e.dmitriev
/
netbox-docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/release' into release 

# Conflicts:
#	docker-compose.yml
This commit is contained in:
D-Ev_io 2024-12-02 22:15:18 +02:00
parent 8b3ded51b5 27bf52cf3e
commit b9836c3af2
21 changed files with 379 additions and 325 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/FUNDING.yml vendored
View File

@ -1,8 +1,8 @@
# These are supported funding model platforms # These are supported funding model platforms
github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
- cimnine - cimnine
- tobiasge - tobiasge
patreon: # Replace with a single Patreon username patreon: # Replace with a single Patreon username
open_collective: # Replace with a single Open Collective username open_collective: # Replace with a single Open Collective username
ko_fi: # Replace with a single Ko-fi username ko_fi: # Replace with a single Ko-fi username

20
.github/ISSUE_TEMPLATE/bug_report.yml vendored
View File

@ -1,7 +1,7 @@
name: Bug report name: Bug report
description: Create a report about a malfunction of the Docker setup description: Create a report about a malfunction of the Docker setup
body: body:
- type: markdown - type: markdown
attributes: attributes:
value: | value: |
Please only raise an issue if you're certain that you've found a bug. Please only raise an issue if you're certain that you've found a bug.
@ -28,7 +28,7 @@ body:
Please don't open an issue to open a PR. Please don't open an issue to open a PR.
Just submit the PR, that's good enough. Just submit the PR, that's good enough.
- type: textarea - type: textarea
id: current-behavior id: current-behavior
attributes: attributes:
label: Current Behavior label: Current Behavior
@ -36,7 +36,7 @@ body:
placeholder: I tried to … by doing …, but it … placeholder: I tried to … by doing …, but it …
validations: validations:
required: true required: true
- type: textarea - type: textarea
id: expected-behavior id: expected-behavior
attributes: attributes:
label: Expected Behavior label: Expected Behavior
@ -44,7 +44,7 @@ body:
placeholder: I expected that … when I do … placeholder: I expected that … when I do …
validations: validations:
required: true required: true
- type: input - type: input
id: docker-compose-version id: docker-compose-version
attributes: attributes:
label: Docker Compose Version label: Docker Compose Version
@ -52,7 +52,7 @@ body:
placeholder: Docker Compose version vX.Y.Z placeholder: Docker Compose version vX.Y.Z
validations: validations:
required: true required: true
- type: textarea - type: textarea
id: docker-version id: docker-version
attributes: attributes:
label: Docker Version label: Docker Version
@ -90,14 +90,14 @@ body:
GitCommit: de40ad0 GitCommit: de40ad0
validations: validations:
required: true required: true
- type: input - type: input
id: git-rev id: git-rev
attributes: attributes:
label: The git Revision label: The git Revision
description: Please paste the output of `git rev-parse HEAD` description: Please paste the output of `git rev-parse HEAD`
validations: validations:
required: true required: true
- type: textarea - type: textarea
id: git-status id: git-status
attributes: attributes:
label: The git Status label: The git Status
@ -108,7 +108,7 @@ body:
nothing to commit, working tree clean nothing to commit, working tree clean
validations: validations:
required: true required: true
- type: input - type: input
id: run-command id: run-command
attributes: attributes:
label: Startup Command label: Startup Command
@ -116,7 +116,7 @@ body:
placeholder: docker compose up placeholder: docker compose up
validations: validations:
required: true required: true
- type: textarea - type: textarea
id: netbox-logs id: netbox-logs
attributes: attributes:
label: NetBox Logs label: NetBox Logs
@ -132,7 +132,7 @@ body:
... ...
validations: validations:
required: true required: true
- type: textarea - type: textarea
id: docker-compose-override-yml id: docker-compose-override-yml
attributes: attributes:
label: Content of docker-compose.override.yml label: Content of docker-compose.override.yml

2
.github/ISSUE_TEMPLATE/config.yml vendored
View File

@ -6,7 +6,7 @@ contact_links:
- name: Chat - name: Chat
url: https://join.slack.com/t/netdev-community/shared_invite/zt-mtts8g0n-Sm6Wutn62q_M4OdsaIycrQ url: https://join.slack.com/t/netdev-community/shared_invite/zt-mtts8g0n-Sm6Wutn62q_M4OdsaIycrQ
about: 'Usually the quickest way to seek help with small issues is to join our #netbox-docker Slack channel.' about: "Usually the quickest way to seek help with small issues is to join our #netbox-docker Slack channel."
- name: Community Wiki - name: Community Wiki
url: https://github.com/netbox-community/netbox-docker/wiki url: https://github.com/netbox-community/netbox-docker/wiki

12
.github/ISSUE_TEMPLATE/feature_request.yml vendored
View File

@ -1,7 +1,7 @@
name: Feature or Change Request name: Feature or Change Request
description: Request a new feature or a change of the current behavior description: Request a new feature or a change of the current behavior
body: body:
- type: markdown - type: markdown
attributes: attributes:
value: | value: |
This issue type is to propose new features for the Docker setup. This issue type is to propose new features for the Docker setup.
@ -30,7 +30,7 @@ body:
Please don't open an issue to open a PR. Please don't open an issue to open a PR.
Just submit the PR, that's good enough. Just submit the PR, that's good enough.
- type: textarea - type: textarea
id: desired-behavior id: desired-behavior
attributes: attributes:
label: Desired Behavior label: Desired Behavior
@ -38,7 +38,7 @@ body:
placeholder: To me, it would be useful, if … because … placeholder: To me, it would be useful, if … because …
validations: validations:
required: true required: true
- type: textarea - type: textarea
id: contrast-to-current id: contrast-to-current
attributes: attributes:
label: Contrast to Current Behavior label: Contrast to Current Behavior
@ -46,7 +46,7 @@ body:
placeholder: The current behavior is …, but this lacks … placeholder: The current behavior is …, but this lacks …
validations: validations:
required: true required: true
- type: textarea - type: textarea
id: required-changes id: required-changes
attributes: attributes:
label: Required Changes label: Required Changes
@ -54,10 +54,10 @@ body:
placeholder: I suggest to change the file … placeholder: I suggest to change the file …
validations: validations:
required: false required: false
- type: textarea - type: textarea
id: discussion id: discussion
attributes: attributes:
label: 'Discussion: Benefits and Drawbacks' label: "Discussion: Benefits and Drawbacks"
description: | description: |
Please make your case here: Please make your case here:
- Why do you think this project and the community will benefit from your suggestion? - Why do you think this project and the community will benefit from your suggestion?

6
.github/pull_request_template.md vendored
View File

@ -80,6 +80,6 @@ into the release notes.
Please put an x into the brackets (like `[x]`) if you've completed that task. Please put an x into the brackets (like `[x]`) if you've completed that task.
--> -->
* [ ] I have read the comments and followed the PR template. - [ ] I have read the comments and followed the PR template.
* [ ] I have explained my PR according to the information in the comments. - [ ] I have explained my PR according to the information in the comments.
* [ ] My PR targets the `develop` branch. - [ ] My PR targets the `develop` branch.

32
.github/workflows/push.yml vendored
View File

@ -5,10 +5,15 @@ on:
push: push:
branches-ignore: branches-ignore:
- release - release
- renovate/**
pull_request: pull_request:
branches-ignore: branches-ignore:
- release - release
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs: jobs:
lint: lint:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -21,17 +26,19 @@ jobs:
fetch-depth: 0 fetch-depth: 0
- uses: actions/setup-python@v5 - uses: actions/setup-python@v5
with: with:
python-version: '3.9' python-version: "3.9"
- name: Lint Code Base - name: Lint Code Base
uses: github/super-linter@v5 uses: github/super-linter@v7
env: env:
DEFAULT_BRANCH: develop DEFAULT_BRANCH: develop
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SUPPRESS_POSSUM: true SUPPRESS_POSSUM: true
LINTER_RULES_PATH: / LINTER_RULES_PATH: /
VALIDATE_ALL_CODEBASE: false VALIDATE_ALL_CODEBASE: false
VALIDATE_CHECKOV: false
VALIDATE_DOCKERFILE: false VALIDATE_DOCKERFILE: false
VALIDATE_GITLEAKS: false VALIDATE_GITLEAKS: false
VALIDATE_JSCPD: false
FILTER_REGEX_EXCLUDE: (.*/)?(LICENSE|configuration/.*) FILTER_REGEX_EXCLUDE: (.*/)?(LICENSE|configuration/.*)
EDITORCONFIG_FILE_NAME: .ecrc EDITORCONFIG_FILE_NAME: .ecrc
DOCKERFILE_HADOLINT_FILE_NAME: .hadolint.yaml DOCKERFILE_HADOLINT_FILE_NAME: .hadolint.yaml
@ -49,35 +56,36 @@ jobs:
- PRERELEASE=true ./build-latest.sh - PRERELEASE=true ./build-latest.sh
- ./build.sh feature - ./build.sh feature
- ./build.sh develop - ./build.sh develop
platform: os:
- linux/amd64 - ubuntu-latest
- linux/arm64 - self-hosted
fail-fast: false fail-fast: false
env: env:
GH_ACTION: enable GH_ACTION: enable
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
IMAGE_NAMES: docker.io/netboxcommunity/netbox IMAGE_NAMES: docker.io/netboxcommunity/netbox
runs-on: ubuntu-latest runs-on: ${{ matrix.os }}
name: Builds new NetBox Docker Images name: Builds new NetBox Docker Images
steps: steps:
- id: git-checkout - id: git-checkout
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- id: qemu-setup
name: Set up QEMU
uses: docker/setup-qemu-action@v3
- id: buildx-setup - id: buildx-setup
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
- id: arm-buildx-platform
name: Set BUILDX_PLATFORM to ARM64
if: matrix.os == 'self-hosted'
run: |
echo "BUILDX_PLATFORM=linux/arm64" >>"${GITHUB_ENV}"
- id: docker-build - id: docker-build
name: Build the image for '${{ matrix.platform }}' with '${{ matrix.build_cmd }}' name: Build the image for '${{ matrix.os }}' with '${{ matrix.build_cmd }}'
run: ${{ matrix.build_cmd }} run: ${{ matrix.build_cmd }}
env: env:
BUILDX_PLATFORM: ${{ matrix.platform }}
BUILDX_BUILDER_NAME: ${{ steps.buildx-setup.outputs.name }} BUILDX_BUILDER_NAME: ${{ steps.buildx-setup.outputs.name }}
- id: arm-time-limit - id: arm-time-limit
name: Set Netbox container start_period higher on ARM64 name: Set Netbox container start_period higher on ARM64
if: matrix.platform == 'linux/arm64' if: matrix.os == 'self-hosted'
run: | run: |
echo "NETBOX_START_PERIOD=240s" >>"${GITHUB_ENV}" echo "NETBOX_START_PERIOD=240s" >>"${GITHUB_ENV}"
- id: docker-test - id: docker-test

34
.github/workflows/release.yml vendored
View File

@ -6,7 +6,7 @@ on:
types: types:
- published - published
schedule: schedule:
- cron: '45 5 * * *' - cron: "45 5 * * *"
workflow_dispatch: workflow_dispatch:
jobs: jobs:
@ -35,19 +35,11 @@ jobs:
name: Get Version of NetBox Docker name: Get Version of NetBox Docker
run: echo "version=$(cat VERSION)" >>"$GITHUB_OUTPUT" run: echo "version=$(cat VERSION)" >>"$GITHUB_OUTPUT"
shell: bash shell: bash
- id: qemu-setup - id: check-build-needed
name: Set up QEMU name: Check if the build is needed for '${{ matrix.build_cmd }}'
uses: docker/setup-qemu-action@v3 env:
- id: buildx-setup CHECK_ONLY: "true"
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- id: docker-build
name: Build the image with '${{ matrix.build_cmd }}'
run: ${{ matrix.build_cmd }} run: ${{ matrix.build_cmd }}
- id: test-image
name: Test the image
run: IMAGE="${FINAL_DOCKER_TAG}" ./test.sh
if: steps.docker-build.outputs.skipped != 'true'
# docker.io # docker.io
- id: docker-io-login - id: docker-io-login
name: Login to docker.io name: Login to docker.io
@ -56,7 +48,15 @@ jobs:
registry: docker.io registry: docker.io
username: ${{ secrets.dockerhub_username }} username: ${{ secrets.dockerhub_username }}
password: ${{ secrets.dockerhub_password }} password: ${{ secrets.dockerhub_password }}
if: steps.docker-build.outputs.skipped != 'true' if: steps.check-build-needed.outputs.skipped != 'true'
- id: buildx-setup
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: "lab:latest"
driver: cloud
endpoint: "netboxcommunity/netbox-default"
if: steps.check-build-needed.outputs.skipped != 'true'
# quay.io # quay.io
- id: quay-io-login - id: quay-io-login
name: Login to Quay.io name: Login to Quay.io
@ -65,7 +65,7 @@ jobs:
registry: quay.io registry: quay.io
username: ${{ secrets.quayio_username }} username: ${{ secrets.quayio_username }}
password: ${{ secrets.quayio_password }} password: ${{ secrets.quayio_password }}
if: steps.docker-build.outputs.skipped != 'true' if: steps.check-build-needed.outputs.skipped != 'true'
# ghcr.io # ghcr.io
- id: ghcr-io-login - id: ghcr-io-login
name: Login to GitHub Container Registry name: Login to GitHub Container Registry
@ -74,11 +74,11 @@ jobs:
registry: ghcr.io registry: ghcr.io
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
if: steps.docker-build.outputs.skipped != 'true' if: steps.check-build-needed.outputs.skipped != 'true'
- id: build-and-push - id: build-and-push
name: Push the image name: Push the image
run: ${{ matrix.build_cmd }} --push run: ${{ matrix.build_cmd }} --push
if: steps.docker-build.outputs.skipped != 'true' if: steps.check-build-needed.outputs.skipped != 'true'
env: env:
BUILDX_PLATFORM: ${{ matrix.platform }} BUILDX_PLATFORM: ${{ matrix.platform }}
BUILDX_BUILDER_NAME: ${{ steps.buildx-setup.outputs.name }} BUILDX_BUILDER_NAME: ${{ steps.buildx-setup.outputs.name }}

3
.yamllint.yaml
View File

@ -1,5 +1,4 @@
--- ---
rules: rules:
line-length: line-length:
max: 120 max: 160

15
Dockerfile
View File

@ -1,5 +1,5 @@
ARG FROM ARG FROM
FROM ${FROM} as builder FROM ${FROM} AS builder
RUN export DEBIAN_FRONTEND=noninteractive \ RUN export DEBIAN_FRONTEND=noninteractive \
&& apt-get update -qq \ && apt-get update -qq \
@ -31,14 +31,12 @@ RUN export DEBIAN_FRONTEND=noninteractive \
ARG NETBOX_PATH ARG NETBOX_PATH
COPY ${NETBOX_PATH}/requirements.txt requirements-container.txt / COPY ${NETBOX_PATH}/requirements.txt requirements-container.txt /
RUN \ RUN \
# We compile 'psycopg' in the build process
sed -i -e '/psycopg/d' /requirements.txt && \
# Gunicorn is not needed because we use Nginx Unit # Gunicorn is not needed because we use Nginx Unit
sed -i -e '/gunicorn/d' /requirements.txt && \ sed -i -e '/gunicorn/d' /requirements.txt && \
# We need 'social-auth-core[all]' in the Docker image. But if we put it in our own requirements-container.txt # We need 'social-auth-core[all]' in the Docker image. But if we put it in our own requirements-container.txt
# we have potential version conflicts and the build will fail. # we have potential version conflicts and the build will fail.
# That's why we just replace it in the original requirements.txt. # That's why we just replace it in the original requirements.txt.
sed -i -e 's/social-auth-core\[openidconnect\]/social-auth-core\[all\]/g' /requirements.txt && \ sed -i -e 's/social-auth-core/social-auth-core\[all\]/g' /requirements.txt && \
/opt/netbox/venv/bin/pip install \ /opt/netbox/venv/bin/pip install \
-r /requirements.txt \ -r /requirements.txt \
-r /requirements-container.txt -r /requirements-container.txt
@ -48,7 +46,7 @@ RUN \
### ###
ARG FROM ARG FROM
FROM ${FROM} as main FROM ${FROM} AS main
RUN export DEBIAN_FRONTEND=noninteractive \ RUN export DEBIAN_FRONTEND=noninteractive \
&& apt-get update -qq \ && apt-get update -qq \
@ -65,17 +63,16 @@ RUN export DEBIAN_FRONTEND=noninteractive \
openssh-client \ openssh-client \
openssl \ openssl \
python3 \ python3 \
python3-distutils \
tini \ tini \
&& curl --silent --output /usr/share/keyrings/nginx-keyring.gpg \ && curl --silent --output /usr/share/keyrings/nginx-keyring.gpg \
https://unit.nginx.org/keys/nginx-keyring.gpg \ https://unit.nginx.org/keys/nginx-keyring.gpg \
&& echo "deb [signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://packages.nginx.org/unit/ubuntu/ lunar unit" \ && echo "deb [signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://packages.nginx.org/unit/ubuntu/ noble unit" \
> /etc/apt/sources.list.d/unit.list \ > /etc/apt/sources.list.d/unit.list \
&& apt-get update -qq \ && apt-get update -qq \
&& apt-get install \ && apt-get install \
--yes -qq --no-install-recommends \ --yes -qq --no-install-recommends \
unit=1.31.1-1~lunar \ unit=1.33.0-1~noble \
unit-python3.11=1.31.1-1~lunar \ unit-python3.12=1.33.0-1~noble \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
COPY --from=builder /opt/netbox/venv /opt/netbox/venv COPY --from=builder /opt/netbox/venv /opt/netbox/venv

1
README.md
View File

@ -34,7 +34,6 @@ There is a more complete [_Getting Started_ guide on our wiki][wiki-getting-star
git clone -b release https://github.com/netbox-community/netbox-docker.git git clone -b release https://github.com/netbox-community/netbox-docker.git
cd netbox-docker cd netbox-docker
tee docker-compose.override.yml <<EOF tee docker-compose.override.yml <<EOF
version: '3.4'
services: services:
netbox: netbox:
ports: ports:

2
VERSION
View File

@ -1 +1 @@
2.8.0 3.0.2

11
build.sh
View File

@ -61,7 +61,7 @@ DOCKERFILE The name of Dockerfile to use.
${_GREEN}Default:${_CLEAR} Dockerfile ${_GREEN}Default:${_CLEAR} Dockerfile
DOCKER_FROM The base image to use. DOCKER_FROM The base image to use.
${_GREEN}Default:${_CLEAR} 'ubuntu:23.04' ${_GREEN}Default:${_CLEAR} 'ubuntu:24.04'
BUILDX_PLATFORMS BUILDX_PLATFORMS
Specifies the platform(s) to build the image for. Specifies the platform(s) to build the image for.
@ -103,6 +103,8 @@ GH_ACTION If defined, special 'echo' statements are enabled that set the
- FINAL_DOCKER_TAG: The final value of the DOCKER_TAG env variable - FINAL_DOCKER_TAG: The final value of the DOCKER_TAG env variable
${_GREEN}Default:${_CLEAR} undefined ${_GREEN}Default:${_CLEAR} undefined
CHECK_ONLY Only checks if the build is needed and sets the GH Action output.
${_BOLD}Examples:${_CLEAR} ${_BOLD}Examples:${_CLEAR}
${0} master ${0} master
@ -219,7 +221,7 @@ fi
# Determining the value for DOCKER_FROM # Determining the value for DOCKER_FROM
### ###
if [ -z "$DOCKER_FROM" ]; then if [ -z "$DOCKER_FROM" ]; then
DOCKER_FROM="docker.io/ubuntu:23.04" DOCKER_FROM="docker.io/ubuntu:24.04"
fi fi
### ###
@ -355,6 +357,11 @@ else
fi fi
gh_echo "::endgroup::" gh_echo "::endgroup::"
if [ "${CHECK_ONLY}" = "true" ]; then
echo "Only check if build needed was requested. Exiting"
exit 0
fi
### ###
# Build the image # Build the image
### ###

70
configuration/configuration.py
View File

@ -86,6 +86,9 @@ REDIS = {
'tasks': { 'tasks': {
'HOST': environ.get('REDIS_HOST', 'localhost'), 'HOST': environ.get('REDIS_HOST', 'localhost'),
'PORT': _environ_get_and_map('REDIS_PORT', 6379, _AS_INT), 'PORT': _environ_get_and_map('REDIS_PORT', 6379, _AS_INT),
'SENTINELS': [tuple(uri.split(':')) for uri in _environ_get_and_map('REDIS_SENTINELS', '', _AS_LIST) if uri != ''],
'SENTINEL_SERVICE': environ.get('REDIS_SENTINEL_SERVICE', 'default'),
'SENTINEL_TIMEOUT': _environ_get_and_map('REDIS_SENTINEL_TIMEOUT', 10, _AS_INT),
'USERNAME': environ.get('REDIS_USERNAME', ''), 'USERNAME': environ.get('REDIS_USERNAME', ''),
'PASSWORD': _read_secret('redis_password', environ.get('REDIS_PASSWORD', '')), 'PASSWORD': _read_secret('redis_password', environ.get('REDIS_PASSWORD', '')),
'DATABASE': _environ_get_and_map('REDIS_DATABASE', 0, _AS_INT), 'DATABASE': _environ_get_and_map('REDIS_DATABASE', 0, _AS_INT),
@ -95,6 +98,8 @@ REDIS = {
'caching': { 'caching': {
'HOST': environ.get('REDIS_CACHE_HOST', environ.get('REDIS_HOST', 'localhost')), 'HOST': environ.get('REDIS_CACHE_HOST', environ.get('REDIS_HOST', 'localhost')),
'PORT': _environ_get_and_map('REDIS_CACHE_PORT', environ.get('REDIS_PORT', '6379'), _AS_INT), 'PORT': _environ_get_and_map('REDIS_CACHE_PORT', environ.get('REDIS_PORT', '6379'), _AS_INT),
'SENTINELS': [tuple(uri.split(':')) for uri in _environ_get_and_map('REDIS_CACHE_SENTINELS', '', _AS_LIST) if uri != ''],
'SENTINEL_SERVICE': environ.get('REDIS_CACHE_SENTINEL_SERVICE', environ.get('REDIS_SENTINEL_SERVICE', 'default')),
'USERNAME': environ.get('REDIS_CACHE_USERNAME', environ.get('REDIS_USERNAME', '')), 'USERNAME': environ.get('REDIS_CACHE_USERNAME', environ.get('REDIS_USERNAME', '')),
'PASSWORD': _read_secret('redis_cache_password', environ.get('REDIS_CACHE_PASSWORD', environ.get('REDIS_PASSWORD', ''))), 'PASSWORD': _read_secret('redis_cache_password', environ.get('REDIS_CACHE_PASSWORD', environ.get('REDIS_PASSWORD', ''))),
'DATABASE': _environ_get_and_map('REDIS_CACHE_DATABASE', '1', _AS_INT), 'DATABASE': _environ_get_and_map('REDIS_CACHE_DATABASE', '1', _AS_INT),
@ -183,15 +188,22 @@ EMAIL = {
if 'ENFORCE_GLOBAL_UNIQUE' in environ: if 'ENFORCE_GLOBAL_UNIQUE' in environ:
ENFORCE_GLOBAL_UNIQUE = _environ_get_and_map('ENFORCE_GLOBAL_UNIQUE', None, _AS_BOOL) ENFORCE_GLOBAL_UNIQUE = _environ_get_and_map('ENFORCE_GLOBAL_UNIQUE', None, _AS_BOOL)
# By default, netbox sends census reporting data using a single HTTP request each time a worker starts.
# This data enables the project maintainers to estimate how many NetBox deployments exist and track the adoption of new versions over time.
# The only data reported by this function are the NetBox version, Python version, and a pseudorandom unique identifier.
# To opt out of census reporting, set CENSUS_REPORTING_ENABLED to False.
if 'CENSUS_REPORTING_ENABLED' in environ:
CENSUS_REPORTING_ENABLED = _environ_get_and_map('CENSUS_REPORTING_ENABLED', None, _AS_BOOL)
# Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and # Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and
# by anonymous users. List models in the form `<app>.<model>`. Add '*' to this list to exempt all models. # by anonymous users. List models in the form `<app>.<model>`. Add '*' to this list to exempt all models.
EXEMPT_VIEW_PERMISSIONS = _environ_get_and_map('EXEMPT_VIEW_PERMISSIONS', '', _AS_LIST) EXEMPT_VIEW_PERMISSIONS = _environ_get_and_map('EXEMPT_VIEW_PERMISSIONS', '', _AS_LIST)
# HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks). # HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks).
# HTTP_PROXIES = { HTTP_PROXIES = {
# 'http': 'http://10.10.1.10:3128', 'http': environ.get('HTTP_PROXY', None),
# 'https': 'http://10.10.1.10:1080', 'https': environ.get('HTTPS_PROXY', None),
# } }
# IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing # IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing
# NetBox from an internal IP. # NetBox from an internal IP.
@ -209,9 +221,9 @@ if 'GRAPHQL_ENABLED' in environ:
# authenticated to NetBox indefinitely. # authenticated to NetBox indefinitely.
LOGIN_PERSISTENCE = _environ_get_and_map('LOGIN_PERSISTENCE', 'False', _AS_BOOL) LOGIN_PERSISTENCE = _environ_get_and_map('LOGIN_PERSISTENCE', 'False', _AS_BOOL)
# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users # When enabled, only authenticated users are permitted to access any part of NetBox.
# are permitted to access most data in NetBox (excluding secrets) but not make any changes. # Disabling this will allow unauthenticated users to access most areas of NetBox (but not make any changes).
LOGIN_REQUIRED = _environ_get_and_map('LOGIN_REQUIRED', 'False', _AS_BOOL) LOGIN_REQUIRED = _environ_get_and_map('LOGIN_REQUIRED', 'True', _AS_BOOL)
# The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to # The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to
# re-authenticate. (Default: 1209600 [14 days]) # re-authenticate. (Default: 1209600 [14 days])
@ -274,12 +286,23 @@ if 'RACK_ELEVATION_DEFAULT_UNIT_WIDTH' in environ:
RACK_ELEVATION_DEFAULT_UNIT_WIDTH = _environ_get_and_map('RACK_ELEVATION_DEFAULT_UNIT_WIDTH', None, _AS_INT) RACK_ELEVATION_DEFAULT_UNIT_WIDTH = _environ_get_and_map('RACK_ELEVATION_DEFAULT_UNIT_WIDTH', None, _AS_INT)
# Remote authentication support # Remote authentication support
REMOTE_AUTH_ENABLED = _environ_get_and_map('REMOTE_AUTH_ENABLED', 'False', _AS_BOOL) REMOTE_AUTH_AUTO_CREATE_GROUPS = _environ_get_and_map('REMOTE_AUTH_AUTO_CREATE_GROUPS', 'False', _AS_BOOL)
REMOTE_AUTH_BACKEND = _environ_get_and_map('REMOTE_AUTH_BACKEND', 'netbox.authentication.RemoteUserBackend', _AS_LIST)
REMOTE_AUTH_HEADER = environ.get('REMOTE_AUTH_HEADER', 'HTTP_REMOTE_USER')
REMOTE_AUTH_AUTO_CREATE_USER = _environ_get_and_map('REMOTE_AUTH_AUTO_CREATE_USER', 'False', _AS_BOOL) REMOTE_AUTH_AUTO_CREATE_USER = _environ_get_and_map('REMOTE_AUTH_AUTO_CREATE_USER', 'False', _AS_BOOL)
REMOTE_AUTH_BACKEND = _environ_get_and_map('REMOTE_AUTH_BACKEND', 'netbox.authentication.RemoteUserBackend', _AS_LIST)
REMOTE_AUTH_DEFAULT_GROUPS = _environ_get_and_map('REMOTE_AUTH_DEFAULT_GROUPS', '', _AS_LIST) REMOTE_AUTH_DEFAULT_GROUPS = _environ_get_and_map('REMOTE_AUTH_DEFAULT_GROUPS', '', _AS_LIST)
# REMOTE_AUTH_DEFAULT_PERMISSIONS = {} # REMOTE_AUTH_DEFAULT_PERMISSIONS = {} # dicts can't be configured via environment variables. See extra.py instead.
REMOTE_AUTH_ENABLED = _environ_get_and_map('REMOTE_AUTH_ENABLED', 'False', _AS_BOOL)
REMOTE_AUTH_GROUP_HEADER = _environ_get_and_map('REMOTE_AUTH_GROUP_HEADER', 'HTTP_REMOTE_USER_GROUP')
REMOTE_AUTH_GROUP_SEPARATOR = _environ_get_and_map('REMOTE_AUTH_GROUP_SEPARATOR', '|')
REMOTE_AUTH_GROUP_SYNC_ENABLED = _environ_get_and_map('REMOTE_AUTH_GROUP_SYNC_ENABLED', 'False', _AS_BOOL)
REMOTE_AUTH_HEADER = environ.get('REMOTE_AUTH_HEADER', 'HTTP_REMOTE_USER')
REMOTE_AUTH_USER_EMAIL = environ.get('REMOTE_AUTH_USER_EMAIL', 'HTTP_REMOTE_USER_EMAIL')
REMOTE_AUTH_USER_FIRST_NAME = environ.get('REMOTE_AUTH_USER_FIRST_NAME', 'HTTP_REMOTE_USER_FIRST_NAME')
REMOTE_AUTH_USER_LAST_NAME = environ.get('REMOTE_AUTH_USER_LAST_NAME', 'HTTP_REMOTE_USER_LAST_NAME')
REMOTE_AUTH_SUPERUSER_GROUPS = _environ_get_and_map('REMOTE_AUTH_SUPERUSER_GROUPS', '', _AS_LIST)
REMOTE_AUTH_SUPERUSERS = _environ_get_and_map('REMOTE_AUTH_SUPERUSERS', '', _AS_LIST)
REMOTE_AUTH_STAFF_GROUPS = _environ_get_and_map('REMOTE_AUTH_STAFF_GROUPS', '', _AS_LIST)
REMOTE_AUTH_STAFF_USERS = _environ_get_and_map('REMOTE_AUTH_STAFF_USERS', '', _AS_LIST)
# This repository is used to check whether there is a new release of NetBox available. Set to None to disable the # This repository is used to check whether there is a new release of NetBox available. Set to None to disable the
# version check or use the URL below to check for release in the official NetBox repository. # version check or use the URL below to check for release in the official NetBox repository.
@ -300,6 +323,23 @@ CSRF_TRUSTED_ORIGINS = _environ_get_and_map('CSRF_TRUSTED_ORIGINS', '', _AS_LIST
# The name to use for the session cookie. # The name to use for the session cookie.
SESSION_COOKIE_NAME = environ.get('SESSION_COOKIE_NAME', 'sessionid') SESSION_COOKIE_NAME = environ.get('SESSION_COOKIE_NAME', 'sessionid')
# If true, the `includeSubDomains` directive will be included in the HTTP Strict Transport Security (HSTS) header.
# This directive instructs the browser to apply the HSTS policy to all subdomains of the current domain.
SECURE_HSTS_INCLUDE_SUBDOMAINS = _environ_get_and_map('SECURE_HSTS_INCLUDE_SUBDOMAINS', 'False', _AS_BOOL)
# If true, the `preload` directive will be included in the HTTP Strict Transport Security (HSTS) header.
# This directive instructs the browser to preload the site in HTTPS. Browsers that use the HSTS preload list will force the
# site to be accessed via HTTPS even if the user types HTTP in the address bar.
SECURE_HSTS_PRELOAD = _environ_get_and_map('SECURE_HSTS_PRELOAD', 'False', _AS_BOOL)
# If set to a non-zero integer value, the SecurityMiddleware sets the HTTP Strict Transport Security (HSTS) header on all
# responses that do not already have it. This will instruct the browser that the website must be accessed via HTTPS,
# blocking any HTTP request.
SECURE_HSTS_SECONDS = _environ_get_and_map('SECURE_HSTS_SECONDS', 0, _AS_INT)
# If true, all non-HTTPS requests will be automatically redirected to use HTTPS.
SECURE_SSL_REDIRECT = _environ_get_and_map('SECURE_SSL_REDIRECT', 'False', _AS_BOOL)
# By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use # By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use
# local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only # local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only
# database access.) Note that the user as which NetBox runs must have read and write permissions to this path. # database access.) Note that the user as which NetBox runs must have read and write permissions to this path.
@ -308,11 +348,3 @@ SESSION_FILE_PATH = environ.get('SESSION_FILE_PATH', environ.get('SESSIONS_ROOT'
# Time zone (default: UTC) # Time zone (default: UTC)
TIME_ZONE = environ.get('TIME_ZONE', 'UTC') TIME_ZONE = environ.get('TIME_ZONE', 'UTC')
# Date/time formatting. See the following link for supported formats:
# https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date
DATE_FORMAT = environ.get('DATE_FORMAT', 'N j, Y')
SHORT_DATE_FORMAT = environ.get('SHORT_DATE_FORMAT', 'Y-m-d')
TIME_FORMAT = environ.get('TIME_FORMAT', 'g:i a')
SHORT_TIME_FORMAT = environ.get('SHORT_TIME_FORMAT', 'H:i:s')
DATETIME_FORMAT = environ.get('DATETIME_FORMAT', 'N j, Y g:i a')
SHORT_DATETIME_FORMAT = environ.get('SHORT_DATETIME_FORMAT', 'Y-m-d H:i')

1
docker-compose.override.yml.example
View File

@ -1,4 +1,3 @@
version: '3.4'
services: services:
netbox: netbox:
ports: ports:

1
docker-compose.test.override.yml
View File

@ -1,4 +1,3 @@
version: '3.4'
services: services:
netbox: netbox:
ports: ports:

30
docker-compose.test.yml
View File

@ -1,7 +1,6 @@
version: '3.4'
services: services:
netbox: &netbox netbox: &netbox
image: ${IMAGE-netboxcommunity/netbox:latest} image: ${IMAGE-docker.io/netboxcommunity/netbox:latest}
depends_on: depends_on:
postgres: postgres:
condition: service_healthy condition: service_healthy
@ -14,10 +13,10 @@ services:
volumes: volumes:
- ./test-configuration/test_config.py:/etc/netbox/config/test_config.py:z,ro - ./test-configuration/test_config.py:/etc/netbox/config/test_config.py:z,ro
healthcheck: healthcheck:
test: curl -f http://localhost:8080/login/ || exit 1
start_period: ${NETBOX_START_PERIOD-120s} start_period: ${NETBOX_START_PERIOD-120s}
timeout: 3s timeout: 3s
interval: 15s interval: 15s
test: "curl -f http://localhost:8080/api/ || exit 1"
netbox-worker: netbox-worker:
<<: *netbox <<: *netbox
command: command:
@ -25,42 +24,47 @@ services:
- /opt/netbox/netbox/manage.py - /opt/netbox/netbox/manage.py
- rqworker - rqworker
healthcheck: healthcheck:
test: ps -aux | grep -v grep | grep -q rqworker || exit 1
start_period: 40s start_period: 40s
timeout: 3s timeout: 3s
interval: 15s interval: 15s
test: "ps -aux | grep -v grep | grep -q rqworker || exit 1"
netbox-housekeeping: netbox-housekeeping:
<<: *netbox <<: *netbox
command: command:
- /opt/netbox/housekeeping.sh - /opt/netbox/housekeeping.sh
healthcheck: healthcheck:
test: ps -aux | grep -v grep | grep -q housekeeping || exit 1
start_period: 40s start_period: 40s
timeout: 3s timeout: 3s
interval: 15s interval: 15s
test: "ps -aux | grep -v grep | grep -q housekeeping || exit 1"
postgres: postgres:
image: postgres:16-alpine image: docker.io/postgres:16-alpine
env_file: env/postgres.env env_file: env/postgres.env
healthcheck: healthcheck:
test: "pg_isready -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER" ## $$ because of docker-compose test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER ## $$ because of docker-compose
interval: 10s start_period: 20s
interval: 1s
timeout: 5s timeout: 5s
retries: 5 retries: 5
redis: &redis redis: &redis
image: redis:7-alpine image: docker.io/valkey/valkey:8.0-alpine
command: command:
- sh - sh
- -c # this is to evaluate the $REDIS_PASSWORD from the env - -c # this is to evaluate the $REDIS_PASSWORD from the env
- redis-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose - valkey-server --save "" --appendonly no --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
env_file: env/redis.env env_file: env/redis.env
healthcheck: healthcheck:
start_period: 20s test: "[ $$(valkey-cli --pass \"$${REDIS_PASSWORD}\" ping) = 'PONG' ]"
start_period: 5s
timeout: 3s timeout: 3s
interval: 15s interval: 1s
test: "timeout 2 redis-cli ping" retries: 5
redis-cache: redis-cache:
<<: *redis <<: *redis
env_file: env/redis-cache.env env_file: env/redis-cache.env
volumes: volumes:
netbox-media-files: netbox-media-files:
driver: local driver: local

36
docker-compose.yml
View File

@ -1,20 +1,17 @@
version: '3.4'
services: services:
netbox: &netbox netbox: &netbox
image: docker.io/netboxcommunity/netbox:${VERSION-v3.7-2.8.0} image: docker.io/netboxcommunity/netbox:${VERSION-v4.1-3.0.2}
depends_on: depends_on:
- postgres - postgres
- redis - redis
- redis-cache - redis-cache
env_file: env/netbox.env env_file: env/netbox.env
ports: user: "unit:root"
- "8080:8080"
user: 'unit:root'
healthcheck: healthcheck:
start_period: 60s test: curl -f http://localhost:8080/login/ || exit 1
start_period: 90s
timeout: 3s timeout: 3s
interval: 15s interval: 15s
test: "curl -f http://localhost:8080/api/ || exit 1"
volumes: volumes:
- ./configuration:/etc/netbox/config:z,ro - ./configuration:/etc/netbox/config:z,ro
- netbox-media-files:/opt/netbox/netbox/media:rw - netbox-media-files:/opt/netbox/netbox/media:rw
@ -30,10 +27,10 @@ services:
- /opt/netbox/netbox/manage.py - /opt/netbox/netbox/manage.py
- rqworker - rqworker
healthcheck: healthcheck:
test: ps -aux | grep -v grep | grep -q rqworker || exit 1
start_period: 20s start_period: 20s
timeout: 3s timeout: 3s
interval: 15s interval: 15s
test: "ps -aux | grep -v grep | grep -q rqworker || exit 1"
netbox-housekeeping: netbox-housekeeping:
<<: *netbox <<: *netbox
depends_on: depends_on:
@ -42,34 +39,47 @@ services:
command: command:
- /opt/netbox/housekeeping.sh - /opt/netbox/housekeeping.sh
healthcheck: healthcheck:
test: ps -aux | grep -v grep | grep -q housekeeping || exit 1
start_period: 20s start_period: 20s
timeout: 3s timeout: 3s
interval: 15s interval: 15s
test: "ps -aux | grep -v grep | grep -q housekeeping || exit 1"
# postgres # postgres
postgres: postgres:
image: docker.io/postgres:16-alpine image: docker.io/postgres:16-alpine
healthcheck:
test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER
start_period: 20s
timeout: 30s
interval: 10s
retries: 5
env_file: env/postgres.env env_file: env/postgres.env
volumes: volumes:
- netbox-postgres-data:/var/lib/postgresql/data - netbox-postgres-data:/var/lib/postgresql/data
# redis # redis
redis: redis:
image: docker.io/redis:7-alpine image: docker.io/valkey/valkey:8.0-alpine
command: command:
- sh - sh
- -c # this is to evaluate the $REDIS_PASSWORD from the env - -c # this is to evaluate the $REDIS_PASSWORD from the env
- redis-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose - valkey-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
healthcheck: &redis-healthcheck
test: '[ $$(valkey-cli --pass "$${REDIS_PASSWORD}" ping) = ''PONG'' ]'
start_period: 5s
timeout: 3s
interval: 1s
retries: 5
env_file: env/redis.env env_file: env/redis.env
volumes: volumes:
- netbox-redis-data:/data - netbox-redis-data:/data
redis-cache: redis-cache:
image: docker.io/redis:7-alpine image: docker.io/valkey/valkey:8.0-alpine
command: command:
- sh - sh
- -c # this is to evaluate the $REDIS_PASSWORD from the env - -c # this is to evaluate the $REDIS_PASSWORD from the env
- redis-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose - valkey-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
healthcheck: *redis-healthcheck
env_file: env/redis-cache.env env_file: env/redis-cache.env
volumes: volumes:
- netbox-redis-cache-data:/data - netbox-redis-cache-data:/data

7
docker/docker-entrypoint.sh
View File

@ -72,10 +72,9 @@ else
fi fi
./manage.py shell --interface python <<END ./manage.py shell --interface python <<END
from django.contrib.auth.models import User from users.models import Token, User
from users.models import Token
if not User.objects.filter(username='${SUPERUSER_NAME}'): if not User.objects.filter(username='${SUPERUSER_NAME}'):
u=User.objects.create_superuser('${SUPERUSER_NAME}', '${SUPERUSER_EMAIL}', '${SUPERUSER_PASSWORD}') u = User.objects.create_superuser('${SUPERUSER_NAME}', '${SUPERUSER_EMAIL}', '${SUPERUSER_PASSWORD}')
Token.objects.create(user=u, key='${SUPERUSER_API_TOKEN}') Token.objects.create(user=u, key='${SUPERUSER_API_TOKEN}')
END END
@ -87,7 +86,7 @@ from users.models import Token
try: try:
old_default_token = Token.objects.get(key="0123456789abcdef0123456789abcdef01234567") old_default_token = Token.objects.get(key="0123456789abcdef0123456789abcdef01234567")
if old_default_token: if old_default_token:
print("⚠️ Warning: You have the old default admin token in your database. This token is widely known; please remove it.") print("⚠️ Warning: You have the old default admin API token in your database. This token is widely known; please remove it. Log in as your superuser and check API Tokens in your user menu.")
except Token.DoesNotExist: except Token.DoesNotExist:
pass pass
END END

10
requirements-container.txt
View File

@ -1,5 +1,5 @@
django-auth-ldap==4.6.0 django-auth-ldap==4.8.0
django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.14.2 django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.14.4
dulwich==0.21.7 dulwich==0.22.1
psycopg[c,pool]==3.1.16 python3-saml==1.16.0 --no-binary lxml,xmlsec
python3-saml==1.16.0 sentry-sdk[django]==2.14.0

1
test-configuration/test_config.py
View File

@ -4,3 +4,4 @@ LOGGING = {
} }
DEFAULT_PERMISSIONS = {} DEFAULT_PERMISSIONS = {}
LOGIN_REQUIRED = False

2
test.sh
View File

@ -84,7 +84,7 @@ test_netbox_web() {
--retry 5 \ --retry 5 \
--retry-delay 0 \ --retry-delay 0 \
--retry-max-time 40 \ --retry-max-time 40 \
http://127.0.0.1:8000/ http://127.0.0.1:8000/login/
) )
if [ "$RESP_CODE" == "200" ]; then if [ "$RESP_CODE" == "200" ]; then
echo "Webservice running" echo "Webservice running"