diff options
-rwxr-xr-x | roleproxy.py | 53 | ||||
-rw-r--r-- | roleproxy.service | 24 | ||||
-rw-r--r-- | roleproxy.sysconfig | 8 |
3 files changed, 85 insertions, 0 deletions
diff --git a/roleproxy.py b/roleproxy.py new file mode 100755 index 0000000..17ffec3 --- /dev/null +++ b/roleproxy.py @@ -0,0 +1,53 @@ +#!/usr/bin/python3 +# This serves a custom "salt_roles" field in NetBox via a HTTP API consumable in Salt top files. +# Georg Pfuetzenreuter <georg@lysergic.dev> + +import flask +import logging +import os +import pynetbox +from waitress import serve + +if not 'NB_HOST' in os.environ or not 'NB_TOKEN' in os.environ: + print('Pass NB_HOST and NB_TOKEN as environment variables.') + import sys + sys.exit(1) + +host = os.environ['NB_HOST'] +token = os.environ['NB_TOKEN'] + +app = flask.Flask(__name__) + +def connect(host, token): + netbox = pynetbox.api(host, token) + return(netbox) + +def get_roles(netbox, name): + vm = netbox.virtualization.virtual_machines.filter(name=name) + vmroles = {} + if len(vm) > 0: + vmroles = vm[0].custom_fields['salt_roles'] + if vmroles is None: + vmroles = {} + return(200, vmroles) + if len(vm) == 0: + return(404, None) + +@app.route('/roles') +def query(): + name = flask.request.args.get('machine') + query = get_roles(connect(host, token), name) + response = query[0] + logger.info(' %s requested roles for %s and received %i', flask.request.remote_addr, name, response) + if response == 404: + flask.abort(404) + elif response == 200: + roledict = {'roles': query[1]} + return(flask.jsonify(roledict)) + +if __name__ == '__main__': + #app.run(debug=False) + logger = logging.getLogger('roleproxy') + logger.setLevel(logging.INFO) + logger.info('Booting ...') + serve(app, host='*', port=4580) diff --git a/roleproxy.service b/roleproxy.service new file mode 100644 index 0000000..2c53b28 --- /dev/null +++ b/roleproxy.service @@ -0,0 +1,24 @@ +# This file is shipped as part of the salt-netbox-roleproxy package. +# Author: Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net> + +[Unit] +Description=Salt NetBox Role Proxy + +[Service] +User=roleproxy +EnvironmentFile=/etc/sysconfig/roleproxy +ExecStart=/usr/local/bin/roleproxy.py +ProtectSystem=strict +ProtectHome=yes +PrivateDevices=yes +PrivateTmp=yes +PrivateUsers=yes +ProtectKernelTunables=yes +ProtectKernelLogs=yes +ProtectControlGroups=yes +RestrictAddressFamilies=AF_INET6 AF_INET +SystemCallArchitectures=native +SystemCallFilter=@system-service + +[Install] +WantedBy=multi-user.target diff --git a/roleproxy.sysconfig b/roleproxy.sysconfig new file mode 100644 index 0000000..3805db3 --- /dev/null +++ b/roleproxy.sysconfig @@ -0,0 +1,8 @@ +# Configuration for the Salt NetBox role proxy +# Author: Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net> + +# URL in the format https://netbox.example.com:8080 +NB_HOST= + +# Token with privileges to read virtual machine objects and their salt_roles custom field +NB_TOKEN= |