Getting Started
Introduction to the Netos NetOps Project
Introduction
Our goal with our Sempahore projects is to deliver a framework that makes it simple and fast to deploy and manage open-source enterprise networking applications and tools.
- Quickly spin up an enterprise grade application stack (in minutes).
- Deal with all the critical yet time consuming platform engineering at the click of a button.
- Deal with the boring but important stuff like backups, restores, and maintenance.
- Fast track to the interesting stuff like playing with the tools and dev/test.
Over time we will publish more projects with associated playbooks. Currently available is:
- Netos NetOps - A simple wrapper project for managing the underlying Semaphore instance.
- Netos NetBox - Contains all the playbooks to deploy and operate NetBox.
Ansible Semaphore
Semaphore UI is a simple and easy to use alternative to Ansible AWX. Netos have used it for over a year without issues to run thousands of playbooks and manage all of our infrastructure.
It is convenient and easy to use - user friendly web interface for executing Ansible playbooks, Terraform, OpenTofu, Pulumi code and Bash scripts. It is designed to make your automation tasks easier and more enjoyable.
Playbooks
At a click of a button you can perform complex installations, like installing NetBox, and a lot more.
Views
Views group together different playbooks, for example, below you can the tasks that deploy NetBox:
Semaphore Projects
Finally, we group everything together into different projects.
Key Semaphore Principles
Introduction
The following diagram illustrates the purpose of each menu item in Semaphore, in the context of the Netos deployment.
Environments
Environments pass variables into Ansible (or other scripts such as Python or Bash).
For example, in this environment file we pass through variables from the Semaphore Environment, but also set default variables where applicable in the /vars/
files in the Ansible project.
CERT_CONTENT: "{{ lookup('env', 'CERT_CONTENT') | default('must-be-set-in-semaphore-variable') }}"
CERT_DIR: "{{ lookup('env', 'CERT_DIR') | default('/netos/certs/netbox') }}"
DOMAIN: "{{ lookup('env', 'DOMAIN') | default('netos.dev') }}"
NETBOX_DB_NAME: "{{ lookup('env', 'NETBOX_DB_NAME') | default('netbox') }}"
Semaphore also supports encrypted secrets as variables. We decided to use this feature throughout rather than Ansible Vault because it ensures that all data is in one place, rather than being split across different vaults and environments.
There is a bug in Semaphore where updates to Secrets are not saved. Problem: not possible to edit secret name · Issue #2293 · semaphoreui/semaphore (github.com)
Repositories
Repositories are linked to Templates (e.g. an Ansible playbook) and in general point to a Git repository. In the case of all Netos projects, we instead point to a local file system, and instead have a per-project task to pull the repository from Netos Networks (github.com).
Templates
Everything above is pulled together into a Template.
Scheduling
Templates can then be scheduled for repetitive tasks, such as backup and housekeeping tasks.
Tracking Tasks
You can globally track the status of all tasks, as well as within the logs of each Template.
Users, Accounts & Tokens
Introduction
We have set default tokens and passwords to get a test/lab environment up and running quickly. In a production deployment you should replace all the tokens and passwords. We don't suggest changing any directories.
Default Login Values
The default accounts to login to systems following deployment from Semaphore are as follows. The endpoints (URLs) are set in Semaphore environments, and you will need deploy and configure NGINX.
System | Username | Password | Endpoint Settings |
Semaphore | admin |
admin |
Set in Semaphore environment "Semaphore Global Settings" |
NetBox | admin |
ohp8toef7Jee |
Set in Semaphore environment "NetBox Global Settings" |
Airflow | admin |
admin |
Set in Semaphore environment "Pod Global Settings" |
Kibana | elastic_admin |
ahee0JeebieB |
Set in Semaphore environment "Pod Global Settings" |
Elastic | elastic_admin |
ahee0JeebieB |
Set in Semaphore environment "Pod Global Settings" |
Var Files
There are different Ansible Variable files located in each project, for example:
- https://github.com/netos-networks/netos-netops/tree/main/vars
- https://github.com/netos-networks/netos-netbox/tree/main/vars
Here is an example vars_file
from the netos-netbox
repository. The "lookup" value is taken from.
CERT_CONTENT: "{{ lookup('env', 'CERT_CONTENT') | default('must-be-set-in-semaphore-variable') }}"
CERT_DIR: "{{ lookup('env', 'CERT_DIR') | default('/netos/certs/netbox') }}"
DOMAIN: "{{ lookup('env', 'DOMAIN') | default('netos.dev') }}"
NETBOX_DB_NAME: "{{ lookup('env', 'NETBOX_DB_NAME') | default('netbox') }}"
NETBOX_DB_PASSWORD: "{{ lookup('env', 'NETBOX_DB_PASSWORD') | default('VxW6EnnKRrkxCzcnDnWT8Fz9q') }}"
NETBOX_DB_USER: "{{ lookup('env', 'NETBOX_DB_USER') | default('netbox') }}"
NETBOX_HOSTNAME: "{{ lookup('env', 'NETBOX_HOSTNAME') | default('netbox') }}"
NETBOX_INSTALL_DIR: "{{ lookup('env', 'NETBOX_INSTALL_DIR') | default('/opt/netbox') }}"
NETBOX_REPO: "{{ lookup('env', 'NETBOX_REPO') | default('https://github.com/netbox-community/netbox.git') }}"
NETBOX_TOKEN: "{{ lookup('env', 'NETBOX_TOKEN') | default('d4c5b00f7053317be2ce8993dd74caa14ca53ca8') }}"
ORG_NAME: "{{ lookup('env', 'ORG_NAME') | default('Netos Networks') }}"
PLUGIN_ADD_TAG: "{{ lookup('env', 'PLUGIN_ADD_TAG') | default('') }}"
POSTGRES_USER_PASSWORD: "{{ lookup('env', 'POSTGRES_USER_PASSWORD') | default('3SqtYWH8iy0Y1alOIj2I') }}"
PRIVATE_CERT_CONTENT: "{{ lookup('env', 'PRIVATE_CERT_CONTENT') | default('must-be-set-in-semaphore-variable') }}"
SECRET_KEY: "{{ lookup('env', 'SECRET_KEY') | default('ahz3ool4teiNgo7moh6fiehiuTh6zei5achae2eeshae9vaiYe') }}"
SUPER_USER_EMAIL: "{{ lookup('env', 'SUPER_USER_EMAIL') | default('netbox@netos.dev') }}"
SUPER_USER_PASSWORD: "{{ lookup('env', 'SUPER_USER_PASSWORD') | default('ohp8toef7Jee') }}"
SUPER_USER_USERNAME: "{{ lookup('env', 'SUPER_USER_USERNAME') | default('admin') }}"
AIRFLOW_API_USER_USERNAME: "{{ lookup('env', 'AIRFLOW_API_USER_USERNAME') | default('airflow_api') }}"
AIRFLOW_API_USER_PASSWORD: "{{ lookup('env', 'AIRFLOW_API_USER_PASSWORD') | default('a17baa2b642565b1d7be4d6d52a7fc23a2c6c41a') }}"
AIRFLOW_API_TOKEN: "{{ lookup('env', 'AIRFLOW_API_TOKEN') | default('d6d52a7fc23a2c6c41aa17baa2b642565b1d7be4') }}"
Semaphore Variables
Variables and Secrets are set in Environments which are passed as variables via the lookup
command above. Check the Key Semaphore Principles guide for more information about Semaphore.
The variable must be configured in Semaphore if it is referenced in a variable file. If it isn't you will get an error when running the playbook.
In a production system, double check all accounts after setting them. I.e. ensure you can manually authenticate to databases, APIs, applications, etc.