Getting Started

Introduction to the Netos NetOps Project

Introduction

Our goal with our Sempahore projects is to deliver a framework that makes it simple and fast to deploy and manage open-source enterprise networking applications and tools.

Over time we will publish more projects with associated playbooks. Currently available is:

Ansible Semaphore

Semaphore UI is a simple and easy to use alternative to Ansible AWX. Netos have used it for over a year without issues to run thousands of playbooks and manage all of our infrastructure.

It is convenient and easy to use - user friendly web interface for executing Ansible playbooks, Terraform, OpenTofu, Pulumi code and Bash scripts. It is designed to make your automation tasks easier and more enjoyable.

Playbooks

At a click of a button you can perform complex installations, like installing NetBox, and a lot more.

image.png

Views

Views group together different playbooks, for example, below you can the tasks that deploy NetBox:

image.png

 

Semaphore Projects

Finally, we group everything together into different projects.

image.png

Key Semaphore Principles

Introduction

The following diagram illustrates the purpose of each menu item in Semaphore, in the context of the Netos deployment.

image.png

Environments

Environments pass variables into Ansible (or other scripts such as Python or Bash).

image.png

For example, in this environment file we pass through variables from the Semaphore Environment, but also set default variables where applicable in the /vars/ files in the Ansible project.

CERT_CONTENT: "{{ lookup('env', 'CERT_CONTENT') | default('must-be-set-in-semaphore-variable') }}"
CERT_DIR: "{{ lookup('env', 'CERT_DIR') | default('/netos/certs/netbox') }}"
DOMAIN: "{{ lookup('env', 'DOMAIN') | default('netos.dev') }}"
NETBOX_DB_NAME: "{{ lookup('env', 'NETBOX_DB_NAME') | default('netbox') }}"

Semaphore also supports encrypted secrets as variables. We decided to use this feature throughout rather than Ansible Vault because it ensures that all data is in one place, rather than being split across different vaults and environments.

image.png

There is a bug in Semaphore where updates to Secrets are not saved. Problem: not possible to edit secret name · Issue #2293 · semaphoreui/semaphore (github.com)

Repositories

Repositories are linked to Templates (e.g. an Ansible playbook) and in general point to a Git repository. In the case of all Netos projects, we instead point to a local file system, and instead have a per-project task to pull the repository from Netos Networks (github.com)

image.png

Templates

Everything above is pulled together into a Template.

image.png

Scheduling

Templates can then be scheduled for repetitive tasks, such as backup and housekeeping tasks.

image.png

Tracking Tasks

You can globally track the status of all tasks, as well as within the logs of each Template.

image.png

Users, Accounts & Tokens

Introduction

We have set default tokens and passwords to get a test/lab environment up and running quickly. In a production deployment you should replace all the tokens and passwords. We don't suggest changing any directories.

Default Login Values

The default accounts to login to systems following deployment from Semaphore are as follows. The endpoints (URLs) are set in Semaphore environments, and you will need deploy and configure NGINX.

System Username Password Endpoint Settings
Semaphore admin admin Set in Semaphore environment "Semaphore Global Settings"
NetBox admin ohp8toef7Jee Set in Semaphore environment "NetBox Global Settings"
Airflow admin admin Set in Semaphore environment "Pod Global Settings"
Kibana elastic_admin ahee0JeebieB Set in Semaphore environment "Pod Global Settings"
Elastic elastic_admin ahee0JeebieB Set in Semaphore environment "Pod Global Settings"

Var Files

There are different Ansible Variable files located in each project, for example:

Here is an example vars_file from the netos-netbox repository. The "lookup" value is taken from.

CERT_CONTENT: "{{ lookup('env', 'CERT_CONTENT') | default('must-be-set-in-semaphore-variable') }}"
CERT_DIR: "{{ lookup('env', 'CERT_DIR') | default('/netos/certs/netbox') }}"
DOMAIN: "{{ lookup('env', 'DOMAIN') | default('netos.dev') }}"
NETBOX_DB_NAME: "{{ lookup('env', 'NETBOX_DB_NAME') | default('netbox') }}"
NETBOX_DB_PASSWORD: "{{ lookup('env', 'NETBOX_DB_PASSWORD') | default('VxW6EnnKRrkxCzcnDnWT8Fz9q') }}"
NETBOX_DB_USER: "{{ lookup('env', 'NETBOX_DB_USER') | default('netbox') }}"
NETBOX_HOSTNAME: "{{ lookup('env', 'NETBOX_HOSTNAME') | default('netbox') }}"
NETBOX_INSTALL_DIR: "{{ lookup('env', 'NETBOX_INSTALL_DIR') | default('/opt/netbox') }}"
NETBOX_REPO: "{{ lookup('env', 'NETBOX_REPO') | default('https://github.com/netbox-community/netbox.git') }}"
NETBOX_TOKEN: "{{ lookup('env', 'NETBOX_TOKEN') | default('d4c5b00f7053317be2ce8993dd74caa14ca53ca8') }}"
ORG_NAME: "{{ lookup('env', 'ORG_NAME') | default('Netos Networks') }}"
PLUGIN_ADD_TAG: "{{ lookup('env', 'PLUGIN_ADD_TAG') | default('') }}"
POSTGRES_USER_PASSWORD: "{{ lookup('env', 'POSTGRES_USER_PASSWORD') | default('3SqtYWH8iy0Y1alOIj2I') }}"
PRIVATE_CERT_CONTENT: "{{ lookup('env', 'PRIVATE_CERT_CONTENT') | default('must-be-set-in-semaphore-variable') }}"
SECRET_KEY: "{{ lookup('env', 'SECRET_KEY') | default('ahz3ool4teiNgo7moh6fiehiuTh6zei5achae2eeshae9vaiYe') }}"
SUPER_USER_EMAIL: "{{ lookup('env', 'SUPER_USER_EMAIL') | default('netbox@netos.dev') }}"
SUPER_USER_PASSWORD: "{{ lookup('env', 'SUPER_USER_PASSWORD') | default('ohp8toef7Jee') }}"
SUPER_USER_USERNAME: "{{ lookup('env', 'SUPER_USER_USERNAME') | default('admin') }}"
AIRFLOW_API_USER_USERNAME: "{{ lookup('env', 'AIRFLOW_API_USER_USERNAME') | default('airflow_api') }}"
AIRFLOW_API_USER_PASSWORD: "{{ lookup('env', 'AIRFLOW_API_USER_PASSWORD') | default('a17baa2b642565b1d7be4d6d52a7fc23a2c6c41a') }}"
AIRFLOW_API_TOKEN: "{{ lookup('env', 'AIRFLOW_API_TOKEN') | default('d6d52a7fc23a2c6c41aa17baa2b642565b1d7be4') }}"

Semaphore Variables

Variables and Secrets are set in Environments which are passed as variables via the lookup command above. Check the Key Semaphore Principles guide for more information about Semaphore.

image.png

The variable must be configured in Semaphore if it is referenced in a variable file. If it isn't you will get an error when running the playbook.

In a production system, double check all accounts after setting them. I.e. ensure you can manually authenticate to databases, APIs, applications, etc.