Merge branch 'feature/uwsgi' into master

Author: lae

.travis.yml

@@ -23,8 +23,7 @@ install:
 script:
 - ansible-playbook tests/deploy.yml -i tests/inventory --syntax-check
 - ansible-playbook tests/deploy.yml -i tests/inventory
-- unbuffer ansible-playbook -vvv tests/deploy.yml -i tests/inventory >/tmp/idempotency.log
-  2>&1
+- unbuffer ansible-playbook -vv tests/deploy.yml -i tests/inventory >/tmp/idempotency.log 2>&1
 - 'grep -A1 "PLAY RECAP" /tmp/idempotency.log | grep -qP "changed=0.*failed=0" &&
   (echo "Idempotence: PASS"; exit 0) || (echo "Idempotence: FAIL"; cat /tmp/idempotency.log;
   exit 1)'

README.md

@@ -4,7 +4,11 @@
 lae.netbox
 =========
 
-Installs and configures DigitalOcean's NetBox.
+Installs and configures DigitalOcean's [NetBox](https://github.com/digitalocean/netbox).
+
+This role deploys NetBox inside of a virtualenv, uses uWSGI as its frontend
+(can be used standalone or behind a load balancer), works with both Python 2/3
+and has been tested across CentOS 7/Debian 8/Ubuntu 16.
 
 Requirements
 ------------
@@ -38,13 +42,21 @@ See the *Example Playbook* section for more information on configuring the DB.
 default) stored in `/srv/netbox/shared/generated_secret_key`. This will then be
 used by the role to configure NetBox unless `netbox_secret_key` is later defined.
 
-`netbox_bind_address` is the address Gunicorn will be configured to listen on.
-
 `netbox_allowed_hosts` is a list defining `ALLOWED_HOSTS`.
 
 To load the initial data shipped by NetBox, set `netbox_load_initial_data` to
 true. Otherwise, this role will deploy NetBox with an empty slate.
 
+Configure `netbox_uwsgi_socket` to either be a TCP address or UNIX socket to
+bind to. By default, this role will configure uWSGI to serve a full uWSGI HTTP
+web server. You can set `netbox_behind_load_balancer` to `true` to use an uWSGI
+socket (and you can also set `netbox_uwsgi_protocol` to `http` to configure
+uWSGI to use an HTTP-speaking socket instead).
+
+By default, NetBox will be configured to output to `/srv/netbox/shared/application.log`
+and `/srv/netbox/shared/requests.log`. You can override these with a valid
+uWSGI logger by setting `netbox_uwsgi_logger` and `netbox_uwsgi_req_logger`.
+
 
 Example Playbook
 ----------------
@@ -61,6 +73,7 @@ socket to authenticate with the Postgres server.
       vars:
          netbox_stable: true
          netbox_database_socket: "{{ postgresql_unix_socket_directories[0] }}"
+         netbox_uwsgi_socket: "0.0.0.0:80"
          netbox_allowed_hosts:
            - netbox.idolactiviti.es
          postgresql_users:
@@ -77,8 +90,9 @@ installing NetBox on to authenticate with it over TCP:
          - lae.netbox
       vars:
          netbox_stable: true
+         netbox_uwsgi_socket: "0.0.0.0:80"
          netbox_allowed_hosts:
-           - netbox.idolactiviti.es
+           - "{{ inventory_hostname }}"
          netbox_database_host: pg-netbox.idolactiviti.es
          netbox_database_port: 15432
          netbox_database_name: netbox_prod

defaults/main.yml

@@ -8,6 +8,8 @@ netbox_git: false
 netbox_git_version: develop
 netbox_git_uri: "https://github.com/digitalocean/netbox.git"
 
+netbox_behind_load_balancer: false
+
 netbox_database: netbox
 netbox_database_user: netbox
 #netbox_database_password: changeme
@@ -16,7 +18,6 @@ netbox_database_port: 5432
 #netbox_database_socket: /var/run/postgresql
 
 #netbox_secret_key:
-netbox_bind_address: "127.0.0.1:8001"
 netbox_allowed_hosts:
   - localhost
   - 127.0.0.1
@@ -36,4 +37,10 @@ netbox_current_path: "{{ netbox_home }}/current"
 netbox_shared_path: "{{ netbox_home }}/shared"
 netbox_python: 3
 
+netbox_uwsgi_socket: "127.0.0.1:8000"
+netbox_uwsgi_protocol: uwsgi
+netbox_uwsgi_processes: "{{ ansible_processor_vcpus }}"
+netbox_uwsgi_logger: "file:{{ netbox_shared_path }}/application.log"
+netbox_uwsgi_req_logger: "file:{{ netbox_shared_path }}/requests.log"
+
 netbox_load_initial_data: false

handlers/main.yml

@@ -1,7 +1,12 @@
 ---
 # handlers file for lae.netbox
-- name: restart netbox
+- name: reload netbox
   systemd:
     name: netbox.service
+    state: reloaded
+
+- name: reload netbox and unit file
+  systemd:
+    name: netbox.service
+    state: reloaded
     daemon_reload: yes
-    state: restarted

tasks/configure_gunicorn.yml

@@ -25,7 +25,7 @@
     dest: "{{ netbox_shared_path }}/configuration.py"
     mode: 0640
   notify:
-    - restart netbox
+    - reload netbox
 
 - name: Symlink NetBox configuration file into the active NetBox release
   file:
@@ -53,5 +53,3 @@
     virtualenv: "{{ netbox_virtualenv_path }}"
   when:
     - netbox_load_initial_data
-
-- include: configure_gunicorn.yml

tasks/deploy_netbox.yml

@@ -5,7 +5,7 @@
     dest: "{{ netbox_git_path }}"
     version: "{{ netbox_git_version }}"
   notify:
-    - restart netbox
+    - reload netbox
 
 - name: Symlink git repository to current NetBox directory
   file:

tasks/install_via_git.yml

@@ -6,7 +6,7 @@
     creates: "{{ netbox_stable_path }}"
     remote_src: True
   notify:
-    - restart netbox
+    - reload netbox
 
 - name: Symlink stable release to current NetBox directory
   file:

tasks/install_via_stable.yml

@@ -54,16 +54,28 @@
   become: True
   become_user: "{{ netbox_user }}"
 
-- name: Install systemd unit file for NetBox
+- name: Install uWSGI via pip
+  pip:
+    name: uwsgi
+    state: latest
+    executable: "{{ netbox_pip3_binary if (netbox_python == 3) else netbox_pip2_binary }}"
+
+- name: Configure uWSGI NetBox application
+  template:
+    src: uwsgi.ini.j2
+    dest: "{{ netbox_shared_path }}/uwsgi.ini"
+  notify:
+    - reload netbox
+
+- name: Install uWSGI/NetBox unit file
   template:
     src: netbox.service.j2
     dest: /lib/systemd/system/netbox.service
-    mode: 0644
   notify:
-    - restart netbox
+    - reload netbox and unit file
 
-- name: Start and enable NetBox
-  systemd:
-    name: netbox.service
+- name: Start and enable uWSGI/NetBox
+  service:
+    name: netbox
     state: started
     enabled: yes

tasks/main.yml

@@ -1,3 +1,4 @@
+# {{ ansible_managed }}
 ALLOWED_HOSTS = {{ netbox_allowed_hosts | to_json }}
 DATABASE = {
     'NAME': '{{ netbox_database }}',

templates/configuration.py.j2

@@ -1,15 +1,32 @@
+# {{ ansible_managed }}
 [Unit]
-Description=NetBox datacenter management application
+Description=NetBox IPAM/DCIM tool
 Documentation=http://netbox.readthedocs.io/en/{{ 'latest' if netbox_git else 'stable' }}/
-After=network.target
+After=syslog.target
 
 [Service]
+ExecStart=/usr/bin/env uwsgi --ini {{ netbox_shared_path }}/uwsgi.ini
+ExecReload=/bin/kill -HUP $MAINPID
+ExecStop=/bin/kill -INT $MAINPID
 User={{ netbox_user }}
 Group={{ netbox_group }}
-ExecStart={{ netbox_virtualenv_path }}/bin/gunicorn -c {{ netbox_shared_path }}/gunicorn_config.py netbox.wsgi
-WorkingDirectory={{ netbox_current_path }}/netbox
-Restart=always
-KillMode=process
+Restart=on-failure
+SuccessExitStatus=15 17 29 30
+KillSignal=SIGQUIT
+Type=notify
+StandardError=syslog
+NotifyAccess=all
+PrivateTmp=yes
+ProtectSystem=full
+ReadWriteDirectories={{ netbox_shared_path }}
+{% if netbox_database_socket is defined %}
+ReadWriteDirectories={{ netbox_database_socket }}
+{% endif %}
+DeviceAllow=/dev/null rw
+DeviceAllow=/dev/urandom r
+DeviceAllow=/dev/zero r
+ProtectHome=yes
+NoNewPrivileges=yes
 
 [Install]
 WantedBy=multi-user.target

templates/gunicorn_config.py.j2

@@ -0,0 +1,20 @@
+# {{ ansible_managed }}
+[uwsgi]
+master=true
+{% if netbox_behind_load_balancer %}
+protocol={{ netbox_uwsgi_protocol }}
+socket={{ netbox_uwsgi_socket }}
+{% else %}
+http={{ netbox_uwsgi_socket }}
+{% endif %}
+uid={{ netbox_user }}
+gid={{ netbox_group }}
+processes={{ netbox_uwsgi_processes }}
+module=netbox.wsgi
+virtualenv={{ netbox_virtualenv_path }}
+chdir={{ netbox_current_path }}/netbox
+static-map=/static={{ netbox_current_path }}/netbox/static
+logger={{ netbox_uwsgi_logger }}
+req-logger={{ netbox_uwsgi_req_logger }}
+
+# vim: ft=dosini

templates/netbox.service.j2

@@ -1,8 +1,8 @@
 ---
 ansible_ssh_user: root
-netbox_bind_address: "{{ ansible_default_ipv4.address }}:8080"
+netbox_uwsgi_socket: "0.0.0.0:8080"
 netbox_allowed_hosts:
-  - "{{ ansible_default_ipv4.address }}"
+  - "{{ inventory_hostname }}"
 netbox_database_socket: "{{ postgresql_unix_socket_directories[0] }}"
 postgresql_users:
   - name: "{{ netbox_database_user }}"

templates/uwsgi.ini.j2

@@ -1,15 +1,24 @@
 ---
 - hosts: netbox
   tasks:
-    - name: Print out test environment definitions for each container
-      debug:
-        var: "{{ item }}"
-      with_items:
-        - netbox_stable
-        - netbox_git
-        - netbox_python
-    - name: Ensure that NetBox returns a successful HTTP response
-      uri:
-        url: "http://{{ netbox_bind_address }}"
-    - name: Print out NetBox/gunicorn log
-      shell: journalctl --no-pager -xu netbox.service
+    - block:
+        - name: Print out test environment definitions for each container
+          debug:
+            var: "{{ item }}"
+          with_items:
+            - netbox_stable
+            - netbox_git
+            - netbox_python
+        - name: Ensure that NetBox returns a successful HTTP response
+          uri:
+            url: "http://{{ inventory_hostname }}:8080"
+        - name: uWSGI/NetBox service status
+          shell: "systemctl status netbox.service"
+          changed_when: false
+        - name: uWSGI/NetBox service journal
+          shell: "journalctl --no-pager -xu netbox.service"
+          changed_when: false
+        - name: NetBox application log
+          shell: cat /srv/netbox/shared/application.log
+          changed_when: false
+      ignore_errors: yes