -p "\$tmpdir"
|
mkdir -p "\$tmpdir"
|
||||||
cp '$install_dir/cdist/configuration.py' "\$tmpdir/configuration.py"
|
cp '$install_dir/cdist/configuration.py' "\$tmpdir/configuration.py"
|
||||||
|
cp '$install_dir/cdist/ldap_config.py' "\$tmpdir/ldap_config.py"
|
||||||
|
|
||||||
# Deploy sources and restore configuration.
|
# Deploy sources and restore configuration.
|
||||||
rm -r '$install_dir'
|
rm -r '$install_dir'
|
||||||
cp -r '$src/netbox' '$install_dir'
|
cp -r '$src/netbox' '$install_dir'
|
||||||
cp \$tmpdir/configuration.py '$install_dir/netbox/configuration.py'
|
cp \$tmpdir/configuration.py '$install_dir/netbox/configuration.py'
|
||||||
|
cp \$tmpdir/ldap_config.py '$install_dir/netbox/ldap_config.py'
|
||||||
|
|
||||||
# Setup & enter python virtualenv.
|
# Setup & enter python virtualenv.
|
||||||
virtualenv /opt/netbox/venv
|
virtualenv /opt/netbox/venv
|
||||||
|
|
||||||
# Install python dependencies.
|
# Install python dependencies.
|
||||||
/opt/netbox/venv/bin/pip3 install -r "\$tmpdir/$src/requirements.txt"
|
/opt/netbox/venv/bin/pip3 install -r "\$tmpdir/$src/requirements.txt"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/ldap-server" ]; then
|
||||||
|
echo "/opt/netbox/venv/bin/pip3 install django-auth-ldap"
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat << EOF
|
||||||
# Set final permissions.
|
# Set final permissions.
|
||||||
chown -R netbox /opt/netbox
|
chown -R netbox /opt/netbox
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,11 @@ case "$os" in
|
||||||
__package $pkg
|
__package $pkg
|
||||||
done
|
done
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/ldap-server" ]; then
|
||||||
|
for pkg in libldap2-dev libsasl2-dev libssl-dev; do
|
||||||
|
__package $pkg
|
||||||
|
done
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
|
printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
|
||||||
|
@ -23,18 +28,42 @@ export DATABASE_PASSWORD=$(cat "$__object/parameter/database-password")
|
||||||
export ALLOWED_HOST=$(cat "$__object/parameter/host")
|
export ALLOWED_HOST=$(cat "$__object/parameter/host")
|
||||||
export SECRET_KEY=$(cat "$__object/parameter/secret-key")
|
export SECRET_KEY=$(cat "$__object/parameter/secret-key")
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/ldap-server" ]; then
|
||||||
|
export LDAP_SERVER=$(cat "$__object/parameter/ldap-server")
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/ldap-bind-dn" ]; then
|
||||||
|
export LDAP_BIND_DN=$(cat "$__object/parameter/ldap-bind-dn")
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/ldap-bind-password" ]; then
|
||||||
|
export LDAP_BIND_PASSWORD=$(cat "$__object/parameter/ldap-bind-password")
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/ldap-user-dn-template" ]; then
|
||||||
|
export LDAP_USER_DN_TEMPLATE=$(cat "$__object/parameter/ldap-user-dn-template")
|
||||||
|
fi
|
||||||
|
|
||||||
# Create system user used to run netbox.
|
# Create system user used to run netbox.
|
||||||
__user netbox --system --home /opt/netbox --create-home
|
__user netbox --system --home /opt/netbox --create-home
|
||||||
|
|
||||||
# Generate and upload netbox configuration.
|
# Generate and upload netbox configuration.
|
||||||
mkdir -p "$__object/files"
|
mkdir -p "$__object/files"
|
||||||
"$__type/files/configuration.py.sh" > "$__object/files/configuration.py"
|
"$__type/files/configuration.py.sh" > "$__object/files/configuration.py"
|
||||||
|
"$__type/files/ldap_config.py.sh" > "$__object/files/ldap_config.py"
|
||||||
|
|
||||||
require="__user/netbox" __directory /opt/netbox/netbox/cdist --parents
|
require="__user/netbox" __directory /opt/netbox/netbox/cdist --parents
|
||||||
require="__directory/opt/netbox/netbox/cdist " __file \
|
require="__directory/opt/netbox/netbox/cdist " __file \
|
||||||
/opt/netbox/netbox/cdist/configuration.py --mode 640 --owner netbox \
|
/opt/netbox/netbox/cdist/configuration.py --mode 640 --owner netbox \
|
||||||
--source "$__object/files/configuration.py"
|
--source "$__object/files/configuration.py"
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/ldap-server" ]; then
|
||||||
|
require="__directory/opt/netbox/netbox/cdist " __file \
|
||||||
|
/opt/netbox/netbox/cdist/ldap_config.py --mode 640 --owner netbox \
|
||||||
|
--source "$__object/files/ldap_config.py"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
# Upload systemd units and gunicorn configuration.
|
# Upload systemd units and gunicorn configuration.
|
||||||
for unit in netbox netbox-rq; do
|
for unit in netbox netbox-rq; do
|
||||||
__file /etc/systemd/system/$unit.service \
|
__file /etc/systemd/system/$unit.service \
|
||||||
|
|
4
type/__netbox/parameter/optional
Normal file
4
type/__netbox/parameter/optional
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
ldap-server
|
||||||
|
ldap-bind-dn
|
||||||
|
ldap-bind-password
|
||||||
|
ldap-user-dn-template
|
Loading…
Reference in a new issue