e.dmitriev
/
netbox-docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: e.dmitriev:release
Branches Tags
e.dmitriev:release
e.dmitriev:develop
e.dmitriev:renovate/docker.io-postgres-17.x
e.dmitriev:3.0.2
e.dmitriev:3.0.1
e.dmitriev:3.0.0
e.dmitriev:2.9.1
e.dmitriev:2.9.0
e.dmitriev:2.8.0
e.dmitriev:2.7.0
e.dmitriev:2.6.1
e.dmitriev:2.6.0
e.dmitriev:2.5.3
e.dmitriev:2.5.2
e.dmitriev:2.5.1
e.dmitriev:2.5.0
e.dmitriev:2.4.0
e.dmitriev:2.3.0
e.dmitriev:2.2.0
e.dmitriev:2.1.0
e.dmitriev:2.0.0
e.dmitriev:1.6.1
e.dmitriev:1.6.0
e.dmitriev:1.5.1
e.dmitriev:1.5.0
e.dmitriev:1.4.1
e.dmitriev:1.4.0
e.dmitriev:1.3.1
e.dmitriev:1.3.0
e.dmitriev:1.2.0
e.dmitriev:1.1.0
e.dmitriev:1.0.2
e.dmitriev:1.0.1
e.dmitriev:1.0.0
e.dmitriev:0.27.0
e.dmitriev:0.26.2
e.dmitriev:0.26.1
e.dmitriev:0.26.0
e.dmitriev:0.25.0
e.dmitriev:0.24.1
e.dmitriev:0.24.0
e.dmitriev:0.23.0
e.dmitriev:0.22.0
e.dmitriev:0.21.1
e.dmitriev:0.21.0
e.dmitriev:0.20.0
e.dmitriev:0.19.4
e.dmitriev:0.19.3
e.dmitriev:0.19.2
e.dmitriev:0.19.1
e.dmitriev:0.19.0
e.dmitriev:0.18.2
e.dmitriev:0.18.1
e.dmitriev:0.18.0
e.dmitriev:0.17.1
e.dmitriev:0.17.0
e.dmitriev:0.16.0
e.dmitriev:0.15.0
e.dmitriev:0.14.0
e.dmitriev:0.13.1
e.dmitriev:0.13.0
e.dmitriev:0.12.0
e.dmitriev:0.11.0
e.dmitriev:0.10.0
e.dmitriev:0.9.0
e.dmitriev:0.8.0
e.dmitriev:0.7.0
e.dmitriev:0.6.0
e.dmitriev:0.5.1
e.dmitriev:0.5.0
e.dmitriev:0.4.0
e.dmitriev:0.3.1
..
compare: e.dmitriev:1.0.1
Branches Tags
e.dmitriev:release
e.dmitriev:develop
e.dmitriev:renovate/docker.io-postgres-17.x
e.dmitriev:3.0.2
e.dmitriev:3.0.1
e.dmitriev:3.0.0
e.dmitriev:2.9.1
e.dmitriev:2.9.0
e.dmitriev:2.8.0
e.dmitriev:2.7.0
e.dmitriev:2.6.1
e.dmitriev:2.6.0
e.dmitriev:2.5.3
e.dmitriev:2.5.2
e.dmitriev:2.5.1
e.dmitriev:2.5.0
e.dmitriev:2.4.0
e.dmitriev:2.3.0
e.dmitriev:2.2.0
e.dmitriev:2.1.0
e.dmitriev:2.0.0
e.dmitriev:1.6.1
e.dmitriev:1.6.0
e.dmitriev:1.5.1
e.dmitriev:1.5.0
e.dmitriev:1.4.1
e.dmitriev:1.4.0
e.dmitriev:1.3.1
e.dmitriev:1.3.0
e.dmitriev:1.2.0
e.dmitriev:1.1.0
e.dmitriev:1.0.2
e.dmitriev:1.0.1
e.dmitriev:1.0.0
e.dmitriev:0.27.0
e.dmitriev:0.26.2
e.dmitriev:0.26.1
e.dmitriev:0.26.0
e.dmitriev:0.25.0
e.dmitriev:0.24.1
e.dmitriev:0.24.0
e.dmitriev:0.23.0
e.dmitriev:0.22.0
e.dmitriev:0.21.1
e.dmitriev:0.21.0
e.dmitriev:0.20.0
e.dmitriev:0.19.4
e.dmitriev:0.19.3
e.dmitriev:0.19.2
e.dmitriev:0.19.1
e.dmitriev:0.19.0
e.dmitriev:0.18.2
e.dmitriev:0.18.1
e.dmitriev:0.18.0
e.dmitriev:0.17.1
e.dmitriev:0.17.0
e.dmitriev:0.16.0
e.dmitriev:0.15.0
e.dmitriev:0.14.0
e.dmitriev:0.13.1
e.dmitriev:0.13.0
e.dmitriev:0.12.0
e.dmitriev:0.11.0
e.dmitriev:0.10.0
e.dmitriev:0.9.0
e.dmitriev:0.8.0
e.dmitriev:0.7.0
e.dmitriev:0.6.0
e.dmitriev:0.5.1
e.dmitriev:0.5.0
e.dmitriev:0.4.0
e.dmitriev:0.3.1

No commits in common. "release" and "1.0.1" have entirely different histories.
release ... 1.0.1

139 changed files with 3228 additions and 2050 deletions
Show Stats Expand all files Collapse all files

12
.dockerignore
View File

@ -1,10 +1,10 @@
.git* .git
.github
.travis.yml
*.md *.md
build*
docker-compose*
env env
test-configuration build*
docker-compose.override.yml
.netbox/.git* .netbox/.git*
.netbox/contrib .netbox/.travis.yml
.netbox/scripts .netbox/scripts
.netbox/upgrade.sh

23
.ecrc
View File

@ -1,23 +0,0 @@
{
"Verbose": false,
"Debug": false,
"IgnoreDefaults": false,
"SpacesAftertabs": false,
"NoColor": false,
"Exclude": [
"LICENSE",
"\\.initializers",
"\\.vscode"
],
"AllowedContentTypes": [],
"PassedFiles": [],
"Disable": {
// set these options to true to disable specific checks
"EndOfLine": false,
"Indentation": false,
"InsertFinalNewline": false,
"TrimTrailingWhitespace": false,
"IndentSize": true,
"MaxLineLength": false
}
}

11
.editorconfig
View File

@ -1,11 +0,0 @@
root = true
[*]
end_of_line = lf
insert_final_newline = true
charset = utf-8
indent_style = space
indent_size = 2
[*.py]
indent_size = 4

7
.flake8
View File

@ -1,7 +0,0 @@
[flake8]
max-line-length = 100
extend-ignore = E203, W503
per-file-ignores =
configuration/*:E131,E251,E266,E302,E305,E501,E722
startup_scripts/startup_script_utils/__init__.py:F401
docker/*:E266,E722

4
.github/FUNDING.yml vendored
View File

@ -1,8 +1,8 @@
# These are supported funding model platforms # These are supported funding model platforms
github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
- cimnine - cimnine
- tobiasge - tobiasge
patreon: # Replace with a single Patreon username patreon: # Replace with a single Patreon username
open_collective: # Replace with a single Open Collective username open_collective: # Replace with a single Open Collective username
ko_fi: # Replace with a single Ko-fi username ko_fi: # Replace with a single Ko-fi username

67
.github/ISSUE_TEMPLATE/bug_report.md vendored Normal file
View File

@ -0,0 +1,67 @@
---
name: Bug report
about: Create a report to help us improve
title: ''
labels: ''
assignees: ''
---
<!--
Before raising an issue here, answer the following questions for yourself, please:
* Did you read through the troubleshooting section? (https://github.com/netbox-community/netbox-docker/wiki/Troubleshooting)
* Have you had a look at the rest of the wiki? (https://github.com/netbox-community/netbox-docker/wiki)
* Have you updated to the latest version and tried again? (i.e. `git pull` and `docker-compose pull`)
* Have you reset the project and tried again? (i.e. `docker-compose down -v`)
* Are you confident that your problem is related to the Docker image or Docker Compose file this project provides?
(Otherwise ask on the Netbox mailing list, please: https://groups.google.com/d/forum/netbox-discuss)
* Have you looked through the issues already resolved?
Please try this means to get help before opening an issue here:
* On the networktocode Slack in the #netbox-docker channel: http://slack.networktocode.com/
* On the networktocode Slack in the #netbox channel: http://slack.networktocode.com/
* On the Netbox mailing list: https://groups.google.com/d/forum/netbox-discuss
Please don't open an issue when you have a PR ready. Just submit the PR, that's good enough.
-->
## Current Behavior
<!-- describe what you did and how it misbehaved -->
...
## Expected Behavior
<!-- describe what you expected instead -->
...
## Debug Information
<!-- please fill in the following information that might helps us debug your problem more quickly -->
The output of `docker-compose version`: `XXXXX`
The output of `docker version`: `XXXXX`
The output of `git rev-parse HEAD`: `XXXXX`
The command you used to start the project: `XXXXX`
<!-- adjust the `latest` tag to the version you're using -->
The output of `docker inspect netboxcommunity/netbox:latest --format "{{json .Config.Labels}}"`:
```json
{
"JSON JSON JSON":
"--> Please paste formatted json. (Use e.g. `jq` or https://jsonformatter.curiousconcept.com/)"
}
```
The output of `docker-compose logs netbox`:
<!--
If your log is very long, create a Gist instead (and post the link to it): https://gist.github.com
-->
```text
LOG LOG LOG
```

148
.github/ISSUE_TEMPLATE/bug_report.yml vendored
View File

@ -1,148 +0,0 @@
name: Bug report
description: Create a report about a malfunction of the Docker setup
body:
- type: markdown
attributes:
value: |
Please only raise an issue if you're certain that you've found a bug.
Else, see these other means to get help:
- See our troubleshooting section:
https://github.com/netbox-community/netbox-docker/wiki/Troubleshooting
- Have a look at the rest of the wiki:
https://github.com/netbox-community/netbox-docker/wiki
- Check the release notes:
https://github.com/netbox-community/netbox-docker/releases
- Look through the issues already resolved:
https://github.com/netbox-community/netbox-docker/issues?q=is%3Aclosed
If you did not find what you're looking for,
try the help of our community:
- Post to Github Discussions:
https://github.com/netbox-community/netbox-docker/discussions
- Join the `#netbox-docker` channel on our Slack:
https://join.slack.com/t/netdev-community/shared_invite/zt-mtts8g0n-Sm6Wutn62q_M4OdsaIycrQ
- Ask on the NetBox mailing list:
https://groups.google.com/d/forum/netbox-discuss
Please don't open an issue to open a PR.
Just submit the PR, that's good enough.
- type: textarea
id: current-behavior
attributes:
label: Current Behavior
description: Please describe what you did and how you think it misbehaved
placeholder: I tried to … by doing …, but it …
validations:
required: true
- type: textarea
id: expected-behavior
attributes:
label: Expected Behavior
description: Please describe what you expected instead
placeholder: I expected that … when I do …
validations:
required: true
- type: input
id: docker-compose-version
attributes:
label: Docker Compose Version
description: Please paste the output of `docker-compose version`
placeholder: Docker Compose version vX.Y.Z
validations:
required: true
- type: textarea
id: docker-version
attributes:
label: Docker Version
description: Please paste the output of `docker version`
render: text
placeholder: |
Client:
Cloud integration: 1.0.17
Version: 20.10.8
API version: 1.41
Go version: go1.16.6
Git commit: 3967b7d
Built: Fri Jul 30 19:55:20 2021
OS/Arch: darwin/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.8
API version: 1.41 (minimum version 1.12)
Go version: go1.16.6
Git commit: 75249d8
Built: Fri Jul 30 19:52:10 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.9
GitCommit: e25210fe30a0a703442421b0f60afac609f950a3
runc:
Version: 1.0.1
GitCommit: v1.0.1-0-g4144b63
docker-init:
Version: 0.19.0
GitCommit: de40ad0
validations:
required: true
- type: input
id: git-rev
attributes:
label: The git Revision
description: Please paste the output of `git rev-parse HEAD`
validations:
required: true
- type: textarea
id: git-status
attributes:
label: The git Status
description: Please paste the output of `git status`
render: text
placeholder: |
On branch main
nothing to commit, working tree clean
validations:
required: true
- type: input
id: run-command
attributes:
label: Startup Command
description: Please specify the command you used to start the project
placeholder: docker compose up
validations:
required: true
- type: textarea
id: netbox-logs
attributes:
label: NetBox Logs
description: Please paste the output of `docker-compose logs netbox` (or `docker compose logs netbox`)
render: text
placeholder: |
netbox_1 | ⚙️ Applying database migrations
netbox_1 | 🧬 loaded config '/etc/netbox/config/configuration.py'
netbox_1 | 🧬 loaded config '/etc/netbox/config/a.py'
netbox_1 | 🧬 loaded config '/etc/netbox/config/extra.py'
netbox_1 | 🧬 loaded config '/etc/netbox/config/logging.py'
netbox_1 | 🧬 loaded config '/etc/netbox/config/plugins.py'
...
validations:
required: true
- type: textarea
id: docker-compose-override-yml
attributes:
label: Content of docker-compose.override.yml
description: Please paste the output of `cat docker-compose.override.yml`
render: yaml
placeholder: |
version: '3.4'
services:
netbox:
ports:
- '8080:8080'
validations:
required: true

18
.github/ISSUE_TEMPLATE/config.yml vendored
View File

@ -1,15 +1,13 @@
blank_issues_enabled: false blank_issues_enabled: false
contact_links: contact_links:
- name: Question - name: The \#netbox-docker Slack channel
url: http://slack.networktocode.com/
about: It's usually the quickest way to seek help when you're in trouble with regards to Netbox Docker.
- name: Github Discussions
url: https://github.com/netbox-community/netbox-docker/discussions url: https://github.com/netbox-community/netbox-docker/discussions
about: The Github Discussions are the right place to ask questions about how to use or do certain things with NetBox Docker. about: This is the right place to ask questions about how to use or do certain things with Netbox Docker.
- name: Chat - name: Have you had a look at our Wiki?
url: https://join.slack.com/t/netdev-community/shared_invite/zt-mtts8g0n-Sm6Wutn62q_M4OdsaIycrQ
about: "Usually the quickest way to seek help with small issues is to join our #netbox-docker Slack channel."
- name: Community Wiki
url: https://github.com/netbox-community/netbox-docker/wiki url: https://github.com/netbox-community/netbox-docker/wiki
about: | about: Our wiki contains information for common problems and tips for operating Netbox Docker in production.
Our wiki contains information for common problems and tips for operating NetBox Docker in production.
It's maintained by our excellent community.

54
.github/ISSUE_TEMPLATE/feature_request.md vendored Normal file
View File

@ -0,0 +1,54 @@
---
name: Feature or Change Request
about: Request a new feature or a change of the current behavior
title: ''
labels: ''
assignees: ''
---
<!--
Before raising an issue here, answer the following questions for yourself, please:
* Did you read through the troubleshooting section? (https://github.com/netbox-community/netbox-docker/wiki/Troubleshooting)
* Have you had a look at the rest of the wiki? (https://github.com/netbox-community/netbox-docker/wiki)
* Have you read the release notes recently (https://github.com/netbox-community/netbox-docker/releases)
* Are you confident that your feature/change request is related to the Docker image or Docker Compose file this project provides?
(Otherwise ask on the Netbox mailing list, please: https://groups.google.com/d/forum/netbox-discuss)
* Have you looked through the issues already resolved?
Please try this means to get help before opening an issue here:
* On the networktocode Slack in the #netbox-docker channel: http://slack.networktocode.com/
* On the networktocode Slack in the #netbox channel: http://slack.networktocode.com/
* On the Netbox mailing list: https://groups.google.com/d/forum/netbox-discuss
Please don't open an issue when you have a PR ready. Just submit the PR, that's good enough.
-->
## Desired Behavior
<!-- please describe the behavior you desire -->
...
## Contrast to Current Behavior
<!-- please describe how the desired behavior is different from the current behavior -->
...
## Changes Required
<!-- if you can, please elaborate what changes would exactly be required -->
...
## Discussion: Benefits and Drawbacks
<!--
Please make your case here:
- Why do you think this project and the community will benefit from your suggestion?
- What are the drawbacks of this change? Is it backwards-compatible?
- Anything else that you think is relevant to the discussion of this feature/change request.
-->
...

68
.github/ISSUE_TEMPLATE/feature_request.yml vendored
View File

@ -1,68 +0,0 @@
name: Feature or Change Request
description: Request a new feature or a change of the current behavior
body:
- type: markdown
attributes:
value: |
This issue type is to propose new features for the Docker setup.
To just spin an idea, see the Github Discussions section, please.
Before asking for help, see these links first:
- See our troubleshooting section:
https://github.com/netbox-community/netbox-docker/wiki/Troubleshooting
- Have a look at the rest of the wiki:
https://github.com/netbox-community/netbox-docker/wiki
- Check the release notes:
https://github.com/netbox-community/netbox-docker/releases
- Look through the issues already resolved:
https://github.com/netbox-community/netbox-docker/issues?q=is%3Aclosed
If you did not find what you're looking for,
try the help of our community:
- Post to Github Discussions:
https://github.com/netbox-community/netbox-docker/discussions
- Join the `#netbox-docker` channel on our Slack:
https://join.slack.com/t/netdev-community/shared_invite/zt-mtts8g0n-Sm6Wutn62q_M4OdsaIycrQ
- Ask on the NetBox mailing list:
https://groups.google.com/d/forum/netbox-discuss
Please don't open an issue to open a PR.
Just submit the PR, that's good enough.
- type: textarea
id: desired-behavior
attributes:
label: Desired Behavior
description: Please describe the desired behavior
placeholder: To me, it would be useful, if … because …
validations:
required: true
- type: textarea
id: contrast-to-current
attributes:
label: Contrast to Current Behavior
description: Please describe how the desired behavior is different from the current behavior
placeholder: The current behavior is …, but this lacks …
validations:
required: true
- type: textarea
id: required-changes
attributes:
label: Required Changes
description: If you can, please elaborate what changes will be required to implement the desired behavior
placeholder: I suggest to change the file …
validations:
required: false
- type: textarea
id: discussion
attributes:
label: "Discussion: Benefits and Drawbacks"
description: |
Please make your case here:
- Why do you think this project and the community will benefit from your suggestion?
- What are the drawbacks of this change? Is it backwards-compatible?
- Anything else that you think is relevant to the discussion of this feature/change request.
placeholder: I suggest to change the file …
validations:
required: false

6
.github/pull_request_template.md vendored
View File

@ -80,6 +80,6 @@ into the release notes.
Please put an x into the brackets (like `[x]`) if you've completed that task. Please put an x into the brackets (like `[x]`) if you've completed that task.
--> -->
- [ ] I have read the comments and followed the PR template. * [ ] I have read the comments and followed the PR template.
- [ ] I have explained my PR according to the information in the comments. * [ ] I have explained my PR according to the information in the comments.
- [ ] My PR targets the `develop` branch. * [ ] My PR targets the `develop` branch.

76
.github/workflows/push.yml vendored
View File

@ -1,93 +1,39 @@
---
name: push name: push
on: on:
push: push:
branches-ignore: branches-ignore:
- release - release
- renovate/**
pull_request: pull_request:
branches-ignore: branches-ignore:
- release - release
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs: jobs:
lint:
runs-on: ubuntu-latest
name: Checks syntax of our code
steps:
- uses: actions/checkout@v4
with:
# Full git history is needed to get a proper
# list of changed files within `super-linter`
fetch-depth: 0
- uses: actions/setup-python@v5
with:
python-version: "3.9"
- name: Lint Code Base
uses: github/super-linter@v7
env:
DEFAULT_BRANCH: develop
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SUPPRESS_POSSUM: true
LINTER_RULES_PATH: /
VALIDATE_ALL_CODEBASE: false
VALIDATE_CHECKOV: false
VALIDATE_DOCKERFILE: false
VALIDATE_GITLEAKS: false
VALIDATE_JSCPD: false
FILTER_REGEX_EXCLUDE: (.*/)?(LICENSE|configuration/.*)
EDITORCONFIG_FILE_NAME: .ecrc
DOCKERFILE_HADOLINT_FILE_NAME: .hadolint.yaml
MARKDOWN_CONFIG_FILE: .markdown-lint.yml
PYTHON_BLACK_CONFIG_FILE: pyproject.toml
PYTHON_FLAKE8_CONFIG_FILE: .flake8
PYTHON_ISORT_CONFIG_FILE: pyproject.toml
YAML_CONFIG_FILE: .yamllint.yaml
build: build:
continue-on-error: ${{ matrix.build_cmd != './build-latest.sh' }} continue-on-error: ${{ matrix.docker_from == 'alpine:edge' }}
strategy: strategy:
matrix: matrix:
build_cmd: build_cmd:
- ./build-latest.sh - ./build-latest.sh
- PRERELEASE=true ./build-latest.sh - PRERELEASE=true ./build-latest.sh
- ./build.sh feature - ./build-next.sh
- ./build.sh develop - ./build.sh develop
os: docker_from:
- ubuntu-latest - '' # use the default of the build script
- self-hosted - alpine:edge
fail-fast: false fail-fast: false
env: runs-on: ubuntu-latest
GH_ACTION: enable name: Builds new Netbox Docker Images
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
IMAGE_NAMES: docker.io/netboxcommunity/netbox
runs-on: ${{ matrix.os }}
name: Builds new NetBox Docker Images
steps: steps:
- id: git-checkout - id: git-checkout
name: Checkout name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v2
- id: buildx-setup
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- id: arm-buildx-platform
name: Set BUILDX_PLATFORM to ARM64
if: matrix.os == 'self-hosted'
run: |
echo "BUILDX_PLATFORM=linux/arm64" >>"${GITHUB_ENV}"
- id: docker-build - id: docker-build
name: Build the image for '${{ matrix.os }}' with '${{ matrix.build_cmd }}' name: Build the image from '${{ matrix.docker_from }}' with '${{ matrix.build_cmd }}'
run: ${{ matrix.build_cmd }} run: ${{ matrix.build_cmd }}
env: env:
BUILDX_BUILDER_NAME: ${{ steps.buildx-setup.outputs.name }} DOCKER_FROM: ${{ matrix.docker_from }}
- id: arm-time-limit GH_ACTION: enable
name: Set Netbox container start_period higher on ARM64
if: matrix.os == 'self-hosted'
run: |
echo "NETBOX_START_PERIOD=240s" >>"${GITHUB_ENV}"
- id: docker-test - id: docker-test
name: Test the image name: Test the image
run: IMAGE="${FINAL_DOCKER_TAG}" ./test.sh run: IMAGE="${FINAL_DOCKER_TAG}" ./test.sh

127
.github/workflows/release.yml vendored
View File

@ -1,13 +1,11 @@
---
name: release name: release
on: on:
release: push:
types: branches:
- published - release
schedule: schedule:
- cron: "45 5 * * *" - cron: '45 5 * * *'
workflow_dispatch:
jobs: jobs:
build: build:
@ -16,69 +14,70 @@ jobs:
build_cmd: build_cmd:
- ./build-latest.sh - ./build-latest.sh
- PRERELEASE=true ./build-latest.sh - PRERELEASE=true ./build-latest.sh
- ./build.sh feature - ./build-next.sh
- ./build.sh develop - ./build.sh develop
platform:
- linux/amd64,linux/arm64
fail-fast: false fail-fast: false
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: Builds new NetBox Docker Images name: Builds new Netbox Docker Images
steps:
- id: git-checkout
name: Checkout
uses: actions/checkout@v2
- id: docker-build
name: Build the image with '${{ matrix.build_cmd }}'
run: ${{ matrix.build_cmd }}
env: env:
GH_ACTION: enable GH_ACTION: enable
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - id: docker-test
IMAGE_NAMES: docker.io/netboxcommunity/netbox quay.io/netboxcommunity/netbox ghcr.io/netbox-community/netbox name: Test the image
steps: run: IMAGE="${FINAL_DOCKER_TAG}" ./test.sh
- id: source-checkout if: steps.docker-build.outputs.skipped != 'true'
name: Checkout - id: registry-login
uses: actions/checkout@v4 name: Login to the Docker Registry
- id: set-netbox-docker-version run: |
name: Get Version of NetBox Docker echo "::add-mask::$DOCKERHUB_USERNAME"
run: echo "version=$(cat VERSION)" >>"$GITHUB_OUTPUT" echo "::add-mask::$DOCKERHUB_PASSWORD"
shell: bash docker login -u "$DOCKERHUB_USERNAME" --password "${DOCKERHUB_PASSWORD}" "${DOCKER_REGISTRY}"
- id: check-build-needed
name: Check if the build is needed for '${{ matrix.build_cmd }}'
env: env:
CHECK_ONLY: "true" DOCKERHUB_USERNAME: ${{ secrets.dockerhub_username }}
run: ${{ matrix.build_cmd }} DOCKERHUB_PASSWORD: ${{ secrets.dockerhub_password }}
# docker.io if: steps.docker-build.outputs.skipped != 'true'
- id: docker-io-login - id: registry-push
name: Login to docker.io
uses: docker/login-action@v3
with:
registry: docker.io
username: ${{ secrets.dockerhub_username }}
password: ${{ secrets.dockerhub_password }}
if: steps.check-build-needed.outputs.skipped != 'true'
- id: buildx-setup
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: "lab:latest"
driver: cloud
endpoint: "netboxcommunity/netbox-default"
if: steps.check-build-needed.outputs.skipped != 'true'
# quay.io
- id: quay-io-login
name: Login to Quay.io
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.quayio_username }}
password: ${{ secrets.quayio_password }}
if: steps.check-build-needed.outputs.skipped != 'true'
# ghcr.io
- id: ghcr-io-login
name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
if: steps.check-build-needed.outputs.skipped != 'true'
- id: build-and-push
name: Push the image name: Push the image
run: ${{ matrix.build_cmd }} --push run: ${{ matrix.build_cmd }} --push-only
if: steps.check-build-needed.outputs.skipped != 'true' if: steps.docker-build.outputs.skipped != 'true'
- id: registry-logout
name: Logout of the Docker Registry
run: docker logout "${DOCKER_REGISTRY}"
if: steps.docker-build.outputs.skipped != 'true'
# Quay.io
- id: quayio-docker-build
name: Build the image with '${{ matrix.build_cmd }}'
run: ${{ matrix.build_cmd }}
env: env:
BUILDX_PLATFORM: ${{ matrix.platform }} DOCKER_REGISTRY: quay.io
BUILDX_BUILDER_NAME: ${{ steps.buildx-setup.outputs.name }} GH_ACTION: enable
- id: quayio-registry-login
name: Login to the Quay.io Registry
run: |
echo "::add-mask::$QUAYIO_USERNAME"
echo "::add-mask::$QUAYIO_PASSWORD"
docker login -u "$QUAYIO_USERNAME" --password "${QUAYIO_PASSWORD}" "${DOCKER_REGISTRY}"
env:
DOCKER_REGISTRY: quay.io
QUAYIO_USERNAME: ${{ secrets.quayio_username }}
QUAYIO_PASSWORD: ${{ secrets.quayio_password }}
if: steps.docker-build.outputs.skipped != 'true'
- id: quayio-registry-push
name: Push the image
run: ${{ matrix.build_cmd }} --push-only
env:
DOCKER_REGISTRY: quay.io
if: steps.docker-build.outputs.skipped != 'true'
- id: quayio-registry-logout
name: Logout of the Docker Registry
run: docker logout "${DOCKER_REGISTRY}"
env:
DOCKER_REGISTRY: quay.io
if: steps.docker-build.outputs.skipped != 'true'

8
.gitignore vendored
View File

@ -1,13 +1,11 @@
*.sql.gz *.sql.gz
.netbox .netbox
.python-version .initializers
docker-compose.override.yml
*.pem *.pem
configuration/* configuration/*
!configuration/configuration.py !configuration/configuration.py
!configuration/extra.py !configuration/extra.py
configuration/ldap/* configuration/ldap/*
!configuration/ldap/extra.py
!configuration/ldap/ldap_config.py !configuration/ldap/ldap_config.py
!configuration/logging.py prometheus.yml
!configuration/plugins.py
super-linter.log

4
.hadolint.yaml
View File

@ -1,4 +0,0 @@
ignored:
- DL3006
- DL3008
- DL3003

2
.markdown-lint.yml
View File

@ -1,2 +0,0 @@
MD013: false
MD041: false

4
.yamllint.yaml
View File

@ -1,4 +0,0 @@
---
rules:
line-length:
max: 160

144
Dockerfile
View File

@ -1,92 +1,63 @@
ARG FROM ARG FROM
FROM ${FROM} AS builder FROM ${FROM} as builder
RUN export DEBIAN_FRONTEND=noninteractive \ RUN apk add --no-cache \
&& apt-get update -qq \ bash \
&& apt-get upgrade \ build-base \
--yes -qq --no-install-recommends \
&& apt-get install \
--yes -qq --no-install-recommends \
build-essential \
ca-certificates \ ca-certificates \
libldap-dev \ cyrus-sasl-dev \
libpq-dev \ graphviz \
libsasl2-dev \ jpeg-dev \
libssl-dev \ libevent-dev \
libxml2-dev \ libffi-dev \
libxmlsec1 \
libxmlsec1-dev \
libxmlsec1-openssl \
libxslt-dev \ libxslt-dev \
pkg-config \ openldap-dev \
postgresql-dev \
py3-pip \
python3-dev \ python3-dev \
python3-pip \
python3-venv \
&& python3 -m venv /opt/netbox/venv \ && python3 -m venv /opt/netbox/venv \
&& /opt/netbox/venv/bin/python3 -m pip install --upgrade \ && /opt/netbox/venv/bin/python3 -m pip install --upgrade pip setuptools
pip \
setuptools \
wheel
ARG NETBOX_PATH ARG NETBOX_PATH
COPY ${NETBOX_PATH}/requirements.txt requirements-container.txt / COPY ${NETBOX_PATH}/requirements.txt requirements-container.txt /
RUN \ RUN /opt/netbox/venv/bin/pip install -r /requirements.txt -r /requirements-container.txt
# Gunicorn is not needed because we use Nginx Unit
sed -i -e '/gunicorn/d' /requirements.txt && \
# We need 'social-auth-core[all]' in the Docker image. But if we put it in our own requirements-container.txt
# we have potential version conflicts and the build will fail.
# That's why we just replace it in the original requirements.txt.
sed -i -e 's/social-auth-core/social-auth-core\[all\]/g' /requirements.txt && \
/opt/netbox/venv/bin/pip install \
-r /requirements.txt \
-r /requirements-container.txt
### ###
# Main stage # Main stage
### ###
ARG FROM ARG FROM
FROM ${FROM} AS main FROM ${FROM} as main
RUN export DEBIAN_FRONTEND=noninteractive \ RUN apk add --no-cache \
&& apt-get update -qq \ bash \
&& apt-get upgrade \
--yes -qq --no-install-recommends \
&& apt-get install \
--yes -qq --no-install-recommends \
bzip2 \
ca-certificates \ ca-certificates \
curl \ curl \
libldap-common \ graphviz \
libpq5 \ libevent \
libxmlsec1-openssl \ libffi \
openssh-client \ libjpeg-turbo \
openssl \ libressl \
libxslt \
postgresql-libs \
python3 \ python3 \
tini \ py3-pip \
&& curl --silent --output /usr/share/keyrings/nginx-keyring.gpg \ ttf-ubuntu-font-family \
https://unit.nginx.org/keys/nginx-keyring.gpg \ unit \
&& echo "deb [signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://packages.nginx.org/unit/ubuntu/ noble unit" \ unit-python3
> /etc/apt/sources.list.d/unit.list \
&& apt-get update -qq \ WORKDIR /opt
&& apt-get install \
--yes -qq --no-install-recommends \
unit=1.33.0-1~noble \
unit-python3.12=1.33.0-1~noble \
&& rm -rf /var/lib/apt/lists/*
COPY --from=builder /opt/netbox/venv /opt/netbox/venv COPY --from=builder /opt/netbox/venv /opt/netbox/venv
ARG NETBOX_PATH ARG NETBOX_PATH
COPY ${NETBOX_PATH} /opt/netbox COPY ${NETBOX_PATH} /opt/netbox
# Copy the modified 'requirements*.txt' files, to have the files actually used during installation
COPY --from=builder /requirements.txt /requirements-container.txt /opt/netbox/
COPY docker/configuration.docker.py /opt/netbox/netbox/netbox/configuration.py COPY docker/configuration.docker.py /opt/netbox/netbox/netbox/configuration.py
COPY docker/ldap_config.docker.py /opt/netbox/netbox/netbox/ldap_config.py
COPY docker/docker-entrypoint.sh /opt/netbox/docker-entrypoint.sh COPY docker/docker-entrypoint.sh /opt/netbox/docker-entrypoint.sh
COPY docker/housekeeping.sh /opt/netbox/housekeeping.sh
COPY docker/launch-netbox.sh /opt/netbox/launch-netbox.sh COPY docker/launch-netbox.sh /opt/netbox/launch-netbox.sh
COPY startup_scripts/ /opt/netbox/startup_scripts/
COPY initializers/ /opt/netbox/initializers/
COPY configuration/ /etc/netbox/config/ COPY configuration/ /etc/netbox/config/
COPY docker/nginx-unit.json /etc/unit/ COPY docker/nginx-unit.json /etc/unit/
@ -95,25 +66,33 @@ WORKDIR /opt/netbox/netbox
# Must set permissions for '/opt/netbox/netbox/media' directory # Must set permissions for '/opt/netbox/netbox/media' directory
# to g+w so that pictures can be uploaded to netbox. # to g+w so that pictures can be uploaded to netbox.
RUN mkdir -p static /opt/unit/state/ /opt/unit/tmp/ \ RUN mkdir -p static /opt/unit/state/ /opt/unit/tmp/ \
&& chown -R unit:root /opt/unit/ media reports scripts \ && chmod -R g+w media /opt/unit/ \
&& chmod -R g+w /opt/unit/ media reports scripts \ && SECRET_KEY="dummy" /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py collectstatic --no-input
&& cd /opt/netbox/ && SECRET_KEY="dummyKeyWithMinimumLength-------------------------" /opt/netbox/venv/bin/python -m mkdocs build \
--config-file /opt/netbox/mkdocs.yml --site-dir /opt/netbox/netbox/project-static/docs/ \
&& SECRET_KEY="dummyKeyWithMinimumLength-------------------------" /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py collectstatic --no-input
ENV LANG=C.utf8 PATH=/opt/netbox/venv/bin:$PATH ENTRYPOINT [ "/opt/netbox/docker-entrypoint.sh" ]
ENTRYPOINT [ "/usr/bin/tini", "--" ]
CMD [ "/opt/netbox/docker-entrypoint.sh", "/opt/netbox/launch-netbox.sh" ] CMD [ "/opt/netbox/launch-netbox.sh" ]
LABEL netbox.original-tag="" \ LABEL ORIGINAL_TAG="" \
netbox.git-branch="" \ NETBOX_GIT_BRANCH="" \
netbox.git-ref="" \ NETBOX_GIT_REF="" \
netbox.git-url="" \ NETBOX_GIT_URL="" \
# See http://label-schema.org/rc1/#build-time-labels
# Also https://microbadger.com/labels
org.label-schema.schema-version="1.0" \
org.label-schema.build-date="" \
org.label-schema.name="Netbox Docker" \
org.label-schema.description="A container based distribution of Netbox, the free and open IPAM and DCIM solution." \
org.label-schema.vendor="The netbox-docker contributors." \
org.label-schema.url="https://github.com/netbox-community/netbox-docker" \
org.label-schema.usage="https://github.com/netbox-community/netbox-docker/wiki" \
org.label-schema.vcs-url="https://github.com/netbox-community/netbox-docker.git" \
org.label-schema.vcs-ref="" \
org.label-schema.version="snapshot" \
# See https://github.com/opencontainers/image-spec/blob/master/annotations.md#pre-defined-annotation-keys # See https://github.com/opencontainers/image-spec/blob/master/annotations.md#pre-defined-annotation-keys
org.opencontainers.image.created="" \ org.opencontainers.image.created="" \
org.opencontainers.image.title="NetBox Docker" \ org.opencontainers.image.title="Netbox Docker" \
org.opencontainers.image.description="A container based distribution of NetBox, the free and open IPAM and DCIM solution." \ org.opencontainers.image.description="A container based distribution of Netbox, the free and open IPAM and DCIM solution." \
org.opencontainers.image.licenses="Apache-2.0" \ org.opencontainers.image.licenses="Apache-2.0" \
org.opencontainers.image.authors="The netbox-docker contributors." \ org.opencontainers.image.authors="The netbox-docker contributors." \
org.opencontainers.image.vendor="The netbox-docker contributors." \ org.opencontainers.image.vendor="The netbox-docker contributors." \
@ -121,4 +100,17 @@ LABEL netbox.original-tag="" \
org.opencontainers.image.documentation="https://github.com/netbox-community/netbox-docker/wiki" \ org.opencontainers.image.documentation="https://github.com/netbox-community/netbox-docker/wiki" \
org.opencontainers.image.source="https://github.com/netbox-community/netbox-docker.git" \ org.opencontainers.image.source="https://github.com/netbox-community/netbox-docker.git" \
org.opencontainers.image.revision="" \ org.opencontainers.image.revision="" \
org.opencontainers.image.version="" org.opencontainers.image.version="snapshot"
#####
## LDAP specific configuration
#####
FROM main as ldap
RUN apk add --no-cache \
libsasl \
libldap \
util-linux
COPY docker/ldap_config.docker.py /opt/netbox/netbox/netbox/ldap_config.py

171
README.md
View File

@ -3,142 +3,146 @@
[![GitHub release (latest by date)](https://img.shields.io/github/v/release/netbox-community/netbox-docker)][github-release] [![GitHub release (latest by date)](https://img.shields.io/github/v/release/netbox-community/netbox-docker)][github-release]
[![GitHub stars](https://img.shields.io/github/stars/netbox-community/netbox-docker)][github-stargazers] [![GitHub stars](https://img.shields.io/github/stars/netbox-community/netbox-docker)][github-stargazers]
![GitHub closed pull requests](https://img.shields.io/github/issues-pr-closed-raw/netbox-community/netbox-docker) ![GitHub closed pull requests](https://img.shields.io/github/issues-pr-closed-raw/netbox-community/netbox-docker)
![Github release workflow](https://img.shields.io/github/actions/workflow/status/netbox-community/netbox-docker/release.yml?branch=release) ![Github release workflow](https://img.shields.io/github/workflow/status/netbox-community/netbox-docker/release)
![Docker Pulls](https://img.shields.io/docker/pulls/netboxcommunity/netbox) ![Docker Pulls](https://img.shields.io/docker/pulls/netboxcommunity/netbox)
[![MicroBadger Layers](https://img.shields.io/microbadger/layers/netboxcommunity/netbox)][netbox-docker-microbadger]
[![MicroBadger Size](https://img.shields.io/microbadger/image-size/netboxcommunity/netbox)][netbox-docker-microbadger]
[![GitHub license](https://img.shields.io/github/license/netbox-community/netbox-docker)][netbox-docker-license] [![GitHub license](https://img.shields.io/github/license/netbox-community/netbox-docker)][netbox-docker-license]
[The GitHub repository][netbox-docker-github] houses the components needed to build NetBox as a container. [The Github repository](netbox-docker-github) houses the components needed to build Netbox as a Docker container.
Images are built regularly using the code in that repository and are pushed to [Docker Hub][netbox-dockerhub], [Quay.io][netbox-quayio] and [GitHub Container Registry][netbox-ghcr]. Images are built using this code and are released to [Docker Hub][netbox-dockerhub] and [Quay.io][netbox-quayio] once a day.
Do you have any questions? Do you have any questions?
Before opening an issue on Github, Before opening an issue on Github, please join the [Network To Code][ntc-slack] Slack and ask for help in our [`#netbox-docker`][netbox-docker-slack] channel.
please join [our Slack][netbox-docker-slack] and ask for help in the [`#netbox-docker`][netbox-docker-slack-channel] channel.
[github-stargazers]: https://github.com/netbox-community/netbox-docker/stargazers [github-stargazers]: https://github.com/netbox-community/netbox-docker/stargazers
[github-release]: https://github.com/netbox-community/netbox-docker/releases [github-release]: https://github.com/netbox-community/netbox-docker/releases
[netbox-docker-microbadger]: https://microbadger.com/images/netboxcommunity/netbox
[netbox-dockerhub]: https://hub.docker.com/r/netboxcommunity/netbox/ [netbox-dockerhub]: https://hub.docker.com/r/netboxcommunity/netbox/
[netbox-quayio]: https://quay.io/repository/netboxcommunity/netbox
[netbox-ghcr]: https://github.com/netbox-community/netbox-docker/pkgs/container/netbox
[netbox-docker-github]: https://github.com/netbox-community/netbox-docker/ [netbox-docker-github]: https://github.com/netbox-community/netbox-docker/
[netbox-docker-slack]: https://join.slack.com/t/netdev-community/shared_invite/zt-mtts8g0n-Sm6Wutn62q_M4OdsaIycrQ [ntc-slack]: http://slack.networktocode.com/
[netbox-docker-slack-channel]: https://netdev-community.slack.com/archives/C01P0GEVBU7 [netbox-docker-slack]: https://slack.com/app_redirect?channel=netbox-docker&team=T09LQ7E9E
[netbox-slack-channel]: https://netdev-community.slack.com/archives/C01P0FRSXRV
[netbox-docker-license]: https://github.com/netbox-community/netbox-docker/blob/release/LICENSE [netbox-docker-license]: https://github.com/netbox-community/netbox-docker/blob/release/LICENSE
[netbox-quayio]: https://quay.io/repository/netboxcommunity/netbox
## Docker Tags
* `vX.Y.Z`: These are release builds, automatically built from [the corresponding releases of Netbox][netbox-releases].
* `latest`: These are release builds, automatically built from [the `master` branch of Netbox][netbox-master].
* `snapshot`: These are pre-release builds, automatically built from the [`develop` branch of Netbox][netbox-develop].
* `develop-X.Y`: These are pre-release builds, automatically built from the corresponding [branch of Netbox][netbox-branches].
Then there is currently one extra tags for each of the above tags:
* `-ldap`: Contains additional dependencies and configurations for connecting Netbox to an LDAP directory.
[Learn more about that in our wiki][netbox-docker-ldap].
New images are built and published automatically every ~24h.
[netbox-releases]: https://github.com/netbox-community/netbox/releases
[netbox-master]: https://github.com/netbox-community/netbox/tree/master
[netbox-develop]: https://github.com/netbox-community/netbox/tree/develop
[netbox-branches]: https://github.com/netbox-community/netbox/branches
[netbox-docker-ldap]: https://github.com/netbox-community/netbox-docker/wiki/LDAP
## Quickstart ## Quickstart
To get _NetBox Docker_ up and running run the following commands. To get Netbox Docker up and running run the following commands.
There is a more complete [_Getting Started_ guide on our wiki][wiki-getting-started] which explains every step. There is a more complete [_Getting Started_ guide on our wiki][wiki-getting-started] which explains every step.
```bash ```bash
git clone -b release https://github.com/netbox-community/netbox-docker.git git clone -b release https://github.com/netbox-community/netbox-docker.git
cd netbox-docker cd netbox-docker
tee docker-compose.override.yml <<EOF tee docker-compose.override.yml <<EOF
version: '3.4'
services: services:
netbox: netbox:
ports: ports:
- 8000:8080 - 8000:8080
EOF EOF
docker compose pull docker-compose pull
docker compose up docker-compose up
``` ```
The whole application will be available after a few minutes. The whole application will be available after a few minutes.
Open the URL `http://0.0.0.0:8000/` in a web-browser. Open the URL `http://0.0.0.0:8000/` in a web-browser.
You should see the NetBox homepage. You should see the Netbox homepage.
In the top-right corner you can login.
The default credentials are:
To create the first admin user run this command: * Username: **admin**
* Password: **admin**
```bash * API Token: **0123456789abcdef0123456789abcdef01234567**
docker compose exec netbox /opt/netbox/netbox/manage.py createsuperuser
```
If you need to restart Netbox from an empty database often, you can also set the `SUPERUSER_*` variables in your `docker-compose.override.yml` as shown in the example.
[wiki-getting-started]: https://github.com/netbox-community/netbox-docker/wiki/Getting-Started [wiki-getting-started]: https://github.com/netbox-community/netbox-docker/wiki/Getting-Started
[docker-reception]: https://github.com/nxt-engineering/reception
## Container Image Tags
New container images are built and published automatically every ~24h.
> We recommend to use either the `vX.Y.Z-a.b.c` tags or the `vX.Y-a.b.c` tags in production!
* `vX.Y.Z-a.b.c`, `vX.Y-a.b.c`:
These are release builds containing _NetBox version_ `vX.Y.Z`.
They contain the support files of _NetBox Docker version_ `a.b.c`.
You must use _NetBox Docker version_ `a.b.c` to guarantee the compatibility.
These images are automatically built from [the corresponding releases of NetBox][netbox-releases].
* `latest-a.b.c`:
These are release builds, containing the latest stable version of NetBox.
They contain the support files of _NetBox Docker version_ `a.b.c`.
You must use _NetBox Docker version_ `a.b.c` to guarantee the compatibility.
These images are automatically built from [the `master` branch of NetBox][netbox-master].
* `snapshot-a.b.c`:
These are prerelease builds.
They contain the support files of _NetBox Docker version_ `a.b.c`.
You must use _NetBox Docker version_ `a.b.c` to guarantee the compatibility.
These images are automatically built from the [`develop` branch of NetBox][netbox-develop].
For each of the above tag, there is an extra tag:
* `vX.Y.Z`, `vX.Y`:
This is the same version as `vX.Y.Z-a.b.c` (or `vX.Y-a.b.c`, respectively).
It always points to the latest version of _NetBox Docker_.
* `latest`
This is the same version as `latest-a.b.c`.
It always points to the latest version of _NetBox Docker_.
* `snapshot`
This is the same version as `snapshot-a.b.c`.
It always points to the latest version of _NetBox Docker_.
[netbox-releases]: https://github.com/netbox-community/netbox/releases
[netbox-master]: https://github.com/netbox-community/netbox/tree/master
[netbox-develop]: https://github.com/netbox-community/netbox/tree/develop
## Documentation ## Documentation
Please refer [to our wiki on GitHub][netbox-docker-wiki] for further information on how to use the NetBox Docker image properly. Please refer [to our wiki on Github][netbox-docker-wiki] for further information on how to use this Netbox Docker image properly.
The wiki covers advanced topics such as using files for secrets, configuring TLS, deployment to Kubernetes, monitoring and configuring LDAP. It covers advanced topics such as using files for secrets, deployment to Kubernetes, monitoring and configuring NAPALM or LDAP.
Our wiki is a community effort.
Feel free to correct errors, update outdated information or provide additional guides and insights.
[netbox-docker-wiki]: https://github.com/netbox-community/netbox-docker/wiki/ [netbox-docker-wiki]: https://github.com/netbox-community/netbox-docker/wiki/
## Getting Help ## Getting Help
Feel free to ask questions in our [GitHub Community][netbox-community] Feel free to ask questions in our [Github Community][netbox-community] or join [our Slack channel `#netbox-docker`][netbox-docker-slack] on the [Network To Code Slack][ntc-slack],
or [join our Slack][netbox-docker-slack] and ask [in our channel `#netbox-docker`][netbox-docker-slack-channel],
which is free to use and where there are almost always people online that can help you in the Slack channel. which is free to use and where there are almost always people online that can help you in the Slack channel.
If you need help with using NetBox or developing for it or against it's API If you need help with using Netbox or developing for it or against it's API you may find the `#netbox` channel on the same Slack instance very helpful.
you may find [the `#netbox` channel][netbox-slack-channel] on the same Slack instance very helpful.
[netbox-community]: https://github.com/netbox-community/netbox-docker/discussions [netbox-community]: https://github.com/netbox-community/netbox-docker/discussions
## Dependencies ## Dependencies
This project relies only on _Docker_ and _docker-compose_ meeting these requirements: This project relies only on *Docker* and *docker-compose* meeting these requirements:
* The _Docker version_ must be at least `20.10.10`. * The *Docker version* must be at least `17.05`.
* The _containerd version_ must be at least `1.5.6`. * The *docker-compose version* must be at least `1.17.0`.
* The _docker-compose version_ must be at least `1.28.0`.
To check the version installed on your system run `docker --version` and `docker compose version`. To check the version installed on your system run `docker --version` and `docker-compose --version`.
## Updating ## Use a Specific Netbox Version
The `docker-compose.yml` file is prepared to run a specific version of Netbox, instead of `latest`.
To use this feature, set and export the environment-variable `VERSION` before launching `docker-compose`, as shown below.
`VERSION` may be set to the name of
[any tag of the `netboxcommunity/netbox` Docker image on Docker Hub][netbox-dockerhub] or [Quay.io][netbox-quayio].
```bash
export VERSION=v2.7.1
docker-compose pull netbox
docker-compose up -d
```
You can also build a specific version of the Netbox Docker image yourself.
`VERSION` can be any valid [git ref][git-ref] in that case.
```bash
export VERSION=v2.7.1
./build.sh $VERSION
docker-compose up -d
```
[git-ref]: https://git-scm.com/book/en/v2/Git-Internals-Git-References
[netbox-github]: https://github.com/netbox-community/netbox/releases
## Breaking Changes
From time to time it might become necessary to re-engineer the structure of this setup.
Things like the `docker-compose.yml` file or your Kubernetes or OpenShift configurations have to be adjusted as a consequence.
Since November 2019 each image built from this repo contains a `org.opencontainers.image.version` label.
(The images contained labels since April 2018, although in November 2019 the labels' names changed.)
You can check the label of your local image by running `docker inspect netboxcommunity/netbox:v2.7.1 --format "{{json .Config.Labels}}"`.
Please read [the release notes][releases] carefully when updating to a new image version. Please read [the release notes][releases] carefully when updating to a new image version.
Note that the version of the NetBox Docker container image must stay in sync with the code.
If you update for the first time, be sure [to follow our _How To Update NetBox Docker_ guide in the wiki][netbox-docker-wiki-updating].
[releases]: https://github.com/netbox-community/netbox-docker/releases [releases]: https://github.com/netbox-community/netbox-docker/releases
[netbox-docker-wiki-updating]: https://github.com/netbox-community/netbox-docker/wiki/Updating
## Rebuilding the Image ## Rebuilding the Image
`./build.sh` can be used to rebuild the container image. See `./build.sh --help` for more information. `./build.sh` can be used to rebuild the Docker image. See `./build.sh --help` for more information.
For more details on custom builds [consult our wiki][netbox-docker-wiki-build]. For more details on custom builds [consult our wiki][netbox-docker-wiki-build].
@ -147,13 +151,14 @@ For more details on custom builds [consult our wiki][netbox-docker-wiki-build].
## Tests ## Tests
We have a test script. We have a test script.
It runs NetBox's own unit tests and ensures that all initializers work: It runs Netbox's own unit tests and ensures that all initializers work:
```bash ```bash
IMAGE=netboxcommunity/netbox:latest ./test.sh IMAGE=netboxcommunity/netbox:latest ./test.sh
``` ```
## Support ## About
This repository is currently maintained by the community. This repository is currently maintained and funded by [nxt][nxt].
Please consider sponsoring the maintainers of this project.
[nxt]: https://nxt.engineering/en/

2
VERSION
View File

@ -1 +1 @@
3.0.2 1.0.1

9
build-functions/check-commands.sh
View File

@ -1,9 +0,0 @@
#!/bin/bash
NEEDED_COMMANDS="curl jq docker skopeo"
for c in $NEEDED_COMMANDS; do
if ! command -v "$c" &>/dev/null; then
echo "⚠️ '$c' is not installed. Can't proceed with build."
exit 1
fi
done

8
build-functions/docker-functions.sh Normal file
View File

@ -0,0 +1,8 @@
#!/bin/bash
push_image_to_registry() {
local target_tag=$1
echo "⏫ Pushing '${target_tag}'"
$DRY docker push "${target_tag}"
echo "✅ Finished pushing the Docker image '${target_tag}'."
}

80
build-functions/get-public-image-config.sh
View File

@ -1,18 +1,82 @@
#!/bin/bash #!/bin/bash
# Retrieves image configuration from public images in DockerHub
check_if_tags_exists() { # Functions from https://gist.github.com/cirocosta/17ea17be7ac11594cb0f290b0a3ac0d1
local image=$1 # Optimised for our use case
local tag=$2
skopeo list-tags "docker://$image" | jq -r ".Tags | contains([\"$tag\"])"
}
get_image_label() { get_image_label() {
local label=$1 local label=$1
local image=$2 local image=$2
skopeo inspect "docker://$image" | jq -r ".Labels[\"$label\"]" local tag=$3
local token
token=$(_get_token "$image")
local digest
digest=$(_get_digest "$image" "$tag" "$token")
local retval="null"
if [ "$digest" != "null" ]; then
retval=$(_get_image_configuration "$image" "$token" "$digest" "$label")
fi
echo "$retval"
}
get_image_layers() {
local image=$1
local tag=$2
local token
token=$(_get_token "$image")
_get_layers "$image" "$tag" "$token"
} }
get_image_last_layer() { get_image_last_layer() {
local image=$1 local image=$1
skopeo inspect "docker://$image" | jq -r ".Layers | last" local tag=$2
local token
token=$(_get_token "$image")
local layers
mapfile -t layers < <(_get_layers "$image" "$tag" "$token")
echo "${layers[-1]}"
}
_get_image_configuration() {
local image=$1
local token=$2
local digest=$3
local label=$4
curl \
--silent \
--location \
--header "Authorization: Bearer $token" \
"https://registry-1.docker.io/v2/$image/blobs/$digest" \
| jq -r ".config.Labels.\"$label\""
}
_get_token() {
local image=$1
curl \
--silent \
"https://auth.docker.io/token?scope=repository:$image:pull&service=registry.docker.io" \
| jq -r '.token'
}
_get_digest() {
local image=$1
local tag=$2
local token=$3
curl \
--silent \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Authorization: Bearer $token" \
"https://registry-1.docker.io/v2/$image/manifests/$tag" \
| jq -r '.config.digest'
}
_get_layers() {
local image=$1
local tag=$2
local token=$3
curl \
--silent \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Authorization: Bearer $token" \
"https://registry-1.docker.io/v2/$image/manifests/$tag" \
| jq -r '.layers[].digest'
} }

32
build-functions/gh-functions.sh
View File

@ -1,32 +0,0 @@
#!/bin/bash
###
# A regular echo, that only prints if ${GH_ACTION} is defined.
###
gh_echo() {
if [ -n "${GH_ACTION}" ]; then
echo "${@}"
fi
}
###
# Prints the output to the file defined in ${GITHUB_ENV}.
# Only executes if ${GH_ACTION} is defined.
# Example Usage: gh_env "FOO_VAR=bar_value"
###
gh_env() {
if [ -n "${GH_ACTION}" ]; then
echo "${@}" >>"${GITHUB_ENV}"
fi
}
###
# Prints the output to the file defined in ${GITHUB_OUTPUT}.
# Only executes if ${GH_ACTION} is defined.
# Example Usage: gh_env "FOO_VAR=bar_value"
###
gh_out() {
if [ -n "${GH_ACTION}" ]; then
echo "${@}" >>"$GITHUB_OUTPUT"
fi
}

49
build-latest.sh
View File

@ -1,27 +1,18 @@
#!/bin/bash #!/bin/bash
# Builds the latest released version # Builds the latest released version
# Check if we have everything needed for the build
source ./build-functions/check-commands.sh
source ./build-functions/gh-functions.sh
echo "▶️ $0 $*" echo "▶️ $0 $*"
CURL_ARGS=(
--silent
)
### ###
# Checking for the presence of GITHUB_TOKEN # Checking for the presence of GITHUB_OAUTH_CLIENT_ID
# and GITHUB_OAUTH_CLIENT_SECRET
### ###
if [ -n "${GITHUB_TOKEN}" ]; then if [ -n "${GITHUB_OAUTH_CLIENT_ID}" ] && [ -n "${GITHUB_OAUTH_CLIENT_SECRET}" ]; then
echo "🗝 Performing authenticated Github API calls." echo "🗝 Performing authenticated Github API calls."
CURL_ARGS+=( GITHUB_OAUTH_PARAMS="client_id=${GITHUB_OAUTH_CLIENT_ID}&client_secret=${GITHUB_OAUTH_CLIENT_SECRET}"
--header "Authorization: Bearer ${GITHUB_TOKEN}"
)
else else
echo "🕶 Performing unauthenticated Github API calls. This might result in lower Github rate limits!" echo "🕶 Performing unauthenticated Github API calls. This might result in lower Github rate limits!"
GITHUB_OAUTH_PARAMS=""
fi fi
### ###
@ -43,36 +34,42 @@ fi
### ###
ORIGINAL_GITHUB_REPO="netbox-community/netbox" ORIGINAL_GITHUB_REPO="netbox-community/netbox"
GITHUB_REPO="${GITHUB_REPO-$ORIGINAL_GITHUB_REPO}" GITHUB_REPO="${GITHUB_REPO-$ORIGINAL_GITHUB_REPO}"
URL_RELEASES="https://api.github.com/repos/${GITHUB_REPO}/releases" URL_RELEASES="https://api.github.com/repos/${GITHUB_REPO}/releases?${GITHUB_OAUTH_PARAMS}"
# Composing the JQ commans to extract the most recent version number # Composing the JQ commans to extract the most recent version number
JQ_LATEST="group_by(.prerelease) | .[] | sort_by(.published_at) | reverse | .[0] | select(.prerelease==${PRERELEASE-false}) | .tag_name" JQ_LATEST="group_by(.prerelease) | .[] | sort_by(.published_at) | reverse | .[0] | select(.prerelease==${PRERELEASE-false}) | .tag_name"
CURL="curl" CURL="curl -sS"
# Querying the Github API to fetch the most recent version number # Querying the Github API to fetch the most recent version number
VERSION=$($CURL "${CURL_ARGS[@]}" "${URL_RELEASES}" | jq -r "${JQ_LATEST}" 2>/dev/null) VERSION=$($CURL "${URL_RELEASES}" | jq -r "${JQ_LATEST}")
### ###
# Check if the prerelease version is actually higher than stable version # Check if the prerelease version is actually higher than stable version
### ###
if [ "${PRERELEASE}" == "true" ]; then if [ "${PRERELEASE}" == "true" ]; then
JQ_STABLE="group_by(.prerelease) | .[] | sort_by(.published_at) | reverse | .[0] | select(.prerelease==false) | .tag_name" JQ_STABLE="group_by(.prerelease) | .[] | sort_by(.published_at) | reverse | .[0] | select(.prerelease==false) | .tag_name"
STABLE_VERSION=$($CURL "${CURL_ARGS[@]}" "${URL_RELEASES}" | jq -r "${JQ_STABLE}" 2>/dev/null) STABLE_VERSION=$($CURL "${URL_RELEASES}" | jq -r "${JQ_STABLE}")
MAJOR_STABLE=$(expr "${STABLE_VERSION}" : 'v\([0-9]\+\)') # shellcheck disable=SC2003
MINOR_STABLE=$(expr "${STABLE_VERSION}" : 'v[0-9]\+\.\([0-9]\+\)') MAJOR_STABLE=$(expr match "${STABLE_VERSION}" 'v\([0-9]\+\)')
MAJOR_UNSTABLE=$(expr "${VERSION}" : 'v\([0-9]\+\)') # shellcheck disable=SC2003
MINOR_UNSTABLE=$(expr "${VERSION}" : 'v[0-9]\+\.\([0-9]\+\)') MINOR_STABLE=$(expr match "${STABLE_VERSION}" 'v[0-9]\+\.\([0-9]\+\)')
# shellcheck disable=SC2003
MAJOR_UNSTABLE=$(expr match "${VERSION}" 'v\([0-9]\+\)')
# shellcheck disable=SC2003
MINOR_UNSTABLE=$(expr match "${VERSION}" 'v[0-9]\+\.\([0-9]\+\)')
if { if { [ "${MAJOR_STABLE}" -eq "${MAJOR_UNSTABLE}" ] \
[ "${MAJOR_STABLE}" -eq "${MAJOR_UNSTABLE}" ] && && [ "${MINOR_STABLE}" -ge "${MINOR_UNSTABLE}" ];
[ "${MINOR_STABLE}" -ge "${MINOR_UNSTABLE}" ]
} || [ "${MAJOR_STABLE}" -gt "${MAJOR_UNSTABLE}" ]; then } || [ "${MAJOR_STABLE}" -gt "${MAJOR_UNSTABLE}" ]; then
echo "❎ Latest unstable version '${VERSION}' is not higher than the latest stable version '$STABLE_VERSION'." echo "❎ Latest unstable version '${VERSION}' is not higher than the latest stable version '$STABLE_VERSION'."
if [ -z "$DEBUG" ]; then if [ -z "$DEBUG" ]; then
gh_out "skipped=true" if [ -n "${GH_ACTION}" ]; then
echo "::set-output name=skipped::true"
fi
exit 0 exit 0
else else
echo "⚠️ Would exit here with code '0', but DEBUG is enabled." echo "⚠️ Would exit here with code '0', but DEBUG is enabled."

39
build-next.sh Executable file
View File

@ -0,0 +1,39 @@
#!/bin/bash
# Builds develop, develop-* and master branches of Netbox
echo "▶️ $0 $*"
###
# Checking for the presence of GITHUB_OAUTH_CLIENT_ID
# and GITHUB_OAUTH_CLIENT_SECRET
###
if [ -n "${GITHUB_OAUTH_CLIENT_ID}" ] && [ -n "${GITHUB_OAUTH_CLIENT_SECRET}" ]; then
echo "🗝 Performing authenticated Github API calls."
GITHUB_OAUTH_PARAMS="client_id=${GITHUB_OAUTH_CLIENT_ID}&client_secret=${GITHUB_OAUTH_CLIENT_SECRET}"
else
echo "🕶 Performing unauthenticated Github API calls. This might result in lower Github rate limits!"
GITHUB_OAUTH_PARAMS=""
fi
###
# Calling Github to get the all branches
###
ORIGINAL_GITHUB_REPO="${SRC_ORG-netbox-community}/${SRC_REPO-netbox}"
GITHUB_REPO="${GITHUB_REPO-$ORIGINAL_GITHUB_REPO}"
URL_RELEASES="https://api.github.com/repos/${GITHUB_REPO}/branches?${GITHUB_OAUTH_PARAMS}"
# Composing the JQ commans to extract the most recent version number
JQ_NEXT='map(.name) | .[] | scan("^[^v].+") | match("^(develop-).*") | .string'
CURL="curl -sS"
# Querying the Github API to fetch all branches
NEXT=$($CURL "${URL_RELEASES}" | jq -r "$JQ_NEXT")
if [ -n "$NEXT" ]; then
# shellcheck disable=SC2068
./build.sh "${NEXT}" $@
else
echo "No branch matching 'develop-*' found"
echo "::set-output name=skipped::true"
fi

571
build.sh
View File

@ -1,136 +1,92 @@
#!/bin/bash #!/bin/bash
# Clones the NetBox repository with git from Github and builds the Dockerfile # Clones the Netbox repository with git from Github and builds the Dockerfile
echo "▶️ $0 $*" echo "▶️ $0 $*"
set -e set -e
if [ "${1}x" == "x" ] || [ "${1}" == "--help" ] || [ "${1}" == "-h" ]; then if [ "${1}x" == "x" ] || [ "${1}" == "--help" ] || [ "${1}" == "-h" ]; then
_BOLD=$(tput bold) echo "Usage: ${0} <branch> [--push|--push-only]"
_GREEN=$(tput setaf 2) echo " branch The branch or tag to build. Required."
_CYAN=$(tput setaf 6) echo " --push Pushes the built Docker image to the registry."
_CLEAR=$(tput sgr0) echo " --push-only Only pushes the Docker image to the registry, but does not build it."
echo ""
cat <<END_OF_HELP echo "You can use the following ENV variables to customize the build:"
${_BOLD}Usage:${_CLEAR} ${0} <branch> [--push] echo " SRC_ORG Which fork of netbox to use (i.e. github.com/\${SRC_ORG}/\${SRC_REPO})."
echo " Default: netbox-community"
branch The branch or tag to build. Required. echo " SRC_REPO The name of the repository to use (i.e. github.com/\${SRC_ORG}/\${SRC_REPO})."
--push Pushes the built container image to the registry. echo " Default: netbox"
echo " URL Where to fetch the code from."
${_BOLD}You can use the following ENV variables to customize the build:${_CLEAR} echo " Must be a git repository. Can be private."
echo " Default: https://github.com/\${SRC_ORG}/\${SRC_REPO}.git"
SRC_ORG Which fork of netbox to use (i.e. github.com/\${SRC_ORG}/\${SRC_REPO}). echo " NETBOX_PATH The path where netbox will be checkout out."
${_GREEN}Default:${_CLEAR} netbox-community echo " Must not be outside of the netbox-docker repository (because of Docker)!"
echo " Default: .netbox"
SRC_REPO The name of the repository to use (i.e. github.com/\${SRC_ORG}/\${SRC_REPO}). echo " SKIP_GIT If defined, git is not invoked and \${NETBOX_PATH} will not be altered."
${_GREEN}Default:${_CLEAR} netbox echo " This may be useful, if you are manually managing the NETBOX_PATH."
echo " Default: undefined"
URL Where to fetch the code from. echo " TAG The version part of the docker tag."
Must be a git repository. Can be private. echo " Default:"
${_GREEN}Default:${_CLEAR} https://github.com/\${SRC_ORG}/\${SRC_REPO}.git echo " When <branch>=master: latest"
echo " When <branch>=develop: snapshot"
NETBOX_PATH The path where netbox will be checkout out. echo " Else: same as <branch>"
Must not be outside of the netbox-docker repository (because of Docker)! echo " DOCKER_REGISTRY The Docker repository's registry (i.e. '\${DOCKER_REGISTRY}/\${DOCKER_ORG}/\${DOCKER_REPO}'')"
${_GREEN}Default:${_CLEAR} .netbox echo " Used for tagging the image."
echo " Default: docker.io"
SKIP_GIT If defined, git is not invoked and \${NETBOX_PATH} will not be altered. echo " DOCKER_ORG The Docker repository's organisation (i.e. '\${DOCKER_REGISTRY}/\${DOCKER_ORG}/\${DOCKER_REPO}'')"
This may be useful, if you are manually managing the NETBOX_PATH. echo " Used for tagging the image."
${_GREEN}Default:${_CLEAR} undefined echo " Default: netboxcommunity"
echo " DOCKER_REPO The Docker repository's name (i.e. '\${DOCKER_REGISTRY}/\${DOCKER_ORG}/\${DOCKER_REPO}'')"
TAG The version part of the image tag. echo " Used for tagging the image."
${_GREEN}Default:${_CLEAR} echo " Default: netbox"
When <branch>=master: latest echo " DOCKER_TAG The name of the tag which is applied to the image."
When <branch>=develop: snapshot echo " Useful for pushing into another registry than hub.docker.com."
Else: same as <branch> echo " Default: \${DOCKER_REGISTRY}/\${DOCKER_ORG}/\${DOCKER_REPO}:\${TAG}"
echo " DOCKER_SHORT_TAG The name of the short tag which is applied to the"
IMAGE_NAMES The names used for the image including the registry echo " image. This is used to tag all patch releases to their"
Used for tagging the image. echo " containing version e.g. v2.5.1 -> v2.5"
${_GREEN}Default:${_CLEAR} docker.io/netboxcommunity/netbox echo " Default: \${DOCKER_REGISTRY}/\${DOCKER_ORG}/\${DOCKER_REPO}:<MAJOR>.<MINOR>"
${_CYAN}Example:${_CLEAR} 'docker.io/netboxcommunity/netbox quay.io/netboxcommunity/netbox' echo " DOCKERFILE The name of Dockerfile to use."
echo " Default: Dockerfile"
DOCKER_TAG The name of the tag which is applied to the image. echo " DOCKER_FROM The base image to use."
Useful for pushing into another registry than hub.docker.com. echo " Default: 'alpine:3.13'"
${_GREEN}Default:${_CLEAR} \${DOCKER_REGISTRY}/\${DOCKER_ORG}/\${DOCKER_REPO}:\${TAG} echo " DOCKER_TARGET A specific target to build."
echo " It's currently not possible to pass multiple targets."
DOCKER_SHORT_TAG The name of the short tag which is applied to the echo " Default: main ldap"
image. This is used to tag all patch releases to their echo " HTTP_PROXY The proxy to use for http requests."
containing version e.g. v2.5.1 -> v2.5 echo " Example: http://proxy.domain.tld:3128"
${_GREEN}Default:${_CLEAR} \${DOCKER_REGISTRY}/\${DOCKER_ORG}/\${DOCKER_REPO}:<MAJOR>.<MINOR> echo " Default: undefined"
echo " NO_PROXY Comma-separated list of domain extensions proxy should not be used for."
DOCKERFILE The name of Dockerfile to use. echo " Example: .domain1.tld,.domain2.tld"
${_GREEN}Default:${_CLEAR} Dockerfile echo " Default: undefined"
echo " DEBUG If defined, the script does not stop when certain checks are unsatisfied."
DOCKER_FROM The base image to use. echo " Default: undefined"
${_GREEN}Default:${_CLEAR} 'ubuntu:24.04' echo " DRY_RUN Prints all build statements instead of running them."
echo " Default: undefined"
BUILDX_PLATFORMS echo " GH_ACTION If defined, special 'echo' statements are enabled that set the"
Specifies the platform(s) to build the image for. echo " following environment variables in Github Actions:"
${_CYAN}Example:${_CLEAR} 'linux/amd64,linux/arm64' echo " - FINAL_DOCKER_TAG: The final value of the DOCKER_TAG env variable"
${_GREEN}Default:${_CLEAR} 'linux/amd64' echo " Default: undefined"
echo ""
BUILDX_BUILDER_NAME echo "Examples:"
If defined, the image build will be assigned to the given builder. echo " ${0} master"
If you specify this variable, make sure that the builder exists. echo " This will fetch the latest 'master' branch, build a Docker Image and tag it"
If this value is not defined, a new builx builder with the directory name of the echo " 'netboxcommunity/netbox:latest'."
current directory (i.e. '$(basename "${PWD}")') is created." echo " ${0} develop"
${_CYAN}Example:${_CLEAR} 'clever_lovelace' echo " This will fetch the latest 'develop' branch, build a Docker Image and tag it"
${_GREEN}Default:${_CLEAR} undefined echo " 'netboxcommunity/netbox:snapshot'."
echo " ${0} v2.6.6"
BUILDX_REMOVE_BUILDER echo " This will fetch the 'v2.6.6' tag, build a Docker Image and tag it"
If defined (and only if BUILDX_BUILDER_NAME is undefined), echo " 'netboxcommunity/netbox:v2.6.6' and 'netboxcommunity/netbox:v2.6'."
then the buildx builder created by this script will be removed after use. echo " ${0} develop-2.7"
This is useful if you build NetBox Docker on an automated system that does echo " This will fetch the 'develop-2.7' branch, build a Docker Image and tag it"
not manage the builders for you. echo " 'netboxcommunity/netbox:develop-2.7'."
${_CYAN}Example:${_CLEAR} 'on' echo " SRC_ORG=cimnine ${0} feature-x"
${_GREEN}Default:${_CLEAR} undefined echo " This will fetch the 'feature-x' branch from https://github.com/cimnine/netbox.git,"
echo " build a Docker Image and tag it 'netboxcommunity/netbox:feature-x'."
HTTP_PROXY The proxy to use for http requests. echo " SRC_ORG=cimnine DOCKER_ORG=cimnine ${0} feature-x"
${_CYAN}Example:${_CLEAR} http://proxy.domain.tld:3128 echo " This will fetch the 'feature-x' branch from https://github.com/cimnine/netbox.git,"
${_GREEN}Default:${_CLEAR} undefined echo " build a Docker Image and tag it 'cimnine/netbox:feature-x'."
NO_PROXY Comma-separated list of domain extensions proxy should not be used for.
${_CYAN}Example:${_CLEAR} .domain1.tld,.domain2.tld
${_GREEN}Default:${_CLEAR} undefined
DEBUG If defined, the script does not stop when certain checks are unsatisfied.
${_GREEN}Default:${_CLEAR} undefined
DRY_RUN Prints all build statements instead of running them.
${_GREEN}Default:${_CLEAR} undefined
GH_ACTION If defined, special 'echo' statements are enabled that set the
following environment variables in Github Actions:
- FINAL_DOCKER_TAG: The final value of the DOCKER_TAG env variable
${_GREEN}Default:${_CLEAR} undefined
CHECK_ONLY Only checks if the build is needed and sets the GH Action output.
${_BOLD}Examples:${_CLEAR}
${0} master
This will fetch the latest 'master' branch, build a Docker Image and tag it
'netboxcommunity/netbox:latest'.
${0} develop
This will fetch the latest 'develop' branch, build a Docker Image and tag it
'netboxcommunity/netbox:snapshot'.
${0} v2.6.6
This will fetch the 'v2.6.6' tag, build a Docker Image and tag it
'netboxcommunity/netbox:v2.6.6' and 'netboxcommunity/netbox:v2.6'.
${0} develop-2.7
This will fetch the 'develop-2.7' branch, build a Docker Image and tag it
'netboxcommunity/netbox:develop-2.7'.
SRC_ORG=cimnine ${0} feature-x
This will fetch the 'feature-x' branch from https://github.com/cimnine/netbox.git,
build a Docker Image and tag it 'netboxcommunity/netbox:feature-x'.
SRC_ORG=cimnine DOCKER_ORG=cimnine ${0} feature-x
This will fetch the 'feature-x' branch from https://github.com/cimnine/netbox.git,
build a Docker Image and tag it 'cimnine/netbox:feature-x'.
END_OF_HELP
if [ "${1}x" == "x" ]; then if [ "${1}x" == "x" ]; then
exit 1 exit 1
@ -139,15 +95,6 @@ END_OF_HELP
fi fi
fi fi
# Check if we have everything needed for the build
source ./build-functions/check-commands.sh
# Load all build functions
source ./build-functions/get-public-image-config.sh
source ./build-functions/gh-functions.sh
IMAGE_NAMES="${IMAGE_NAMES-docker.io/netboxcommunity/netbox}"
IFS=' ' read -ra IMAGE_NAMES <<<"${IMAGE_NAMES}"
### ###
# Enabling dry-run mode # Enabling dry-run mode
### ###
@ -158,10 +105,8 @@ else
DRY="echo" DRY="echo"
fi fi
gh_echo "::group::⤵️ Fetching the NetBox source code"
### ###
# Variables for fetching the NetBox source # Variables for fetching the Netbox source
### ###
SRC_ORG="${SRC_ORG-netbox-community}" SRC_ORG="${SRC_ORG-netbox-community}"
SRC_REPO="${SRC_REPO-netbox}" SRC_REPO="${SRC_REPO-netbox}"
@ -170,23 +115,17 @@ URL="${URL-https://github.com/${SRC_ORG}/${SRC_REPO}.git}"
NETBOX_PATH="${NETBOX_PATH-.netbox}" NETBOX_PATH="${NETBOX_PATH-.netbox}"
### ###
# Fetching the NetBox source # Fetching the Netbox source
### ###
if [ "${2}" != "--push-only" ] && [ -z "${SKIP_GIT}" ]; then if [ "${2}" != "--push-only" ] && [ -z "${SKIP_GIT}" ] ; then
REMOTE_EXISTS=$(git ls-remote --heads --tags "${URL}" "${NETBOX_BRANCH}" | wc -l) echo "🌐 Checking out '${NETBOX_BRANCH}' of Netbox from the url '${URL}' into '${NETBOX_PATH}'"
if [ "${REMOTE_EXISTS}" == "0" ]; then
echo "❌ Remote branch '${NETBOX_BRANCH}' not found in '${URL}'; Nothing to do"
gh_out "skipped=true"
exit 0
fi
echo "🌐 Checking out '${NETBOX_BRANCH}' of NetBox from the url '${URL}' into '${NETBOX_PATH}'"
if [ ! -d "${NETBOX_PATH}" ]; then if [ ! -d "${NETBOX_PATH}" ]; then
$DRY git clone -q --depth 10 -b "${NETBOX_BRANCH}" "${URL}" "${NETBOX_PATH}" $DRY git clone -q --depth 10 -b "${NETBOX_BRANCH}" "${URL}" "${NETBOX_PATH}"
fi fi
( (
$DRY cd "${NETBOX_PATH}" $DRY cd "${NETBOX_PATH}"
# shellcheck disable=SC2030
if [ -n "${HTTP_PROXY}" ]; then if [ -n "${HTTP_PROXY}" ]; then
git config http.proxy "${HTTP_PROXY}" git config http.proxy "${HTTP_PROXY}"
fi fi
@ -196,12 +135,9 @@ if [ "${2}" != "--push-only" ] && [ -z "${SKIP_GIT}" ]; then
$DRY git checkout -qf FETCH_HEAD $DRY git checkout -qf FETCH_HEAD
$DRY git prune $DRY git prune
) )
echo "✅ Checked out NetBox" echo "✅ Checked out Netbox"
fi fi
gh_echo "::endgroup::"
gh_echo "::group::🧮 Calculating Values"
### ###
# Determining the value for DOCKERFILE # Determining the value for DOCKERFILE
# and checking whether it exists # and checking whether it exists
@ -221,7 +157,7 @@ fi
# Determining the value for DOCKER_FROM # Determining the value for DOCKER_FROM
### ###
if [ -z "$DOCKER_FROM" ]; then if [ -z "$DOCKER_FROM" ]; then
DOCKER_FROM="docker.io/ubuntu:24.04" DOCKER_FROM="alpine:3.13"
fi fi
### ###
@ -229,7 +165,7 @@ fi
### ###
BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M+00:00')" BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M+00:00')"
if [ -d ".git" ] && [ -z "${SKIP_GIT}" ]; then if [ -d ".git" ]; then
GIT_REF="$(git rev-parse HEAD)" GIT_REF="$(git rev-parse HEAD)"
fi fi
@ -237,19 +173,10 @@ fi
PROJECT_VERSION="${PROJECT_VERSION-$(sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' VERSION)}" PROJECT_VERSION="${PROJECT_VERSION-$(sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' VERSION)}"
# Get the Git information from the netbox directory # Get the Git information from the netbox directory
if [ -d "${NETBOX_PATH}/.git" ] && [ -z "${SKIP_GIT}" ]; then if [ -d "${NETBOX_PATH}/.git" ]; then
NETBOX_GIT_REF=$( NETBOX_GIT_REF=$(cd "${NETBOX_PATH}"; git rev-parse HEAD)
cd "${NETBOX_PATH}" NETBOX_GIT_BRANCH=$(cd "${NETBOX_PATH}"; git rev-parse --abbrev-ref HEAD)
git rev-parse HEAD NETBOX_GIT_URL=$(cd "${NETBOX_PATH}"; git remote get-url origin)
)
NETBOX_GIT_BRANCH=$(
cd "${NETBOX_PATH}"
git rev-parse --abbrev-ref HEAD
)
NETBOX_GIT_URL=$(
cd "${NETBOX_PATH}"
git remote get-url origin
)
fi fi
### ###
@ -259,84 +186,92 @@ DOCKER_REGISTRY="${DOCKER_REGISTRY-docker.io}"
DOCKER_ORG="${DOCKER_ORG-netboxcommunity}" DOCKER_ORG="${DOCKER_ORG-netboxcommunity}"
DOCKER_REPO="${DOCKER_REPO-netbox}" DOCKER_REPO="${DOCKER_REPO-netbox}"
case "${NETBOX_BRANCH}" in case "${NETBOX_BRANCH}" in
master) master)
TAG="${TAG-latest}" TAG="${TAG-latest}";;
;; develop)
develop) TAG="${TAG-snapshot}";;
TAG="${TAG-snapshot}" *)
;; TAG="${TAG-$NETBOX_BRANCH}";;
*)
TAG="${TAG-$NETBOX_BRANCH}"
;;
esac esac
### ###
# composing the final TARGET_DOCKER_TAG # Determine targets to build
### ###
TARGET_DOCKER_TAG="${DOCKER_TAG-${TAG}}" DEFAULT_DOCKER_TARGETS=("main" "ldap")
TARGET_DOCKER_TAG_PROJECT="${TARGET_DOCKER_TAG}-${PROJECT_VERSION}" DOCKER_TARGETS=( "${DOCKER_TARGET:-"${DEFAULT_DOCKER_TARGETS[@]}"}")
echo "🏭 Building the following targets:" "${DOCKER_TARGETS[@]}"
### ###
# composing the additional DOCKER_SHORT_TAG, # Build each target
# i.e. "v2.6.1" becomes "v2.6",
# which is only relevant for version tags
# Also let "latest" follow the highest version
### ###
if [[ "${TAG}" =~ ^v([0-9]+)\.([0-9]+)\.[0-9]+$ ]]; then export DOCKER_BUILDKIT=${DOCKER_BUILDKIT-1}
for DOCKER_TARGET in "${DOCKER_TARGETS[@]}"; do
echo "🏗 Building the target '${DOCKER_TARGET}'"
###
# composing the final TARGET_DOCKER_TAG
###
TARGET_DOCKER_TAG="${DOCKER_TAG-${DOCKER_REGISTRY}/${DOCKER_ORG}/${DOCKER_REPO}:${TAG}}"
if [ "${DOCKER_TARGET}" != "main" ]; then
TARGET_DOCKER_TAG="${TARGET_DOCKER_TAG}-${DOCKER_TARGET}"
fi
if [ -n "${GH_ACTION}" ]; then
echo "FINAL_DOCKER_TAG=${TARGET_DOCKER_TAG}" >> $GITHUB_ENV
echo "::set-output name=skipped::false"
fi
###
# composing the additional DOCKER_SHORT_TAG,
# i.e. "v2.6.1" becomes "v2.6",
# which is only relevant for version tags
# Also let "latest" follow the highest version
###
if [[ "${TAG}" =~ ^v([0-9]+)\.([0-9]+)\.[0-9]+$ ]]; then
MAJOR=${BASH_REMATCH[1]} MAJOR=${BASH_REMATCH[1]}
MINOR=${BASH_REMATCH[2]} MINOR=${BASH_REMATCH[2]}
TARGET_DOCKER_SHORT_TAG="${DOCKER_SHORT_TAG-v${MAJOR}.${MINOR}}" TARGET_DOCKER_SHORT_TAG="${DOCKER_SHORT_TAG-${DOCKER_REGISTRY}/${DOCKER_ORG}/${DOCKER_REPO}:v${MAJOR}.${MINOR}}"
TARGET_DOCKER_LATEST_TAG="latest" TARGET_DOCKER_LATEST_TAG="${DOCKER_REGISTRY}/${DOCKER_ORG}/${DOCKER_REPO}:latest"
TARGET_DOCKER_SHORT_TAG_PROJECT="${TARGET_DOCKER_SHORT_TAG}-${PROJECT_VERSION}"
TARGET_DOCKER_LATEST_TAG_PROJECT="${TARGET_DOCKER_LATEST_TAG}-${PROJECT_VERSION}"
fi
IMAGE_NAME_TAGS=() if [ "${DOCKER_TARGET}" != "main" ]; then
for IMAGE_NAME in "${IMAGE_NAMES[@]}"; do TARGET_DOCKER_SHORT_TAG="${TARGET_DOCKER_SHORT_TAG}-${DOCKER_TARGET}"
IMAGE_NAME_TAGS+=("${IMAGE_NAME}:${TARGET_DOCKER_TAG}") TARGET_DOCKER_LATEST_TAG="${TARGET_DOCKER_LATEST_TAG}-${DOCKER_TARGET}"
IMAGE_NAME_TAGS+=("${IMAGE_NAME}:${TARGET_DOCKER_TAG_PROJECT}") fi
done fi
if [ -n "${TARGET_DOCKER_SHORT_TAG}" ]; then
for IMAGE_NAME in "${IMAGE_NAMES[@]}"; do
IMAGE_NAME_TAGS+=("${IMAGE_NAME}:${TARGET_DOCKER_SHORT_TAG}")
IMAGE_NAME_TAGS+=("${IMAGE_NAME}:${TARGET_DOCKER_SHORT_TAG_PROJECT}")
IMAGE_NAME_TAGS+=("${IMAGE_NAME}:${TARGET_DOCKER_LATEST_TAG}")
IMAGE_NAME_TAGS+=("${IMAGE_NAME}:${TARGET_DOCKER_LATEST_TAG_PROJECT}")
done
fi
FINAL_DOCKER_TAG="${IMAGE_NAME_TAGS[0]}" ###
gh_env "FINAL_DOCKER_TAG=${IMAGE_NAME_TAGS[0]}" # Proceeding to buils stage, except if `--push-only` is passed
###
### if [ "${2}" != "--push-only" ] ; then
# Checking if the build is necessary, ###
# meaning build only if one of those values changed: # Checking if the build is necessary,
# - a new tag is beeing created # meaning build only if one of those values changed:
# - base image digest # - Python base image digest (Label: PYTHON_BASE_DIGEST)
# - netbox git ref (Label: netbox.git-ref) # - netbox git ref (Label: NETBOX_GIT_REF)
# - netbox-docker git ref (Label: org.opencontainers.image.revision) # - netbox-docker git ref (Label: org.label-schema.vcs-ref)
### ###
# Load information from registry (only for first registry in "IMAGE_NAMES") # Load information from registry (only for docker.io)
SHOULD_BUILD="false" SHOULD_BUILD="false"
BUILD_REASON="" BUILD_REASON=""
if [ -z "${GH_ACTION}" ]; then if [ -z "${GH_ACTION}" ]; then
# Asuming non Github builds should always proceed # Asuming non Github builds should always proceed
SHOULD_BUILD="true" SHOULD_BUILD="true"
BUILD_REASON="${BUILD_REASON} interactive" BUILD_REASON="${BUILD_REASON} interactive"
elif [ "false" == "$(check_if_tags_exists "${IMAGE_NAMES[0]}" "$TARGET_DOCKER_TAG")" ]; then elif [ "$DOCKER_REGISTRY" = "docker.io" ]; then
SHOULD_BUILD="true" source ./build-functions/get-public-image-config.sh
BUILD_REASON="${BUILD_REASON} newtag" IFS=':' read -ra DOCKER_FROM_SPLIT <<< "${DOCKER_FROM}"
else if ! [[ ${DOCKER_FROM_SPLIT[0]} =~ .*/.* ]]; then
echo "Checking labels for '${FINAL_DOCKER_TAG}'" # Need to use "library/..." for images the have no two part name
BASE_LAST_LAYER=$(get_image_last_layer "${DOCKER_FROM}") DOCKER_FROM_SPLIT[0]="library/${DOCKER_FROM_SPLIT[0]}"
OLD_BASE_LAST_LAYER=$(get_image_label netbox.last-base-image-layer "${FINAL_DOCKER_TAG}") fi
NETBOX_GIT_REF_OLD=$(get_image_label netbox.git-ref "${FINAL_DOCKER_TAG}") PYTHON_LAST_LAYER=$(get_image_last_layer "${DOCKER_FROM_SPLIT[0]}" "${DOCKER_FROM_SPLIT[1]}")
GIT_REF_OLD=$(get_image_label org.opencontainers.image.revision "${FINAL_DOCKER_TAG}") mapfile -t IMAGES_LAYERS_OLD < <(get_image_layers "${DOCKER_ORG}"/"${DOCKER_REPO}" "${TAG}")
NETBOX_GIT_REF_OLD=$(get_image_label NETBOX_GIT_REF "${DOCKER_ORG}"/"${DOCKER_REPO}" "${TAG}")
GIT_REF_OLD=$(get_image_label org.label-schema.vcs-ref "${DOCKER_ORG}"/"${DOCKER_REPO}" "${TAG}")
if [ "${BASE_LAST_LAYER}" != "${OLD_BASE_LAST_LAYER}" ]; then if ! printf '%s\n' "${IMAGES_LAYERS_OLD[@]}" | grep -q -P "^${PYTHON_LAST_LAYER}\$"; then
SHOULD_BUILD="true" SHOULD_BUILD="true"
BUILD_REASON="${BUILD_REASON} ubuntu" BUILD_REASON="${BUILD_REASON} alpine"
fi fi
if [ "${NETBOX_GIT_REF}" != "${NETBOX_GIT_REF_OLD}" ]; then if [ "${NETBOX_GIT_REF}" != "${NETBOX_GIT_REF_OLD}" ]; then
SHOULD_BUILD="true" SHOULD_BUILD="true"
@ -346,120 +281,92 @@ else
SHOULD_BUILD="true" SHOULD_BUILD="true"
BUILD_REASON="${BUILD_REASON} netbox-docker" BUILD_REASON="${BUILD_REASON} netbox-docker"
fi fi
fi else
SHOULD_BUILD="true"
if [ "${SHOULD_BUILD}" != "true" ]; then BUILD_REASON="${BUILD_REASON} no-check"
echo "Build skipped because sources didn't change" fi
gh_out "skipped=true" ###
exit 0 # Nothing to do -> exit # Composing all arguments for `docker build`
else ###
gh_out "skipped=false" DOCKER_BUILD_ARGS=(
fi
gh_echo "::endgroup::"
if [ "${CHECK_ONLY}" = "true" ]; then
echo "Only check if build needed was requested. Exiting"
exit 0
fi
###
# Build the image
###
gh_echo "::group::🏗 Building the image"
###
# Composing all arguments for `docker build`
###
DOCKER_BUILD_ARGS=(
--pull --pull
--target main --target "${DOCKER_TARGET}"
-f "${DOCKERFILE}" -f "${DOCKERFILE}"
) -t "${TARGET_DOCKER_TAG}"
for IMAGE_NAME in "${IMAGE_NAME_TAGS[@]}"; do )
DOCKER_BUILD_ARGS+=(-t "${IMAGE_NAME}") if [ -n "${TARGET_DOCKER_SHORT_TAG}" ]; then
done DOCKER_BUILD_ARGS+=( -t "${TARGET_DOCKER_SHORT_TAG}" )
DOCKER_BUILD_ARGS+=( -t "${TARGET_DOCKER_LATEST_TAG}" )
fi
# --label # --label
DOCKER_BUILD_ARGS+=(
--label "netbox.original-tag=${TARGET_DOCKER_TAG_PROJECT}"
--label "org.opencontainers.image.created=${BUILD_DATE}"
--label "org.opencontainers.image.version=${PROJECT_VERSION}"
)
if [ -d ".git" ] && [ -z "${SKIP_GIT}" ]; then
DOCKER_BUILD_ARGS+=( DOCKER_BUILD_ARGS+=(
--label "ORIGINAL_TAG=${TARGET_DOCKER_TAG}"
--label "org.label-schema.build-date=${BUILD_DATE}"
--label "org.opencontainers.image.created=${BUILD_DATE}"
--label "org.label-schema.version=${PROJECT_VERSION}"
--label "org.opencontainers.image.version=${PROJECT_VERSION}"
)
if [ -d ".git" ]; then
DOCKER_BUILD_ARGS+=(
--label "org.label-schema.vcs-ref=${GIT_REF}"
--label "org.opencontainers.image.revision=${GIT_REF}" --label "org.opencontainers.image.revision=${GIT_REF}"
) )
fi fi
if [ -d "${NETBOX_PATH}/.git" ] && [ -z "${SKIP_GIT}" ]; then if [ -d "${NETBOX_PATH}/.git" ]; then
DOCKER_BUILD_ARGS+=( DOCKER_BUILD_ARGS+=(
--label "netbox.git-branch=${NETBOX_GIT_BRANCH}" --label "NETBOX_GIT_BRANCH=${NETBOX_GIT_BRANCH}"
--label "netbox.git-ref=${NETBOX_GIT_REF}" --label "NETBOX_GIT_REF=${NETBOX_GIT_REF}"
--label "netbox.git-url=${NETBOX_GIT_URL}" --label "NETBOX_GIT_URL=${NETBOX_GIT_URL}"
) )
fi fi
if [ -n "${BUILD_REASON}" ]; then if [ -n "${BUILD_REASON}" ]; then
BUILD_REASON=$(sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' <<<"$BUILD_REASON") BUILD_REASON=$(sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' <<< "$BUILD_REASON")
DOCKER_BUILD_ARGS+=(--label "netbox.build-reason=${BUILD_REASON}") DOCKER_BUILD_ARGS+=( --label "BUILD_REASON=${BUILD_REASON}" )
DOCKER_BUILD_ARGS+=(--label "netbox.last-base-image-layer=${BASE_LAST_LAYER}") fi
fi
# --build-arg # --build-arg
DOCKER_BUILD_ARGS+=(--build-arg "NETBOX_PATH=${NETBOX_PATH}") DOCKER_BUILD_ARGS+=( --build-arg "NETBOX_PATH=${NETBOX_PATH}" )
if [ -n "${DOCKER_FROM}" ]; then if [ -n "${DOCKER_FROM}" ]; then
DOCKER_BUILD_ARGS+=(--build-arg "FROM=${DOCKER_FROM}") DOCKER_BUILD_ARGS+=( --build-arg "FROM=${DOCKER_FROM}" )
fi fi
# shellcheck disable=SC2031 if [ -n "${HTTP_PROXY}" ]; then
if [ -n "${HTTP_PROXY}" ]; then DOCKER_BUILD_ARGS+=( --build-arg "http_proxy=${HTTP_PROXY}" )
DOCKER_BUILD_ARGS+=(--build-arg "http_proxy=${HTTP_PROXY}") DOCKER_BUILD_ARGS+=( --build-arg "https_proxy=${HTTPS_PROXY}" )
DOCKER_BUILD_ARGS+=(--build-arg "https_proxy=${HTTPS_PROXY}") fi
fi if [ -n "${NO_PROXY}" ]; then
if [ -n "${NO_PROXY}" ]; then DOCKER_BUILD_ARGS+=( --build-arg "no_proxy=${NO_PROXY}" )
DOCKER_BUILD_ARGS+=(--build-arg "no_proxy=${NO_PROXY}") fi
fi
DOCKER_BUILD_ARGS+=(--platform "${BUILDX_PLATFORM-linux/amd64}") ###
if [ "${2}" == "--push" ]; then # Building the docker image
# output type=docker does not work with pushing ###
DOCKER_BUILD_ARGS+=( if [ "${SHOULD_BUILD}" == "true" ]; then
--output=type=image echo "🐳 Building the Docker image '${TARGET_DOCKER_TAG}'."
--push echo " Build reason set to: ${BUILD_REASON}"
) $DRY docker build "${DOCKER_BUILD_ARGS[@]}" .
else echo "✅ Finished building the Docker images '${TARGET_DOCKER_TAG}'"
DOCKER_BUILD_ARGS+=( echo "🔎 Inspecting labels on '${TARGET_DOCKER_TAG}'"
--output=type=docker $DRY docker inspect "${TARGET_DOCKER_TAG}" --format "{{json .Config.Labels}}"
) else
fi echo "Build skipped because sources didn't change"
echo "::set-output name=skipped::true"
fi
fi
### ###
# Building the docker image # Pushing the docker images if either `--push` or `--push-only` are passed
### ###
if [ -z "${BUILDX_BUILDER_NAME}" ]; then if [ "${2}" == "--push" ] || [ "${2}" == "--push-only" ] ; then
BUILDX_BUILDER_NAME="$(basename "${PWD}")" source ./build-functions/docker-functions.sh
fi push_image_to_registry "${TARGET_DOCKER_TAG}"
if ! docker buildx ls | grep --quiet --word-regexp "${BUILDX_BUILDER_NAME}"; then
echo "👷 Creating new Buildx Builder '${BUILDX_BUILDER_NAME}'"
$DRY docker buildx create --name "${BUILDX_BUILDER_NAME}"
BUILDX_BUILDER_CREATED="yes"
fi
echo "🐳 Building the Docker image '${TARGET_DOCKER_TAG_PROJECT}'." if [ -n "${TARGET_DOCKER_SHORT_TAG}" ]; then
echo " Build reason set to: ${BUILD_REASON}" push_image_to_registry "${TARGET_DOCKER_SHORT_TAG}"
$DRY docker buildx \ push_image_to_registry "${TARGET_DOCKER_LATEST_TAG}"
--builder "${BUILDX_BUILDER_NAME}" \ fi
build \ fi
"${DOCKER_BUILD_ARGS[@]}" \ done
.
echo "✅ Finished building the Docker images"
gh_echo "::endgroup::" # End group for Build
gh_echo "::group::🏗 Image Labels"
echo "🔎 Inspecting labels on '${IMAGE_NAME_TAGS[0]}'"
$DRY docker inspect "${IMAGE_NAME_TAGS[0]}" --format "{{json .Config.Labels}}" | jq
gh_echo "::endgroup::"
gh_echo "::group::🏗 Clean up"
if [ -n "${BUILDX_REMOVE_BUILDER}" ] && [ "${BUILDX_BUILDER_CREATED}" == "yes" ]; then
echo "👷 Removing Buildx Builder '${BUILDX_BUILDER_NAME}'"
$DRY docker buildx rm "${BUILDX_BUILDER_NAME}"
fi
gh_echo "::endgroup::"

302
configuration/configuration.py
View File

@ -5,19 +5,15 @@
#### ####
import re import re
from os.path import dirname, abspath, join
from os import environ from os import environ
from os.path import abspath, dirname, join
from typing import Any, Callable, Tuple
# For reference see https://docs.netbox.dev/en/stable/configuration/ # For reference see https://netbox.readthedocs.io/en/stable/configuration/
# Based on https://github.com/netbox-community/netbox/blob/develop/netbox/netbox/configuration_example.py # Based on https://github.com/netbox-community/netbox/blob/master/netbox/netbox/configuration.example.py
###
# NetBox-Docker Helper functions
###
# Read secret from file # Read secret from file
def _read_secret(secret_name: str, default: str | None = None) -> str | None: def _read_secret(secret_name, default = None):
try: try:
f = open('/run/secrets/' + secret_name, 'r', encoding='utf-8') f = open('/run/secrets/' + secret_name, 'r', encoding='utf-8')
except EnvironmentError: except EnvironmentError:
@ -26,25 +22,6 @@ def _read_secret(secret_name: str, default: str | None = None) -> str | None:
with f: with f:
return f.readline().strip() return f.readline().strip()
# If the `map_fn` isn't defined, then the value that is read from the environment (or the default value if not found) is returned.
# If the `map_fn` is defined, then `map_fn` is invoked and the value (that was read from the environment or the default value if not found)
# is passed to it as a parameter. The value returned from `map_fn` is then the return value of this function.
# The `map_fn` is not invoked, if the value (that was read from the environment or the default value if not found) is None.
def _environ_get_and_map(variable_name: str, default: str | None = None, map_fn: Callable[[str], Any | None] = None) -> Any | None:
env_value = environ.get(variable_name, default)
if env_value == None:
return env_value
if not map_fn:
return env_value
return map_fn(env_value)
_AS_BOOL = lambda value : value.lower() == 'true'
_AS_INT = lambda value : int(value)
_AS_LIST = lambda value : list(filter(None, value.split(' ')))
_BASE_DIR = dirname(dirname(abspath(__file__))) _BASE_DIR = dirname(dirname(abspath(__file__)))
######################### #########################
@ -58,9 +35,6 @@ _BASE_DIR = dirname(dirname(abspath(__file__)))
# #
# Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local'] # Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']
ALLOWED_HOSTS = environ.get('ALLOWED_HOSTS', '*').split(' ') ALLOWED_HOSTS = environ.get('ALLOWED_HOSTS', '*').split(' ')
# ensure that '*' or 'localhost' is always in ALLOWED_HOSTS (needed for health checks)
if '*' not in ALLOWED_HOSTS and 'localhost' not in ALLOWED_HOSTS:
ALLOWED_HOSTS.append('localhost')
# PostgreSQL database configuration. See the Django documentation for a complete list of available parameters: # PostgreSQL database configuration. See the Django documentation for a complete list of available parameters:
# https://docs.djangoproject.com/en/stable/ref/settings/#databases # https://docs.djangoproject.com/en/stable/ref/settings/#databases
@ -73,10 +47,8 @@ DATABASE = {
'PORT': environ.get('DB_PORT', ''), # Database port (leave blank for default) 'PORT': environ.get('DB_PORT', ''), # Database port (leave blank for default)
'OPTIONS': {'sslmode': environ.get('DB_SSLMODE', 'prefer')}, 'OPTIONS': {'sslmode': environ.get('DB_SSLMODE', 'prefer')},
# Database connection SSLMODE # Database connection SSLMODE
'CONN_MAX_AGE': _environ_get_and_map('DB_CONN_MAX_AGE', '300', _AS_INT), 'CONN_MAX_AGE': int(environ.get('DB_CONN_MAX_AGE', '300')),
# Max database connection age # Max database connection age
'DISABLE_SERVER_SIDE_CURSORS': _environ_get_and_map('DB_DISABLE_SERVER_SIDE_CURSORS', 'False', _AS_BOOL),
# Disable the use of server-side cursors transaction pooling
} }
# Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate # Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate
@ -85,26 +57,17 @@ DATABASE = {
REDIS = { REDIS = {
'tasks': { 'tasks': {
'HOST': environ.get('REDIS_HOST', 'localhost'), 'HOST': environ.get('REDIS_HOST', 'localhost'),
'PORT': _environ_get_and_map('REDIS_PORT', 6379, _AS_INT), 'PORT': int(environ.get('REDIS_PORT', 6379)),
'SENTINELS': [tuple(uri.split(':')) for uri in _environ_get_and_map('REDIS_SENTINELS', '', _AS_LIST) if uri != ''],
'SENTINEL_SERVICE': environ.get('REDIS_SENTINEL_SERVICE', 'default'),
'SENTINEL_TIMEOUT': _environ_get_and_map('REDIS_SENTINEL_TIMEOUT', 10, _AS_INT),
'USERNAME': environ.get('REDIS_USERNAME', ''),
'PASSWORD': _read_secret('redis_password', environ.get('REDIS_PASSWORD', '')), 'PASSWORD': _read_secret('redis_password', environ.get('REDIS_PASSWORD', '')),
'DATABASE': _environ_get_and_map('REDIS_DATABASE', 0, _AS_INT), 'DATABASE': int(environ.get('REDIS_DATABASE', 0)),
'SSL': _environ_get_and_map('REDIS_SSL', 'False', _AS_BOOL), 'SSL': environ.get('REDIS_SSL', 'False').lower() == 'true',
'INSECURE_SKIP_TLS_VERIFY': _environ_get_and_map('REDIS_INSECURE_SKIP_TLS_VERIFY', 'False', _AS_BOOL),
}, },
'caching': { 'caching': {
'HOST': environ.get('REDIS_CACHE_HOST', environ.get('REDIS_HOST', 'localhost')), 'HOST': environ.get('REDIS_CACHE_HOST', environ.get('REDIS_HOST', 'localhost')),
'PORT': _environ_get_and_map('REDIS_CACHE_PORT', environ.get('REDIS_PORT', '6379'), _AS_INT), 'PORT': int(environ.get('REDIS_CACHE_PORT', environ.get('REDIS_PORT', 6379))),
'SENTINELS': [tuple(uri.split(':')) for uri in _environ_get_and_map('REDIS_CACHE_SENTINELS', '', _AS_LIST) if uri != ''],
'SENTINEL_SERVICE': environ.get('REDIS_CACHE_SENTINEL_SERVICE', environ.get('REDIS_SENTINEL_SERVICE', 'default')),
'USERNAME': environ.get('REDIS_CACHE_USERNAME', environ.get('REDIS_USERNAME', '')),
'PASSWORD': _read_secret('redis_cache_password', environ.get('REDIS_CACHE_PASSWORD', environ.get('REDIS_PASSWORD', ''))), 'PASSWORD': _read_secret('redis_cache_password', environ.get('REDIS_CACHE_PASSWORD', environ.get('REDIS_PASSWORD', ''))),
'DATABASE': _environ_get_and_map('REDIS_CACHE_DATABASE', '1', _AS_INT), 'DATABASE': int(environ.get('REDIS_CACHE_DATABASE', 1)),
'SSL': _environ_get_and_map('REDIS_CACHE_SSL', environ.get('REDIS_SSL', 'False'), _AS_BOOL), 'SSL': environ.get('REDIS_CACHE_SSL', environ.get('REDIS_SSL', 'False')).lower() == 'true',
'INSECURE_SKIP_TLS_VERIFY': _environ_get_and_map('REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY', environ.get('REDIS_INSECURE_SKIP_TLS_VERIFY', 'False'), _AS_BOOL),
}, },
} }
@ -121,230 +84,165 @@ SECRET_KEY = _read_secret('secret_key', environ.get('SECRET_KEY', ''))
# # # #
######################### #########################
# # Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of # Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of
# # application errors (assuming correct email settings are provided). # application errors (assuming correct email settings are provided).
# ADMINS = [ ADMINS = [
# # ['John Doe', 'jdoe@example.com'], # ['John Doe', 'jdoe@example.com'],
# ] ]
if 'ALLOWED_URL_SCHEMES' in environ: # URL schemes that are allowed within links in NetBox
ALLOWED_URL_SCHEMES = _environ_get_and_map('ALLOWED_URL_SCHEMES', None, _AS_LIST) ALLOWED_URL_SCHEMES = (
'file', 'ftp', 'ftps', 'http', 'https', 'irc', 'mailto', 'sftp', 'ssh', 'tel', 'telnet', 'tftp', 'vnc', 'xmpp',
)
# Optionally display a persistent banner at the top and/or bottom of every page. HTML is allowed. To display the same # Optionally display a persistent banner at the top and/or bottom of every page. HTML is allowed. To display the same
# content in both banners, define BANNER_TOP and set BANNER_BOTTOM = BANNER_TOP. # content in both banners, define BANNER_TOP and set BANNER_BOTTOM = BANNER_TOP.
if 'BANNER_TOP' in environ: BANNER_TOP = environ.get('BANNER_TOP', '')
BANNER_TOP = environ.get('BANNER_TOP', None) BANNER_BOTTOM = environ.get('BANNER_BOTTOM', '')
if 'BANNER_BOTTOM' in environ:
BANNER_BOTTOM = environ.get('BANNER_BOTTOM', None)
# Text to include on the login page above the login form. HTML is allowed. # Text to include on the login page above the login form. HTML is allowed.
if 'BANNER_LOGIN' in environ: BANNER_LOGIN = environ.get('BANNER_LOGIN', '')
BANNER_LOGIN = environ.get('BANNER_LOGIN', None)
# Base URL path if accessing NetBox within a directory. For example, if installed at http://example.com/netbox/, set:
# BASE_PATH = 'netbox/'
BASE_PATH = environ.get('BASE_PATH', '')
# Cache timeout in seconds. Set to 0 to dissable caching. Defaults to 900 (15 minutes)
CACHE_TIMEOUT = int(environ.get('CACHE_TIMEOUT', 900))
# Maximum number of days to retain logged changes. Set to 0 to retain changes indefinitely. (Default: 90) # Maximum number of days to retain logged changes. Set to 0 to retain changes indefinitely. (Default: 90)
if 'CHANGELOG_RETENTION' in environ: CHANGELOG_RETENTION = int(environ.get('CHANGELOG_RETENTION', 90))
CHANGELOG_RETENTION = _environ_get_and_map('CHANGELOG_RETENTION', None, _AS_INT)
# Maximum number of days to retain job results (scripts and reports). Set to 0 to retain job results in the database indefinitely. (Default: 90)
if 'JOB_RETENTION' in environ:
JOB_RETENTION = _environ_get_and_map('JOB_RETENTION', None, _AS_INT)
# JOBRESULT_RETENTION was renamed to JOB_RETENTION in the v3.5.0 release of NetBox. For backwards compatibility, map JOBRESULT_RETENTION to JOB_RETENTION
elif 'JOBRESULT_RETENTION' in environ:
JOB_RETENTION = _environ_get_and_map('JOBRESULT_RETENTION', None, _AS_INT)
# API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be # API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be
# allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or # allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or
# CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers # CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers
CORS_ORIGIN_ALLOW_ALL = _environ_get_and_map('CORS_ORIGIN_ALLOW_ALL', 'False', _AS_BOOL) CORS_ORIGIN_ALLOW_ALL = environ.get('CORS_ORIGIN_ALLOW_ALL', 'False').lower() == 'true'
CORS_ORIGIN_WHITELIST = _environ_get_and_map('CORS_ORIGIN_WHITELIST', 'https://localhost', _AS_LIST) CORS_ORIGIN_WHITELIST = list(filter(None, environ.get('CORS_ORIGIN_WHITELIST', 'https://localhost').split(' ')))
CORS_ORIGIN_REGEX_WHITELIST = [re.compile(r) for r in _environ_get_and_map('CORS_ORIGIN_REGEX_WHITELIST', '', _AS_LIST)] CORS_ORIGIN_REGEX_WHITELIST = [re.compile(r) for r in list(filter(None, environ.get('CORS_ORIGIN_REGEX_WHITELIST', '').split(' ')))]
# Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal # Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal
# sensitive information about your installation. Only enable debugging while performing testing. # sensitive information about your installation. Only enable debugging while performing testing. Never enable debugging
# Never enable debugging on a production system. # on a production system.
DEBUG = _environ_get_and_map('DEBUG', 'False', _AS_BOOL) DEBUG = environ.get('DEBUG', 'False').lower() == 'true'
# This parameter serves as a safeguard to prevent some potentially dangerous behavior,
# such as generating new database schema migrations.
# Set this to True only if you are actively developing the NetBox code base.
DEVELOPER = _environ_get_and_map('DEVELOPER', 'False', _AS_BOOL)
# Email settings # Email settings
EMAIL = { EMAIL = {
'SERVER': environ.get('EMAIL_SERVER', 'localhost'), 'SERVER': environ.get('EMAIL_SERVER', 'localhost'),
'PORT': _environ_get_and_map('EMAIL_PORT', 25, _AS_INT), 'PORT': int(environ.get('EMAIL_PORT', 25)),
'USERNAME': environ.get('EMAIL_USERNAME', ''), 'USERNAME': environ.get('EMAIL_USERNAME', ''),
'PASSWORD': _read_secret('email_password', environ.get('EMAIL_PASSWORD', '')), 'PASSWORD': _read_secret('email_password', environ.get('EMAIL_PASSWORD', '')),
'USE_SSL': _environ_get_and_map('EMAIL_USE_SSL', 'False', _AS_BOOL), 'USE_SSL': environ.get('EMAIL_USE_SSL', 'False').lower() == 'true',
'USE_TLS': _environ_get_and_map('EMAIL_USE_TLS', 'False', _AS_BOOL), 'USE_TLS': environ.get('EMAIL_USE_TLS', 'False').lower() == 'true',
'SSL_CERTFILE': environ.get('EMAIL_SSL_CERTFILE', ''), 'SSL_CERTFILE': environ.get('EMAIL_SSL_CERTFILE', ''),
'SSL_KEYFILE': environ.get('EMAIL_SSL_KEYFILE', ''), 'SSL_KEYFILE': environ.get('EMAIL_SSL_KEYFILE', ''),
'TIMEOUT': _environ_get_and_map('EMAIL_TIMEOUT', 10, _AS_INT), # seconds 'TIMEOUT': int(environ.get('EMAIL_TIMEOUT', 10)), # seconds
'FROM_EMAIL': environ.get('EMAIL_FROM', ''), 'FROM_EMAIL': environ.get('EMAIL_FROM', ''),
} }
# Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce unique IP space within the global table # Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce unique IP space within the global table
# (all prefixes and IP addresses not assigned to a VRF), set ENFORCE_GLOBAL_UNIQUE to True. # (all prefixes and IP addresses not assigned to a VRF), set ENFORCE_GLOBAL_UNIQUE to True.
if 'ENFORCE_GLOBAL_UNIQUE' in environ: ENFORCE_GLOBAL_UNIQUE = environ.get('ENFORCE_GLOBAL_UNIQUE', 'False').lower() == 'true'
ENFORCE_GLOBAL_UNIQUE = _environ_get_and_map('ENFORCE_GLOBAL_UNIQUE', None, _AS_BOOL)
# By default, netbox sends census reporting data using a single HTTP request each time a worker starts.
# This data enables the project maintainers to estimate how many NetBox deployments exist and track the adoption of new versions over time.
# The only data reported by this function are the NetBox version, Python version, and a pseudorandom unique identifier.
# To opt out of census reporting, set CENSUS_REPORTING_ENABLED to False.
if 'CENSUS_REPORTING_ENABLED' in environ:
CENSUS_REPORTING_ENABLED = _environ_get_and_map('CENSUS_REPORTING_ENABLED', None, _AS_BOOL)
# Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and # Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and
# by anonymous users. List models in the form `<app>.<model>`. Add '*' to this list to exempt all models. # by anonymous users. List models in the form `<app>.<model>`. Add '*' to this list to exempt all models.
EXEMPT_VIEW_PERMISSIONS = _environ_get_and_map('EXEMPT_VIEW_PERMISSIONS', '', _AS_LIST) EXEMPT_VIEW_PERMISSIONS = list(filter(None, environ.get('EXEMPT_VIEW_PERMISSIONS', '').split(' ')))
# HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks). # Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs:
HTTP_PROXIES = { # https://docs.djangoproject.com/en/stable/topics/logging/
'http': environ.get('HTTP_PROXY', None), LOGGING = {}
'https': environ.get('HTTPS_PROXY', None),
}
# IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing # Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users
# NetBox from an internal IP. # are permitted to access most data in NetBox (excluding secrets) but not make any changes.
INTERNAL_IPS = _environ_get_and_map('INTERNAL_IPS', '127.0.0.1 ::1', _AS_LIST) LOGIN_REQUIRED = environ.get('LOGIN_REQUIRED', 'False').lower() == 'true'
# Enable GraphQL API.
if 'GRAPHQL_ENABLED' in environ:
GRAPHQL_ENABLED = _environ_get_and_map('GRAPHQL_ENABLED', None, _AS_BOOL)
# # Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs:
# # https://docs.djangoproject.com/en/stable/topics/logging/
# LOGGING = {}
# Automatically reset the lifetime of a valid session upon each authenticated request. Enables users to remain
# authenticated to NetBox indefinitely.
LOGIN_PERSISTENCE = _environ_get_and_map('LOGIN_PERSISTENCE', 'False', _AS_BOOL)
# When enabled, only authenticated users are permitted to access any part of NetBox.
# Disabling this will allow unauthenticated users to access most areas of NetBox (but not make any changes).
LOGIN_REQUIRED = _environ_get_and_map('LOGIN_REQUIRED', 'True', _AS_BOOL)
# The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to # The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to
# re-authenticate. (Default: 1209600 [14 days]) # re-authenticate. (Default: 1209600 [14 days])
LOGIN_TIMEOUT = _environ_get_and_map('LOGIN_TIMEOUT', 1209600, _AS_INT) LOGIN_TIMEOUT = int(environ.get('LOGIN_TIMEOUT', 1209600))
# Setting this to True will display a "maintenance mode" banner at the top of every page. # Setting this to True will display a "maintenance mode" banner at the top of every page.
if 'MAINTENANCE_MODE' in environ: MAINTENANCE_MODE = environ.get('MAINTENANCE_MODE', 'False').lower() == 'true'
MAINTENANCE_MODE = _environ_get_and_map('MAINTENANCE_MODE', None, _AS_BOOL)
# Maps provider
if 'MAPS_URL' in environ:
MAPS_URL = environ.get('MAPS_URL', None)
# An API consumer can request an arbitrary number of objects =by appending the "limit" parameter to the URL (e.g. # An API consumer can request an arbitrary number of objects =by appending the "limit" parameter to the URL (e.g.
# "?limit=1000"). This setting defines the maximum limit. Setting it to 0 or None will allow an API consumer to request # "?limit=1000"). This setting defines the maximum limit. Setting it to 0 or None will allow an API consumer to request
# all objects by specifying "?limit=0". # all objects by specifying "?limit=0".
if 'MAX_PAGE_SIZE' in environ: MAX_PAGE_SIZE = int(environ.get('MAX_PAGE_SIZE', 1000))
MAX_PAGE_SIZE = _environ_get_and_map('MAX_PAGE_SIZE', None, _AS_INT)
# The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. Note that # The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. Note that
# the default value of this setting is derived from the installed location. # the default value of this setting is derived from the installed location.
MEDIA_ROOT = environ.get('MEDIA_ROOT', join(_BASE_DIR, 'media')) MEDIA_ROOT = environ.get('MEDIA_ROOT', join(_BASE_DIR, 'media'))
# Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics' # Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics'
METRICS_ENABLED = _environ_get_and_map('METRICS_ENABLED', 'False', _AS_BOOL) METRICS_ENABLED = environ.get('METRICS_ENABLED', 'False').lower() == 'true'
# Credentials that NetBox will uses to authenticate to devices when connecting via NAPALM.
NAPALM_USERNAME = environ.get('NAPALM_USERNAME', '')
NAPALM_PASSWORD = _read_secret('napalm_password', environ.get('NAPALM_PASSWORD', ''))
# NAPALM timeout (in seconds). (Default: 30)
NAPALM_TIMEOUT = int(environ.get('NAPALM_TIMEOUT', 30))
# NAPALM optional arguments (see http://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must
# be provided as a dictionary.
NAPALM_ARGS = {}
# Determine how many objects to display per page within a list. (Default: 50) # Determine how many objects to display per page within a list. (Default: 50)
if 'PAGINATE_COUNT' in environ: PAGINATE_COUNT = int(environ.get('PAGINATE_COUNT', 50))
PAGINATE_COUNT = _environ_get_and_map('PAGINATE_COUNT', None, _AS_INT)
# # Enable installed plugins. Add the name of each plugin to the list. # Enable installed plugins. Add the name of each plugin to the list.
# PLUGINS = [] PLUGINS = []
# # Plugins configuration settings. These settings are used by various plugins that the user may have installed. # Plugins configuration settings. These settings are used by various plugins that the user may have installed.
# # Each key in the dictionary is the name of an installed plugin and its value is a dictionary of settings. # Each key in the dictionary is the name of an installed plugin and its value is a dictionary of settings.
# PLUGINS_CONFIG = { PLUGINS_CONFIG = {
# } }
# When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to True to # When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to True to
# prefer IPv4 instead. # prefer IPv4 instead.
if 'PREFER_IPV4' in environ: PREFER_IPV4 = environ.get('PREFER_IPV4', 'False').lower() == 'true'
PREFER_IPV4 = _environ_get_and_map('PREFER_IPV4', None, _AS_BOOL)
# The default value for the amperage field when creating new power feeds.
if 'POWERFEED_DEFAULT_AMPERAGE' in environ:
POWERFEED_DEFAULT_AMPERAGE = _environ_get_and_map('POWERFEED_DEFAULT_AMPERAGE', None, _AS_INT)
# The default value (percentage) for the max_utilization field when creating new power feeds.
if 'POWERFEED_DEFAULT_MAX_UTILIZATION' in environ:
POWERFEED_DEFAULT_MAX_UTILIZATION = _environ_get_and_map('POWERFEED_DEFAULT_MAX_UTILIZATION', None, _AS_INT)
# The default value for the voltage field when creating new power feeds.
if 'POWERFEED_DEFAULT_VOLTAGE' in environ:
POWERFEED_DEFAULT_VOLTAGE = _environ_get_and_map('POWERFEED_DEFAULT_VOLTAGE', None, _AS_INT)
# Rack elevation size defaults, in pixels. For best results, the ratio of width to height should be roughly 10:1. # Rack elevation size defaults, in pixels. For best results, the ratio of width to height should be roughly 10:1.
if 'RACK_ELEVATION_DEFAULT_UNIT_HEIGHT' in environ: RACK_ELEVATION_DEFAULT_UNIT_HEIGHT = int(environ.get('RACK_ELEVATION_DEFAULT_UNIT_HEIGHT', 22))
RACK_ELEVATION_DEFAULT_UNIT_HEIGHT = _environ_get_and_map('RACK_ELEVATION_DEFAULT_UNIT_HEIGHT', None, _AS_INT) RACK_ELEVATION_DEFAULT_UNIT_WIDTH = int(environ.get('RACK_ELEVATION_DEFAULT_UNIT_WIDTH', 220))
if 'RACK_ELEVATION_DEFAULT_UNIT_WIDTH' in environ:
RACK_ELEVATION_DEFAULT_UNIT_WIDTH = _environ_get_and_map('RACK_ELEVATION_DEFAULT_UNIT_WIDTH', None, _AS_INT)
# Remote authentication support # Remote authentication support
REMOTE_AUTH_AUTO_CREATE_GROUPS = _environ_get_and_map('REMOTE_AUTH_AUTO_CREATE_GROUPS', 'False', _AS_BOOL) REMOTE_AUTH_ENABLED = environ.get('REMOTE_AUTH_ENABLED', 'False').lower() == 'true'
REMOTE_AUTH_AUTO_CREATE_USER = _environ_get_and_map('REMOTE_AUTH_AUTO_CREATE_USER', 'False', _AS_BOOL) REMOTE_AUTH_BACKEND = environ.get('REMOTE_AUTH_BACKEND', 'netbox.authentication.RemoteUserBackend')
REMOTE_AUTH_BACKEND = _environ_get_and_map('REMOTE_AUTH_BACKEND', 'netbox.authentication.RemoteUserBackend', _AS_LIST)
REMOTE_AUTH_DEFAULT_GROUPS = _environ_get_and_map('REMOTE_AUTH_DEFAULT_GROUPS', '', _AS_LIST)
# REMOTE_AUTH_DEFAULT_PERMISSIONS = {} # dicts can't be configured via environment variables. See extra.py instead.
REMOTE_AUTH_ENABLED = _environ_get_and_map('REMOTE_AUTH_ENABLED', 'False', _AS_BOOL)
REMOTE_AUTH_GROUP_HEADER = _environ_get_and_map('REMOTE_AUTH_GROUP_HEADER', 'HTTP_REMOTE_USER_GROUP')
REMOTE_AUTH_GROUP_SEPARATOR = _environ_get_and_map('REMOTE_AUTH_GROUP_SEPARATOR', '|')
REMOTE_AUTH_GROUP_SYNC_ENABLED = _environ_get_and_map('REMOTE_AUTH_GROUP_SYNC_ENABLED', 'False', _AS_BOOL)
REMOTE_AUTH_HEADER = environ.get('REMOTE_AUTH_HEADER', 'HTTP_REMOTE_USER') REMOTE_AUTH_HEADER = environ.get('REMOTE_AUTH_HEADER', 'HTTP_REMOTE_USER')
REMOTE_AUTH_USER_EMAIL = environ.get('REMOTE_AUTH_USER_EMAIL', 'HTTP_REMOTE_USER_EMAIL') REMOTE_AUTH_AUTO_CREATE_USER = environ.get('REMOTE_AUTH_AUTO_CREATE_USER', 'True').lower() == 'true'
REMOTE_AUTH_USER_FIRST_NAME = environ.get('REMOTE_AUTH_USER_FIRST_NAME', 'HTTP_REMOTE_USER_FIRST_NAME') REMOTE_AUTH_DEFAULT_GROUPS = list(filter(None, environ.get('REMOTE_AUTH_DEFAULT_GROUPS', '').split(' ')))
REMOTE_AUTH_USER_LAST_NAME = environ.get('REMOTE_AUTH_USER_LAST_NAME', 'HTTP_REMOTE_USER_LAST_NAME')
REMOTE_AUTH_SUPERUSER_GROUPS = _environ_get_and_map('REMOTE_AUTH_SUPERUSER_GROUPS', '', _AS_LIST) # This determines how often the GitHub API is called to check the latest release of NetBox. Must be at least 1 hour.
REMOTE_AUTH_SUPERUSERS = _environ_get_and_map('REMOTE_AUTH_SUPERUSERS', '', _AS_LIST) RELEASE_CHECK_TIMEOUT = int(environ.get('RELEASE_CHECK_TIMEOUT', 24 * 3600))
REMOTE_AUTH_STAFF_GROUPS = _environ_get_and_map('REMOTE_AUTH_STAFF_GROUPS', '', _AS_LIST)
REMOTE_AUTH_STAFF_USERS = _environ_get_and_map('REMOTE_AUTH_STAFF_USERS', '', _AS_LIST)
# This repository is used to check whether there is a new release of NetBox available. Set to None to disable the # This repository is used to check whether there is a new release of NetBox available. Set to None to disable the
# version check or use the URL below to check for release in the official NetBox repository. # version check or use the URL below to check for release in the official NetBox repository.
# https://api.github.com/repos/netbox-community/netbox/releases
RELEASE_CHECK_URL = environ.get('RELEASE_CHECK_URL', None) RELEASE_CHECK_URL = environ.get('RELEASE_CHECK_URL', None)
# RELEASE_CHECK_URL = 'https://api.github.com/repos/netbox-community/netbox/releases'
# The file path where custom reports will be stored. A trailing slash is not needed. Note that the default value of
# this setting is derived from the installed location.
REPORTS_ROOT = environ.get('REPORTS_ROOT', '/etc/netbox/reports')
# Maximum execution time for background tasks, in seconds. # Maximum execution time for background tasks, in seconds.
RQ_DEFAULT_TIMEOUT = _environ_get_and_map('RQ_DEFAULT_TIMEOUT', 300, _AS_INT) RQ_DEFAULT_TIMEOUT = int(environ.get('RQ_DEFAULT_TIMEOUT', 300))
# The name to use for the csrf token cookie. # The file path where custom scripts will be stored. A trailing slash is not needed. Note that the default value of
CSRF_COOKIE_NAME = environ.get('CSRF_COOKIE_NAME', 'csrftoken') # this setting is derived from the installed location.
SCRIPTS_ROOT = environ.get('SCRIPTS_ROOT', '/etc/netbox/scripts')
# Cross-Site-Request-Forgery-Attack settings. If Netbox is sitting behind a reverse proxy, you might need to set the CSRF_TRUSTED_ORIGINS flag.
# Django 4.0 requires to specify the URL Scheme in this setting. An example environment variable could be specified like:
# CSRF_TRUSTED_ORIGINS=https://demo.netbox.dev http://demo.netbox.dev
CSRF_TRUSTED_ORIGINS = _environ_get_and_map('CSRF_TRUSTED_ORIGINS', '', _AS_LIST)
# The name to use for the session cookie.
SESSION_COOKIE_NAME = environ.get('SESSION_COOKIE_NAME', 'sessionid')
# If true, the `includeSubDomains` directive will be included in the HTTP Strict Transport Security (HSTS) header.
# This directive instructs the browser to apply the HSTS policy to all subdomains of the current domain.
SECURE_HSTS_INCLUDE_SUBDOMAINS = _environ_get_and_map('SECURE_HSTS_INCLUDE_SUBDOMAINS', 'False', _AS_BOOL)
# If true, the `preload` directive will be included in the HTTP Strict Transport Security (HSTS) header.
# This directive instructs the browser to preload the site in HTTPS. Browsers that use the HSTS preload list will force the
# site to be accessed via HTTPS even if the user types HTTP in the address bar.
SECURE_HSTS_PRELOAD = _environ_get_and_map('SECURE_HSTS_PRELOAD', 'False', _AS_BOOL)
# If set to a non-zero integer value, the SecurityMiddleware sets the HTTP Strict Transport Security (HSTS) header on all
# responses that do not already have it. This will instruct the browser that the website must be accessed via HTTPS,
# blocking any HTTP request.
SECURE_HSTS_SECONDS = _environ_get_and_map('SECURE_HSTS_SECONDS', 0, _AS_INT)
# If true, all non-HTTPS requests will be automatically redirected to use HTTPS.
SECURE_SSL_REDIRECT = _environ_get_and_map('SECURE_SSL_REDIRECT', 'False', _AS_BOOL)
# By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use # By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use
# local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only # local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only
# database access.) Note that the user as which NetBox runs must have read and write permissions to this path. # database access.) Note that the user as which NetBox runs must have read and write permissions to this path.
SESSION_FILE_PATH = environ.get('SESSION_FILE_PATH', environ.get('SESSIONS_ROOT', None)) SESSION_FILE_PATH = environ.get('SESSIONS_ROOT', None)
# Time zone (default: UTC) # Time zone (default: UTC)
TIME_ZONE = environ.get('TIME_ZONE', 'UTC') TIME_ZONE = environ.get('TIME_ZONE', 'UTC')
# Date/time formatting. See the following link for supported formats:
# https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date
DATE_FORMAT = environ.get('DATE_FORMAT', 'N j, Y')
SHORT_DATE_FORMAT = environ.get('SHORT_DATE_FORMAT', 'Y-m-d')
TIME_FORMAT = environ.get('TIME_FORMAT', 'g:i a')
SHORT_TIME_FORMAT = environ.get('SHORT_TIME_FORMAT', 'H:i:s')
DATETIME_FORMAT = environ.get('DATETIME_FORMAT', 'N j, Y g:i a')
SHORT_DATETIME_FORMAT = environ.get('SHORT_DATETIME_FORMAT', 'Y-m-d H:i')

6
configuration/extra.py
View File

@ -15,6 +15,12 @@
# 'file', 'ftp', 'ftps', 'http', 'https', 'irc', 'mailto', 'sftp', 'ssh', 'tel', 'telnet', 'tftp', 'vnc', 'xmpp', # 'file', 'ftp', 'ftps', 'http', 'https', 'irc', 'mailto', 'sftp', 'ssh', 'tel', 'telnet', 'tftp', 'vnc', 'xmpp',
# ) # )
## NAPALM optional arguments (see http://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must
## be provided as a dictionary.
# NAPALM_ARGS = {}
## Enable installed plugins. Add the name of each plugin to the list. ## Enable installed plugins. Add the name of each plugin to the list.
# from netbox.configuration.configuration import PLUGINS # from netbox.configuration.configuration import PLUGINS
# PLUGINS.append('my_plugin') # PLUGINS.append('my_plugin')

28
configuration/ldap/extra.py
View File

@ -1,28 +0,0 @@
####
## This file contains extra configuration options that can't be configured
## directly through environment variables.
## All vairables set here overwrite any existing found in ldap_config.py
####
# # This Python script inherits all the imports from ldap_config.py
# from django_auth_ldap.config import LDAPGroupQuery # Imported since not in ldap_config.py
# # Sets a base requirement of membetship to netbox-user-ro, netbox-user-rw, or netbox-user-admin.
# AUTH_LDAP_REQUIRE_GROUP = (
# LDAPGroupQuery("cn=netbox-user-ro,ou=groups,dc=example,dc=com")
# | LDAPGroupQuery("cn=netbox-user-rw,ou=groups,dc=example,dc=com")
# | LDAPGroupQuery("cn=netbox-user-admin,ou=groups,dc=example,dc=com")
# )
# # Sets LDAP Flag groups variables with example.
# AUTH_LDAP_USER_FLAGS_BY_GROUP = {
# "is_staff": (
# LDAPGroupQuery("cn=netbox-user-ro,ou=groups,dc=example,dc=com")
# | LDAPGroupQuery("cn=netbox-user-rw,ou=groups,dc=example,dc=com")
# | LDAPGroupQuery("cn=netbox-user-admin,ou=groups,dc=example,dc=com")
# ),
# "is_superuser": "cn=netbox-user-admin,ou=groups,dc=example,dc=com",
# }
# # Sets LDAP Mirror groups variables with example groups
# AUTH_LDAP_MIRROR_GROUPS = ["netbox-user-ro", "netbox-user-rw", "netbox-user-admin"]

46
configuration/ldap/ldap_config.py
View File

@ -1,10 +1,9 @@
import ldap
from django_auth_ldap.config import LDAPSearch
from importlib import import_module from importlib import import_module
from os import environ from os import environ
import ldap
from django_auth_ldap.config import LDAPSearch
# Read secret from file # Read secret from file
def _read_secret(secret_name, default=None): def _read_secret(secret_name, default=None):
try: try:
@ -31,12 +30,9 @@ AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0 ldap.OPT_REFERRALS: 0
} }
AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = environ.get('AUTH_LDAP_BIND_AS_AUTHENTICATING_USER', 'False').lower() == 'true' # Set the DN and password for the NetBox service account.
AUTH_LDAP_BIND_DN = environ.get('AUTH_LDAP_BIND_DN', '')
# Set the DN and password for the NetBox service account if needed. AUTH_LDAP_BIND_PASSWORD = _read_secret('auth_ldap_bind_password', environ.get('AUTH_LDAP_BIND_PASSWORD', ''))
if not AUTH_LDAP_BIND_AS_AUTHENTICATING_USER:
AUTH_LDAP_BIND_DN = environ.get('AUTH_LDAP_BIND_DN', '')
AUTH_LDAP_BIND_PASSWORD = _read_secret('auth_ldap_bind_password', environ.get('AUTH_LDAP_BIND_PASSWORD', ''))
# Set a string template that describes any users distinguished name based on the username. # Set a string template that describes any users distinguished name based on the username.
AUTH_LDAP_USER_DN_TEMPLATE = environ.get('AUTH_LDAP_USER_DN_TEMPLATE', None) AUTH_LDAP_USER_DN_TEMPLATE = environ.get('AUTH_LDAP_USER_DN_TEMPLATE', None)
@ -49,38 +45,18 @@ AUTH_LDAP_START_TLS = environ.get('AUTH_LDAP_START_TLS', 'False').lower() == 'tr
# ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) # ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
LDAP_IGNORE_CERT_ERRORS = environ.get('LDAP_IGNORE_CERT_ERRORS', 'False').lower() == 'true' LDAP_IGNORE_CERT_ERRORS = environ.get('LDAP_IGNORE_CERT_ERRORS', 'False').lower() == 'true'
# Include this setting if you want to validate the LDAP server certificates against a CA certificate directory on your server
# Note that this is a NetBox-specific setting which sets:
# ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, LDAP_CA_CERT_DIR)
LDAP_CA_CERT_DIR = environ.get('LDAP_CA_CERT_DIR', None)
# Include this setting if you want to validate the LDAP server certificates against your own CA.
# Note that this is a NetBox-specific setting which sets:
# ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, LDAP_CA_CERT_FILE)
LDAP_CA_CERT_FILE = environ.get('LDAP_CA_CERT_FILE', None)
AUTH_LDAP_USER_SEARCH_BASEDN = environ.get('AUTH_LDAP_USER_SEARCH_BASEDN', '') AUTH_LDAP_USER_SEARCH_BASEDN = environ.get('AUTH_LDAP_USER_SEARCH_BASEDN', '')
AUTH_LDAP_USER_SEARCH_ATTR = environ.get('AUTH_LDAP_USER_SEARCH_ATTR', 'sAMAccountName') AUTH_LDAP_USER_SEARCH_ATTR = environ.get('AUTH_LDAP_USER_SEARCH_ATTR', 'sAMAccountName')
AUTH_LDAP_USER_SEARCH_FILTER: str = environ.get( AUTH_LDAP_USER_SEARCH = LDAPSearch(AUTH_LDAP_USER_SEARCH_BASEDN,
'AUTH_LDAP_USER_SEARCH_FILTER', f'({AUTH_LDAP_USER_SEARCH_ATTR}=%(user)s)' ldap.SCOPE_SUBTREE,
) "(" + AUTH_LDAP_USER_SEARCH_ATTR + "=%(user)s)")
AUTH_LDAP_USER_SEARCH = LDAPSearch(
AUTH_LDAP_USER_SEARCH_BASEDN, ldap.SCOPE_SUBTREE, AUTH_LDAP_USER_SEARCH_FILTER
)
# This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group # This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group
# heirarchy. # heirarchy.
AUTH_LDAP_GROUP_SEARCH_BASEDN = environ.get('AUTH_LDAP_GROUP_SEARCH_BASEDN', '') AUTH_LDAP_GROUP_SEARCH_BASEDN = environ.get('AUTH_LDAP_GROUP_SEARCH_BASEDN', '')
AUTH_LDAP_GROUP_SEARCH_CLASS = environ.get('AUTH_LDAP_GROUP_SEARCH_CLASS', 'group') AUTH_LDAP_GROUP_SEARCH_CLASS = environ.get('AUTH_LDAP_GROUP_SEARCH_CLASS', 'group')
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_BASEDN, ldap.SCOPE_SUBTREE,
AUTH_LDAP_GROUP_SEARCH_FILTER: str = environ.get( "(objectClass=" + AUTH_LDAP_GROUP_SEARCH_CLASS + ")")
'AUTH_LDAP_GROUP_SEARCH_FILTER', f'(objectclass={AUTH_LDAP_GROUP_SEARCH_CLASS})'
)
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
AUTH_LDAP_GROUP_SEARCH_BASEDN, ldap.SCOPE_SUBTREE, AUTH_LDAP_GROUP_SEARCH_FILTER
)
AUTH_LDAP_GROUP_TYPE = _import_group_type(environ.get('AUTH_LDAP_GROUP_TYPE', 'GroupOfNamesType')) AUTH_LDAP_GROUP_TYPE = _import_group_type(environ.get('AUTH_LDAP_GROUP_TYPE', 'GroupOfNamesType'))
# Define a group required to login. # Define a group required to login.

55
configuration/logging.py
View File

@ -1,55 +0,0 @@
# # Remove first comment(#) on each line to implement this working logging example.
# # Add LOGLEVEL environment variable to netbox if you use this example & want a different log level.
# from os import environ
# # Set LOGLEVEL in netbox.env or docker-compose.overide.yml to override a logging level of INFO.
# LOGLEVEL = environ.get('LOGLEVEL', 'INFO')
# LOGGING = {
# 'version': 1,
# 'disable_existing_loggers': False,
# 'formatters': {
# 'verbose': {
# 'format': '{levelname} {asctime} {module} {process:d} {thread:d} {message}',
# 'style': '{',
# },
# 'simple': {
# 'format': '{levelname} {message}',
# 'style': '{',
# },
# },
# 'filters': {
# 'require_debug_false': {
# '()': 'django.utils.log.RequireDebugFalse',
# },
# },
# 'handlers': {
# 'console': {
# 'level': LOGLEVEL,
# 'filters': ['require_debug_false'],
# 'class': 'logging.StreamHandler',
# 'formatter': 'simple'
# },
# 'mail_admins': {
# 'level': 'ERROR',
# 'class': 'django.utils.log.AdminEmailHandler',
# 'filters': ['require_debug_false']
# }
# },
# 'loggers': {
# 'django': {
# 'handlers': ['console'],
# 'propagate': True,
# },
# 'django.request': {
# 'handlers': ['mail_admins'],
# 'level': 'ERROR',
# 'propagate': False,
# },
# 'django_auth_ldap': {
# 'handlers': ['console',],
# 'level': LOGLEVEL,
# }
# }
# }

13
configuration/plugins.py
View File

@ -1,13 +0,0 @@
# Add your plugins and plugin settings here.
# Of course uncomment this file out.
# To learn how to build images with your required plugins
# See https://github.com/netbox-community/netbox-docker/wiki/Using-Netbox-Plugins
# PLUGINS = ["netbox_bgp"]
# PLUGINS_CONFIG = {
# "netbox_bgp": {
# ADD YOUR SETTINGS HERE
# }
# }

21
docker-compose.override.yml
View File

@ -1,21 +0,0 @@
services:
netbox:
ports:
- "8000:8080"
# If you want the Nginx unit status page visible from the
# outside of the container add the following port mapping:
# - "8001:8081"
# healthcheck:
# Time for which the health check can fail after the container is started.
# This depends mostly on the performance of your database. On the first start,
# when all tables need to be created the start_period should be higher than on
# subsequent starts. For the first start after major version upgrades of NetBox
# the start_period might also need to be set higher.
# Default value in our docker-compose.yml is 60s
# start_period: 90s
# environment:
# SKIP_SUPERUSER: "false"
# SUPERUSER_API_TOKEN: ""
# SUPERUSER_EMAIL: ""
# SUPERUSER_NAME: ""
# SUPERUSER_PASSWORD: ""

22
docker-compose.override.yml.example
View File

@ -1,22 +0,0 @@
services:
netbox:
ports:
- "8000:8080"
# If you want the Nginx unit status page visible from the
# outside of the container add the following port mapping:
# - "8001:8081"
# healthcheck:
# Time for which the health check can fail after the container is started.
# This depends mostly on the performance of your database. On the first start,
# when all tables need to be created the start_period should be higher than on
# subsequent starts. For the first start after major version upgrades of NetBox
# the start_period might also need to be set higher.
# Default value in our docker-compose.yml is 60s
# start_period: 90s
# environment:
# SKIP_SUPERUSER: "false"
# SUPERUSER_API_TOKEN: ""
# SUPERUSER_EMAIL: ""
# SUPERUSER_NAME: ""
# SUPERUSER_PASSWORD: ""

5
docker-compose.test.override.yml
View File

@ -1,5 +0,0 @@
services:
netbox:
ports:
- "127.0.0.1:8000:8080"

81
docker-compose.test.yml
View File

@ -1,70 +1,41 @@
version: '3.4'
services: services:
netbox: &netbox netbox:
image: ${IMAGE-docker.io/netboxcommunity/netbox:latest} image: ${IMAGE-netboxcommunity/netbox:latest}
depends_on: depends_on:
postgres: - postgres
condition: service_healthy - redis
redis: - redis-cache
condition: service_healthy
redis-cache:
condition: service_healthy
env_file: env/netbox.env env_file: env/netbox.env
user: 'unit:root' environment:
SKIP_STARTUP_SCRIPTS: ${SKIP_STARTUP_SCRIPTS-false}
user: '101'
volumes: volumes:
- ./test-configuration/test_config.py:/etc/netbox/config/test_config.py:z,ro - ./startup_scripts:/opt/netbox/startup_scripts:z,ro
healthcheck: - ./${INITIALIZERS_DIR-initializers}:/opt/netbox/initializers:z,ro
test: curl -f http://localhost:8080/login/ || exit 1 - ./configuration:/etc/netbox/config:z,ro
start_period: ${NETBOX_START_PERIOD-120s} - ./reports:/etc/netbox/reports:z,ro
timeout: 3s - ./scripts:/etc/netbox/scripts:z,ro
interval: 15s - netbox-media-files:/opt/netbox/netbox/media:z
netbox-worker: ports:
<<: *netbox - 8080
command:
- /opt/netbox/venv/bin/python
- /opt/netbox/netbox/manage.py
- rqworker
healthcheck:
test: ps -aux | grep -v grep | grep -q rqworker || exit 1
start_period: 40s
timeout: 3s
interval: 15s
netbox-housekeeping:
<<: *netbox
command:
- /opt/netbox/housekeeping.sh
healthcheck:
test: ps -aux | grep -v grep | grep -q housekeeping || exit 1
start_period: 40s
timeout: 3s
interval: 15s
postgres: postgres:
image: docker.io/postgres:16-alpine image: postgres:12-alpine
env_file: env/postgres.env env_file: env/postgres.env
healthcheck: redis:
test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER ## $$ because of docker-compose image: redis:6-alpine
start_period: 20s
interval: 1s
timeout: 5s
retries: 5
redis: &redis
image: docker.io/valkey/valkey:8.0-alpine
command: command:
- sh - sh
- -c # this is to evaluate the $REDIS_PASSWORD from the env - -c # this is to evaluate the $REDIS_PASSWORD from the env
- valkey-server --save "" --appendonly no --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose - redis-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
env_file: env/redis.env env_file: env/redis.env
healthcheck:
test: "[ $$(valkey-cli --pass \"$${REDIS_PASSWORD}\" ping) = 'PONG' ]"
start_period: 5s
timeout: 3s
interval: 1s
retries: 5
redis-cache: redis-cache:
<<: *redis image: redis:6-alpine
command:
- sh
- -c # this is to evaluate the $REDIS_PASSWORD from the env
- redis-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
env_file: env/redis-cache.env env_file: env/redis-cache.env
volumes: volumes:
netbox-media-files: netbox-media-files:
driver: local driver: local

76
docker-compose.yml
View File

@ -1,99 +1,63 @@
version: '3.4'
services: services:
netbox: &netbox netbox: &netbox
image: docker.io/netboxcommunity/netbox:${VERSION-v4.1-3.0.2} image: netboxcommunity/netbox:${VERSION-latest}
depends_on: depends_on:
- postgres - postgres
- redis - redis
- redis-cache - redis-cache
- netbox-worker
env_file: env/netbox.env env_file: env/netbox.env
user: "unit:root" user: '101'
healthcheck:
test: curl -f http://localhost:8080/login/ || exit 1
start_period: 90s
timeout: 3s
interval: 15s
volumes: volumes:
- ./startup_scripts:/opt/netbox/startup_scripts:z,ro
- ./initializers:/opt/netbox/initializers:z,ro
- ./configuration:/etc/netbox/config:z,ro - ./configuration:/etc/netbox/config:z,ro
- netbox-media-files:/opt/netbox/netbox/media:rw - ./reports:/etc/netbox/reports:z,ro
- netbox-reports-files:/opt/netbox/netbox/reports:rw - ./scripts:/etc/netbox/scripts:z,ro
- netbox-scripts-files:/opt/netbox/netbox/scripts:rw - netbox-media-files:/opt/netbox/netbox/media:z
ports:
- "8080"
netbox-worker: netbox-worker:
<<: *netbox <<: *netbox
depends_on: depends_on:
netbox: - redis
condition: service_healthy entrypoint:
command:
- /opt/netbox/venv/bin/python - /opt/netbox/venv/bin/python
- /opt/netbox/netbox/manage.py - /opt/netbox/netbox/manage.py
- rqworker
healthcheck:
test: ps -aux | grep -v grep | grep -q rqworker || exit 1
start_period: 20s
timeout: 3s
interval: 15s
netbox-housekeeping:
<<: *netbox
depends_on:
netbox:
condition: service_healthy
command: command:
- /opt/netbox/housekeeping.sh - rqworker
healthcheck: ports: []
test: ps -aux | grep -v grep | grep -q housekeeping || exit 1
start_period: 20s
timeout: 3s
interval: 15s
# postgres # postgres
postgres: postgres:
image: docker.io/postgres:16-alpine image: postgres:12-alpine
healthcheck:
test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER
start_period: 20s
timeout: 30s
interval: 10s
retries: 5
env_file: env/postgres.env env_file: env/postgres.env
volumes: volumes:
- netbox-postgres-data:/var/lib/postgresql/data - netbox-postgres-data:/var/lib/postgresql/data
# redis # redis
redis: redis:
image: docker.io/valkey/valkey:8.0-alpine image: redis:6-alpine
command: command:
- sh - sh
- -c # this is to evaluate the $REDIS_PASSWORD from the env - -c # this is to evaluate the $REDIS_PASSWORD from the env
- valkey-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose - redis-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
healthcheck: &redis-healthcheck
test: '[ $$(valkey-cli --pass "$${REDIS_PASSWORD}" ping) = ''PONG'' ]'
start_period: 5s
timeout: 3s
interval: 1s
retries: 5
env_file: env/redis.env env_file: env/redis.env
volumes: volumes:
- netbox-redis-data:/data - netbox-redis-data:/data
redis-cache: redis-cache:
image: docker.io/valkey/valkey:8.0-alpine image: redis:6-alpine
command: command:
- sh - sh
- -c # this is to evaluate the $REDIS_PASSWORD from the env - -c # this is to evaluate the $REDIS_PASSWORD from the env
- valkey-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose - redis-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
healthcheck: *redis-healthcheck
env_file: env/redis-cache.env env_file: env/redis-cache.env
volumes:
- netbox-redis-cache-data:/data
volumes: volumes:
netbox-media-files: netbox-media-files:
driver: local driver: local
netbox-postgres-data: netbox-postgres-data:
driver: local driver: local
netbox-redis-cache-data:
driver: local
netbox-redis-data: netbox-redis-data:
driver: local driver: local
netbox-reports-files:
driver: local
netbox-scripts-files:
driver: local

33
docker/configuration.docker.py
View File

@ -4,10 +4,10 @@
# #
# They can be imported by other code (see `ldap_config.py` for an example). # They can be imported by other code (see `ldap_config.py` for an example).
from os.path import abspath, isfile
from os import scandir
import importlib.util import importlib.util
import sys import sys
from os import scandir
from os.path import abspath, isfile
def _filename(f): def _filename(f):
@ -15,7 +15,7 @@ def _filename(f):
def _import(module_name, path, loaded_configurations): def _import(module_name, path, loaded_configurations):
spec = importlib.util.spec_from_file_location("", path) spec = importlib.util.spec_from_file_location('', path)
module = importlib.util.module_from_spec(spec) module = importlib.util.module_from_spec(spec)
spec.loader.exec_module(module) spec.loader.exec_module(module)
sys.modules[module_name] = module sys.modules[module_name] = module
@ -28,9 +28,9 @@ def _import(module_name, path, loaded_configurations):
def read_configurations(config_module, config_dir, main_config): def read_configurations(config_module, config_dir, main_config):
loaded_configurations = [] loaded_configurations = []
main_config_path = abspath(f"{config_dir}/{main_config}.py") main_config_path = abspath(f'{config_dir}/{main_config}.py')
if isfile(main_config_path): if isfile(main_config_path):
_import(f"{config_module}.{main_config}", main_config_path, loaded_configurations) _import(f'{config_module}.{main_config}', main_config_path, loaded_configurations)
else: else:
print(f"⚠️ Main configuration '{main_config_path}' not found.") print(f"⚠️ Main configuration '{main_config_path}' not found.")
@ -39,16 +39,13 @@ def read_configurations(config_module, config_dir, main_config):
if not f.is_file(): if not f.is_file():
continue continue
if f.name.startswith("__"): if f.name.startswith('__'):
continue continue
if not f.name.endswith(".py"): if not f.name.endswith('.py'):
continue continue
if f.name == f"{main_config}.py": if f.name == f'{config_dir}.py':
continue
if f.name == f"{config_dir}.py":
continue continue
module_name = f"{config_module}.{f.name[:-len('.py')]}".replace(".", "_") module_name = f"{config_module}.{f.name[:-len('.py')]}".replace(".", "_")
@ -69,10 +66,9 @@ def read_configurations(config_module, config_dir, main_config):
_loaded_configurations = read_configurations( _loaded_configurations = read_configurations(
config_dir="/etc/netbox/config/", config_dir = '/etc/netbox/config/',
config_module="netbox.configuration", config_module = 'netbox.configuration',
main_config="configuration", main_config = 'configuration')
)
def __getattr__(name): def __getattr__(name):
@ -82,10 +78,3 @@ def __getattr__(name):
except: except:
pass pass
raise AttributeError raise AttributeError
def __dir__():
names = []
for config in _loaded_configurations:
names.extend(config.__dir__())
return names

64
docker/docker-entrypoint.sh
View File

@ -1,54 +1,28 @@
#!/bin/bash #!/bin/bash
# Runs on every start of the NetBox Docker container # Runs on every start of the Netbox Docker container
# Stop when an error occures # Stop when an error occures
set -e set -e
# Allows NetBox to be run as non-root users # Allows Netbox to be run as non-root users
umask 002 umask 002
# Load correct Python3 env # Load correct Python3 env
# shellcheck disable=SC1091
source /opt/netbox/venv/bin/activate source /opt/netbox/venv/bin/activate
# Try to connect to the DB # Try to connect to the DB
DB_WAIT_TIMEOUT=${DB_WAIT_TIMEOUT-3} DB_WAIT_TIMEOUT=${DB_WAIT_TIMEOUT-3}
MAX_DB_WAIT_TIME=${MAX_DB_WAIT_TIME-30} MAX_DB_WAIT_TIME=${MAX_DB_WAIT_TIME-30}
CUR_DB_WAIT_TIME=0 CUR_DB_WAIT_TIME=0
while [ "${CUR_DB_WAIT_TIME}" -lt "${MAX_DB_WAIT_TIME}" ]; do while ! ./manage.py migrate 2>&1 && [ "${CUR_DB_WAIT_TIME}" -lt "${MAX_DB_WAIT_TIME}" ]; do
# Read and truncate connection error tracebacks to last line by default
exec {psfd}< <(./manage.py showmigrations 2>&1)
read -rd '' DB_ERR <&$psfd || :
exec {psfd}<&-
wait $! && break
if [ -n "$DB_WAIT_DEBUG" ]; then
echo "$DB_ERR"
else
readarray -tn 0 DB_ERR_LINES <<<"$DB_ERR"
echo "${DB_ERR_LINES[@]: -1}"
echo "[ Use DB_WAIT_DEBUG=1 in netbox.env to print full traceback for errors here ]"
fi
echo "⏳ Waiting on DB... (${CUR_DB_WAIT_TIME}s / ${MAX_DB_WAIT_TIME}s)" echo "⏳ Waiting on DB... (${CUR_DB_WAIT_TIME}s / ${MAX_DB_WAIT_TIME}s)"
sleep "${DB_WAIT_TIMEOUT}" sleep "${DB_WAIT_TIMEOUT}"
CUR_DB_WAIT_TIME=$((CUR_DB_WAIT_TIME + DB_WAIT_TIMEOUT)) CUR_DB_WAIT_TIME=$(( CUR_DB_WAIT_TIME + DB_WAIT_TIMEOUT ))
done done
if [ "${CUR_DB_WAIT_TIME}" -ge "${MAX_DB_WAIT_TIME}" ]; then if [ "${CUR_DB_WAIT_TIME}" -ge "${MAX_DB_WAIT_TIME}" ]; then
echo "❌ Waited ${MAX_DB_WAIT_TIME}s or more for the DB to become ready." echo "❌ Waited ${MAX_DB_WAIT_TIME}s or more for the DB to become ready."
exit 1 exit 1
fi fi
# Check if update is needed
if ! ./manage.py migrate --check >/dev/null 2>&1; then
echo "⚙️ Applying database migrations"
./manage.py migrate --no-input
echo "⚙️ Running trace_paths"
./manage.py trace_paths --no-input
echo "⚙️ Removing stale content types"
./manage.py remove_stale_contenttypes --no-input
echo "⚙️ Removing expired user sessions"
./manage.py clearsessions
echo "⚙️ Building search index (lazy)"
./manage.py reindex --lazy
fi
# Create Superuser if required # Create Superuser if required
if [ "$SKIP_SUPERUSER" == "true" ]; then if [ "$SKIP_SUPERUSER" == "true" ]; then
@ -61,38 +35,38 @@ else
SUPERUSER_EMAIL='admin@example.com' SUPERUSER_EMAIL='admin@example.com'
fi fi
if [ -f "/run/secrets/superuser_password" ]; then if [ -f "/run/secrets/superuser_password" ]; then
SUPERUSER_PASSWORD="$(</run/secrets/superuser_password)" SUPERUSER_PASSWORD="$(< /run/secrets/superuser_password)"
elif [ -z ${SUPERUSER_PASSWORD+x} ]; then elif [ -z ${SUPERUSER_PASSWORD+x} ]; then
SUPERUSER_PASSWORD='admin' SUPERUSER_PASSWORD='admin'
fi fi
if [ -f "/run/secrets/superuser_api_token" ]; then if [ -f "/run/secrets/superuser_api_token" ]; then
SUPERUSER_API_TOKEN="$(</run/secrets/superuser_api_token)" SUPERUSER_API_TOKEN="$(< /run/secrets/superuser_api_token)"
elif [ -z ${SUPERUSER_API_TOKEN+x} ]; then elif [ -z ${SUPERUSER_API_TOKEN+x} ]; then
SUPERUSER_API_TOKEN='0123456789abcdef0123456789abcdef01234567' SUPERUSER_API_TOKEN='0123456789abcdef0123456789abcdef01234567'
fi fi
./manage.py shell --interface python <<END ./manage.py shell --interface python << END
from users.models import Token, User from django.contrib.auth.models import User
from users.models import Token
if not User.objects.filter(username='${SUPERUSER_NAME}'): if not User.objects.filter(username='${SUPERUSER_NAME}'):
u = User.objects.create_superuser('${SUPERUSER_NAME}', '${SUPERUSER_EMAIL}', '${SUPERUSER_PASSWORD}') u=User.objects.create_superuser('${SUPERUSER_NAME}', '${SUPERUSER_EMAIL}', '${SUPERUSER_PASSWORD}')
Token.objects.create(user=u, key='${SUPERUSER_API_TOKEN}') Token.objects.create(user=u, key='${SUPERUSER_API_TOKEN}')
END END
echo "💡 Superuser Username: ${SUPERUSER_NAME}, E-Mail: ${SUPERUSER_EMAIL}" echo "💡 Superuser Username: ${SUPERUSER_NAME}, E-Mail: ${SUPERUSER_EMAIL}"
fi fi
./manage.py shell --interface python <<END # Run the startup scripts (and initializers)
from users.models import Token if [ "$SKIP_STARTUP_SCRIPTS" == "true" ]; then
try: echo "↩️ Skipping startup scripts"
old_default_token = Token.objects.get(key="0123456789abcdef0123456789abcdef01234567") else
if old_default_token: echo "import runpy; runpy.run_path('../startup_scripts')" | ./manage.py shell --interface python
print("⚠️ Warning: You have the old default admin API token in your database. This token is widely known; please remove it. Log in as your superuser and check API Tokens in your user menu.") fi
except Token.DoesNotExist:
pass
END
echo "✅ Initialisation is done." echo "✅ Initialisation is done."
# Launch whatever is passed by docker # Launch whatever is passed by docker
# (i.e. the RUN instruction in the Dockerfile) # (i.e. the RUN instruction in the Dockerfile)
exec "$@" #
# shellcheck disable=SC2068
exec $@

8
docker/housekeeping.sh
View File

@ -1,8 +0,0 @@
#!/bin/bash
SLEEP_SECONDS=${HOUSEKEEPING_INTERVAL:=86400}
echo "Interval set to ${SLEEP_SECONDS} seconds"
while true; do
date
/opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py housekeeping
sleep "${SLEEP_SECONDS}s"
done

12
docker/launch-netbox.sh
View File

@ -1,7 +1,6 @@
#!/bin/bash #!/bin/bash
UNIT_CONFIG="${UNIT_CONFIG-/etc/unit/nginx-unit.json}" UNIT_CONFIG="${UNIT_CONFIG-/etc/unit/nginx-unit.json}"
# Also used in "nginx-unit.json"
UNIT_SOCKET="/opt/unit/unit.sock" UNIT_SOCKET="/opt/unit/unit.sock"
load_configuration() { load_configuration() {
@ -23,10 +22,9 @@ load_configuration() {
# this curl call will get a reply once unit is fully launched # this curl call will get a reply once unit is fully launched
curl --silent --output /dev/null --request GET --unix-socket $UNIT_SOCKET http://localhost/ curl --silent --output /dev/null --request GET --unix-socket $UNIT_SOCKET http://localhost/
echo "⚙️ Applying configuration from $UNIT_CONFIG" echo "⚙️ Applying configuration from $UNIT_CONFIG";
RESP_CODE=$( RESP_CODE=$(curl \
curl \
--silent \ --silent \
--output /dev/null \ --output /dev/null \
--write-out '%{http_code}' \ --write-out '%{http_code}' \
@ -51,7 +49,5 @@ exec unitd \
--control unix:$UNIT_SOCKET \ --control unix:$UNIT_SOCKET \
--pid /opt/unit/unit.pid \ --pid /opt/unit/unit.pid \
--log /dev/stdout \ --log /dev/stdout \
--statedir /opt/unit/state/ \ --state /opt/unit/state/ \
--tmpdir /opt/unit/tmp/ \ --tmp /opt/unit/tmp/
--user unit \
--group root

8
docker/ldap_config.docker.py
View File

@ -1,10 +1,9 @@
from .configuration import read_configurations from .configuration import read_configurations
_loaded_configurations = read_configurations( _loaded_configurations = read_configurations(
config_dir="/etc/netbox/config/ldap/", config_dir = '/etc/netbox/config/ldap/',
config_module="netbox.configuration.ldap", config_module = 'netbox.configuration.ldap',
main_config="ldap_config", main_config = 'ldap_config')
)
def __getattr__(name): def __getattr__(name):
@ -15,7 +14,6 @@ def __getattr__(name):
pass pass
raise AttributeError raise AttributeError
def __dir__(): def __dir__():
names = [] names = []
for config in _loaded_configurations: for config in _loaded_configurations:

33
docker/nginx-unit.json
View File

@ -1,45 +1,27 @@
{ {
"listeners": { "listeners": {
"0.0.0.0:8080": { "*:8080": {
"pass": "routes/main" "pass": "routes"
},
"[::]:8080": {
"pass": "routes/main"
},
"0.0.0.0:8081": {
"pass": "routes/status"
},
"[::]:8081": {
"pass": "routes/status"
} }
}, },
"routes": {
"main": [ "routes": [
{ {
"match": { "match": {
"uri": "/static/*" "uri": "/static/*"
}, },
"action": { "action": {
"share": "/opt/netbox/netbox${uri}" "share": "/opt/netbox/netbox"
} }
}, },
{ {
"action": { "action": {
"pass": "applications/netbox" "pass": "applications/netbox"
} }
} }
], ],
"status": [
{
"match": {
"uri": "/status/*"
},
"action": {
"proxy": "http://unix:/opt/unit/unit.sock"
}
}
]
},
"applications": { "applications": {
"netbox": { "netbox": {
"type": "python 3", "type": "python 3",
@ -53,5 +35,6 @@
} }
} }
}, },
"access_log": "/dev/stdout" "access_log": "/dev/stdout"
} }

43
env/netbox.env vendored
View File

@ -1,34 +1,39 @@
CORS_ORIGIN_ALLOW_ALL=True CORS_ORIGIN_ALLOW_ALL=True
DB_HOST=postgres
DB_NAME=netbox DB_NAME=netbox
DB_PASSWORD=J5brHrAXFLQSif0K
DB_USER=netbox DB_USER=netbox
EMAIL_FROM=netbox@bar.com DB_PASSWORD=J5brHrAXFLQSif0K
EMAIL_PASSWORD= DB_HOST=postgres
EMAIL_PORT=25
EMAIL_SERVER=localhost EMAIL_SERVER=localhost
EMAIL_SSL_CERTFILE= EMAIL_PORT=25
EMAIL_SSL_KEYFILE=
EMAIL_TIMEOUT=5
EMAIL_USERNAME=netbox EMAIL_USERNAME=netbox
EMAIL_PASSWORD=
EMAIL_TIMEOUT=5
EMAIL_FROM=netbox@bar.com
# EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`! # EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`!
EMAIL_USE_SSL=false EMAIL_USE_SSL=false
EMAIL_USE_TLS=false EMAIL_USE_TLS=false
GRAPHQL_ENABLED=true EMAIL_SSL_CERTFILE=
HOUSEKEEPING_INTERVAL=86400 EMAIL_SSL_KEYFILE=
MAX_PAGE_SIZE=1000
MEDIA_ROOT=/opt/netbox/netbox/media MEDIA_ROOT=/opt/netbox/netbox/media
METRICS_ENABLED=false METRICS_ENABLED=false
REDIS_CACHE_DATABASE=1 NAPALM_USERNAME=
REDIS_CACHE_HOST=redis-cache NAPALM_PASSWORD=
REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY=false NAPALM_TIMEOUT=10
REDIS_CACHE_PASSWORD=t4Ph722qJ5QHeQ1qfu36
REDIS_CACHE_SSL=false
REDIS_DATABASE=0
REDIS_HOST=redis REDIS_HOST=redis
REDIS_INSECURE_SKIP_TLS_VERIFY=false
REDIS_PASSWORD=H733Kdjndks81 REDIS_PASSWORD=H733Kdjndks81
REDIS_DATABASE=0
REDIS_SSL=false REDIS_SSL=false
REDIS_CACHE_HOST=redis-cache
REDIS_CACHE_PASSWORD=t4Ph722qJ5QHeQ1qfu36
REDIS_CACHE_DATABASE=1
REDIS_CACHE_SSL=false
RELEASE_CHECK_URL=https://api.github.com/repos/netbox-community/netbox/releases RELEASE_CHECK_URL=https://api.github.com/repos/netbox-community/netbox/releases
SECRET_KEY='r(m)9nLGnz$(_q3N4z1k(EFsMCjjjzx08x9VhNVcfd%6RF#r!6DE@+V5Zk2X' SECRET_KEY=r8OwDznj!!dci#P9ghmRfdu1Ysxm0AiPeDCQhKE+N_rClfWNj
SKIP_SUPERUSER=true SKIP_STARTUP_SCRIPTS=false
SKIP_SUPERUSER=false
SUPERUSER_NAME=admin
SUPERUSER_EMAIL=admin@example.com
SUPERUSER_PASSWORD=admin
SUPERUSER_API_TOKEN=0123456789abcdef0123456789abcdef01234567
WEBHOOKS_ENABLED=true WEBHOOKS_ENABLED=true

4
env/postgres.env vendored
View File

@ -1,3 +1,3 @@
POSTGRES_DB=netbox
POSTGRES_PASSWORD=J5brHrAXFLQSif0K
POSTGRES_USER=netbox POSTGRES_USER=netbox
POSTGRES_PASSWORD=J5brHrAXFLQSif0K
POSTGRES_DB=netbox

7
initializers/aggregates.yml Normal file
View File

@ -0,0 +1,7 @@
# - prefix: 10.0.0.0/16
# rir: RFC1918
# tenant: tenant1
# - prefix: fd00:ccdd::/32
# rir: RFC4193 ULA
# - prefix: 2001:db8::/32
# rir: RFC3849

6
initializers/circuit_types.yml Normal file
View File

@ -0,0 +1,6 @@
# - name: VPLS
# slug: vpls
# - name: MPLS
# slug: mpls
# - name: Internet
# slug: internet

7
initializers/circuits.yml Normal file
View File

@ -0,0 +1,7 @@
# - cid: Circuit_ID-1
# provider: Provider1
# type: Internet
# tenant: tenant1
# - cid: Circuit_ID-2
# provider: Provider2
# type: MPLS

4
initializers/cluster_groups.yml Normal file
View File

@ -0,0 +1,4 @@
# - name: Group 1
# slug: group-1
# - name: Group 2
# slug: group-2

2
initializers/cluster_types.yml Normal file
View File

@ -0,0 +1,2 @@
# - name: Hyper-V
# slug: hyper-v

7
initializers/clusters.yml Normal file
View File

@ -0,0 +1,7 @@
# - name: cluster1
# type: Hyper-V
# group: Group 1
# tenant: tenant1
# - name: cluster2
# type: Hyper-V
# site: SING 1

93
initializers/custom_fields.yml Normal file
View File

@ -0,0 +1,93 @@
## Possible Choices:
## type:
## - text
## - integer
## - boolean
## - date
## - url
## - select
## filter_logic:
## - disabled
## - loose
## - exact
##
## Examples:
# text_field:
# type: text
# label: Custom Text
# description: Enter text in a text field.
# required: false
# weight: 0
# on_objects:
# - dcim.models.Device
# - dcim.models.Rack
# - dcim.models.Site
# - dcim.models.DeviceType
# - ipam.models.IPAddress
# - ipam.models.Prefix
# - tenancy.models.Tenant
# - virtualization.models.VirtualMachine
# integer_field:
# type: integer
# label: Custom Number
# description: Enter numbers into an integer field.
# required: true
# filter_logic: loose
# weight: 10
# on_objects:
# - tenancy.models.Tenant
# select_field:
# type: select
# label: Choose between items
# required: false
# filter_logic: exact
# weight: 30
# default: First Item
# on_objects:
# - dcim.models.Device
# choices:
# - First Item
# - Second Item
# - Third Item
# - Fifth Item
# - Fourth Item
# select_field_legacy_format:
# type: select
# label: Choose between items
# required: false
# filter_logic: loose
# weight: 30
# on_objects:
# - dcim.models.Device
# choices:
# - value: A # this is the deprecated format.
# - value: B # we only use it for the tests.
# - value: C # please see above for the new format.
# - value: "D like deprecated"
# weight: 999
# - value: E
# boolean_field:
# type: boolean
# label: Yes Or No?
# required: true
# filter_logic: loose
# default: "false" # important: put "false" in quotes!
# weight: 90
# on_objects:
# - dcim.models.Device
# url_field:
# type: url
# label: Hyperlink
# description: Link to something nice.
# required: true
# filter_logic: disabled
# on_objects:
# - tenancy.models.Tenant
# date_field:
# type: date
# label: Important Date
# required: false
# filter_logic: disabled
# on_objects:
# - dcim.models.Device

18
initializers/dcim_interfaces.yml Normal file
View File

@ -0,0 +1,18 @@
## Possible Choices:
## type:
## - virtual
## - lag
## - 1000base-t
## - ... and many more. See for yourself:
## https://github.com/netbox-community/netbox/blob/295d4f0394b431351c0cb2c3ecc791df68c6c2fb/netbox/dcim/choices.py#L510
##
## Examples:
# - device: server01
# enabled: true
# type: virtual
# name: to-server02
# - device: server02
# enabled: true
# type: virtual
# name: to-server01

15
initializers/device_roles.yml Normal file
View File

@ -0,0 +1,15 @@
# - name: switch
# slug: switch
# color: Grey
# - name: router
# slug: router
# color: Cyan
# - name: load-balancer
# slug: load-balancer
# color: Red
# - name: server
# slug: server
# color: Blue
# - name: patchpanel
# slug: patchpanel
# color: Black

23
initializers/device_types.yml Normal file
View File

@ -0,0 +1,23 @@
# - model: Model 1
# manufacturer: Manufacturer 1
# slug: model-1
# u_height: 2
# custom_field_data:
# text_field: Description
# - model: Model 2
# manufacturer: Manufacturer 1
# slug: model-2
# custom_field_data:
# text_field: Description
# - model: Model 3
# manufacturer: Manufacturer 1
# slug: model-3
# is_full_depth: false
# u_height: 0
# custom_field_data:
# text_field: Description
# - model: Other
# manufacturer: No Name
# slug: other
# custom_field_data:
# text_field: Description

44
initializers/devices.yml Normal file
View File

@ -0,0 +1,44 @@
## Possible Choices:
## face:
## - front
## - rear
## status:
## - offline
## - active
## - planned
## - staged
## - failed
## - inventory
## - decommissioning
##
## Examples:
# - name: server01
# device_role: server
# device_type: Other
# site: AMS 1
# rack: rack-01
# face: front
# position: 1
# custom_field_data:
# text_field: Description
# - name: server02
# device_role: server
# device_type: Other
# site: AMS 2
# rack: rack-02
# face: front
# position: 2
# primary_ip4: 10.1.1.2/24
# primary_ip6: 2001:db8:a000:1::2/64
# custom_field_data:
# text_field: Description
# - name: server03
# device_role: server
# device_type: Other
# site: SING 1
# rack: rack-03
# face: front
# position: 3
# custom_field_data:
# text_field: Description

35
initializers/groups.yml Normal file
View File

@ -0,0 +1,35 @@
## To list all permissions, run:
##
## docker-compose run --rm --entrypoint /bin/bash netbox
## $ ./manage.py migrate
## $ ./manage.py shell
## > from django.contrib.auth.models import Permission
## > print('\n'.join([p.codename for p in Permission.objects.all()]))
##
## Permission lists support wildcards. See the examples below.
##
## Examples:
# applications:
# users:
# - technical_user
# readers:
# users:
# - reader
# writers:
# users:
# - writer
# permissions:
# - delete_device
# - delete_virtualmachine
# - add_*
# - change_*
# vm_managers:
# permissions:
# - '*_virtualmachine'
# device_managers:
# permissions:
# - '*device*'
# creators:
# permissions:
# - add_*

44
initializers/ip_addresses.yml Normal file
View File

@ -0,0 +1,44 @@
## Possible Choices:
## status:
## - active
## - reserved
## - deprecated
## - dhcp
## role:
## - loopback
## - secondary
## - anycast
## - vip
## - vrrp
## - hsrp
## - glbp
## - carp
##
## Examples:
# - address: 10.1.1.1/24
# device: server01
# interface: to-server02
# status: active
# vrf: vrf1
# - address: 2001:db8:a000:1::1/64
# device: server01
# interface: to-server02
# status: active
# vrf: vrf1
# - address: 10.1.1.2/24
# device: server02
# interface: to-server01
# status: active
# - address: 2001:db8:a000:1::2/64
# device: server02
# interface: to-server01
# status: active
# - address: 10.1.1.10/24
# description: reserved IP
# status: reserved
# tenant: tenant1
# - address: 2001:db8:a000:1::10/64
# description: reserved IP
# status: reserved
# tenant: tenant1

6
initializers/manufacturers.yml Normal file
View File

@ -0,0 +1,6 @@
# - name: Manufacturer 1
# slug: manufacturer-1
# - name: Manufacturer 2
# slug: manufacturer-2
# - name: No Name
# slug: no-name

15
initializers/platforms.yml Normal file
View File

@ -0,0 +1,15 @@
# - name: Platform 1
# slug: platform-1
# manufacturer: Manufacturer 1
# napalm_driver: driver1
# napalm_args: "{'arg1': 'value1', 'arg2': 'value2'}"
# - name: Platform 2
# slug: platform-2
# manufacturer: Manufacturer 2
# napalm_driver: driver2
# napalm_args: "{'arg1': 'value1', 'arg2': 'value2'}"
# - name: Platform 3
# slug: platform-3
# manufacturer: No Name
# napalm_driver: driver3
# napalm_args: "{'arg1': 'value1', 'arg2': 'value2'}"

14
initializers/power_feeds.yml Normal file
View File

@ -0,0 +1,14 @@
# - name: power feed 1
# power_panel: power panel AMS 1
# voltage: 208
# amperage: 50
# max_utilization: 80
# phase: Single phase
# rack: rack-01
# - name: power feed 2
# power_panel: power panel SING 1
# voltage: 208
# amperage: 50
# max_utilization: 80
# phase: Three-phase
# rack: rack-03

5
initializers/power_panels.yml Normal file
View File

@ -0,0 +1,5 @@
# - name: power panel AMS 1
# site: AMS 1
# - name: power panel SING 1
# site: SING 1
# rack_group: cage 101

2
initializers/prefix_vlan_roles.yml Normal file
View File

@ -0,0 +1,2 @@
# - name: Main Management
# slug: main-management

29
initializers/prefixes.yml Normal file
View File

@ -0,0 +1,29 @@
## Possible Choices:
## status:
## - container
## - active
## - reserved
## - deprecated
##
## Examples:
# - description: prefix1
# prefix: 10.1.1.0/24
# site: AMS 1
# status: active
# tenant: tenant1
# vlan: vlan1
# - description: prefix2
# prefix: 10.1.2.0/24
# site: AMS 2
# status: active
# tenant: tenant2
# vlan: vlan2
# is_pool: true
# vrf: vrf2
# - description: ipv6 prefix1
# prefix: 2001:db8:a000:1::/64
# site: AMS 2
# status: active
# tenant: tenant2
# vlan: vlan2

6
initializers/providers.yml Normal file
View File

@ -0,0 +1,6 @@
# - name: Provider1
# slug: provider1
# asn: 121
# - name: Provider2
# slug: provider2
# asn: 122

3
initializers/rack_groups.yml Normal file
View File

@ -0,0 +1,3 @@
# - name: cage 101
# slug: cage-101
# site: SING 1

12
initializers/rack_roles.yml Normal file
View File

@ -0,0 +1,12 @@
# - name: Role 1
# slug: role-1
# color: Pink
# - name: Role 2
# slug: role-2
# color: Cyan
# - name: Role 3
# slug: role-3
# color: Grey
# - name: Role 4
# slug: role-4
# color: Teal

41
initializers/racks.yml Normal file
View File

@ -0,0 +1,41 @@
## Possible Choices:
## width:
## - 19
## - 23
## types:
## - 2-post-frame
## - 4-post-frame
## - 4-post-cabinet
## - wall-frame
## - wall-cabinet
## outer_unit:
## - mm
## - in
##
## Examples:
# - site: AMS 1
# name: rack-01
# role: Role 1
# type: 4-post-cabinet
# width: 19
# u_height: 47
# custom_field_data:
# text_field: Description
# - site: AMS 2
# name: rack-02
# role: Role 2
# type: 4-post-cabinet
# width: 19
# u_height: 47
# custom_field_data:
# text_field: Description
# - site: SING 1
# name: rack-03
# group: cage 101
# role: Role 3
# type: 4-post-cabinet
# width: 19
# u_height: 47
# custom_field_data:
# text_field: Description

10
initializers/regions.yml Normal file
View File

@ -0,0 +1,10 @@
# - name: Singapore
# slug: singapore
# - name: Amsterdam
# slug: amsterdam
# - name: Downtown
# slug: downtown
# parent: Amsterdam
# - name: Suburbs
# slug: suburbs
# parent: Amsterdam

9
initializers/rirs.yml Normal file
View File

@ -0,0 +1,9 @@
# - is_private: true
# name: RFC1918
# slug: rfc1918
# - is_private: true
# name: RFC4193 ULA
# slug: rfc4193-ula
# - is_private: true
# name: RFC3849
# slug: rfc3849

3
initializers/route_targets.yml Normal file
View File

@ -0,0 +1,3 @@
# - name: 65000:1001
# tenant: tenant1
# - name: 65000:1002

4
initializers/secret_roles.yml Normal file
View File

@ -0,0 +1,4 @@
# - name: Super Secret Passwords
# slug: super-secret
# - name: SNMP Communities
# slug: snmp

15
initializers/services.yml Normal file
View File

@ -0,0 +1,15 @@
# - name: DNS
# protocol: TCP
# ports:
# - 53
# virtual_machine: virtual machine 1
# - name: DNS
# protocol: UDP
# ports:
# - 53
# virtual_machine: virtual machine 1
# - name: MISC
# protocol: UDP
# ports:
# - 4000
# device: server01

32
initializers/sites.yml Normal file
View File

@ -0,0 +1,32 @@
# - name: AMS 1
# slug: ams1
# region: Downtown
# status: active
# facility: Amsterdam 1
# asn: 12345
# custom_field_data:
# text_field: Description for AMS1
# - name: AMS 2
# slug: ams2
# region: Downtown
# status: active
# facility: Amsterdam 2
# asn: 54321
# custom_field_data:
# text_field: Description for AMS2
# - name: AMS 3
# slug: ams3
# region: Suburbs
# status: active
# facility: Amsterdam 3
# asn: 67890
# custom_field_data:
# text_field: Description for AMS3
# - name: SING 1
# slug: sing1
# region: Singapore
# status: active
# facility: Singapore 1
# asn: 09876
# custom_field_data:
# text_field: Description for SING1

12
initializers/tags.yml Normal file
View File

@ -0,0 +1,12 @@
# - name: Tag 1
# slug: tag-1
# color: Pink
# - name: Tag 2
# slug: tag-2
# color: Cyan
# - name: Tag 3
# slug: tag-3
# color: Grey
# - name: Tag 4
# slug: tag-4
# color: Teal

4
initializers/tenant_groups.yml Normal file
View File

@ -0,0 +1,4 @@
# - name: Tenant Group 1
# slug: tenant-group-1
# - name: Tenant Group 2
# slug: tenant-group-2

5
initializers/tenants.yml Normal file
View File

@ -0,0 +1,5 @@
# - name: tenant1
# slug: tenant1
# - name: tenant2
# slug: tenant2
# group: Tenant Group 2

23
initializers/users.yml Normal file
View File

@ -0,0 +1,23 @@
## To list all permissions, run:
##
## docker-compose run --rm --entrypoint /bin/bash netbox
## $ ./manage.py migrate
## $ ./manage.py shell
## > from django.contrib.auth.models import Permission
## > print('\n'.join([p.codename for p in Permission.objects.all()]))
##
## Permission lists support wildcards. See the examples below.
##
## Examples:
# technical_user:
# api_token: 0123456789technicaluser789abcdef01234567 # must be looooong!
# reader:
# password: reader
# writer:
# password: writer
# permissions:
# - delete_device
# - delete_virtualmachine
# - add_*
# - change_*

28
initializers/virtual_machines.yml Normal file
View File

@ -0,0 +1,28 @@
## Possible Choices:
## status:
## - active
## - offline
## - staged
##
## Examples:
# - cluster: cluster1
# comments: VM1
# disk: 200
# memory: 4096
# name: virtual machine 1
# platform: Platform 2
# status: active
# tenant: tenant1
# vcpus: 8
# - cluster: cluster1
# comments: VM2
# disk: 100
# memory: 2048
# name: virtual machine 2
# platform: Platform 2
# primary_ip4: 10.1.1.10/24
# primary_ip6: 2001:db8:a000:1::10/64
# status: active
# tenant: tenant1
# vcpus: 8

12
initializers/virtualization_interfaces.yml Normal file
View File

@ -0,0 +1,12 @@
# - description: Network Interface 1
# enabled: true
# mac_address: 00:77:77:77:77:77
# mtu: 1500
# name: Network Interface 1
# virtual_machine: virtual machine 1
# - description: Network Interface 2
# enabled: true
# mac_address: 00:55:55:55:55:55
# mtu: 1500
# name: Network Interface 2
# virtual_machine: virtual machine 1

6
initializers/vlan_groups.yml Normal file
View File

@ -0,0 +1,6 @@
# - name: VLAN group 1
# site: AMS 1
# slug: vlan-group-1
# - name: VLAN group 2
# site: AMS 1
# slug: vlan-group-2

19
initializers/vlans.yml Normal file
View File

@ -0,0 +1,19 @@
## Possible Choices:
## status:
## - active
## - reserved
## - deprecated
##
## Examples:
# - name: vlan1
# site: AMS 1
# status: active
# vid: 5
# role: Main Management
# description: VLAN 5 for MGMT
# - group: VLAN group 2
# name: vlan2
# site: AMS 1
# status: active
# vid: 1300

8
initializers/vrfs.yml Normal file
View File

@ -0,0 +1,8 @@
# - enforce_unique: true
# name: vrf1
# tenant: tenant1
# description: main VRF
# - enforce_unique: true
# name: vrf2
# rd: "6500:6500"
# tenant: tenant2

26
pyproject.toml
View File

@ -1,26 +0,0 @@
[tool.black]
line_length = 100
target-version = ['py38']
include = '\.pyi?$'
exclude = '''
(
/(
\.git
| \.venv
| \.netbox
| \.vscode
| configuration
)/
)
'''
[tool.isort]
profile = "black"
multi_line_output = 3
line_length = 100
[tool.pylint.messages_control]
disable = "C0330, C0326"
[tool.pylint.format]
max-line-length = "100"

188
release.sh
View File

@ -1,188 +0,0 @@
#!/bin/bash
DEFAULT_REPO=netbox-community/netbox-docker
REPO="${REPO-${DEFAULT_REPO}}"
echomoji() {
EMOJI=${1}
TEXT=${2}
shift 2
if [ -z "$DISABLE_EMOJI" ]; then
echo "${EMOJI}" "${@}"
else
echo "${TEXT}" "${@}"
fi
}
echo_nok() {
echomoji "❌" "!" "${@}"
}
echo_ok() {
echomoji "✅" "-" "${@}"
}
echo_hint() {
echomoji "👉" ">" "${@}"
}
# check errors shall exit with code 1
check_clean_repo() {
changes=$(git status --porcelain 2>/dev/null)
if [ ${?} ] && [ -n "$changes" ]; then
echo_nok "There are git changes pending:"
echo "$changes"
echo_hint "Please clean the repository before continueing: git stash --include-untracked"
exit 1
fi
echo_ok "Repository has no pending changes."
}
check_branch() {
expected_branch="${1}"
actual_branch=$(git rev-parse --abbrev-ref HEAD 2>/dev/null)
if [ ${?} ] && [ "${actual_branch}" != "${expected_branch}" ]; then
echo_nok "Current branch should be '${expected_branch}', but is '${actual_branch}'."
echo_hint "Please change to the '${expected_branch}' branch: git checkout ${expected_branch}"
exit 1
fi
echo_ok "The current branch is '${actual_branch}'."
}
check_upstream() {
expected_upstream_branch="origin/${1}"
actual_upstream_branch=$(git rev-parse --abbrev-ref '@{upstream}' 2>/dev/null)
if [ ${?} ] && [ "${actual_upstream_branch}" != "${expected_upstream_branch}" ]; then
echo_nok "Current upstream branch should be '${expected_upstream_branch}', but is '${actual_upstream_branch}'."
echo_hint "Please set '${expected_upstream_branch}' as the upstream branch: git branch --set-upstream-to=${expected_upstream_branch}"
exit 1
fi
echo_ok "The current upstream branch is '${actual_upstream_branch}'."
}
check_origin() {
expected_origin="git@github.com:${REPO}.git"
actual_origin=$(git remote get-url origin 2>/dev/null)
if [ ${?} ] && [ "${actual_origin}" != "${expected_origin}" ]; then
echo_nok "The url of origin is '${actual_origin}', but '${expected_origin}' is expected."
echo_hint "Please set '${expected_origin}' as the url for origin: git origin set-url '${expected_origin}'"
exit 1
fi
echo_ok "The current origin url is '${actual_origin}'."
}
check_latest() {
git fetch --tags origin
local_head_commit=$(git rev-parse HEAD 2>/dev/null)
remote_head_commit=$(git rev-parse FETCH_HEAD 2>/dev/null)
if [ "${local_head_commit}" != "${remote_head_commit}" ]; then
echo_nok "HEAD is at '${local_head_commit}', but FETCH_HEAD is at '${remote_head_commit}'."
echo_hint "Please ensure that you have pushed and pulled all the latest chanegs: git pull --prune --rebase origin; git push origin"
exit 1
fi
echo_ok "HEAD and FETCH_HEAD both point to '${local_head_commit}'."
}
check_tag() {
local tag
tag=$(<VERSION)
if git rev-parse "${tag}" 2>/dev/null >/dev/null; then
echo_nok "The tag '${tag}' already points to '$(git rev-parse "${tag}" 2>/dev/null)'."
echo_hint "Please ensure that the 'VERSION' file has been updated before trying to release: echo X.Y.Z > VERSION"
exit 1
fi
echo_ok "The tag '${tag}' does not exist yet."
}
check_develop() {
echomoji 📋 "?" "Checking 'develop' branch"
check_branch develop
check_upstream develop
check_clean_repo
check_latest
}
check_release() {
echomoji 📋 "?" "Checking 'release' branch"
check_upstream release
check_clean_repo
check_latest
}
# git errors shall exit with code 2
git_switch() {
echomoji 🔀 "≈" "Switching to '${1}' branch…"
if ! git checkout "${1}" >/dev/null; then
echo_nok "It was not possible to switch to the branch '${1}'."
exit 2
fi
echo_ok "The branch is now '${1}'."
}
git_tag() {
echomoji 🏷 "X" "Tagging version '${1}'…"
if ! git tag "${1}"; then
echo_nok "The tag '${1}' was not created because of an error."
exit 2
fi
echo_ok "The tag '$(<VERSION)' was created."
}
git_push() {
echomoji ⏩ "»" "Pushing the tag '${2}' to '${1}'…"
if ! git push "${1}" "${2}"; then
echo_nok "The tag '${2}' could not be pushed to '${1}'."
exit 2
fi
echo_ok "The tag '${2}' was pushed."
}
git_merge() {
echomoji ⏩ "»" "Merging '${1}'…"
if ! git merge --no-ff "${1}"; then
echo_nok "The branch '${1}' could not be merged."
exit 2
fi
echo_ok "The branch '${2}' was merged."
}
git_merge() {
echomoji ⏩ "»" "Rebasing onto '${1}'…"
if ! git rebase "${1}"; then
echo_nok "Could not rebase onto '${1}'."
exit 2
fi
echo_ok "Rebased onto '${2}'."
}
###
# MAIN
###
echomoji 📋 "▶︎" "Checking pre-requisites for releasing '$(<VERSION)'"
check_origin
check_develop
check_tag
git_switch release
check_release
echomoji 📋 "▶︎" "Releasing '$(<VERSION)'"
git_merge develop
check_tag
git_tag "$(<VERSION)"
git_push "origin" release
git_push "origin" "$(<VERSION)"
git_switch develop
git_rebase release
echomoji ✅ "◼︎" "The release of '$(<VERSION)' is complete."

3
renovate.json
View File

@ -1,7 +1,6 @@
{ {
"extends": [ "extends": [
"config:base", "config:base"
":disableDependencyDashboard"
], ],
"enabled": true, "enabled": true,
"labels": ["maintenance"], "labels": ["maintenance"],

46
reports/devices.py.example Normal file
View File

@ -0,0 +1,46 @@
from dcim.choices import DeviceStatusChoices
from dcim.models import ConsolePort, Device, PowerPort
from extras.reports import Report
class DeviceConnectionsReport(Report):
description = "Validate the minimum physical connections for each device"
def test_console_connection(self):
# Check that every console port for every active device has a connection defined.
active = DeviceStatusChoices.STATUS_ACTIVE
for console_port in ConsolePort.objects.prefetch_related('device').filter(device__status=active):
if console_port.connected_endpoint is None:
self.log_failure(
console_port.device,
"No console connection defined for {}".format(console_port.name)
)
elif not console_port.connection_status:
self.log_warning(
console_port.device,
"Console connection for {} marked as planned".format(console_port.name)
)
else:
self.log_success(console_port.device)
def test_power_connections(self):
# Check that every active device has at least two connected power supplies.
for device in Device.objects.filter(status=DeviceStatusChoices.STATUS_ACTIVE):
connected_ports = 0
for power_port in PowerPort.objects.filter(device=device):
if power_port.connected_endpoint is not None:
connected_ports += 1
if not power_port.connection_status:
self.log_warning(
device,
"Power connection for {} marked as planned".format(power_port.name)
)
if connected_ports < 2:
self.log_failure(
device,
"{} connected power supplies found (2 needed)".format(connected_ports)
)
else:
self.log_success(device)

9
requirements-container.txt
View File

@ -1,5 +1,4 @@
django-auth-ldap==4.8.0 napalm==3.2.0
django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.14.4 ruamel.yaml==0.16.12
dulwich==0.22.1 django-auth-ldap==2.2.0
python3-saml==1.16.0 --no-binary lxml,xmlsec django-storages==1.11.1
sentry-sdk[django]==2.14.0

0
scripts/__init__.py Normal file
View File

23
startup_scripts/000_users.py Normal file
View File

@ -0,0 +1,23 @@
import sys
from django.contrib.auth.models import User
from startup_script_utils import load_yaml, set_permissions
from users.models import Token
users = load_yaml('/opt/netbox/initializers/users.yml')
if users is None:
sys.exit()
for username, user_details in users.items():
if not User.objects.filter(username=username):
user = User.objects.create_user(
username = username,
password = user_details.get('password', 0) or User.objects.make_random_password())
print("👤 Created user",username)
if user_details.get('api_token', 0):
Token.objects.create(user=user, key=user_details['api_token'])
yaml_permissions = user_details.get('permissions', [])
set_permissions(user.user_permissions, yaml_permissions)

23
startup_scripts/010_groups.py Normal file
View File

@ -0,0 +1,23 @@
import sys
from django.contrib.auth.models import Group, User
from startup_script_utils import load_yaml, set_permissions
groups = load_yaml('/opt/netbox/initializers/groups.yml')
if groups is None:
sys.exit()
for groupname, group_details in groups.items():
group, created = Group.objects.get_or_create(name=groupname)
if created:
print("👥 Created group", groupname)
for username in group_details.get('users', []):
user = User.objects.get(username=username)
if user:
user.groups.add(group)
yaml_permissions = group_details.get('permissions', [])
set_permissions(group.permissions, yaml_permissions)

58
startup_scripts/020_custom_fields.py Normal file
View File

@ -0,0 +1,58 @@
import sys
from extras.models import CustomField
from startup_script_utils import load_yaml
def get_class_for_class_path(class_path):
import importlib
from django.contrib.contenttypes.models import ContentType
module_name, class_name = class_path.rsplit(".", 1)
module = importlib.import_module(module_name)
clazz = getattr(module, class_name)
return ContentType.objects.get_for_model(clazz)
customfields = load_yaml('/opt/netbox/initializers/custom_fields.yml')
if customfields is None:
sys.exit()
for cf_name, cf_details in customfields.items():
custom_field, created = CustomField.objects.get_or_create(name = cf_name)
if created:
if cf_details.get('default', False):
custom_field.default = cf_details['default']
if cf_details.get('description', False):
custom_field.description = cf_details['description']
if cf_details.get('label', False):
custom_field.label = cf_details['label']
for object_type in cf_details.get('on_objects', []):
custom_field.content_types.add(get_class_for_class_path(object_type))
if cf_details.get('required', False):
custom_field.required = cf_details['required']
if cf_details.get('type', False):
custom_field.type = cf_details['type']
if cf_details.get('weight', -1) >= 0:
custom_field.weight = cf_details['weight']
if cf_details.get('choices', False):
custom_field.choices = []
for choice_detail in cf_details.get('choices', []):
if isinstance(choice_detail, dict) and 'value' in choice_detail:
# legacy mode
print(f"⚠️ Please migrate the choice '{choice_detail['value']}' of '{cf_name}' to the new format, as 'weight' is no longer supported!")
custom_field.choices.append(choice_detail['value'])
else:
custom_field.choices.append(choice_detail)
custom_field.save()
print("🔧 Created custom field", cf_name)

23
startup_scripts/020_tags.py Normal file
View File

@ -0,0 +1,23 @@
from extras.models import Tag
from utilities.choices import ColorChoices
from startup_script_utils import load_yaml
import sys
tags = load_yaml('/opt/netbox/initializers/tags.yml')
if tags is None:
sys.exit()
for params in tags:
if 'color' in params:
color = params.pop('color')
for color_tpl in ColorChoices:
if color in color_tpl:
params['color'] = color_tpl[0]
tag, created = Tag.objects.get_or_create(**params)
if created:
print("🎨 Created Tag", tag.name)

26
startup_scripts/030_regions.py Normal file
View File

@ -0,0 +1,26 @@
from dcim.models import Region
from startup_script_utils import load_yaml
import sys
regions = load_yaml('/opt/netbox/initializers/regions.yml')
if regions is None:
sys.exit()
optional_assocs = {
'parent': (Region, 'name')
}
for params in regions:
for assoc, details in optional_assocs.items():
if assoc in params:
model, field = details
query = { field: params.pop(assoc) }
params[assoc] = model.objects.get(**query)
region, created = Region.objects.get_or_create(**params)
if created:
print("🌐 Created region", region.name)

32
startup_scripts/040_sites.py Normal file
View File

@ -0,0 +1,32 @@
import sys
from dcim.models import Region, Site
from startup_script_utils import *
from tenancy.models import Tenant
sites = load_yaml('/opt/netbox/initializers/sites.yml')
if sites is None:
sys.exit()
optional_assocs = {
'region': (Region, 'name'),
'tenant': (Tenant, 'name')
}
for params in sites:
custom_field_data = pop_custom_fields(params)
for assoc, details in optional_assocs.items():
if assoc in params:
model, field = details
query = { field: params.pop(assoc) }
params[assoc] = model.objects.get(**query)
site, created = Site.objects.get_or_create(**params)
if created:
set_custom_fields_values(site, custom_field_data)
print("📍 Created site", site.name)

14
startup_scripts/050_manufacturers.py Normal file
View File

@ -0,0 +1,14 @@
from dcim.models import Manufacturer
from startup_script_utils import load_yaml
import sys
manufacturers = load_yaml('/opt/netbox/initializers/manufacturers.yml')
if manufacturers is None:
sys.exit()
for params in manufacturers:
manufacturer, created = Manufacturer.objects.get_or_create(**params)
if created:
print("🏭 Created Manufacturer", manufacturer.name)

42
startup_scripts/060_device_types.py Normal file
View File

@ -0,0 +1,42 @@
import sys
from dcim.models import DeviceType, Manufacturer, Region
from startup_script_utils import *
from tenancy.models import Tenant
device_types = load_yaml('/opt/netbox/initializers/device_types.yml')
if device_types is None:
sys.exit()
required_assocs = {
'manufacturer': (Manufacturer, 'name')
}
optional_assocs = {
'region': (Region, 'name'),
'tenant': (Tenant, 'name')
}
for params in device_types:
custom_field_data = pop_custom_fields(params)
for assoc, details in required_assocs.items():
model, field = details
query = { field: params.pop(assoc) }
params[assoc] = model.objects.get(**query)
for assoc, details in optional_assocs.items():
if assoc in params:
model, field = details
query = { field: params.pop(assoc) }
params[assoc] = model.objects.get(**query)
device_type, created = DeviceType.objects.get_or_create(**params)
if created:
set_custom_fields_values(device_type, custom_field_data)
print("🔡 Created device type", device_type.manufacturer, device_type.model)

23
startup_scripts/070_rack_roles.py Normal file
View File

@ -0,0 +1,23 @@
from dcim.models import RackRole
from utilities.choices import ColorChoices
from startup_script_utils import load_yaml
import sys
rack_roles = load_yaml('/opt/netbox/initializers/rack_roles.yml')
if rack_roles is None:
sys.exit()
for params in rack_roles:
if 'color' in params:
color = params.pop('color')
for color_tpl in ColorChoices:
if color in color_tpl:
params['color'] = color_tpl[0]
rack_role, created = RackRole.objects.get_or_create(**params)
if created:
print("🎨 Created rack role", rack_role.name)

25
startup_scripts/075_rack_groups.py Normal file
View File

@ -0,0 +1,25 @@
from dcim.models import Site,RackGroup
from startup_script_utils import load_yaml
import sys
rack_groups = load_yaml('/opt/netbox/initializers/rack_groups.yml')
if rack_groups is None:
sys.exit()
required_assocs = {
'site': (Site, 'name')
}
for params in rack_groups:
for assoc, details in required_assocs.items():
model, field = details
query = { field: params.pop(assoc) }
params[assoc] = model.objects.get(**query)
rack_group, created = RackGroup.objects.get_or_create(**params)
if created:
print("🎨 Created rack group", rack_group.name)

Some files were not shown because too many files have changed in this diff Show More