227 lines
7.1 KiB
Bash
Executable File
227 lines
7.1 KiB
Bash
Executable File
#!/bin/sh -e
|
|
|
|
os=$(cat "$__global/explorer/os")
|
|
|
|
case "$os" in
|
|
debian|ubuntu)
|
|
# Install netbox dependencies.
|
|
for pkg in python3-pip python3-venv python3-dev build-essential libxml2-dev \
|
|
libxslt1-dev libffi-dev libpq-dev libssl-dev zlib1g-dev curl sudo; do
|
|
__package $pkg
|
|
done
|
|
|
|
if [ -f "$__object/parameter/ldap-server" ]; then
|
|
for pkg in libldap2-dev libsasl2-dev libssl-dev; do
|
|
__package $pkg
|
|
done
|
|
fi
|
|
;;
|
|
*)
|
|
printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
|
|
printf "Please contribute an implementation for it if you can.\n" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
|
|
DATABASE_NAME=$(cat "$__object/parameter/database")
|
|
export DATABASE_NAME
|
|
DATABASE_USER="$(cat "$__object/parameter/database-user")"
|
|
export DATABASE_USER
|
|
DATABASE_PASSWORD=$(cat "$__object/parameter/database-password")
|
|
export DATABASE_PASSWORD
|
|
DATABASE_HOST="$(cat "$__object/parameter/database-host")"
|
|
export DATABASE_HOST
|
|
DATABASE_PORT="$(cat "$__object/parameter/database-port")"
|
|
export DATABASE_PORT
|
|
|
|
# list of hosts
|
|
ALLOWED_HOSTS=""
|
|
while read -r hostname; do
|
|
# shellcheck disable=SC2089
|
|
ALLOWED_HOSTS="$ALLOWED_HOSTS '$hostname',"
|
|
done < "$__object/parameter/host"
|
|
# shellcheck disable=SC2090
|
|
export ALLOWED_HOSTS
|
|
|
|
if [ -f "$__object/parameter/secret-key" ]; then
|
|
SECRET_KEY=$(cat "$__object/parameter/secret-key")
|
|
elif [ -s "$__object/explorer/secretkey" ]; then
|
|
# take the key that is already used
|
|
SECRET_KEY="$(cat "$__object/explorer/secretkey")"
|
|
else
|
|
# Can be done over netbox/generate_secret_key.py too, but it can't be
|
|
# generated right now where it's required (only if it's preloaded for
|
|
# this type to execute it now).
|
|
# Generates a 50-character long key with the same character set like
|
|
# the helper script. Must escape the '-' to be no character range.
|
|
SECRET_KEY="$(tr -cd '!@#$%^&*(\-_=+)[:alnum:]' < /dev/urandom | head -c50)"
|
|
fi
|
|
export SECRET_KEY
|
|
|
|
if [ -f "$__object/parameter/ldap-server" ]; then
|
|
LDAP_SERVER=$(cat "$__object/parameter/ldap-server")
|
|
USE_LDAP=yes
|
|
export LDAP_SERVER
|
|
fi
|
|
if [ -f "$__object/parameter/ldap-bind-dn" ]; then
|
|
LDAP_BIND_DN=$(cat "$__object/parameter/ldap-bind-dn")
|
|
USE_LDAP=yes
|
|
export LDAP_BIND_DN
|
|
fi
|
|
if [ -f "$__object/parameter/ldap-bind-password" ]; then
|
|
LDAP_BIND_PASSWORD=$(cat "$__object/parameter/ldap-bind-password")
|
|
USE_LDAP=yes
|
|
export LDAP_BIND_PASSWORD
|
|
fi
|
|
if [ -f "$__object/parameter/ldap-user-base" ]; then
|
|
LDAP_USER_BASE=$(cat "$__object/parameter/ldap-user-base")
|
|
USE_LDAP=yes
|
|
export LDAP_USER_BASE
|
|
fi
|
|
if [ -f "$__object/parameter/ldap-group-base" ]; then
|
|
LDAP_GROUP_BASE=$(cat "$__object/parameter/ldap-group-base")
|
|
export LDAP_GROUP_BASE
|
|
fi
|
|
if [ -f "$__object/parameter/ldap-require-group" ]; then
|
|
LDAP_REQUIRE_GROUP=$(cat "$__object/parameter/ldap-require-group")
|
|
export LDAP_REQUIRE_GROUP
|
|
fi
|
|
if [ -f "$__object/parameter/ldap-superuser-group" ]; then
|
|
LDAP_SUPERUSER_GROUP=$(cat "$__object/parameter/ldap-superuser-group")
|
|
export LDAP_SUPERUSER_GROUP
|
|
fi
|
|
if [ -f "$__object/parameter/ldap-staff-group" ]; then
|
|
LDAP_STAFF_GROUP="$(cat "$__object/parameter/ldap-staff-group")"
|
|
export LDAP_STAFF_GROUP
|
|
fi
|
|
# export if base ldap parameters are used
|
|
export USE_LDAP
|
|
|
|
# have default values
|
|
REDIS_HOST="$(cat "$__object/parameter/redis-host")"
|
|
export REDIS_HOST
|
|
REDIS_PORT="$(cat "$__object/parameter/redis-port")"
|
|
export REDIS_PORT
|
|
REDIS_PASSWORD="$(cat "$__object/parameter/redis-password")"
|
|
export REDIS_PASSWORD
|
|
REDIS_DBID_OFFSET="$(cat "$__object/parameter/redis-dbid-offset")"
|
|
export REDIS_DBID_OFFSET
|
|
if [ -f "$__object/parameter/redis-ssl" ]; then
|
|
REDIS_SSL="True"
|
|
else
|
|
REDIS_SSL="False"
|
|
fi
|
|
export REDIS_SSL
|
|
|
|
SMTP_HOST="$(cat "$__object/parameter/smtp-host")"
|
|
export SMTP_HOST
|
|
SMTP_PORT="$(cat "$__object/parameter/smtp-port")"
|
|
export SMTP_PORT
|
|
SMTP_USER="$(cat "$__object/parameter/smtp-user")"
|
|
export SMTP_USER
|
|
SMTP_PASSWORD="$(cat "$__object/parameter/smtp-password")"
|
|
export SMTP_PASSWORD
|
|
SMTP_FROM_EMAIL="$(cat "$__object/parameter/smtp-from-email")"
|
|
export SMTP_FROM_EMAIL
|
|
|
|
if [ -f "$__object/parameter/smtp-use-ssl" ]; then
|
|
SMTP_USE_SSL="True"
|
|
else
|
|
SMTP_USE_SSL="False"
|
|
fi
|
|
export SMTP_USE_SSL
|
|
if [ -f "$__object/parameter/smtp-use-tls" ]; then
|
|
if [ "$SMTP_USE_SSL" = "True" ]; then
|
|
echo "options --smtp-use-ssl and --smtp-use-tls are not compatible" >&2
|
|
exit 2
|
|
fi
|
|
SMTP_USE_TLS="True"
|
|
else
|
|
SMTP_USE_TLS="False"
|
|
fi
|
|
export SMTP_USE_TLS
|
|
|
|
BASEPATH="$(cat "$__object/parameter/basepath")"
|
|
export BASEPATH
|
|
|
|
if [ -f "$__object/parameter/http-proxy" ]; then
|
|
HTTP_PROXY=$(cat "$__object/parameter/http-proxy")
|
|
export HTTP_PROXY
|
|
fi
|
|
if [ -f "$__object/parameter/https-proxy" ]; then
|
|
HTTPS_PROXY=$(cat "$__object/parameter/https-proxy")
|
|
export HTTPS_PROXY
|
|
fi
|
|
|
|
if [ -f "$__object/parameter/login-required" ]; then
|
|
LOGIN_REQUIRED="True"
|
|
else
|
|
LOGIN_REQUIRED="False"
|
|
fi
|
|
export LOGIN_REQUIRED
|
|
|
|
data_root="$(cat "$__object/parameter/data-root")"
|
|
MEDIA_ROOT="$data_root/media"
|
|
REPORTS_ROOT="$data_root/reports"
|
|
SCRIPTS_ROOT="$data_root/scripts"
|
|
|
|
if [ -f "$__object/parameter/media-root" ]; then
|
|
MEDIA_ROOT="$(cat "$__object/parameter/media-root")"
|
|
fi
|
|
export MEDIA_ROOT
|
|
if [ -f "$__object/parameter/reports-root" ]; then
|
|
REPORTS_ROOT="$(cat "$__object/parameter/reports-root")"
|
|
fi
|
|
export REPORTS_ROOT
|
|
if [ -f "$__object/parameter/scripts-root" ]; then
|
|
SCRIPTS_ROOT="$(cat "$__object/parameter/scripts-root")"
|
|
fi
|
|
export SCRIPTS_ROOT
|
|
|
|
if [ -f "$__object/parameter/update-notify" ]; then
|
|
UPDATE_CHECK="yes"
|
|
export UPDATE_CHECK
|
|
fi
|
|
|
|
|
|
# Create system user used to run netbox.
|
|
__user netbox --system --home /opt/netbox --create-home
|
|
# Generate python environment (user will be set by gencode-remote)
|
|
require="__user/netbox" __pyvenv /opt/netbox/venv/
|
|
|
|
# Generate and upload netbox configuration.
|
|
mkdir -p "$__object/files"
|
|
"$__type/files/configuration.py.sh" > "$__object/files/configuration.py"
|
|
"$__type/files/ldap_config.py.sh" > "$__object/files/ldap_config.py"
|
|
|
|
require="__user/netbox" __directory /opt/netbox/cdist
|
|
require="__directory/opt/netbox/cdist" __file \
|
|
/opt/netbox/cdist/configuration.py --mode 640 --owner netbox \
|
|
--source "$__object/files/configuration.py"
|
|
|
|
if [ -f "$__object/parameter/ldap-server" ]; then
|
|
require="__directory/opt/netbox/cdist" __file \
|
|
/opt/netbox/cdist/ldap_config.py --mode 640 --owner netbox \
|
|
--source "$__object/files/ldap_config.py"
|
|
else
|
|
require="__directory/opt/netbox/cdist" __file \
|
|
/opt/netbox/cdist/ldap_config.py --state absent
|
|
fi
|
|
|
|
# save secret
|
|
require="__directory/opt/netbox/cdist" __file /opt/netbox/cdist/secretkey \
|
|
--mode 400 --owner netbox --source - << SECRET
|
|
$SECRET_KEY
|
|
SECRET
|
|
|
|
|
|
# Upload systemd unit for worker and wsgi service
|
|
# does not restart netbox on change cause it only restart all other services
|
|
__systemd_unit netbox.service \
|
|
--source "$__type/files/netbox.service" \
|
|
--enablement-state enabled
|
|
__systemd_unit netbox-rq.service \
|
|
--source "$__type/files/netbox-rq.service" \
|
|
--enablement-state enabled --restart
|