debops.phpipam default variables
Sections
Basic configuration options
- phpipam__mode
What parts of the "phpIPAM stack" to enable:
webui
: configure the Web interfacescripts
: configure phpipam-scripts
phpipam__mode: [ 'webui', 'scripts' ]
Webserver configuration
- phpipam__fqdn
FQDN on which phpIPAM is configured by debops.nginx Ansible role
phpipam__fqdn: 'ipam.{{ ansible_domain }}'
- phpipam__nginx_auth_realm
Webserver authentication realm.
phpipam__nginx_auth_realm: 'IPAM access is restricted'
- phpipam__nginx_access_policy
Name of the "nginx access policy" for phpIPAM. See debops.nginx
Ansible role for more details.
phpipam__nginx_access_policy: ''
- phpipam__webserver_user
phpIPAM webserver user (needs read-only access to the website code)
phpipam__webserver_user: '{{ ansible_local.nginx.user
if (ansible_local is defined and
ansible_local.nginx is defined and
ansible_local.nginx.user is defined)
else "www-data" }}'
UNIX environment
- phpipam__user
System user for phpIPAM application
phpipam__user: 'phpipam'
- phpipam__group
System group for phpIPAM application
phpipam__group: 'phpipam'
- phpipam__home
Home directory of the phpipam__user
user.
phpipam__home: '{{ (ansible_local.fhs.home | d("/var/local"))
+ "/" + phpipam__user }}'
Database configuration
- phpipam__database_user
phpIPAM MySQL database configuration
phpipam__database_user: 'phpipam'
- phpipam__database_host
FQDN of the MariaDB database host. It will be configured by the debops.mariadb role.
phpipam__database_host: '{{ ansible_local.mariadb.server }}'
- phpipam__database_name
The database name used by the phpIPAM
phpipam__database_name: 'phpipam'
- phpipam__database_password
The database password used by the phpIPAM
phpipam__database_password: "{{ lookup('password', secret + '/mariadb/' +
ansible_local.mariadb.delegate_to +
'/credentials/' + phpipam__database_user +
'/password length=48') }}"
- phpipam__database_schema
phpIPAM database schema loaded by Ansible
phpipam__database_schema: '{{ phpipam__git_checkout + "/db/SCHEMA.sql" }}'
Base application directories
- phpipam__src
Base path for git bare repository with phpIPAM source
phpipam__src: '{{ (ansible_local.fhs.src | d("/usr/local/src"))
+ "/" + phpipam__user }}'
- phpipam__www
Base web root directory for phpIPAM website
phpipam__www: '{{ (ansible_local.nginx.www
if (ansible_local is defined and
ansible_local.nginx is defined and
ansible_local.nginx.www is defined)
else "/srv/www") + "/" + phpipam__user }}'
Git repository and checkout
- phpipam__git_repo
phpIPAM source repository
phpipam__git_repo: 'https://github.com/phpipam/phpipam.git'
- phpipam__git_dest
phpIPAM source directory on the host
phpipam__git_dest: '{{ phpipam__src + "/" + phpipam__git_repo.split("://")[1] }}'
- phpipam__git_version
phpIPAM git branch to deploy
phpipam__git_version: 'v1.4.1'
- phpipam__git_checkout
Default path where phpIPAM source files will be deployed
phpipam__git_checkout: '{{ phpipam__www + "/sites/" + phpipam__fqdn + "/public" }}'
phpIPAM config.php
- phpipam__php_session_name
Custom PHP session name
phpipam__php_session_name: "{{ lookup('password', secret + '/credentials/'
+ inventory_hostname + '/phpipam/php_session_name
chars=hexdigits length=30') }}"
The phpipam-scripts variables
- phpipam__scripts_git_repo
phpIPAM scripts source repository
phpipam__scripts_git_repo: 'https://github.com/debops/phpipam-scripts'
- phpipam__scripts_git_dest
phpIPAM scripts source directory on the host
phpipam__scripts_git_dest: '{{ "/usr/local/src/phpipam/" + phpipam__scripts_git_repo.split("://")[1] }}'
- phpipam__scripts_git_version
phpIPAM scripts git branch to deploy
phpipam__scripts_git_version: 'master'
- phpipam__scripts_database_user
Database configuration for phpipam scripts
phpipam__scripts_database_user: '{{ phpipam__database_user }}'
- phpipam__scripts_database_host
The hostname or IP address of the database server to use for the phpIPAM DebOps scripts.
phpipam__scripts_database_host: '{{ phpipam__database_host }}'
- phpipam__scripts_database_name
The database name used by the phpIPAM DebOps scripts
phpipam__scripts_database_name: '{{ phpipam__database_name }}'
- phpipam__scripts_database_password
The database password used by the phpIPAM DebOps scripts
phpipam__scripts_database_password: '{{ phpipam__database_password }}'
- phpipam__scripts_config_sections
List of phpIPAM sections to include in generated default configuration. If none are specified, all sections will be included.
phpipam__scripts_config_sections: []
- phpipam__scripts_config_subnets
List of phpIPAM subnets to include in generated default configuration. If none are specified, all subnets will be included.
phpipam__scripts_config_subnets: []
- phpipam__scripts_config_output
Default configuration file location
phpipam__scripts_config_output: '/etc/dhcp/dhcpd-hosts.conf'
- phpipam__scripts_config_restart_command
A command to issue after the configuration file is generated and changes were noticed.
phpipam__scripts_config_restart_command: '/etc/init.d/isc-dhcp-server restart'
- phpipam__scripts_config_groups
Default configuration for phpipam-hosts script. It will create
a /etc/dhcp/dhcpd-hosts.conf
file with all hosts configured in phpIPAM,
or just the sections/subnets specified above. If any changes are detected,
DHCP server (by default ISC DHCP) will be restarted.
phpipam__scripts_config_groups:
'hosts':
sections: '{{ phpipam__scripts_config_sections }}'
subnets: '{{ phpipam__scripts_config_subnets }}'
active: 'true'
reserved: 'false'
offline: 'false'
dhcp: 'false'
output: '{{ phpipam__scripts_config_output }}'
restart_command: '{{ phpipam__scripts_config_restart_command }}'
restart: 'true'
- phpipam__scripts_cron_period
phpipam-hosts regeneration period in minutes (cron format)
phpipam__scripts_cron_period: '*/5'
Configuration for other Ansible roles
- phpipam__php__dependent_packages
List of PHP packages to install using debops.php role.
phpipam__php__dependent_packages:
- 'mysql'
- 'gmp'
- 'gd'
- 'curl'
- 'mcrypt'
- 'ldap'
- 'php-pear'
- phpipam__php__dependent_pools
PHP-FMP pool configuration for the debops.php Ansible role.
phpipam__php__dependent_pools:
- name: 'phpipam'
enabled: True
user: '{{ phpipam__user }}'
group: '{{ phpipam__group }}'
owner: '{{ phpipam__user }}'
home: '{{ phpipam__home }}'
- phpipam__nginx__dependent_upstreams
PHP upstream server configuration managed by the debops.nginx Ansible role.
phpipam__nginx__dependent_upstreams:
- name: 'php_phpipam'
by_role: 'debops.phpipam'
enabled: True
type: 'php'
php_pool: 'phpipam'
- phpipam__nginx_dependent_servers
Server configuration for the debops.nginx Ansible role.
phpipam__nginx__dependent_servers:
- name: '{{ phpipam__fqdn }}'
by_role: 'debops.phpipam'
enabled: True
type: 'php'
root: '{{ phpipam__git_checkout }}'
webroot_create: False
access_policy: '{{ phpipam__nginx_access_policy }}'
auth_basic_realm: '{{ phpipam__nginx_auth_realm }}'
php_upstream: 'php_phpipam'
error_pages:
'400': '/index.php?page=error§ion=400'
'401': '/index.php?page=error§ion=401'
'403': '/index.php?page=error§ion=403'
'404': '/index.php?page=error§ion=404'
'500': '/index.php?page=error§ion=500'
location:
'/api': |
try_files $uri $uri/ /api/index.php?$args =404;
'/': |
rewrite ^/login/dashboard/$ /dashboard/ redirect;
rewrite ^/logout/dashboard/$ /dashboard/ redirect;
rewrite ^/tools/search/(.*)/(.*)/(.*)/(.*)$ /index.php?page=tools§ion=search&addresses=$1&subnets=$2&vlans=$3&ip=$4 last;
rewrite ^/(.*)/(.*)/(.*)/(.*)/(.*)/$ /index.php?page=$1§ion=$2&subnetId=$3&sPage=$4&ipaddrid=$5 last;
rewrite ^/(.*)/(.*)/(.*)/(.*)/$ /index.php?page=$1§ion=$2&subnetId=$3&sPage=$4 last;
rewrite ^/(.*)/(.*)/(.*)/$ /index.php?page=$1§ion=$2&subnetId=$3 last;
rewrite ^/(.*)/(.*)/$ /index.php?page=$1§ion=$2 last;
rewrite ^/(.*)/$ /index.php?page=$1 last;
try_files $uri $uri/ $uri.html $uri.htm /index.html /index.htm =404;
- phpipam__mariadb__dependent_users
List of user accounts to configure by debops.mariadb Ansible role.
phpipam__mariadb__dependent_users:
- database: '{{ phpipam__database_name }}'
user: '{{ phpipam__database_user }}'
owner: '{{ phpipam__user }}'
group: '{{ phpipam__group }}'
home: '{{ phpipam__home }}'
system: True