diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index acdb4e0..f76f0f4 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1,8 +1,8 @@ # These are supported funding model platforms github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] -- cimnine -- tobiasge + - cimnine + - tobiasge patreon: # Replace with a single Patreon username open_collective: # Replace with a single Open Collective username ko_fi: # Replace with a single Ko-fi username diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml index b6f0479..4aa0540 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -1,148 +1,148 @@ name: Bug report description: Create a report about a malfunction of the Docker setup body: -- type: markdown - attributes: - value: | - Please only raise an issue if you're certain that you've found a bug. - Else, see these other means to get help: + - type: markdown + attributes: + value: | + Please only raise an issue if you're certain that you've found a bug. + Else, see these other means to get help: - - See our troubleshooting section: - https://github.com/netbox-community/netbox-docker/wiki/Troubleshooting - - Have a look at the rest of the wiki: - https://github.com/netbox-community/netbox-docker/wiki - - Check the release notes: - https://github.com/netbox-community/netbox-docker/releases - - Look through the issues already resolved: - https://github.com/netbox-community/netbox-docker/issues?q=is%3Aclosed + - See our troubleshooting section: + https://github.com/netbox-community/netbox-docker/wiki/Troubleshooting + - Have a look at the rest of the wiki: + https://github.com/netbox-community/netbox-docker/wiki + - Check the release notes: + https://github.com/netbox-community/netbox-docker/releases + - Look through the issues already resolved: + https://github.com/netbox-community/netbox-docker/issues?q=is%3Aclosed - If you did not find what you're looking for, - try the help of our community: + If you did not find what you're looking for, + try the help of our community: - - Post to Github Discussions: - https://github.com/netbox-community/netbox-docker/discussions - - Join the `#netbox-docker` channel on our Slack: - https://join.slack.com/t/netdev-community/shared_invite/zt-mtts8g0n-Sm6Wutn62q_M4OdsaIycrQ - - Ask on the NetBox mailing list: - https://groups.google.com/d/forum/netbox-discuss + - Post to Github Discussions: + https://github.com/netbox-community/netbox-docker/discussions + - Join the `#netbox-docker` channel on our Slack: + https://join.slack.com/t/netdev-community/shared_invite/zt-mtts8g0n-Sm6Wutn62q_M4OdsaIycrQ + - Ask on the NetBox mailing list: + https://groups.google.com/d/forum/netbox-discuss - Please don't open an issue to open a PR. - Just submit the PR, that's good enough. -- type: textarea - id: current-behavior - attributes: - label: Current Behavior - description: Please describe what you did and how you think it misbehaved - placeholder: I tried to … by doing …, but it … - validations: - required: true -- type: textarea - id: expected-behavior - attributes: - label: Expected Behavior - description: Please describe what you expected instead - placeholder: I expected that … when I do … - validations: - required: true -- type: input - id: docker-compose-version - attributes: - label: Docker Compose Version - description: Please paste the output of `docker-compose version` - placeholder: Docker Compose version vX.Y.Z - validations: - required: true -- type: textarea - id: docker-version - attributes: - label: Docker Version - description: Please paste the output of `docker version` - render: text - placeholder: | - Client: - Cloud integration: 1.0.17 - Version: 20.10.8 - API version: 1.41 - Go version: go1.16.6 - Git commit: 3967b7d - Built: Fri Jul 30 19:55:20 2021 - OS/Arch: darwin/amd64 - Context: default - Experimental: true + Please don't open an issue to open a PR. + Just submit the PR, that's good enough. + - type: textarea + id: current-behavior + attributes: + label: Current Behavior + description: Please describe what you did and how you think it misbehaved + placeholder: I tried to … by doing …, but it … + validations: + required: true + - type: textarea + id: expected-behavior + attributes: + label: Expected Behavior + description: Please describe what you expected instead + placeholder: I expected that … when I do … + validations: + required: true + - type: input + id: docker-compose-version + attributes: + label: Docker Compose Version + description: Please paste the output of `docker-compose version` + placeholder: Docker Compose version vX.Y.Z + validations: + required: true + - type: textarea + id: docker-version + attributes: + label: Docker Version + description: Please paste the output of `docker version` + render: text + placeholder: | + Client: + Cloud integration: 1.0.17 + Version: 20.10.8 + API version: 1.41 + Go version: go1.16.6 + Git commit: 3967b7d + Built: Fri Jul 30 19:55:20 2021 + OS/Arch: darwin/amd64 + Context: default + Experimental: true - Server: Docker Engine - Community - Engine: - Version: 20.10.8 - API version: 1.41 (minimum version 1.12) - Go version: go1.16.6 - Git commit: 75249d8 - Built: Fri Jul 30 19:52:10 2021 - OS/Arch: linux/amd64 - Experimental: false - containerd: - Version: 1.4.9 - GitCommit: e25210fe30a0a703442421b0f60afac609f950a3 - runc: - Version: 1.0.1 - GitCommit: v1.0.1-0-g4144b63 - docker-init: - Version: 0.19.0 - GitCommit: de40ad0 - validations: - required: true -- type: input - id: git-rev - attributes: - label: The git Revision - description: Please paste the output of `git rev-parse HEAD` - validations: - required: true -- type: textarea - id: git-status - attributes: - label: The git Status - description: Please paste the output of `git status` - render: text - placeholder: | - On branch main - nothing to commit, working tree clean - validations: - required: true -- type: input - id: run-command - attributes: - label: Startup Command - description: Please specify the command you used to start the project - placeholder: docker compose up - validations: - required: true -- type: textarea - id: netbox-logs - attributes: - label: NetBox Logs - description: Please paste the output of `docker-compose logs netbox` (or `docker compose logs netbox`) - render: text - placeholder: | - netbox_1 | ⚙️ Applying database migrations - netbox_1 | 🧬 loaded config '/etc/netbox/config/configuration.py' - netbox_1 | 🧬 loaded config '/etc/netbox/config/a.py' - netbox_1 | 🧬 loaded config '/etc/netbox/config/extra.py' - netbox_1 | 🧬 loaded config '/etc/netbox/config/logging.py' - netbox_1 | 🧬 loaded config '/etc/netbox/config/plugins.py' - ... - validations: - required: true -- type: textarea - id: docker-compose-override-yml - attributes: - label: Content of docker-compose.override.yml - description: Please paste the output of `cat docker-compose.override.yml` - render: yaml - placeholder: | - version: '3.4' - services: - netbox: - ports: - - '8080:8080' - validations: - required: true + Server: Docker Engine - Community + Engine: + Version: 20.10.8 + API version: 1.41 (minimum version 1.12) + Go version: go1.16.6 + Git commit: 75249d8 + Built: Fri Jul 30 19:52:10 2021 + OS/Arch: linux/amd64 + Experimental: false + containerd: + Version: 1.4.9 + GitCommit: e25210fe30a0a703442421b0f60afac609f950a3 + runc: + Version: 1.0.1 + GitCommit: v1.0.1-0-g4144b63 + docker-init: + Version: 0.19.0 + GitCommit: de40ad0 + validations: + required: true + - type: input + id: git-rev + attributes: + label: The git Revision + description: Please paste the output of `git rev-parse HEAD` + validations: + required: true + - type: textarea + id: git-status + attributes: + label: The git Status + description: Please paste the output of `git status` + render: text + placeholder: | + On branch main + nothing to commit, working tree clean + validations: + required: true + - type: input + id: run-command + attributes: + label: Startup Command + description: Please specify the command you used to start the project + placeholder: docker compose up + validations: + required: true + - type: textarea + id: netbox-logs + attributes: + label: NetBox Logs + description: Please paste the output of `docker-compose logs netbox` (or `docker compose logs netbox`) + render: text + placeholder: | + netbox_1 | ⚙️ Applying database migrations + netbox_1 | 🧬 loaded config '/etc/netbox/config/configuration.py' + netbox_1 | 🧬 loaded config '/etc/netbox/config/a.py' + netbox_1 | 🧬 loaded config '/etc/netbox/config/extra.py' + netbox_1 | 🧬 loaded config '/etc/netbox/config/logging.py' + netbox_1 | 🧬 loaded config '/etc/netbox/config/plugins.py' + ... + validations: + required: true + - type: textarea + id: docker-compose-override-yml + attributes: + label: Content of docker-compose.override.yml + description: Please paste the output of `cat docker-compose.override.yml` + render: yaml + placeholder: | + version: '3.4' + services: + netbox: + ports: + - '8080:8080' + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index a584cc2..3e3d62a 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -6,7 +6,7 @@ contact_links: - name: Chat url: https://join.slack.com/t/netdev-community/shared_invite/zt-mtts8g0n-Sm6Wutn62q_M4OdsaIycrQ - about: 'Usually the quickest way to seek help with small issues is to join our #netbox-docker Slack channel.' + about: "Usually the quickest way to seek help with small issues is to join our #netbox-docker Slack channel." - name: Community Wiki url: https://github.com/netbox-community/netbox-docker/wiki diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml index e8f2a55..88d46fd 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.yml +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -1,68 +1,68 @@ name: Feature or Change Request description: Request a new feature or a change of the current behavior body: -- type: markdown - attributes: - value: | - This issue type is to propose new features for the Docker setup. - To just spin an idea, see the Github Discussions section, please. + - type: markdown + attributes: + value: | + This issue type is to propose new features for the Docker setup. + To just spin an idea, see the Github Discussions section, please. - Before asking for help, see these links first: + Before asking for help, see these links first: - - See our troubleshooting section: - https://github.com/netbox-community/netbox-docker/wiki/Troubleshooting - - Have a look at the rest of the wiki: - https://github.com/netbox-community/netbox-docker/wiki - - Check the release notes: - https://github.com/netbox-community/netbox-docker/releases - - Look through the issues already resolved: - https://github.com/netbox-community/netbox-docker/issues?q=is%3Aclosed + - See our troubleshooting section: + https://github.com/netbox-community/netbox-docker/wiki/Troubleshooting + - Have a look at the rest of the wiki: + https://github.com/netbox-community/netbox-docker/wiki + - Check the release notes: + https://github.com/netbox-community/netbox-docker/releases + - Look through the issues already resolved: + https://github.com/netbox-community/netbox-docker/issues?q=is%3Aclosed - If you did not find what you're looking for, - try the help of our community: + If you did not find what you're looking for, + try the help of our community: - - Post to Github Discussions: - https://github.com/netbox-community/netbox-docker/discussions - - Join the `#netbox-docker` channel on our Slack: - https://join.slack.com/t/netdev-community/shared_invite/zt-mtts8g0n-Sm6Wutn62q_M4OdsaIycrQ - - Ask on the NetBox mailing list: - https://groups.google.com/d/forum/netbox-discuss + - Post to Github Discussions: + https://github.com/netbox-community/netbox-docker/discussions + - Join the `#netbox-docker` channel on our Slack: + https://join.slack.com/t/netdev-community/shared_invite/zt-mtts8g0n-Sm6Wutn62q_M4OdsaIycrQ + - Ask on the NetBox mailing list: + https://groups.google.com/d/forum/netbox-discuss - Please don't open an issue to open a PR. - Just submit the PR, that's good enough. -- type: textarea - id: desired-behavior - attributes: - label: Desired Behavior - description: Please describe the desired behavior - placeholder: To me, it would be useful, if … because … - validations: - required: true -- type: textarea - id: contrast-to-current - attributes: - label: Contrast to Current Behavior - description: Please describe how the desired behavior is different from the current behavior - placeholder: The current behavior is …, but this lacks … - validations: - required: true -- type: textarea - id: required-changes - attributes: - label: Required Changes - description: If you can, please elaborate what changes will be required to implement the desired behavior - placeholder: I suggest to change the file … - validations: - required: false -- type: textarea - id: discussion - attributes: - label: 'Discussion: Benefits and Drawbacks' - description: | - Please make your case here: - - Why do you think this project and the community will benefit from your suggestion? - - What are the drawbacks of this change? Is it backwards-compatible? - - Anything else that you think is relevant to the discussion of this feature/change request. - placeholder: I suggest to change the file … - validations: - required: false + Please don't open an issue to open a PR. + Just submit the PR, that's good enough. + - type: textarea + id: desired-behavior + attributes: + label: Desired Behavior + description: Please describe the desired behavior + placeholder: To me, it would be useful, if … because … + validations: + required: true + - type: textarea + id: contrast-to-current + attributes: + label: Contrast to Current Behavior + description: Please describe how the desired behavior is different from the current behavior + placeholder: The current behavior is …, but this lacks … + validations: + required: true + - type: textarea + id: required-changes + attributes: + label: Required Changes + description: If you can, please elaborate what changes will be required to implement the desired behavior + placeholder: I suggest to change the file … + validations: + required: false + - type: textarea + id: discussion + attributes: + label: "Discussion: Benefits and Drawbacks" + description: | + Please make your case here: + - Why do you think this project and the community will benefit from your suggestion? + - What are the drawbacks of this change? Is it backwards-compatible? + - Anything else that you think is relevant to the discussion of this feature/change request. + placeholder: I suggest to change the file … + validations: + required: false diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 139ff96..8c51bfd 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -80,6 +80,6 @@ into the release notes. Please put an x into the brackets (like `[x]`) if you've completed that task. --> -* [ ] I have read the comments and followed the PR template. -* [ ] I have explained my PR according to the information in the comments. -* [ ] My PR targets the `develop` branch. +- [ ] I have read the comments and followed the PR template. +- [ ] I have explained my PR according to the information in the comments. +- [ ] My PR targets the `develop` branch. diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 5a9528a..41d4d40 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -5,10 +5,15 @@ on: push: branches-ignore: - release + - renovate/** pull_request: branches-ignore: - release +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + jobs: lint: runs-on: ubuntu-latest @@ -21,17 +26,19 @@ jobs: fetch-depth: 0 - uses: actions/setup-python@v5 with: - python-version: '3.9' + python-version: "3.9" - name: Lint Code Base - uses: github/super-linter@v5 + uses: github/super-linter@v7 env: DEFAULT_BRANCH: develop GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SUPPRESS_POSSUM: true LINTER_RULES_PATH: / VALIDATE_ALL_CODEBASE: false + VALIDATE_CHECKOV: false VALIDATE_DOCKERFILE: false VALIDATE_GITLEAKS: false + VALIDATE_JSCPD: false FILTER_REGEX_EXCLUDE: (.*/)?(LICENSE|configuration/.*) EDITORCONFIG_FILE_NAME: .ecrc DOCKERFILE_HADOLINT_FILE_NAME: .hadolint.yaml @@ -49,35 +56,36 @@ jobs: - PRERELEASE=true ./build-latest.sh - ./build.sh feature - ./build.sh develop - platform: - - linux/amd64 - - linux/arm64 + os: + - ubuntu-latest + - self-hosted fail-fast: false env: GH_ACTION: enable GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} IMAGE_NAMES: docker.io/netboxcommunity/netbox - runs-on: ubuntu-latest + runs-on: ${{ matrix.os }} name: Builds new NetBox Docker Images steps: - id: git-checkout name: Checkout uses: actions/checkout@v4 - - id: qemu-setup - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - id: buildx-setup name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - id: arm-buildx-platform + name: Set BUILDX_PLATFORM to ARM64 + if: matrix.os == 'self-hosted' + run: | + echo "BUILDX_PLATFORM=linux/arm64" >>"${GITHUB_ENV}" - id: docker-build - name: Build the image for '${{ matrix.platform }}' with '${{ matrix.build_cmd }}' + name: Build the image for '${{ matrix.os }}' with '${{ matrix.build_cmd }}' run: ${{ matrix.build_cmd }} env: - BUILDX_PLATFORM: ${{ matrix.platform }} BUILDX_BUILDER_NAME: ${{ steps.buildx-setup.outputs.name }} - id: arm-time-limit name: Set Netbox container start_period higher on ARM64 - if: matrix.platform == 'linux/arm64' + if: matrix.os == 'self-hosted' run: | echo "NETBOX_START_PERIOD=240s" >>"${GITHUB_ENV}" - id: docker-test diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3021dab..b90bf15 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,7 +6,7 @@ on: types: - published schedule: - - cron: '45 5 * * *' + - cron: "45 5 * * *" workflow_dispatch: jobs: @@ -35,19 +35,11 @@ jobs: name: Get Version of NetBox Docker run: echo "version=$(cat VERSION)" >>"$GITHUB_OUTPUT" shell: bash - - id: qemu-setup - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - id: buildx-setup - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - id: docker-build - name: Build the image with '${{ matrix.build_cmd }}' + - id: check-build-needed + name: Check if the build is needed for '${{ matrix.build_cmd }}' + env: + CHECK_ONLY: "true" run: ${{ matrix.build_cmd }} - - id: test-image - name: Test the image - run: IMAGE="${FINAL_DOCKER_TAG}" ./test.sh - if: steps.docker-build.outputs.skipped != 'true' # docker.io - id: docker-io-login name: Login to docker.io @@ -56,7 +48,15 @@ jobs: registry: docker.io username: ${{ secrets.dockerhub_username }} password: ${{ secrets.dockerhub_password }} - if: steps.docker-build.outputs.skipped != 'true' + if: steps.check-build-needed.outputs.skipped != 'true' + - id: buildx-setup + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + version: "lab:latest" + driver: cloud + endpoint: "netboxcommunity/netbox-default" + if: steps.check-build-needed.outputs.skipped != 'true' # quay.io - id: quay-io-login name: Login to Quay.io @@ -65,7 +65,7 @@ jobs: registry: quay.io username: ${{ secrets.quayio_username }} password: ${{ secrets.quayio_password }} - if: steps.docker-build.outputs.skipped != 'true' + if: steps.check-build-needed.outputs.skipped != 'true' # ghcr.io - id: ghcr-io-login name: Login to GitHub Container Registry @@ -74,11 +74,11 @@ jobs: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - if: steps.docker-build.outputs.skipped != 'true' + if: steps.check-build-needed.outputs.skipped != 'true' - id: build-and-push name: Push the image run: ${{ matrix.build_cmd }} --push - if: steps.docker-build.outputs.skipped != 'true' + if: steps.check-build-needed.outputs.skipped != 'true' env: BUILDX_PLATFORM: ${{ matrix.platform }} BUILDX_BUILDER_NAME: ${{ steps.buildx-setup.outputs.name }} diff --git a/.yamllint.yaml b/.yamllint.yaml index 50d6af7..81a9e05 100644 --- a/.yamllint.yaml +++ b/.yamllint.yaml @@ -1,5 +1,4 @@ --- - rules: line-length: - max: 120 + max: 160 diff --git a/Dockerfile b/Dockerfile index c55c4c9..1c17caa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ ARG FROM -FROM ${FROM} as builder +FROM ${FROM} AS builder RUN export DEBIAN_FRONTEND=noninteractive \ && apt-get update -qq \ @@ -31,14 +31,12 @@ RUN export DEBIAN_FRONTEND=noninteractive \ ARG NETBOX_PATH COPY ${NETBOX_PATH}/requirements.txt requirements-container.txt / RUN \ - # We compile 'psycopg' in the build process - sed -i -e '/psycopg/d' /requirements.txt && \ # Gunicorn is not needed because we use Nginx Unit sed -i -e '/gunicorn/d' /requirements.txt && \ # We need 'social-auth-core[all]' in the Docker image. But if we put it in our own requirements-container.txt # we have potential version conflicts and the build will fail. # That's why we just replace it in the original requirements.txt. - sed -i -e 's/social-auth-core\[openidconnect\]/social-auth-core\[all\]/g' /requirements.txt && \ + sed -i -e 's/social-auth-core/social-auth-core\[all\]/g' /requirements.txt && \ /opt/netbox/venv/bin/pip install \ -r /requirements.txt \ -r /requirements-container.txt @@ -48,7 +46,7 @@ RUN \ ### ARG FROM -FROM ${FROM} as main +FROM ${FROM} AS main RUN export DEBIAN_FRONTEND=noninteractive \ && apt-get update -qq \ @@ -65,17 +63,16 @@ RUN export DEBIAN_FRONTEND=noninteractive \ openssh-client \ openssl \ python3 \ - python3-distutils \ tini \ && curl --silent --output /usr/share/keyrings/nginx-keyring.gpg \ https://unit.nginx.org/keys/nginx-keyring.gpg \ - && echo "deb [signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://packages.nginx.org/unit/ubuntu/ lunar unit" \ + && echo "deb [signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://packages.nginx.org/unit/ubuntu/ noble unit" \ > /etc/apt/sources.list.d/unit.list \ && apt-get update -qq \ && apt-get install \ --yes -qq --no-install-recommends \ - unit=1.31.1-1~lunar \ - unit-python3.11=1.31.1-1~lunar \ + unit=1.33.0-1~noble \ + unit-python3.12=1.33.0-1~noble \ && rm -rf /var/lib/apt/lists/* COPY --from=builder /opt/netbox/venv /opt/netbox/venv diff --git a/README.md b/README.md index e472945..7b70f81 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,6 @@ There is a more complete [_Getting Started_ guide on our wiki][wiki-getting-star git clone -b release https://github.com/netbox-community/netbox-docker.git cd netbox-docker tee docker-compose.override.yml <.`. Add '*' to this list to exempt all models. EXEMPT_VIEW_PERMISSIONS = _environ_get_and_map('EXEMPT_VIEW_PERMISSIONS', '', _AS_LIST) # HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks). -# HTTP_PROXIES = { -# 'http': 'http://10.10.1.10:3128', -# 'https': 'http://10.10.1.10:1080', -# } +HTTP_PROXIES = { + 'http': environ.get('HTTP_PROXY', None), + 'https': environ.get('HTTPS_PROXY', None), +} # IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing # NetBox from an internal IP. @@ -209,9 +221,9 @@ if 'GRAPHQL_ENABLED' in environ: # authenticated to NetBox indefinitely. LOGIN_PERSISTENCE = _environ_get_and_map('LOGIN_PERSISTENCE', 'False', _AS_BOOL) -# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users -# are permitted to access most data in NetBox (excluding secrets) but not make any changes. -LOGIN_REQUIRED = _environ_get_and_map('LOGIN_REQUIRED', 'False', _AS_BOOL) +# When enabled, only authenticated users are permitted to access any part of NetBox. +# Disabling this will allow unauthenticated users to access most areas of NetBox (but not make any changes). +LOGIN_REQUIRED = _environ_get_and_map('LOGIN_REQUIRED', 'True', _AS_BOOL) # The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to # re-authenticate. (Default: 1209600 [14 days]) @@ -274,12 +286,23 @@ if 'RACK_ELEVATION_DEFAULT_UNIT_WIDTH' in environ: RACK_ELEVATION_DEFAULT_UNIT_WIDTH = _environ_get_and_map('RACK_ELEVATION_DEFAULT_UNIT_WIDTH', None, _AS_INT) # Remote authentication support -REMOTE_AUTH_ENABLED = _environ_get_and_map('REMOTE_AUTH_ENABLED', 'False', _AS_BOOL) -REMOTE_AUTH_BACKEND = _environ_get_and_map('REMOTE_AUTH_BACKEND', 'netbox.authentication.RemoteUserBackend', _AS_LIST) -REMOTE_AUTH_HEADER = environ.get('REMOTE_AUTH_HEADER', 'HTTP_REMOTE_USER') +REMOTE_AUTH_AUTO_CREATE_GROUPS = _environ_get_and_map('REMOTE_AUTH_AUTO_CREATE_GROUPS', 'False', _AS_BOOL) REMOTE_AUTH_AUTO_CREATE_USER = _environ_get_and_map('REMOTE_AUTH_AUTO_CREATE_USER', 'False', _AS_BOOL) +REMOTE_AUTH_BACKEND = _environ_get_and_map('REMOTE_AUTH_BACKEND', 'netbox.authentication.RemoteUserBackend', _AS_LIST) REMOTE_AUTH_DEFAULT_GROUPS = _environ_get_and_map('REMOTE_AUTH_DEFAULT_GROUPS', '', _AS_LIST) -# REMOTE_AUTH_DEFAULT_PERMISSIONS = {} +# REMOTE_AUTH_DEFAULT_PERMISSIONS = {} # dicts can't be configured via environment variables. See extra.py instead. +REMOTE_AUTH_ENABLED = _environ_get_and_map('REMOTE_AUTH_ENABLED', 'False', _AS_BOOL) +REMOTE_AUTH_GROUP_HEADER = _environ_get_and_map('REMOTE_AUTH_GROUP_HEADER', 'HTTP_REMOTE_USER_GROUP') +REMOTE_AUTH_GROUP_SEPARATOR = _environ_get_and_map('REMOTE_AUTH_GROUP_SEPARATOR', '|') +REMOTE_AUTH_GROUP_SYNC_ENABLED = _environ_get_and_map('REMOTE_AUTH_GROUP_SYNC_ENABLED', 'False', _AS_BOOL) +REMOTE_AUTH_HEADER = environ.get('REMOTE_AUTH_HEADER', 'HTTP_REMOTE_USER') +REMOTE_AUTH_USER_EMAIL = environ.get('REMOTE_AUTH_USER_EMAIL', 'HTTP_REMOTE_USER_EMAIL') +REMOTE_AUTH_USER_FIRST_NAME = environ.get('REMOTE_AUTH_USER_FIRST_NAME', 'HTTP_REMOTE_USER_FIRST_NAME') +REMOTE_AUTH_USER_LAST_NAME = environ.get('REMOTE_AUTH_USER_LAST_NAME', 'HTTP_REMOTE_USER_LAST_NAME') +REMOTE_AUTH_SUPERUSER_GROUPS = _environ_get_and_map('REMOTE_AUTH_SUPERUSER_GROUPS', '', _AS_LIST) +REMOTE_AUTH_SUPERUSERS = _environ_get_and_map('REMOTE_AUTH_SUPERUSERS', '', _AS_LIST) +REMOTE_AUTH_STAFF_GROUPS = _environ_get_and_map('REMOTE_AUTH_STAFF_GROUPS', '', _AS_LIST) +REMOTE_AUTH_STAFF_USERS = _environ_get_and_map('REMOTE_AUTH_STAFF_USERS', '', _AS_LIST) # This repository is used to check whether there is a new release of NetBox available. Set to None to disable the # version check or use the URL below to check for release in the official NetBox repository. @@ -300,6 +323,23 @@ CSRF_TRUSTED_ORIGINS = _environ_get_and_map('CSRF_TRUSTED_ORIGINS', '', _AS_LIST # The name to use for the session cookie. SESSION_COOKIE_NAME = environ.get('SESSION_COOKIE_NAME', 'sessionid') +# If true, the `includeSubDomains` directive will be included in the HTTP Strict Transport Security (HSTS) header. +# This directive instructs the browser to apply the HSTS policy to all subdomains of the current domain. +SECURE_HSTS_INCLUDE_SUBDOMAINS = _environ_get_and_map('SECURE_HSTS_INCLUDE_SUBDOMAINS', 'False', _AS_BOOL) + +# If true, the `preload` directive will be included in the HTTP Strict Transport Security (HSTS) header. +# This directive instructs the browser to preload the site in HTTPS. Browsers that use the HSTS preload list will force the +# site to be accessed via HTTPS even if the user types HTTP in the address bar. +SECURE_HSTS_PRELOAD = _environ_get_and_map('SECURE_HSTS_PRELOAD', 'False', _AS_BOOL) + +# If set to a non-zero integer value, the SecurityMiddleware sets the HTTP Strict Transport Security (HSTS) header on all +# responses that do not already have it. This will instruct the browser that the website must be accessed via HTTPS, +# blocking any HTTP request. +SECURE_HSTS_SECONDS = _environ_get_and_map('SECURE_HSTS_SECONDS', 0, _AS_INT) + +# If true, all non-HTTPS requests will be automatically redirected to use HTTPS. +SECURE_SSL_REDIRECT = _environ_get_and_map('SECURE_SSL_REDIRECT', 'False', _AS_BOOL) + # By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use # local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only # database access.) Note that the user as which NetBox runs must have read and write permissions to this path. @@ -308,11 +348,3 @@ SESSION_FILE_PATH = environ.get('SESSION_FILE_PATH', environ.get('SESSIONS_ROOT' # Time zone (default: UTC) TIME_ZONE = environ.get('TIME_ZONE', 'UTC') -# Date/time formatting. See the following link for supported formats: -# https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date -DATE_FORMAT = environ.get('DATE_FORMAT', 'N j, Y') -SHORT_DATE_FORMAT = environ.get('SHORT_DATE_FORMAT', 'Y-m-d') -TIME_FORMAT = environ.get('TIME_FORMAT', 'g:i a') -SHORT_TIME_FORMAT = environ.get('SHORT_TIME_FORMAT', 'H:i:s') -DATETIME_FORMAT = environ.get('DATETIME_FORMAT', 'N j, Y g:i a') -SHORT_DATETIME_FORMAT = environ.get('SHORT_DATETIME_FORMAT', 'Y-m-d H:i') diff --git a/docker-compose.override.yml.example b/docker-compose.override.yml.example index bcb6a71..d7ef961 100644 --- a/docker-compose.override.yml.example +++ b/docker-compose.override.yml.example @@ -1,4 +1,3 @@ -version: '3.4' services: netbox: ports: diff --git a/docker-compose.test.override.yml b/docker-compose.test.override.yml index e7a662d..749e11a 100644 --- a/docker-compose.test.override.yml +++ b/docker-compose.test.override.yml @@ -1,4 +1,3 @@ -version: '3.4' services: netbox: ports: diff --git a/docker-compose.test.yml b/docker-compose.test.yml index 8115afc..98a6c19 100644 --- a/docker-compose.test.yml +++ b/docker-compose.test.yml @@ -1,7 +1,6 @@ -version: '3.4' services: netbox: &netbox - image: ${IMAGE-netboxcommunity/netbox:latest} + image: ${IMAGE-docker.io/netboxcommunity/netbox:latest} depends_on: postgres: condition: service_healthy @@ -14,10 +13,10 @@ services: volumes: - ./test-configuration/test_config.py:/etc/netbox/config/test_config.py:z,ro healthcheck: + test: curl -f http://localhost:8080/login/ || exit 1 start_period: ${NETBOX_START_PERIOD-120s} timeout: 3s interval: 15s - test: "curl -f http://localhost:8080/api/ || exit 1" netbox-worker: <<: *netbox command: @@ -25,42 +24,47 @@ services: - /opt/netbox/netbox/manage.py - rqworker healthcheck: + test: ps -aux | grep -v grep | grep -q rqworker || exit 1 start_period: 40s timeout: 3s interval: 15s - test: "ps -aux | grep -v grep | grep -q rqworker || exit 1" netbox-housekeeping: <<: *netbox command: - /opt/netbox/housekeeping.sh healthcheck: + test: ps -aux | grep -v grep | grep -q housekeeping || exit 1 start_period: 40s timeout: 3s interval: 15s - test: "ps -aux | grep -v grep | grep -q housekeeping || exit 1" + postgres: - image: postgres:16-alpine + image: docker.io/postgres:16-alpine env_file: env/postgres.env healthcheck: - test: "pg_isready -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER" ## $$ because of docker-compose - interval: 10s + test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER ## $$ because of docker-compose + start_period: 20s + interval: 1s timeout: 5s retries: 5 + redis: &redis - image: redis:7-alpine + image: docker.io/valkey/valkey:8.0-alpine command: - sh - -c # this is to evaluate the $REDIS_PASSWORD from the env - - redis-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose + - valkey-server --save "" --appendonly no --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose env_file: env/redis.env healthcheck: - start_period: 20s + test: "[ $$(valkey-cli --pass \"$${REDIS_PASSWORD}\" ping) = 'PONG' ]" + start_period: 5s timeout: 3s - interval: 15s - test: "timeout 2 redis-cli ping" + interval: 1s + retries: 5 redis-cache: <<: *redis env_file: env/redis-cache.env + volumes: netbox-media-files: driver: local diff --git a/docker-compose.yml b/docker-compose.yml index 60bd384..a00825c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,78 +1,88 @@ -version: '3.4' services: netbox: &netbox - image: docker.io/netboxcommunity/netbox:${VERSION-v3.7-2.8.0} + image: docker.io/netboxcommunity/netbox:${VERSION-v4.1-3.0.2} depends_on: - - postgres - - redis - - redis-cache + - postgres + - redis + - redis-cache env_file: env/netbox.env - ports: - - "8080:8080" - user: 'unit:root' + user: "unit:root" healthcheck: - start_period: 60s + test: curl -f http://localhost:8080/login/ || exit 1 + start_period: 90s timeout: 3s interval: 15s - test: "curl -f http://localhost:8080/api/ || exit 1" volumes: - - ./configuration:/etc/netbox/config:z,ro - - netbox-media-files:/opt/netbox/netbox/media:rw - - netbox-reports-files:/opt/netbox/netbox/reports:rw - - netbox-scripts-files:/opt/netbox/netbox/scripts:rw + - ./configuration:/etc/netbox/config:z,ro + - netbox-media-files:/opt/netbox/netbox/media:rw + - netbox-reports-files:/opt/netbox/netbox/reports:rw + - netbox-scripts-files:/opt/netbox/netbox/scripts:rw netbox-worker: <<: *netbox depends_on: netbox: condition: service_healthy command: - - /opt/netbox/venv/bin/python - - /opt/netbox/netbox/manage.py - - rqworker + - /opt/netbox/venv/bin/python + - /opt/netbox/netbox/manage.py + - rqworker healthcheck: + test: ps -aux | grep -v grep | grep -q rqworker || exit 1 start_period: 20s timeout: 3s interval: 15s - test: "ps -aux | grep -v grep | grep -q rqworker || exit 1" netbox-housekeeping: <<: *netbox depends_on: netbox: condition: service_healthy command: - - /opt/netbox/housekeeping.sh + - /opt/netbox/housekeeping.sh healthcheck: + test: ps -aux | grep -v grep | grep -q housekeeping || exit 1 start_period: 20s timeout: 3s interval: 15s - test: "ps -aux | grep -v grep | grep -q housekeeping || exit 1" # postgres postgres: image: docker.io/postgres:16-alpine + healthcheck: + test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER + start_period: 20s + timeout: 30s + interval: 10s + retries: 5 env_file: env/postgres.env volumes: - - netbox-postgres-data:/var/lib/postgresql/data + - netbox-postgres-data:/var/lib/postgresql/data # redis redis: - image: docker.io/redis:7-alpine + image: docker.io/valkey/valkey:8.0-alpine command: - - sh - - -c # this is to evaluate the $REDIS_PASSWORD from the env - - redis-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose + - sh + - -c # this is to evaluate the $REDIS_PASSWORD from the env + - valkey-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose + healthcheck: &redis-healthcheck + test: '[ $$(valkey-cli --pass "$${REDIS_PASSWORD}" ping) = ''PONG'' ]' + start_period: 5s + timeout: 3s + interval: 1s + retries: 5 env_file: env/redis.env volumes: - - netbox-redis-data:/data + - netbox-redis-data:/data redis-cache: - image: docker.io/redis:7-alpine + image: docker.io/valkey/valkey:8.0-alpine command: - - sh - - -c # this is to evaluate the $REDIS_PASSWORD from the env - - redis-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose + - sh + - -c # this is to evaluate the $REDIS_PASSWORD from the env + - valkey-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose + healthcheck: *redis-healthcheck env_file: env/redis-cache.env volumes: - - netbox-redis-cache-data:/data + - netbox-redis-cache-data:/data volumes: netbox-media-files: diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh index 9b39689..fa5930d 100755 --- a/docker/docker-entrypoint.sh +++ b/docker/docker-entrypoint.sh @@ -72,10 +72,9 @@ else fi ./manage.py shell --interface python <