davidtoribioeu/netbox-docker
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox-docker.git synced 2025-12-10 05:42:36 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
netbox-docker/docker-compose.yml

88 lines
2.2 KiB
YAML
Raw Normal View History

Refactor to multistage builds This commit introduces a huge change in the build process. What changed: - Dockerfile.ldap was integrated into Dockerfile as a seperate [build stage][multistage-build]. - All the build scripts were refactored according to this. - The `docker-compose.yml` file was adjusted likewise. - The main build script, `/build.sh`, now always builds all targets (formerly called variants). - The minimal requirements for Docker and docker-compose have increased. - The build on hub.docker.com must be adjusted. This change should also fix #156 permanently. [multistage-build]: https://docs.docker.com/develop/develop-images/multistage-build/
2019-10-10 10:42:10 +00:00
version: '3.4'
Copied Docker components from main repo
2017-04-19 14:48:21 +00:00
services:
♻️ Make netbox-worker it's own container One container should ideally have one responsibility [1]. Therefore I implemented the netbox-worker to start in it's own container. This is possible, because netbox and the worker communicate via redis anyway. They still use the same image underneath, just the "command" they execute while starting different. Or in other words: I see no reason to introduce supervisord, when we already have docker-compose which can take care of running multiple processes. Also, here's another benefit: Now it's possible to view the logs of the webhook worker independently of the other netbox logs (and vice-versa). Other changes in this commit: * I don't see a reason to put a password for Redis in the docker-compose setup, so I removed it. * Slightly changed the nginx config, so that the nginx startup command becomes simpler and any error should be visible in the docker log. * Some housekeeping in the `Dockerfile`. * Added some troubleshooting advice regarding webhooks to the README. I'd like to thank Brady (@bdlamprecht [2]) here who did the harder work of figuring out what's even required to have webhooks working. [3] [1] https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#decouple-applications [2] https://github.com/bdlamprecht [3] https://github.com/ninech/netbox-docker/pull/90
2018-08-13 21:04:09 +00:00
netbox: &netbox
Update README.md (#1) * Update README.md * We don't want to use the netbox-community pull-request template * Update container building workflow * Only build amd64 images * Add our 'oxcert' branch as equivalent to upstream's 'release' branch * Tag the version of the container as OxCERT's modification This is just for the netbox container: the underlying netbox version will come from upstream * Build own own images and push to ghcr.io * Only build amd64 images * Only push images to GitHub Container Registry for the OxCERT organization * Refer to our private copy in the GitHub Container Registry ghcr.io * Use ghcr.io/oxcert/netbox for all netbox images Build and push to this repo. Read from it with docker-compose * Make releases relative to the 'oxcert' branch rather than upstream's 'release' branch. This is a different workflow than used in any of our other repos, where PRs, changes, etc. are first merged into a 'develop' branch, and the release process is to merge accumulated changes into the main 'oxcert' branch. Tag names for releases should follow whatever upstream is using with "-oxcert" appended. * Re-add the pull-request template But in a very cut-down form. We don't have an issue tracker on this repo, and we assume the intentions and motivations for any PR will have been discussed within the team already. We do, however, want all PRs to be against the 'develop' branch, in parallel to upstream's workflow. * On second thoughts, set container version to 1.0.0 This is OxCERT's version 1.0.0 of the containerized Netbox image which is basically the same as the 2.7.0 netbox-community equivalent. * Fix typo from upstream Function should have been called `git_rebase()` rather than duplicating the name of `git_merge()`
2023-10-13 10:34:37 +00:00
image: ghcr.io/oxcert/netbox:${VERSION-v3.6-1.0.0}
♻️ Make netbox-worker it's own container One container should ideally have one responsibility [1]. Therefore I implemented the netbox-worker to start in it's own container. This is possible, because netbox and the worker communicate via redis anyway. They still use the same image underneath, just the "command" they execute while starting different. Or in other words: I see no reason to introduce supervisord, when we already have docker-compose which can take care of running multiple processes. Also, here's another benefit: Now it's possible to view the logs of the webhook worker independently of the other netbox logs (and vice-versa). Other changes in this commit: * I don't see a reason to put a password for Redis in the docker-compose setup, so I removed it. * Slightly changed the nginx config, so that the nginx startup command becomes simpler and any error should be visible in the docker log. * Some housekeeping in the `Dockerfile`. * Added some troubleshooting advice regarding webhooks to the README. I'd like to thank Brady (@bdlamprecht [2]) here who did the harder work of figuring out what's even required to have webhooks working. [3] [1] https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#decouple-applications [2] https://github.com/bdlamprecht [3] https://github.com/ninech/netbox-docker/pull/90
2018-08-13 21:04:09 +00:00
depends_on:
- postgres
- redis
Prepare for Netbox 2.7
2019-12-16 11:51:59 +00:00
- redis-cache
Moving env files into separate directory for better organization
2018-09-05 21:37:28 +00:00
env_file: env/netbox.env
Use user name instead of userid Nginx unit needs the user and group parameter as names.
2021-09-24 06:16:07 +00:00
user: 'unit:root'
Update docker-compose.yml Address housekeeping tracebacks & remove whitespace
2022-10-22 13:40:03 +00:00
healthcheck:
start_period: 60s
timeout: 3s
interval: 15s
test: "curl -f http://localhost:8080/api/ || exit 1"
♻️ Make netbox-worker it's own container One container should ideally have one responsibility [1]. Therefore I implemented the netbox-worker to start in it's own container. This is possible, because netbox and the worker communicate via redis anyway. They still use the same image underneath, just the "command" they execute while starting different. Or in other words: I see no reason to introduce supervisord, when we already have docker-compose which can take care of running multiple processes. Also, here's another benefit: Now it's possible to view the logs of the webhook worker independently of the other netbox logs (and vice-versa). Other changes in this commit: * I don't see a reason to put a password for Redis in the docker-compose setup, so I removed it. * Slightly changed the nginx config, so that the nginx startup command becomes simpler and any error should be visible in the docker log. * Some housekeeping in the `Dockerfile`. * Added some troubleshooting advice regarding webhooks to the README. I'd like to thank Brady (@bdlamprecht [2]) here who did the harder work of figuring out what's even required to have webhooks working. [3] [1] https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#decouple-applications [2] https://github.com/bdlamprecht [3] https://github.com/ninech/netbox-docker/pull/90
2018-08-13 21:04:09 +00:00
volumes:
Add shared (z) container volume SELinux labels to the volumes created by docker-compose.
2019-03-25 20:22:37 +00:00
- ./configuration:/etc/netbox/config:z,ro
docker-compose.yml: fix volume mount options `z` is valid only for bindmounts When using with volumes a warning for each volume appears: netbox$ docker compose up [+] Building 0.0s (0/0) WARN[0000] mount of type `volume` should not define `bind` option WARN[0000] mount of type `volume` should not define `bind` option WARN[0000] mount of type `volume` should not define `bind` option This may appear only when using a docker-compose.override.yml
2023-06-15 10:11:46 +00:00
- netbox-media-files:/opt/netbox/netbox/media:rw
- netbox-reports-files:/opt/netbox/netbox/reports:rw
- netbox-scripts-files:/opt/netbox/netbox/scripts:rw
♻️ Make netbox-worker it's own container One container should ideally have one responsibility [1]. Therefore I implemented the netbox-worker to start in it's own container. This is possible, because netbox and the worker communicate via redis anyway. They still use the same image underneath, just the "command" they execute while starting different. Or in other words: I see no reason to introduce supervisord, when we already have docker-compose which can take care of running multiple processes. Also, here's another benefit: Now it's possible to view the logs of the webhook worker independently of the other netbox logs (and vice-versa). Other changes in this commit: * I don't see a reason to put a password for Redis in the docker-compose setup, so I removed it. * Slightly changed the nginx config, so that the nginx startup command becomes simpler and any error should be visible in the docker log. * Some housekeeping in the `Dockerfile`. * Added some troubleshooting advice regarding webhooks to the README. I'd like to thank Brady (@bdlamprecht [2]) here who did the harder work of figuring out what's even required to have webhooks working. [3] [1] https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#decouple-applications [2] https://github.com/bdlamprecht [3] https://github.com/ninech/netbox-docker/pull/90
2018-08-13 21:04:09 +00:00
netbox-worker:
<<: *netbox
depends_on:
Update docker-compose.yml Address housekeeping tracebacks & remove whitespace
2022-10-22 13:40:03 +00:00
netbox:
condition: service_healthy
Added container for Netbox housekeeping command Adds an additional container in which the new "housekeeping" command from Netbox v3.0.0 is run.
2021-09-03 10:48:30 +00:00
command:
Gunicorn is replaced with nginx-unit We now serve Netbox with an nginx-unit instance instead of Gunicorn. This allows us to get rid of the extra Nginx container because Unit is also serving the static files. The static files are now collected at container buildtime instead of every startup.
2020-11-10 14:23:07 +00:00
- /opt/netbox/venv/bin/python
♻️ Make netbox-worker it's own container One container should ideally have one responsibility [1]. Therefore I implemented the netbox-worker to start in it's own container. This is possible, because netbox and the worker communicate via redis anyway. They still use the same image underneath, just the "command" they execute while starting different. Or in other words: I see no reason to introduce supervisord, when we already have docker-compose which can take care of running multiple processes. Also, here's another benefit: Now it's possible to view the logs of the webhook worker independently of the other netbox logs (and vice-versa). Other changes in this commit: * I don't see a reason to put a password for Redis in the docker-compose setup, so I removed it. * Slightly changed the nginx config, so that the nginx startup command becomes simpler and any error should be visible in the docker log. * Some housekeeping in the `Dockerfile`. * Added some troubleshooting advice regarding webhooks to the README. I'd like to thank Brady (@bdlamprecht [2]) here who did the harder work of figuring out what's even required to have webhooks working. [3] [1] https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#decouple-applications [2] https://github.com/bdlamprecht [3] https://github.com/ninech/netbox-docker/pull/90
2018-08-13 21:04:09 +00:00
- /opt/netbox/netbox/manage.py
- rqworker
Update docker-compose.yml Address housekeeping tracebacks & remove whitespace
2022-10-22 13:40:03 +00:00
healthcheck:
start_period: 20s
timeout: 3s
interval: 15s
test: "ps -aux | grep -v grep | grep -q rqworker || exit 1"
Added container for Netbox housekeeping command Adds an additional container in which the new "housekeeping" command from Netbox v3.0.0 is run.
2021-09-03 10:48:30 +00:00
netbox-housekeeping:
<<: *netbox
depends_on:
Update docker-compose.yml Address housekeeping tracebacks & remove whitespace
2022-10-22 13:40:03 +00:00
netbox:
condition: service_healthy
Added container for Netbox housekeeping command Adds an additional container in which the new "housekeeping" command from Netbox v3.0.0 is run.
2021-09-03 10:48:30 +00:00
command:
- /opt/netbox/housekeeping.sh
Update docker-compose.yml Address housekeeping tracebacks & remove whitespace
2022-10-22 13:40:03 +00:00
healthcheck:
start_period: 20s
timeout: 3s
interval: 15s
test: "ps -aux | grep -v grep | grep -q housekeeping || exit 1"
Adds Prometheus/Grafana monitoring infrastructure
2020-10-18 13:16:16 +00:00
# postgres
♻️ Make netbox-worker it's own container One container should ideally have one responsibility [1]. Therefore I implemented the netbox-worker to start in it's own container. This is possible, because netbox and the worker communicate via redis anyway. They still use the same image underneath, just the "command" they execute while starting different. Or in other words: I see no reason to introduce supervisord, when we already have docker-compose which can take care of running multiple processes. Also, here's another benefit: Now it's possible to view the logs of the webhook worker independently of the other netbox logs (and vice-versa). Other changes in this commit: * I don't see a reason to put a password for Redis in the docker-compose setup, so I removed it. * Slightly changed the nginx config, so that the nginx startup command becomes simpler and any error should be visible in the docker log. * Some housekeeping in the `Dockerfile`. * Added some troubleshooting advice regarding webhooks to the README. I'd like to thank Brady (@bdlamprecht [2]) here who did the harder work of figuring out what's even required to have webhooks working. [3] [1] https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#decouple-applications [2] https://github.com/bdlamprecht [3] https://github.com/ninech/netbox-docker/pull/90
2018-08-13 21:04:09 +00:00
postgres:
Prepend docker.io to image URLs This is to make podman happy, since newer versions of podman have set short-name-mode to enforcing https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md
2022-12-27 20:00:59 +00:00
image: docker.io/postgres:15-alpine
Moving env files into separate directory for better organization
2018-09-05 21:37:28 +00:00
env_file: env/postgres.env
♻️ Make netbox-worker it's own container One container should ideally have one responsibility [1]. Therefore I implemented the netbox-worker to start in it's own container. This is possible, because netbox and the worker communicate via redis anyway. They still use the same image underneath, just the "command" they execute while starting different. Or in other words: I see no reason to introduce supervisord, when we already have docker-compose which can take care of running multiple processes. Also, here's another benefit: Now it's possible to view the logs of the webhook worker independently of the other netbox logs (and vice-versa). Other changes in this commit: * I don't see a reason to put a password for Redis in the docker-compose setup, so I removed it. * Slightly changed the nginx config, so that the nginx startup command becomes simpler and any error should be visible in the docker log. * Some housekeeping in the `Dockerfile`. * Added some troubleshooting advice regarding webhooks to the README. I'd like to thank Brady (@bdlamprecht [2]) here who did the harder work of figuring out what's even required to have webhooks working. [3] [1] https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#decouple-applications [2] https://github.com/bdlamprecht [3] https://github.com/ninech/netbox-docker/pull/90
2018-08-13 21:04:09 +00:00
volumes:
- netbox-postgres-data:/var/lib/postgresql/data
Adds Prometheus/Grafana monitoring infrastructure
2020-10-18 13:16:16 +00:00
# redis
Monitoring parts to docker-compose.monitorin.yml
2020-10-20 07:07:19 +00:00
redis:
Prepend docker.io to image URLs This is to make podman happy, since newer versions of podman have set short-name-mode to enforcing https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md
2022-12-27 20:00:59 +00:00
image: docker.io/redis:7-alpine
✨ Use a default Redis password Although it does not provide any additional security, it shows how to configure Redis with a password and how to use Netbox using a password protected redis server. Something that might be considered in a classic production deployment. (But is mostly irrelevant in e.g. a Kubernetes / OpenShift deployment as the isolation is usually on a network level.)
2018-08-13 22:19:29 +00:00
command:
- sh
- -c # this is to evaluate the $REDIS_PASSWORD from the env
- redis-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
Revert most changes
2020-10-26 14:16:49 +00:00
env_file: env/redis.env
♻️ Make netbox-worker it's own container One container should ideally have one responsibility [1]. Therefore I implemented the netbox-worker to start in it's own container. This is possible, because netbox and the worker communicate via redis anyway. They still use the same image underneath, just the "command" they execute while starting different. Or in other words: I see no reason to introduce supervisord, when we already have docker-compose which can take care of running multiple processes. Also, here's another benefit: Now it's possible to view the logs of the webhook worker independently of the other netbox logs (and vice-versa). Other changes in this commit: * I don't see a reason to put a password for Redis in the docker-compose setup, so I removed it. * Slightly changed the nginx config, so that the nginx startup command becomes simpler and any error should be visible in the docker log. * Some housekeeping in the `Dockerfile`. * Added some troubleshooting advice regarding webhooks to the README. I'd like to thank Brady (@bdlamprecht [2]) here who did the harder work of figuring out what's even required to have webhooks working. [3] [1] https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#decouple-applications [2] https://github.com/bdlamprecht [3] https://github.com/ninech/netbox-docker/pull/90
2018-08-13 21:04:09 +00:00
volumes:
- netbox-redis-data:/data
Prepare for Netbox 2.7
2019-12-16 11:51:59 +00:00
redis-cache:
Update docker-compose.yml
2023-03-20 12:21:17 +00:00
image: docker.io/redis:7-alpine
Prepare for Netbox 2.7
2019-12-16 11:51:59 +00:00
command:
- sh
- -c # this is to evaluate the $REDIS_PASSWORD from the env
Revert most changes
2020-10-26 14:16:49 +00:00
- redis-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
The Redis cache container was using the wrong env Our docker-compose.yml pointed the env file for the Redis cache to the wrong file. Now the Redis cache password between the netbox.env and redis-cache.env match.
2020-02-14 11:33:28 +00:00
env_file: env/redis-cache.env
Fix for random volume Redis Cache fixes: https://github.com/netbox-community/netbox-docker/issues/851
2022-09-23 12:33:49 +00:00
volumes:
Update docker-compose.yml Address housekeeping tracebacks & remove whitespace
2022-10-22 13:40:03 +00:00
- netbox-redis-cache-data:/data
Adds Prometheus/Grafana monitoring infrastructure
2020-10-18 13:16:16 +00:00
Copied Docker components from main repo
2017-04-19 14:48:21 +00:00
volumes:
♻️ Make netbox-worker it's own container One container should ideally have one responsibility [1]. Therefore I implemented the netbox-worker to start in it's own container. This is possible, because netbox and the worker communicate via redis anyway. They still use the same image underneath, just the "command" they execute while starting different. Or in other words: I see no reason to introduce supervisord, when we already have docker-compose which can take care of running multiple processes. Also, here's another benefit: Now it's possible to view the logs of the webhook worker independently of the other netbox logs (and vice-versa). Other changes in this commit: * I don't see a reason to put a password for Redis in the docker-compose setup, so I removed it. * Slightly changed the nginx config, so that the nginx startup command becomes simpler and any error should be visible in the docker log. * Some housekeeping in the `Dockerfile`. * Added some troubleshooting advice regarding webhooks to the README. I'd like to thank Brady (@bdlamprecht [2]) here who did the harder work of figuring out what's even required to have webhooks working. [3] [1] https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#decouple-applications [2] https://github.com/bdlamprecht [3] https://github.com/ninech/netbox-docker/pull/90
2018-08-13 21:04:09 +00:00
netbox-media-files:
driver: local
netbox-postgres-data:
driver: local
Preparation for Netbox 3.5 - Reports and Scripts have changed in Netbox 3.5. They need to be uploaded now. The Docker compose now creates a volume as it does for the media files - Napalm has been removed from Netbox 3.5 All configuration entries for Napalm were removed and napalm itself is removed from the requirements file - Removed Gunicorn from the image Nginx Unit has been used for a while now. No need to install Gunicorn
2023-04-08 06:07:07 +00:00
netbox-redis-cache-data:
driver: local
♻️ Make netbox-worker it's own container One container should ideally have one responsibility [1]. Therefore I implemented the netbox-worker to start in it's own container. This is possible, because netbox and the worker communicate via redis anyway. They still use the same image underneath, just the "command" they execute while starting different. Or in other words: I see no reason to introduce supervisord, when we already have docker-compose which can take care of running multiple processes. Also, here's another benefit: Now it's possible to view the logs of the webhook worker independently of the other netbox logs (and vice-versa). Other changes in this commit: * I don't see a reason to put a password for Redis in the docker-compose setup, so I removed it. * Slightly changed the nginx config, so that the nginx startup command becomes simpler and any error should be visible in the docker log. * Some housekeeping in the `Dockerfile`. * Added some troubleshooting advice regarding webhooks to the README. I'd like to thank Brady (@bdlamprecht [2]) here who did the harder work of figuring out what's even required to have webhooks working. [3] [1] https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#decouple-applications [2] https://github.com/bdlamprecht [3] https://github.com/ninech/netbox-docker/pull/90
2018-08-13 21:04:09 +00:00
netbox-redis-data:
driver: local
Preparation for Netbox 3.5 - Reports and Scripts have changed in Netbox 3.5. They need to be uploaded now. The Docker compose now creates a volume as it does for the media files - Napalm has been removed from Netbox 3.5 All configuration entries for Napalm were removed and napalm itself is removed from the requirements file - Removed Gunicorn from the image Nginx Unit has been used for a while now. No need to install Gunicorn
2023-04-08 06:07:07 +00:00
netbox-reports-files:
driver: local
netbox-scripts-files:
Update docker-compose.yml Address housekeeping tracebacks & remove whitespace
2022-10-22 13:40:03 +00:00
driver: local
Reference in a new issue Copy permalink