davidtoribioeu/netbox-docker
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox-docker.git synced 2025-12-10 05:42:36 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Compare commits

base: davidtoribioeu:release
Branches Tags
davidtoribioeu:release
davidtoribioeu:develop
davidtoribioeu:3.4.2
davidtoribioeu:3.4.1
davidtoribioeu:3.4.0
davidtoribioeu:3.3.0
davidtoribioeu:3.2.1
davidtoribioeu:3.2.0
davidtoribioeu:3.1.1
davidtoribioeu:3.1.0
davidtoribioeu:3.0.2
davidtoribioeu:3.0.1
davidtoribioeu:3.0.0
davidtoribioeu:2.9.1
davidtoribioeu:2.9.0
davidtoribioeu:2.8.0
davidtoribioeu:2.7.0
davidtoribioeu:2.6.1
davidtoribioeu:2.6.0
davidtoribioeu:2.5.3
davidtoribioeu:2.5.2
davidtoribioeu:2.5.1
davidtoribioeu:2.5.0
davidtoribioeu:2.4.0
davidtoribioeu:2.3.0
davidtoribioeu:2.2.0
davidtoribioeu:2.1.0
davidtoribioeu:2.0.0
davidtoribioeu:1.6.1
davidtoribioeu:1.6.0
davidtoribioeu:1.5.1
davidtoribioeu:1.5.0
davidtoribioeu:1.4.1
davidtoribioeu:1.4.0
davidtoribioeu:1.3.1
davidtoribioeu:1.3.0
davidtoribioeu:1.2.0
davidtoribioeu:1.1.0
davidtoribioeu:1.0.2
davidtoribioeu:1.0.1
davidtoribioeu:1.0.0
davidtoribioeu:0.27.0
davidtoribioeu:0.26.2
davidtoribioeu:0.26.1
davidtoribioeu:0.26.0
davidtoribioeu:0.25.0
davidtoribioeu:0.24.1
davidtoribioeu:0.24.0
davidtoribioeu:0.23.0
davidtoribioeu:0.22.0
davidtoribioeu:0.21.1
davidtoribioeu:0.21.0
davidtoribioeu:0.20.0
davidtoribioeu:0.19.4
davidtoribioeu:0.19.3
davidtoribioeu:0.19.2
davidtoribioeu:0.19.1
davidtoribioeu:0.19.0
davidtoribioeu:0.18.2
davidtoribioeu:0.18.1
davidtoribioeu:0.18.0
davidtoribioeu:0.17.1
davidtoribioeu:0.17.0
davidtoribioeu:0.16.0
davidtoribioeu:0.15.0
davidtoribioeu:0.14.0
davidtoribioeu:0.13.1
davidtoribioeu:0.13.0
davidtoribioeu:0.12.0
davidtoribioeu:0.11.0
davidtoribioeu:0.10.0
davidtoribioeu:0.9.0
davidtoribioeu:0.8.0
davidtoribioeu:0.7.0
davidtoribioeu:0.6.0
davidtoribioeu:0.5.1
davidtoribioeu:0.5.0
davidtoribioeu:0.4.0
davidtoribioeu:0.3.1
..
compare: davidtoribioeu:2.4.0
Branches Tags
davidtoribioeu:develop
davidtoribioeu:release
davidtoribioeu:3.4.2
davidtoribioeu:3.4.1
davidtoribioeu:3.4.0
davidtoribioeu:3.3.0
davidtoribioeu:3.2.1
davidtoribioeu:3.2.0
davidtoribioeu:3.1.1
davidtoribioeu:3.1.0
davidtoribioeu:3.0.2
davidtoribioeu:3.0.1
davidtoribioeu:3.0.0
davidtoribioeu:2.9.1
davidtoribioeu:2.9.0
davidtoribioeu:2.8.0
davidtoribioeu:2.7.0
davidtoribioeu:2.6.1
davidtoribioeu:2.6.0
davidtoribioeu:2.5.3
davidtoribioeu:2.5.2
davidtoribioeu:2.5.1
davidtoribioeu:2.5.0
davidtoribioeu:2.4.0
davidtoribioeu:2.3.0
davidtoribioeu:2.2.0
davidtoribioeu:2.1.0
davidtoribioeu:2.0.0
davidtoribioeu:1.6.1
davidtoribioeu:1.6.0
davidtoribioeu:1.5.1
davidtoribioeu:1.5.0
davidtoribioeu:1.4.1
davidtoribioeu:1.4.0
davidtoribioeu:1.3.1
davidtoribioeu:1.3.0
davidtoribioeu:1.2.0
davidtoribioeu:1.1.0
davidtoribioeu:1.0.2
davidtoribioeu:1.0.1
davidtoribioeu:1.0.0
davidtoribioeu:0.27.0
davidtoribioeu:0.26.2
davidtoribioeu:0.26.1
davidtoribioeu:0.26.0
davidtoribioeu:0.25.0
davidtoribioeu:0.24.1
davidtoribioeu:0.24.0
davidtoribioeu:0.23.0
davidtoribioeu:0.22.0
davidtoribioeu:0.21.1
davidtoribioeu:0.21.0
davidtoribioeu:0.20.0
davidtoribioeu:0.19.4
davidtoribioeu:0.19.3
davidtoribioeu:0.19.2
davidtoribioeu:0.19.1
davidtoribioeu:0.19.0
davidtoribioeu:0.18.2
davidtoribioeu:0.18.1
davidtoribioeu:0.18.0
davidtoribioeu:0.17.1
davidtoribioeu:0.17.0
davidtoribioeu:0.16.0
davidtoribioeu:0.15.0
davidtoribioeu:0.14.0
davidtoribioeu:0.13.1
davidtoribioeu:0.13.0
davidtoribioeu:0.12.0
davidtoribioeu:0.11.0
davidtoribioeu:0.10.0
davidtoribioeu:0.9.0
davidtoribioeu:0.8.0
davidtoribioeu:0.7.0
davidtoribioeu:0.6.0
davidtoribioeu:0.5.1
davidtoribioeu:0.5.0
davidtoribioeu:0.4.0
davidtoribioeu:0.3.1

No commits in common. "release" and "2.4.0" have entirely different histories.
release ... 2.4.0

42 changed files with 722 additions and 925 deletions
Show stats Expand all files Collapse all files

15
.dockerignore
View file

@ -1,13 +1,10 @@
.git*
.git
.github
.travis.yml
*.md
build*
docker-compose*
env
test-configuration
build*
docker-compose.override.yml
.netbox/.git*
.netbox/.pre-commit-config.yaml
.netbox/.readthedocs.yaml
.netbox/.tx
.netbox/contrib
.netbox/.travis.yml
.netbox/scripts
.netbox/upgrade.sh

9
.editorconfig-checker.json → .ecrc
View file

@ -2,12 +2,17 @@
"Verbose": false,
"Debug": false,
"IgnoreDefaults": false,
"SpacesAfterTabs": false,
"SpacesAftertabs": false,
"NoColor": false,
"Exclude": ["LICENSE", "\\.initializers", "\\.vscode"],
"Exclude": [
"LICENSE",
"\\.initializers",
"\\.vscode"
],
"AllowedContentTypes": [],
"PassedFiles": [],
"Disable": {
// set these options to true to disable specific checks
"EndOfLine": false,
"Indentation": false,
"InsertFinalNewline": false,

3
.editorconfig
View file

@ -9,6 +9,3 @@ indent_size = 2
[*.py]
indent_size = 4
[VERSION]
insert_final_newline = false

4
.github/FUNDING.yml vendored
View file

@ -1,8 +1,8 @@
# These are supported funding model platforms
github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
- cimnine
- tobiasge
- cimnine
- tobiasge
patreon: # Replace with a single Patreon username
open_collective: # Replace with a single Open Collective username
ko_fi: # Replace with a single Ko-fi username

279
.github/ISSUE_TEMPLATE/bug_report.yml vendored
View file

@ -1,147 +1,148 @@
name: Bug report
description: Create a report about a malfunction of the Docker setup
body:
- type: markdown
attributes:
value: |
Please only raise an issue if you're certain that you've found a bug.
Else, see these other means to get help:
- type: markdown
attributes:
value: |
Please only raise an issue if you're certain that you've found a bug.
Else, see these other means to get help:
- See our troubleshooting section:
https://github.com/netbox-community/netbox-docker/wiki/Troubleshooting
- Have a look at the rest of the wiki:
https://github.com/netbox-community/netbox-docker/wiki
- Check the release notes:
https://github.com/netbox-community/netbox-docker/releases
- Look through the issues already resolved:
https://github.com/netbox-community/netbox-docker/issues?q=is%3Aclosed
- See our troubleshooting section:
https://github.com/netbox-community/netbox-docker/wiki/Troubleshooting
- Have a look at the rest of the wiki:
https://github.com/netbox-community/netbox-docker/wiki
- Check the release notes:
https://github.com/netbox-community/netbox-docker/releases
- Look through the issues already resolved:
https://github.com/netbox-community/netbox-docker/issues?q=is%3Aclosed
If you did not find what you're looking for,
try the help of our community:
If you did not find what you're looking for,
try the help of our community:
- Post to Github Discussions:
https://github.com/netbox-community/netbox-docker/discussions
- Join the `#netbox-docker` channel on our Slack:
https://join.slack.com/t/netdev-community/shared_invite/zt-mtts8g0n-Sm6Wutn62q_M4OdsaIycrQ
- Ask on the NetBox mailing list:
https://groups.google.com/d/forum/netbox-discuss
- Post to Github Discussions:
https://github.com/netbox-community/netbox-docker/discussions
- Join the `#netbox-docker` channel on our Slack:
https://join.slack.com/t/netdev-community/shared_invite/zt-mtts8g0n-Sm6Wutn62q_M4OdsaIycrQ
- Ask on the NetBox mailing list:
https://groups.google.com/d/forum/netbox-discuss
Please don't open an issue to open a PR.
Just submit the PR, that's good enough.
- type: textarea
id: current-behavior
attributes:
label: Current Behavior
description: Please describe what you did and how you think it misbehaved
placeholder: I tried to … by doing …, but it …
validations:
required: true
- type: textarea
id: expected-behavior
attributes:
label: Expected Behavior
description: Please describe what you expected instead
placeholder: I expected that … when I do …
validations:
required: true
- type: input
id: docker-compose-version
attributes:
label: Docker Compose Version
description: Please paste the output of `docker-compose version` (or `docker compose version`)
placeholder: Docker Compose version vX.Y.Z
validations:
required: true
- type: textarea
id: docker-version
attributes:
label: Docker Version
description: Please paste the output of `docker version`
render: text
placeholder: |
Client:
Cloud integration: 1.0.17
Version: 20.10.8
API version: 1.41
Go version: go1.16.6
Git commit: 3967b7d
Built: Fri Jul 30 19:55:20 2021
OS/Arch: darwin/amd64
Context: default
Experimental: true
Please don't open an issue to open a PR.
Just submit the PR, that's good enough.
- type: textarea
id: current-behavior
attributes:
label: Current Behavior
description: Please describe what you did and how you think it misbehaved
placeholder: I tried to … by doing …, but it …
validations:
required: true
- type: textarea
id: expected-behavior
attributes:
label: Expected Behavior
description: Please describe what you expected instead
placeholder: I expected that … when I do …
validations:
required: true
- type: input
id: docker-compose-version
attributes:
label: Docker Compose Version
description: Please paste the output of `docker-compose version`
placeholder: Docker Compose version vX.Y.Z
validations:
required: true
- type: textarea
id: docker-version
attributes:
label: Docker Version
description: Please paste the output of `docker version`
render: text
placeholder: |
Client:
Cloud integration: 1.0.17
Version: 20.10.8
API version: 1.41
Go version: go1.16.6
Git commit: 3967b7d
Built: Fri Jul 30 19:55:20 2021
OS/Arch: darwin/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.8
API version: 1.41 (minimum version 1.12)
Go version: go1.16.6
Git commit: 75249d8
Built: Fri Jul 30 19:52:10 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.9
GitCommit: e25210fe30a0a703442421b0f60afac609f950a3
runc:
Version: 1.0.1
GitCommit: v1.0.1-0-g4144b63
docker-init:
Version: 0.19.0
GitCommit: de40ad0
validations:
required: true
- type: input
id: git-rev
attributes:
label: The git Revision
description: Please paste the output of `git rev-parse HEAD`
validations:
required: true
- type: textarea
id: git-status
attributes:
label: The git Status
description: Please paste the output of `git status`
render: text
placeholder: |
On branch main
nothing to commit, working tree clean
validations:
required: true
- type: input
id: run-command
attributes:
label: Startup Command
description: Please specify the command you used to start the project
placeholder: docker compose up
validations:
required: true
- type: textarea
id: netbox-logs
attributes:
label: NetBox Logs
description: Please paste the output of `docker-compose logs netbox` (or `docker compose logs netbox`)
render: text
placeholder: |
netbox_1 | ⚙️ Applying database migrations
netbox_1 | 🧬 loaded config '/etc/netbox/config/configuration.py'
netbox_1 | 🧬 loaded config '/etc/netbox/config/a.py'
netbox_1 | 🧬 loaded config '/etc/netbox/config/extra.py'
netbox_1 | 🧬 loaded config '/etc/netbox/config/logging.py'
netbox_1 | 🧬 loaded config '/etc/netbox/config/plugins.py'
...
validations:
required: true
- type: textarea
id: docker-compose-override-yml
attributes:
label: Content of docker-compose.override.yml
description: Please paste the output of `cat docker-compose.override.yml`
render: yaml
placeholder: |
services:
netbox:
ports:
- '8080:8080'
validations:
required: true
Server: Docker Engine - Community
Engine:
Version: 20.10.8
API version: 1.41 (minimum version 1.12)
Go version: go1.16.6
Git commit: 75249d8
Built: Fri Jul 30 19:52:10 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.9
GitCommit: e25210fe30a0a703442421b0f60afac609f950a3
runc:
Version: 1.0.1
GitCommit: v1.0.1-0-g4144b63
docker-init:
Version: 0.19.0
GitCommit: de40ad0
validations:
required: true
- type: input
id: git-rev
attributes:
label: The git Revision
description: Please paste the output of `git rev-parse HEAD`
validations:
required: true
- type: textarea
id: git-status
attributes:
label: The git Status
description: Please paste the output of `git status`
render: text
placeholder: |
On branch main
nothing to commit, working tree clean
validations:
required: true
- type: input
id: run-command
attributes:
label: Startup Command
description: Please specify the command you used to start the project
placeholder: docker compose up
validations:
required: true
- type: textarea
id: netbox-logs
attributes:
label: NetBox Logs
description: Please paste the output of `docker-compose logs netbox` (or `docker compose logs netbox`)
render: text
placeholder: |
netbox_1 | ⚙️ Applying database migrations
netbox_1 | 🧬 loaded config '/etc/netbox/config/configuration.py'
netbox_1 | 🧬 loaded config '/etc/netbox/config/a.py'
netbox_1 | 🧬 loaded config '/etc/netbox/config/extra.py'
netbox_1 | 🧬 loaded config '/etc/netbox/config/logging.py'
netbox_1 | 🧬 loaded config '/etc/netbox/config/plugins.py'
...
validations:
required: true
- type: textarea
id: docker-compose-override-yml
attributes:
label: Content of docker-compose.override.yml
description: Please paste the output of `cat docker-compose.override.yml`
render: yaml
placeholder: |
version: '3.4'
services:
netbox:
ports:
- '8080:8080'
validations:
required: true

2
.github/ISSUE_TEMPLATE/config.yml vendored
View file

@ -6,7 +6,7 @@ contact_links:
- name: Chat
url: https://join.slack.com/t/netdev-community/shared_invite/zt-mtts8g0n-Sm6Wutn62q_M4OdsaIycrQ
about: "Usually the quickest way to seek help with small issues is to join our #netbox-docker Slack channel."
about: 'Usually the quickest way to seek help with small issues is to join our #netbox-docker Slack channel.'
- name: Community Wiki
url: https://github.com/netbox-community/netbox-docker/wiki

120
.github/ISSUE_TEMPLATE/feature_request.yml vendored
View file

@ -1,68 +1,68 @@
name: Feature or Change Request
description: Request a new feature or a change of the current behavior
body:
- type: markdown
attributes:
value: |
This issue type is to propose new features for the Docker setup.
To just spin an idea, see the Github Discussions section, please.
- type: markdown
attributes:
value: |
This issue type is to propose new features for the Docker setup.
To just spin an idea, see the Github Discussions section, please.
Before asking for help, see these links first:
Before asking for help, see these links first:
- See our troubleshooting section:
https://github.com/netbox-community/netbox-docker/wiki/Troubleshooting
- Have a look at the rest of the wiki:
https://github.com/netbox-community/netbox-docker/wiki
- Check the release notes:
https://github.com/netbox-community/netbox-docker/releases
- Look through the issues already resolved:
https://github.com/netbox-community/netbox-docker/issues?q=is%3Aclosed
- See our troubleshooting section:
https://github.com/netbox-community/netbox-docker/wiki/Troubleshooting
- Have a look at the rest of the wiki:
https://github.com/netbox-community/netbox-docker/wiki
- Check the release notes:
https://github.com/netbox-community/netbox-docker/releases
- Look through the issues already resolved:
https://github.com/netbox-community/netbox-docker/issues?q=is%3Aclosed
If you did not find what you're looking for,
try the help of our community:
If you did not find what you're looking for,
try the help of our community:
- Post to Github Discussions:
https://github.com/netbox-community/netbox-docker/discussions
- Join the `#netbox-docker` channel on our Slack:
https://join.slack.com/t/netdev-community/shared_invite/zt-mtts8g0n-Sm6Wutn62q_M4OdsaIycrQ
- Ask on the NetBox mailing list:
https://groups.google.com/d/forum/netbox-discuss
- Post to Github Discussions:
https://github.com/netbox-community/netbox-docker/discussions
- Join the `#netbox-docker` channel on our Slack:
https://join.slack.com/t/netdev-community/shared_invite/zt-mtts8g0n-Sm6Wutn62q_M4OdsaIycrQ
- Ask on the NetBox mailing list:
https://groups.google.com/d/forum/netbox-discuss
Please don't open an issue to open a PR.
Just submit the PR, that's good enough.
- type: textarea
id: desired-behavior
attributes:
label: Desired Behavior
description: Please describe the desired behavior
placeholder: To me, it would be useful, if … because …
validations:
required: true
- type: textarea
id: contrast-to-current
attributes:
label: Contrast to Current Behavior
description: Please describe how the desired behavior is different from the current behavior
placeholder: The current behavior is …, but this lacks …
validations:
required: true
- type: textarea
id: required-changes
attributes:
label: Required Changes
description: If you can, please elaborate what changes will be required to implement the desired behavior
placeholder: I suggest to change the file …
validations:
required: false
- type: textarea
id: discussion
attributes:
label: "Discussion: Benefits and Drawbacks"
description: |
Please make your case here:
- Why do you think this project and the community will benefit from your suggestion?
- What are the drawbacks of this change? Is it backwards-compatible?
- Anything else that you think is relevant to the discussion of this feature/change request.
placeholder: I suggest to change the file …
validations:
required: false
Please don't open an issue to open a PR.
Just submit the PR, that's good enough.
- type: textarea
id: desired-behavior
attributes:
label: Desired Behavior
description: Please describe the desired behavior
placeholder: To me, it would be useful, if … because …
validations:
required: true
- type: textarea
id: contrast-to-current
attributes:
label: Contrast to Current Behavior
description: Please describe how the desired behavior is different from the current behavior
placeholder: The current behavior is …, but this lacks …
validations:
required: true
- type: textarea
id: required-changes
attributes:
label: Required Changes
description: If you can, please elaborate what changes will be required to implement the desired behavior
placeholder: I suggest to change the file …
validations:
required: false
- type: textarea
id: discussion
attributes:
label: 'Discussion: Benefits and Drawbacks'
description: |
Please make your case here:
- Why do you think this project and the community will benefit from your suggestion?
- What are the drawbacks of this change? Is it backwards-compatible?
- Anything else that you think is relevant to the discussion of this feature/change request.
placeholder: I suggest to change the file …
validations:
required: false

6
.github/pull_request_template.md vendored
View file

@ -80,6 +80,6 @@ into the release notes.
Please put an x into the brackets (like `[x]`) if you've completed that task.
-->
- [ ] I have read the comments and followed the PR template.
- [ ] I have explained my PR according to the information in the comments.
- [ ] My PR targets the `develop` branch.
* [ ] I have read the comments and followed the PR template.
* [ ] I have explained my PR according to the information in the comments.
* [ ] My PR targets the `develop` branch.

61
.github/workflows/push.yml vendored
View file

@ -5,46 +5,35 @@ on:
push:
branches-ignore:
- release
- renovate/**
pull_request:
branches-ignore:
- release
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
lint:
runs-on: ubuntu-24.04
runs-on: ubuntu-latest
name: Checks syntax of our code
permissions:
contents: read
packages: read
statuses: write
steps:
- uses: actions/checkout@v5
- uses: actions/checkout@v3
with:
# Full git history is needed to get a proper
# list of changed files within `super-linter`
fetch-depth: 0
- uses: actions/setup-python@v4
with:
python-version: '3.9'
- name: Lint Code Base
uses: super-linter/super-linter@v8
uses: github/super-linter@v4
env:
DEFAULT_BRANCH: develop
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SUPPRESS_POSSUM: true
LINTER_RULES_PATH: /
VALIDATE_ALL_CODEBASE: false
VALIDATE_BIOME_FORMAT: false
VALIDATE_CHECKOV: false
VALIDATE_DOCKERFILE: false
VALIDATE_GITHUB_ACTIONS_ZIZMOR: false
VALIDATE_GITLEAKS: false
VALIDATE_JSCPD: false
VALIDATE_TRIVY: false
FILTER_REGEX_EXCLUDE: (.*/)?(LICENSE|configuration/.*)
EDITORCONFIG_FILE_NAME: .editorconfig-checker.json
EDITORCONFIG_FILE_NAME: .ecrc
DOCKERFILE_HADOLINT_FILE_NAME: .hadolint.yaml
MARKDOWN_CONFIG_FILE: .markdown-lint.yml
PYTHON_BLACK_CONFIG_FILE: pyproject.toml
@ -59,44 +48,32 @@ jobs:
- ./build-latest.sh
- PRERELEASE=true ./build-latest.sh
- ./build.sh feature
- ./build.sh main
os:
- ubuntu-24.04
- ubuntu-24.04-arm
- ./build.sh develop
platform:
- linux/amd64
- linux/arm64
fail-fast: false
env:
GH_ACTION: enable
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
IMAGE_NAMES: docker.io/netboxcommunity/netbox
runs-on: ${{ matrix.os }}
runs-on: ubuntu-latest
name: Builds new NetBox Docker Images
steps:
- id: git-checkout
name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@v3
- id: qemu-setup
name: Set up QEMU
uses: docker/setup-qemu-action@v2
- id: buildx-setup
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- id: arm-install-skopeo
name: Install 'skopeo' on ARM64
if: matrix.os == 'ubuntu-24.04-arm'
run: |
sudo apt-get install -y skopeo
- id: arm-buildx-platform
name: Set BUILDX_PLATFORM to ARM64
if: matrix.os == 'ubuntu-24.04-arm'
run: |
echo "BUILDX_PLATFORM=linux/arm64" >>"${GITHUB_ENV}"
uses: docker/setup-buildx-action@v2
- id: docker-build
name: Build the image for '${{ matrix.os }}' with '${{ matrix.build_cmd }}'
name: Build the image for '${{ matrix.platform }}' with '${{ matrix.build_cmd }}'
run: ${{ matrix.build_cmd }}
env:
BUILDX_PLATFORM: ${{ matrix.platform }}
BUILDX_BUILDER_NAME: ${{ steps.buildx-setup.outputs.name }}
- id: arm-time-limit
name: Set Netbox container start_period higher on ARM64
if: matrix.os == 'ubuntu-24.04-arm'
run: |
echo "NETBOX_START_PERIOD=240s" >>"${GITHUB_ENV}"
- id: docker-test
name: Test the image
run: IMAGE="${FINAL_DOCKER_TAG}" ./test.sh

65
.github/workflows/release.yml vendored
View file

@ -6,83 +6,78 @@ on:
types:
- published
schedule:
- cron: "45 5 * * *"
- cron: '45 5 * * *'
workflow_dispatch:
jobs:
build:
strategy:
matrix:
build:
- { "cmd": "./build-latest.sh", "branch": "release" }
- { "cmd": "./build.sh main", "branch": "release" }
# Build pre release images from our develop branch
# This is used to test the latest changes before they are merged into the main branch
- { "cmd": "PRERELEASE=true ./build-latest.sh", "branch": "develop" }
- { "cmd": "./build.sh feature", "branch": "develop" }
build_cmd:
- ./build-latest.sh
- PRERELEASE=true ./build-latest.sh
- ./build.sh feature
- ./build.sh develop
platform:
- linux/amd64,linux/arm64
fail-fast: false
runs-on: ubuntu-24.04
runs-on: ubuntu-latest
name: Builds new NetBox Docker Images
env:
GH_ACTION: enable
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
IMAGE_NAMES: docker.io/netboxcommunity/netbox quay.io/netboxcommunity/netbox ghcr.io/netbox-community/netbox
steps:
- id: source-checkout
name: Checkout
uses: actions/checkout@v5
with:
ref: ${{ matrix.build.branch }}
uses: actions/checkout@v3
- id: set-netbox-docker-version
name: Get Version of NetBox Docker
run: echo "version=$(cat VERSION)" >>"$GITHUB_OUTPUT"
run: echo "::set-output name=version::$(cat VERSION)"
shell: bash
- id: check-build-needed
name: Check if the build is needed for '${{ matrix.build.cmd }}'
env:
CHECK_ONLY: "true"
run: ${{ matrix.build.cmd }}
- id: qemu-setup
name: Set up QEMU
uses: docker/setup-qemu-action@v2
- id: buildx-setup
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- id: docker-build
name: Build the image with '${{ matrix.build_cmd }}'
run: ${{ matrix.build_cmd }}
- id: test-image
name: Test the image
run: IMAGE="${FINAL_DOCKER_TAG}" ./test.sh
if: steps.docker-build.outputs.skipped != 'true'
# docker.io
- id: docker-io-login
name: Login to docker.io
uses: docker/login-action@v3
uses: docker/login-action@v2
with:
registry: docker.io
username: ${{ secrets.dockerhub_username }}
password: ${{ secrets.dockerhub_password }}
if: steps.check-build-needed.outputs.skipped != 'true'
- id: buildx-setup
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: "lab:latest"
driver: cloud
endpoint: "netboxcommunity/netbox-default"
if: steps.check-build-needed.outputs.skipped != 'true'
if: steps.docker-build.outputs.skipped != 'true'
# quay.io
- id: quay-io-login
name: Login to Quay.io
uses: docker/login-action@v3
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.quayio_username }}
password: ${{ secrets.quayio_password }}
if: steps.check-build-needed.outputs.skipped != 'true'
if: steps.docker-build.outputs.skipped != 'true'
# ghcr.io
- id: ghcr-io-login
name: Login to GitHub Container Registry
uses: docker/login-action@v3
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
if: steps.check-build-needed.outputs.skipped != 'true'
if: steps.docker-build.outputs.skipped != 'true'
- id: build-and-push
name: Push the image
run: ${{ matrix.build.cmd }} --push
if: steps.check-build-needed.outputs.skipped != 'true'
run: ${{ matrix.build_cmd }} --push
if: steps.docker-build.outputs.skipped != 'true'
env:
BUILDX_PLATFORM: ${{ matrix.platform }}
BUILDX_BUILDER_NAME: ${{ steps.buildx-setup.outputs.name }}

3
.gitignore vendored
View file

@ -1,6 +1,6 @@
*.sql.gz
.netbox
.python-version
.initializers
docker-compose.override.yml
*.pem
configuration/*
@ -11,4 +11,5 @@ configuration/ldap/*
!configuration/ldap/ldap_config.py
!configuration/logging.py
!configuration/plugins.py
prometheus.yml
super-linter.log

3
.yamllint.yaml
View file

@ -1,4 +1,5 @@
---
rules:
line-length:
max: 160
max: 120

61
Dockerfile
View file

@ -1,7 +1,6 @@
ARG FROM
FROM ${FROM} AS builder
FROM ${FROM} as builder
COPY --from=ghcr.io/astral-sh/uv:0.9 /uv /usr/local/bin/
RUN export DEBIAN_FRONTEND=noninteractive \
&& apt-get update -qq \
&& apt-get upgrade \
@ -15,27 +14,25 @@ RUN export DEBIAN_FRONTEND=noninteractive \
libsasl2-dev \
libssl-dev \
libxml2-dev \
libxml2-dev \
libxmlsec1 \
libxmlsec1-dev \
libxmlsec1-openssl \
libxslt-dev \
pkg-config \
python3-dev \
&& /usr/local/bin/uv venv /opt/netbox/venv
python3-pip \
python3-venv \
&& python3 -m venv /opt/netbox/venv \
&& /opt/netbox/venv/bin/python3 -m pip install --upgrade \
pip \
setuptools \
wheel
ARG NETBOX_PATH
COPY ${NETBOX_PATH}/requirements.txt requirements-container.txt /
ENV VIRTUAL_ENV=/opt/netbox/venv
RUN \
# Gunicorn is not needed because we use Nginx Unit
sed -i -e '/gunicorn/d' /requirements.txt && \
# We need 'social-auth-core[all]' in the Docker image. But if we put it in our own requirements-container.txt
# we have potential version conflicts and the build will fail.
# That's why we just replace it in the original requirements.txt.
sed -i -e 's/social-auth-core/social-auth-core\[all\]/g' /requirements.txt && \
# The same is true for 'django-storages'
sed -i -e 's/django-storages/django-storages\[azure,boto3,dropbox,google,libcloud,sftp\]/g' /requirements.txt && \
/usr/local/bin/uv pip install \
RUN sed -i -e '/psycopg2-binary/d' requirements.txt && \
/opt/netbox/venv/bin/pip install \
-r /requirements.txt \
-r /requirements-container.txt
@ -44,10 +41,8 @@ RUN \
###
ARG FROM
FROM ${FROM} AS main
FROM ${FROM} as main
COPY docker/unit.list /etc/apt/sources.list.d/unit.list
ADD --chmod=444 --chown=0:0 https://unit.nginx.org/keys/nginx-keyring.gpg /usr/share/keyrings/nginx-keyring.gpg
RUN export DEBIAN_FRONTEND=noninteractive \
&& apt-get update -qq \
&& apt-get upgrade \
@ -60,17 +55,21 @@ RUN export DEBIAN_FRONTEND=noninteractive \
libldap-common \
libpq5 \
libxmlsec1-openssl \
openssh-client \
openssl \
python3 \
python3-distutils \
tini \
unit-python3.12=1.34.2-1~noble \
unit=1.34.2-1~noble \
&& curl -sL https://nginx.org/keys/nginx_signing.key \
> /etc/apt/trusted.gpg.d/nginx.asc && \
echo "deb https://packages.nginx.org/unit/ubuntu/ jammy unit" \
> /etc/apt/sources.list.d/unit.list \
&& apt-get update -qq \
&& apt-get install \
--yes -qq --no-install-recommends \
unit=1.27.0-1~jammy \
unit-python3.10=1.27.0-1~jammy \
&& rm -rf /var/lib/apt/lists/*
# Copy the modified 'requirements*.txt' files, to have the files actually used during installation
COPY --from=builder /requirements.txt /requirements-container.txt /opt/netbox/
COPY --from=builder /usr/local/bin/uv /usr/local/bin/
COPY --from=builder /opt/netbox/venv /opt/netbox/venv
ARG NETBOX_PATH
@ -79,25 +78,23 @@ COPY ${NETBOX_PATH} /opt/netbox
COPY docker/configuration.docker.py /opt/netbox/netbox/netbox/configuration.py
COPY docker/ldap_config.docker.py /opt/netbox/netbox/netbox/ldap_config.py
COPY docker/docker-entrypoint.sh /opt/netbox/docker-entrypoint.sh
COPY docker/housekeeping.sh /opt/netbox/housekeeping.sh
COPY docker/launch-netbox.sh /opt/netbox/launch-netbox.sh
COPY configuration/ /etc/netbox/config/
COPY docker/nginx-unit.json /etc/unit/
COPY VERSION /opt/netbox/VERSION
WORKDIR /opt/netbox/netbox
# Must set permissions for '/opt/netbox/netbox/media' directory
# to g+w so that pictures can be uploaded to netbox.
RUN mkdir -p static media /opt/unit/state/ /opt/unit/tmp/ \
&& chown -R unit:root /opt/unit/ media reports scripts \
&& chmod -R g+w /opt/unit/ media reports scripts \
&& cd /opt/netbox/ && SECRET_KEY="dummyKeyWithMinimumLength-------------------------" /opt/netbox/venv/bin/python -m mkdocs build \
RUN mkdir -p static /opt/unit/state/ /opt/unit/tmp/ \
&& chown -R unit:root media /opt/unit/ \
&& chmod -R g+w media /opt/unit/ \
&& cd /opt/netbox/ && SECRET_KEY="dummy" /opt/netbox/venv/bin/python -m mkdocs build \
--config-file /opt/netbox/mkdocs.yml --site-dir /opt/netbox/netbox/project-static/docs/ \
&& DEBUG="true" SECRET_KEY="dummyKeyWithMinimumLength-------------------------" /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py collectstatic --no-input \
&& mkdir /opt/netbox/netbox/local \
&& echo "build: Docker-$(cat /opt/netbox/VERSION)" > /opt/netbox/netbox/local/release.yaml
&& SECRET_KEY="dummy" /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py collectstatic --no-input
ENV LANG=C.utf8 PATH=/opt/netbox/venv/bin:$PATH VIRTUAL_ENV=/opt/netbox/venv UV_NO_CACHE=1
ENV LANG=C.UTF-8 PATH=/opt/netbox/venv/bin:$PATH
ENTRYPOINT [ "/usr/bin/tini", "--" ]
CMD [ "/opt/netbox/docker-entrypoint.sh", "/opt/netbox/launch-netbox.sh" ]

19
MAINTAINERS.md
View file

@ -1,19 +0,0 @@
# Maintainers of _NetBox Docker_
This file lists all currently recognized maintainers of the _NetBox Docker_ project in alphabetical order:
- @cimnine
- @tobiasge
## Stepping Down
Every maintainer is a volunteer and may step down as maintainer at any time without providing any reason.
To make this explicit, the maintainer is asked to update this file.
The last maintainer stepping down is asked to archive the project on GitHub to indicate that the project is no longer maintained.
## Signing up
Everyone is welcome to sign up as maintainer by creating a PR and add their own username to the list.
The current maintainers shall discuss the application.
They may turn down an application if they don't feel confident that the new maintainer is a positive addition.

71
PRINCIPALS.md
View file

@ -1,71 +0,0 @@
# Development, Maintenance and Community Principals for _NetBox Docker_
These principals shall guide the development and the maintenance of _NetBox Docker_.
## Basic principals
This project is maintained on voluntary basis.
Everyone is asked to respect that.
This means, that …
- … sometimes features are not implemented as fast as one might like -- or not at all.
- … sometimes nobody is looking at bugs, or they are not fixed as fast as one might like -- or not at all.
- … sometimes PRs are not reviewed for an extended period.
Everyone is welcome to provide improvements and bugfixes to the benefit of everyone else.
## Development Principals
The goal of the _NetBox Docker_ project is to provide a container to run the basic NetBox project.
The container should feel like a native container -- as if it were provided by NetBox itself:
- Configuration via environment variables where feasible.
- Except: Whenever a complex type such as a `dict` is required as value of a configuration setting,
then it shall not be provided through an environment variable.
- Configuration of secrets via secret files.
- Log output to standard out (STDOUT/`&1`) / standard error (STDERR/`&2`).
- Volumes for data and cache directories.
- Otherwise, no mounts shall be necessary.
- Runs a non-root user by default.
- One process / role for each instance.
The container generally does not provide more features than the basic NetBox project itself provides.
It may provide additional Python dependencies than the upstream project,
so that all configurable features of NetBox can be used in the container without further modification.
The container may provide helpers, so that it feels and behaves like a native container.
The container does not bundle any community plugins.
## Maintenance Principals
The main goals of maintaining _NetBox Docker_ are:
- Keeping the project at a high quality level.
- Keeping the maintenance effort minimal.
- Coordinating development efforts.
The following guidelines help us to achieve these goals:
- As many maintenance tasks as possible shall be automated or scripted.
- All manual tasks must be documented.
- All changes are reviewed by at least one maintainer.
- Changes of maintainers are reviewed by at least one other maintainer.
(Except if there's only one maintainer left.)
- The infrastructure beyond what GitHub provides shall be kept to a minimum.
- On request, every maintainer shall get access to infrastructure that is beyond GitHub
(at the time of writing that's _Docker Hub_ and _Quay_ in particular).
## Community Principals
This project is developed by the NetBox community for the NetBox community.
We welcome contributions, as long as they are in line with the principals above.
The maintainers of NetBox Docker are not the support team.
The community is expected to help each other out.
Always remember:
Behind every screen (or screen-reader) on the other end is a fellow human.
Be nice and respectful, thankful for help,
and value ideas and contributions,
even when they don't fit the goals.

83
README.md
View file

@ -3,21 +3,16 @@
[![GitHub release (latest by date)](https://img.shields.io/github/v/release/netbox-community/netbox-docker)][github-release]
[![GitHub stars](https://img.shields.io/github/stars/netbox-community/netbox-docker)][github-stargazers]
![GitHub closed pull requests](https://img.shields.io/github/issues-pr-closed-raw/netbox-community/netbox-docker)
![Github release workflow](https://img.shields.io/github/actions/workflow/status/netbox-community/netbox-docker/release.yml?branch=release)
![Github release workflow](https://img.shields.io/github/workflow/status/netbox-community/netbox-docker/release)
![Docker Pulls](https://img.shields.io/docker/pulls/netboxcommunity/netbox)
[![GitHub license](https://img.shields.io/github/license/netbox-community/netbox-docker)][netbox-docker-license]
[The GitHub repository][netbox-docker-github] houses the components needed to build NetBox as a container.
Images are built regularly using the code in that repository
and are pushed to [Docker Hub][netbox-dockerhub],
[Quay.io][netbox-quayio] and [GitHub Container Registry][netbox-ghcr].
_NetBox Docker_ is a project developed and maintained by the _NetBox_ community.
Images are built regularly using the code in that repository and are pushed to [Docker Hub][netbox-dockerhub], [Quay.io][netbox-quayio] and [GitHub Container Registry][netbox-ghcr].
Do you have any questions?
Before opening an issue on GitHub,
please join [our Slack][netbox-docker-slack]
and ask for help in the [`#netbox-docker`][netbox-docker-slack-channel] channel,
or start a new [GitHub Discussion][github-discussions].
Before opening an issue on Github,
please join [our Slack][netbox-docker-slack] and ask for help in the [`#netbox-docker`][netbox-docker-slack-channel] channel.
[github-stargazers]: https://github.com/netbox-community/netbox-docker/stargazers
[github-release]: https://github.com/netbox-community/netbox-docker/releases
@ -29,7 +24,6 @@ or start a new [GitHub Discussion][github-discussions].
[netbox-docker-slack-channel]: https://netdev-community.slack.com/archives/C01P0GEVBU7
[netbox-slack-channel]: https://netdev-community.slack.com/archives/C01P0FRSXRV
[netbox-docker-license]: https://github.com/netbox-community/netbox-docker/blob/release/LICENSE
[github-discussions]: https://github.com/netbox-community/netbox-docker/discussions
## Quickstart
@ -39,25 +33,26 @@ There is a more complete [_Getting Started_ guide on our wiki][wiki-getting-star
```bash
git clone -b release https://github.com/netbox-community/netbox-docker.git
cd netbox-docker
# Copy the example override file
cp docker-compose.override.yml.example docker-compose.override.yml
# Read and edit the file to your liking
docker compose pull
docker compose up
tee docker-compose.override.yml <<EOF
version: '3.4'
services:
netbox:
ports:
- 8000:8080
EOF
docker-compose pull
docker-compose up
```
The whole application will be available after a few minutes.
Open the URL `http://0.0.0.0:8000/` in a web-browser.
You should see the NetBox homepage.
In the top-right corner you can login.
The default credentials are:
To create the first admin user run this command:
```bash
docker compose exec netbox /opt/netbox/netbox/manage.py createsuperuser
```
If you need to restart Netbox from an empty database often,
you can also set the `SUPERUSER_*` variables in your `docker-compose.override.yml`.
* Username: **admin**
* Password: **admin**
* API Token: **0123456789abcdef0123456789abcdef01234567**
[wiki-getting-started]: https://github.com/netbox-community/netbox-docker/wiki/Getting-Started
@ -67,39 +62,42 @@ New container images are built and published automatically every ~24h.
> We recommend to use either the `vX.Y.Z-a.b.c` tags or the `vX.Y-a.b.c` tags in production!
- `vX.Y.Z-a.b.c`, `vX.Y-a.b.c`:
* `vX.Y.Z-a.b.c`, `vX.Y-a.b.c`:
These are release builds containing _NetBox version_ `vX.Y.Z`.
They contain the support files of _NetBox Docker version_ `a.b.c`.
You must use _NetBox Docker version_ `a.b.c` to guarantee the compatibility.
These images are automatically built from [the corresponding releases of NetBox][netbox-releases].
- `latest-a.b.c`:
* `latest-a.b.c`:
These are release builds, containing the latest stable version of NetBox.
They contain the support files of _NetBox Docker version_ `a.b.c`.
You must use _NetBox Docker version_ `a.b.c` to guarantee the compatibility.
- `snapshot-a.b.c`:
These images are automatically built from [the `master` branch of NetBox][netbox-master].
* `snapshot-a.b.c`:
These are prerelease builds.
They contain the support files of _NetBox Docker version_ `a.b.c`.
You must use _NetBox Docker version_ `a.b.c` to guarantee the compatibility.
These images are automatically built from the [`main` branch of NetBox][netbox-main].
These images are automatically built from the [`develop` branch of NetBox][netbox-develop].
For each of the above tag, there is an extra tag:
- `vX.Y.Z`, `vX.Y`:
* `vX.Y.Z`, `vX.Y`:
This is the same version as `vX.Y.Z-a.b.c` (or `vX.Y-a.b.c`, respectively).
- `latest`
It always points to the latest version of _NetBox Docker_.
* `latest`
This is the same version as `latest-a.b.c`.
It always points to the latest version of _NetBox Docker_.
- `snapshot`
* `snapshot`
This is the same version as `snapshot-a.b.c`.
It always points to the latest version of _NetBox Docker_.
[netbox-releases]: https://github.com/netbox-community/netbox/releases
[netbox-main]: https://github.com/netbox-community/netbox/tree/main
[netbox-master]: https://github.com/netbox-community/netbox/tree/master
[netbox-develop]: https://github.com/netbox-community/netbox/tree/develop
## Documentation
Please refer [to our wiki on GitHub][netbox-docker-wiki] for further information on how to use the NetBox Docker image properly.
The wiki covers advanced topics such as using files for secrets, configuring TLS, deployment to Kubernetes, monitoring and configuring LDAP.
The wiki covers advanced topics such as using files for secrets, configuring TLS, deployment to Kubernetes, monitoring and configuring NAPALM and LDAP.
Our wiki is a community effort.
Feel free to correct errors, update outdated information or provide additional guides and insights.
@ -110,7 +108,7 @@ Feel free to correct errors, update outdated information or provide additional g
Feel free to ask questions in our [GitHub Community][netbox-community]
or [join our Slack][netbox-docker-slack] and ask [in our channel `#netbox-docker`][netbox-docker-slack-channel],
which is free to use and where there are almost always people online that can help you.
which is free to use and where there are almost always people online that can help you in the Slack channel.
If you need help with using NetBox or developing for it or against it's API
you may find [the `#netbox` channel][netbox-slack-channel] on the same Slack instance very helpful.
@ -121,16 +119,16 @@ you may find [the `#netbox` channel][netbox-slack-channel] on the same Slack ins
This project relies only on _Docker_ and _docker-compose_ meeting these requirements:
- The _Docker version_ must be at least `20.10.10`.
- The _containerd version_ must be at least `1.5.6`.
- The _docker-compose version_ must be at least `1.28.0`.
* The _Docker version_ must be at least `20.10.10`.
* The _containerd version_ must be at least `1.5.6`.
* The _docker-compose version_ must be at least `1.28.0`.
To check the version installed on your system run `docker --version` and `docker compose version`.
To check the version installed on your system run `docker --version` and `docker-compose --version`.
## Updating
Please read [the release notes][releases] carefully when updating to a new image version.
Note that the version of the NetBox Docker container image must stay in sync with the version of the Git repository.
Note that the version of the NetBox Docker container image must stay in sync with the code.
If you update for the first time, be sure [to follow our _How To Update NetBox Docker_ guide in the wiki][netbox-docker-wiki-updating].
@ -139,8 +137,7 @@ If you update for the first time, be sure [to follow our _How To Update NetBox D
## Rebuilding the Image
`./build.sh` can be used to rebuild the container image.
See `./build.sh --help` for more information or `./build-latest.sh` for an example.
`./build.sh` can be used to rebuild the container image. See `./build.sh --help` for more information.
For more details on custom builds [consult our wiki][netbox-docker-wiki-build].
@ -149,15 +146,13 @@ For more details on custom builds [consult our wiki][netbox-docker-wiki-build].
## Tests
We have a test script.
It runs NetBox's own unit tests and ensures that NetBox starts:
It runs NetBox's own unit tests and ensures that all initializers work:
```bash
IMAGE=docker.io/netboxcommunity/netbox:latest ./test.sh
IMAGE=netboxcommunity/netbox:latest ./test.sh
```
## Support
This repository is currently maintained by the community.
The community is expected to help each other.
Please consider sponsoring the maintainers of this project.

2
VERSION
View file

@ -1 +1 @@
3.4.2
2.4.0

5
actionlint.yml
View file

@ -1,5 +0,0 @@
---
paths:
.github/workflows/**/*.{yml,yaml}:
ignore:
- ".*ubuntu-24.04-arm.*"

9
build-functions/check-commands.sh
View file

@ -1,9 +0,0 @@
#!/bin/bash
NEEDED_COMMANDS="curl jq docker skopeo"
for c in $NEEDED_COMMANDS; do
if ! command -v "$c" &>/dev/null; then
echo "⚠️ '$c' is not installed. Can't proceed with build."
exit 1
fi
done

80
build-functions/get-public-image-config.sh
View file

@ -1,18 +1,82 @@
#!/bin/bash
check_if_tags_exists() {
local image=$1
local tag=$2
skopeo list-tags "docker://$image" | jq -r ".Tags | contains([\"$tag\"])"
}
# Retrieves image configuration from public images in DockerHub
# Functions from https://gist.github.com/cirocosta/17ea17be7ac11594cb0f290b0a3ac0d1
# Optimised for our use case
get_image_label() {
local label=$1
local image=$2
skopeo inspect "docker://$image" | jq -r ".Labels[\"$label\"]"
local tag=$3
local token
token=$(_get_token "$image")
local digest
digest=$(_get_digest "$image" "$tag" "$token")
local retval="null"
if [ "$digest" != "null" ]; then
retval=$(_get_image_configuration "$image" "$token" "$digest" "$label")
fi
echo "$retval"
}
get_image_layers() {
local image=$1
local tag=$2
local token
token=$(_get_token "$image")
_get_layers "$image" "$tag" "$token"
}
get_image_last_layer() {
local image=$1
skopeo inspect "docker://$image" | jq -r ".Layers | last"
local tag=$2
local token
token=$(_get_token "$image")
local layers
mapfile -t layers < <(_get_layers "$image" "$tag" "$token")
echo "${layers[-1]}"
}
_get_image_configuration() {
local image=$1
local token=$2
local digest=$3
local label=$4
curl \
--silent \
--location \
--header "Authorization: Bearer $token" \
"https://registry-1.docker.io/v2/$image/blobs/$digest" |
jq -r ".config.Labels.\"$label\""
}
_get_token() {
local image=$1
curl \
--silent \
"https://auth.docker.io/token?scope=repository:$image:pull&service=registry.docker.io" |
jq -r '.token'
}
_get_digest() {
local image=$1
local tag=$2
local token=$3
curl \
--silent \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Authorization: Bearer $token" \
"https://registry-1.docker.io/v2/$image/manifests/$tag" |
jq -r '.config.digest'
}
_get_layers() {
local image=$1
local tag=$2
local token=$3
curl \
--silent \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Authorization: Bearer $token" \
"https://registry-1.docker.io/v2/$image/manifests/$tag" |
jq -r '.layers[].digest'
}

11
build-functions/gh-functions.sh
View file

@ -19,14 +19,3 @@ gh_env() {
echo "${@}" >>"${GITHUB_ENV}"
fi
}
###
# Prints the output to the file defined in ${GITHUB_OUTPUT}.
# Only executes if ${GH_ACTION} is defined.
# Example Usage: gh_env "FOO_VAR=bar_value"
###
gh_out() {
if [ -n "${GH_ACTION}" ]; then
echo "${@}" >>"$GITHUB_OUTPUT"
fi
}

50
build-latest.sh
View file

@ -1,27 +1,26 @@
#!/bin/bash
# Builds the latest released version
# Check if we have everything needed for the build
source ./build-functions/check-commands.sh
source ./build-functions/gh-functions.sh
echo "▶️ $0 $*"
CURL_ARGS=(
--silent
)
###
# Check for the jq library needed for parsing JSON
###
if ! command -v jq; then
echo "⚠️ jq command missing from \$PATH!"
exit 1
fi
###
# Checking for the presence of GITHUB_TOKEN
# Checking for the presence of GITHUB_OAUTH_CLIENT_ID
# and GITHUB_OAUTH_CLIENT_SECRET
###
if [ -n "${GITHUB_TOKEN}" ]; then
if [ -n "${GITHUB_OAUTH_CLIENT_ID}" ] && [ -n "${GITHUB_OAUTH_CLIENT_SECRET}" ]; then
echo "🗝 Performing authenticated Github API calls."
CURL_ARGS+=(
--header "Authorization: Bearer ${GITHUB_TOKEN}"
)
GITHUB_OAUTH_PARAMS="client_id=${GITHUB_OAUTH_CLIENT_ID}&client_secret=${GITHUB_OAUTH_CLIENT_SECRET}"
else
echo "🕶 Performing unauthenticated Github API calls. This might result in lower Github rate limits!"
GITHUB_OAUTH_PARAMS=""
fi
###
@ -43,27 +42,31 @@ fi
###
ORIGINAL_GITHUB_REPO="netbox-community/netbox"
GITHUB_REPO="${GITHUB_REPO-$ORIGINAL_GITHUB_REPO}"
URL_RELEASES="https://api.github.com/repos/${GITHUB_REPO}/releases"
URL_RELEASES="https://api.github.com/repos/${GITHUB_REPO}/releases?${GITHUB_OAUTH_PARAMS}"
# Composing the JQ commans to extract the most recent version number
JQ_LATEST="group_by(.prerelease) | .[] | sort_by(.published_at) | reverse | .[0] | select(.prerelease==${PRERELEASE-false}) | .tag_name"
CURL="curl"
CURL="curl -sS"
# Querying the Github API to fetch the most recent version number
VERSION=$($CURL "${CURL_ARGS[@]}" "${URL_RELEASES}" | jq -r "${JQ_LATEST}" 2>/dev/null)
VERSION=$($CURL "${URL_RELEASES}" | jq -r "${JQ_LATEST}")
###
# Check if the prerelease version is actually higher than stable version
###
if [ "${PRERELEASE}" == "true" ]; then
JQ_STABLE="group_by(.prerelease) | .[] | sort_by(.published_at) | reverse | .[0] | select(.prerelease==false) | .tag_name"
STABLE_VERSION=$($CURL "${CURL_ARGS[@]}" "${URL_RELEASES}" | jq -r "${JQ_STABLE}" 2>/dev/null)
STABLE_VERSION=$($CURL "${URL_RELEASES}" | jq -r "${JQ_STABLE}")
MAJOR_STABLE=$(expr "${STABLE_VERSION}" : 'v\([0-9]\+\)')
MINOR_STABLE=$(expr "${STABLE_VERSION}" : 'v[0-9]\+\.\([0-9]\+\)')
MAJOR_UNSTABLE=$(expr "${VERSION}" : 'v\([0-9]\+\)')
MINOR_UNSTABLE=$(expr "${VERSION}" : 'v[0-9]\+\.\([0-9]\+\)')
# shellcheck disable=SC2003
MAJOR_STABLE=$(expr match "${STABLE_VERSION}" 'v\([0-9]\+\)')
# shellcheck disable=SC2003
MINOR_STABLE=$(expr match "${STABLE_VERSION}" 'v[0-9]\+\.\([0-9]\+\)')
# shellcheck disable=SC2003
MAJOR_UNSTABLE=$(expr match "${VERSION}" 'v\([0-9]\+\)')
# shellcheck disable=SC2003
MINOR_UNSTABLE=$(expr match "${VERSION}" 'v[0-9]\+\.\([0-9]\+\)')
if {
[ "${MAJOR_STABLE}" -eq "${MAJOR_UNSTABLE}" ] &&
@ -72,7 +75,10 @@ if [ "${PRERELEASE}" == "true" ]; then
echo "❎ Latest unstable version '${VERSION}' is not higher than the latest stable version '$STABLE_VERSION'."
if [ -z "$DEBUG" ]; then
gh_out "skipped=true"
if [ -n "${GH_ACTION}" ]; then
echo "::set-output name=skipped::true"
fi
exit 0
else
echo "⚠️ Would exit here with code '0', but DEBUG is enabled."

92
build.sh
View file

@ -39,8 +39,9 @@ SKIP_GIT If defined, git is not invoked and \${NETBOX_PATH} will not be alter
TAG The version part of the image tag.
${_GREEN}Default:${_CLEAR}
When <branch>=main: snapshot
Else: same as <branch>
When <branch>=master: latest
When <branch>=develop: snapshot
Else: same as <branch>
IMAGE_NAMES The names used for the image including the registry
Used for tagging the image.
@ -60,9 +61,9 @@ DOCKERFILE The name of Dockerfile to use.
${_GREEN}Default:${_CLEAR} Dockerfile
DOCKER_FROM The base image to use.
${_GREEN}Default:${_CLEAR} 'ubuntu:24.04'
${_GREEN}Default:${_CLEAR} 'ubuntu:22.04'
BUILDX_PLATFORM
BUILDX_PLATFORMS
Specifies the platform(s) to build the image for.
${_CYAN}Example:${_CLEAR} 'linux/amd64,linux/arm64'
${_GREEN}Default:${_CLEAR} 'linux/amd64'
@ -102,22 +103,23 @@ GH_ACTION If defined, special 'echo' statements are enabled that set the
- FINAL_DOCKER_TAG: The final value of the DOCKER_TAG env variable
${_GREEN}Default:${_CLEAR} undefined
CHECK_ONLY Only checks if the build is needed and sets the GH Action output.
${_GREEN}Default:${_CLEAR} undefined
${_BOLD}Examples:${_CLEAR}
${0} main
This will fetch the latest 'main' branch, build a Docker Image and tag it
${0} master
This will fetch the latest 'master' branch, build a Docker Image and tag it
'netboxcommunity/netbox:latest'.
${0} develop
This will fetch the latest 'develop' branch, build a Docker Image and tag it
'netboxcommunity/netbox:snapshot'.
${0} v4.2.0
This will fetch the 'v4.2.0' tag, build a Docker Image and tag it
'netboxcommunity/netbox:v4.2.0' and 'netboxcommunity/netbox:v4.2'.
${0} v2.6.6
This will fetch the 'v2.6.6' tag, build a Docker Image and tag it
'netboxcommunity/netbox:v2.6.6' and 'netboxcommunity/netbox:v2.6'.
${0} feature
This will fetch the 'feature' branch, build a Docker Image and tag it
'netboxcommunity/netbox:feature'.
${0} develop-2.7
This will fetch the 'develop-2.7' branch, build a Docker Image and tag it
'netboxcommunity/netbox:develop-2.7'.
SRC_ORG=cimnine ${0} feature-x
This will fetch the 'feature-x' branch from https://github.com/cimnine/netbox.git,
@ -135,10 +137,6 @@ END_OF_HELP
fi
fi
# Check if we have everything needed for the build
source ./build-functions/check-commands.sh
# Load all build functions
source ./build-functions/get-public-image-config.sh
source ./build-functions/gh-functions.sh
IMAGE_NAMES="${IMAGE_NAMES-docker.io/netboxcommunity/netbox}"
@ -172,7 +170,7 @@ if [ "${2}" != "--push-only" ] && [ -z "${SKIP_GIT}" ]; then
REMOTE_EXISTS=$(git ls-remote --heads --tags "${URL}" "${NETBOX_BRANCH}" | wc -l)
if [ "${REMOTE_EXISTS}" == "0" ]; then
echo "❌ Remote branch '${NETBOX_BRANCH}' not found in '${URL}'; Nothing to do"
gh_out "skipped=true"
gh_echo "::set-output name=skipped::true"
exit 0
fi
echo "🌐 Checking out '${NETBOX_BRANCH}' of NetBox from the url '${URL}' into '${NETBOX_PATH}'"
@ -217,13 +215,13 @@ fi
# Determining the value for DOCKER_FROM
###
if [ -z "$DOCKER_FROM" ]; then
DOCKER_FROM="docker.io/ubuntu:24.04"
DOCKER_FROM="ubuntu:22.04"
fi
###
# Variables for labelling the docker image
###
BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%S+00:00')"
BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M+00:00')"
if [ -d ".git" ] && [ -z "${SKIP_GIT}" ]; then
GIT_REF="$(git rev-parse HEAD)"
@ -255,7 +253,10 @@ DOCKER_REGISTRY="${DOCKER_REGISTRY-docker.io}"
DOCKER_ORG="${DOCKER_ORG-netboxcommunity}"
DOCKER_REPO="${DOCKER_REPO-netbox}"
case "${NETBOX_BRANCH}" in
main)
master)
TAG="${TAG-latest}"
;;
develop)
TAG="${TAG-snapshot}"
;;
*)
@ -271,7 +272,7 @@ TARGET_DOCKER_TAG_PROJECT="${TARGET_DOCKER_TAG}-${PROJECT_VERSION}"
###
# composing the additional DOCKER_SHORT_TAG,
# i.e. "v4.2.0" becomes "v4.2",
# i.e. "v2.6.1" becomes "v2.6",
# which is only relevant for version tags
# Also let "latest" follow the highest version
###
@ -299,37 +300,39 @@ if [ -n "${TARGET_DOCKER_SHORT_TAG}" ]; then
done
fi
FINAL_DOCKER_TAG="${IMAGE_NAME_TAGS[0]}"
gh_env "FINAL_DOCKER_TAG=${IMAGE_NAME_TAGS[0]}"
###
# Checking if the build is necessary,
# meaning build only if one of those values changed:
# - a new tag is beeing created
# - base image digest
# - netbox git ref (Label: netbox.git-ref)
# - netbox-docker git ref (Label: org.opencontainers.image.revision)
###
# Load information from registry (only for first registry in "IMAGE_NAMES")
# Load information from registry (only for docker.io)
SHOULD_BUILD="false"
BUILD_REASON=""
if [ -z "${GH_ACTION}" ]; then
# Asuming non Github builds should always proceed
SHOULD_BUILD="true"
BUILD_REASON="${BUILD_REASON} interactive"
elif [ "false" == "$(check_if_tags_exists "${IMAGE_NAMES[0]}" "$TARGET_DOCKER_TAG")" ]; then
SHOULD_BUILD="true"
BUILD_REASON="${BUILD_REASON} newtag"
else
echo "Checking labels for '${FINAL_DOCKER_TAG}'"
BASE_LAST_LAYER=$(get_image_last_layer "${DOCKER_FROM}")
OLD_BASE_LAST_LAYER=$(get_image_label netbox.last-base-image-layer "${FINAL_DOCKER_TAG}")
NETBOX_GIT_REF_OLD=$(get_image_label netbox.git-ref "${FINAL_DOCKER_TAG}")
GIT_REF_OLD=$(get_image_label org.opencontainers.image.revision "${FINAL_DOCKER_TAG}")
elif [[ "${IMAGE_NAME_TAGS[0]}" = docker.io* ]]; then
source ./build-functions/get-public-image-config.sh
IFS=':' read -ra DOCKER_FROM_SPLIT <<<"${DOCKER_FROM}"
if ! [[ ${DOCKER_FROM_SPLIT[0]} =~ .*/.* ]]; then
# Need to use "library/..." for images the have no two part name
DOCKER_FROM_SPLIT[0]="library/${DOCKER_FROM_SPLIT[0]}"
fi
IFS='/' read -ra ORG_REPO <<<"${IMAGE_NAMES[0]}"
echo "Checking labels for '${ORG_REPO[1]}' and '${ORG_REPO[2]}'"
BASE_LAST_LAYER=$(get_image_last_layer "${DOCKER_FROM_SPLIT[0]}" "${DOCKER_FROM_SPLIT[1]}")
mapfile -t IMAGES_LAYERS_OLD < <(get_image_layers "${ORG_REPO[1]}"/"${ORG_REPO[2]}" "${TAG}")
NETBOX_GIT_REF_OLD=$(get_image_label netbox.git-ref "${ORG_REPO[1]}"/"${ORG_REPO[2]}" "${TAG}")
GIT_REF_OLD=$(get_image_label org.opencontainers.image.revision "${ORG_REPO[1]}"/"${ORG_REPO[2]}" "${TAG}")
if [ "${BASE_LAST_LAYER}" != "${OLD_BASE_LAST_LAYER}" ]; then
if ! printf '%s\n' "${IMAGES_LAYERS_OLD[@]}" | grep -q -P "^${BASE_LAST_LAYER}\$"; then
SHOULD_BUILD="true"
BUILD_REASON="${BUILD_REASON} ubuntu"
BUILD_REASON="${BUILD_REASON} debian"
fi
if [ "${NETBOX_GIT_REF}" != "${NETBOX_GIT_REF_OLD}" ]; then
SHOULD_BUILD="true"
@ -339,22 +342,20 @@ else
SHOULD_BUILD="true"
BUILD_REASON="${BUILD_REASON} netbox-docker"
fi
else
SHOULD_BUILD="true"
BUILD_REASON="${BUILD_REASON} no-check"
fi
if [ "${SHOULD_BUILD}" != "true" ]; then
echo "Build skipped because sources didn't change"
gh_out "skipped=true"
echo "::set-output name=skipped::true"
exit 0 # Nothing to do -> exit
else
gh_out "skipped=false"
gh_echo "::set-output name=skipped::false"
fi
gh_echo "::endgroup::"
if [ "${CHECK_ONLY}" = "true" ]; then
echo "Only check if build needed was requested. Exiting"
exit 0
fi
###
# Build the image
###
@ -392,7 +393,6 @@ fi
if [ -n "${BUILD_REASON}" ]; then
BUILD_REASON=$(sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' <<<"$BUILD_REASON")
DOCKER_BUILD_ARGS+=(--label "netbox.build-reason=${BUILD_REASON}")
DOCKER_BUILD_ARGS+=(--label "netbox.last-base-image-layer=${BASE_LAST_LAYER}")
fi
# --build-arg

143
configuration/configuration.py
View file

@ -58,27 +58,22 @@ _BASE_DIR = dirname(dirname(abspath(__file__)))
#
# Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']
ALLOWED_HOSTS = environ.get('ALLOWED_HOSTS', '*').split(' ')
# ensure that '*' or 'localhost' is always in ALLOWED_HOSTS (needed for health checks)
if '*' not in ALLOWED_HOSTS and 'localhost' not in ALLOWED_HOSTS:
ALLOWED_HOSTS.append('localhost')
# PostgreSQL database configuration. See the Django documentation for a complete list of available parameters:
# https://docs.djangoproject.com/en/stable/ref/settings/#databases
DATABASES = {
'default': {
'NAME': environ.get('DB_NAME', 'netbox'), # Database name
'USER': environ.get('DB_USER', ''), # PostgreSQL username
'PASSWORD': _read_secret('db_password', environ.get('DB_PASSWORD', '')),
# PostgreSQL password
'HOST': environ.get('DB_HOST', 'localhost'), # Database server
'PORT': environ.get('DB_PORT', ''), # Database port (leave blank for default)
'OPTIONS': {'sslmode': environ.get('DB_SSLMODE', 'prefer')},
# Database connection SSLMODE
'CONN_MAX_AGE': _environ_get_and_map('DB_CONN_MAX_AGE', '300', _AS_INT),
# Max database connection age
'DISABLE_SERVER_SIDE_CURSORS': _environ_get_and_map('DB_DISABLE_SERVER_SIDE_CURSORS', 'False', _AS_BOOL),
# Disable the use of server-side cursors transaction pooling
}
DATABASE = {
'NAME': environ.get('DB_NAME', 'netbox'), # Database name
'USER': environ.get('DB_USER', ''), # PostgreSQL username
'PASSWORD': _read_secret('db_password', environ.get('DB_PASSWORD', '')),
# PostgreSQL password
'HOST': environ.get('DB_HOST', 'localhost'), # Database server
'PORT': environ.get('DB_PORT', ''), # Database port (leave blank for default)
'OPTIONS': {'sslmode': environ.get('DB_SSLMODE', 'prefer')},
# Database connection SSLMODE
'CONN_MAX_AGE': _environ_get_and_map('DB_CONN_MAX_AGE', '300', _AS_INT),
# Max database connection age
'DISABLE_SERVER_SIDE_CURSORS': _environ_get_and_map('DB_DISABLE_SERVER_SIDE_CURSORS', 'False', _AS_BOOL),
# Disable the use of server-side cursors transaction pooling
}
# Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate
@ -88,10 +83,6 @@ REDIS = {
'tasks': {
'HOST': environ.get('REDIS_HOST', 'localhost'),
'PORT': _environ_get_and_map('REDIS_PORT', 6379, _AS_INT),
'SENTINELS': [tuple(uri.split(':')) for uri in _environ_get_and_map('REDIS_SENTINELS', '', _AS_LIST) if uri != ''],
'SENTINEL_SERVICE': environ.get('REDIS_SENTINEL_SERVICE', 'default'),
'SENTINEL_TIMEOUT': _environ_get_and_map('REDIS_SENTINEL_TIMEOUT', 10, _AS_INT),
'USERNAME': environ.get('REDIS_USERNAME', ''),
'PASSWORD': _read_secret('redis_password', environ.get('REDIS_PASSWORD', '')),
'DATABASE': _environ_get_and_map('REDIS_DATABASE', 0, _AS_INT),
'SSL': _environ_get_and_map('REDIS_SSL', 'False', _AS_BOOL),
@ -100,9 +91,6 @@ REDIS = {
'caching': {
'HOST': environ.get('REDIS_CACHE_HOST', environ.get('REDIS_HOST', 'localhost')),
'PORT': _environ_get_and_map('REDIS_CACHE_PORT', environ.get('REDIS_PORT', '6379'), _AS_INT),
'SENTINELS': [tuple(uri.split(':')) for uri in _environ_get_and_map('REDIS_CACHE_SENTINELS', '', _AS_LIST) if uri != ''],
'SENTINEL_SERVICE': environ.get('REDIS_CACHE_SENTINEL_SERVICE', environ.get('REDIS_SENTINEL_SERVICE', 'default')),
'USERNAME': environ.get('REDIS_CACHE_USERNAME', environ.get('REDIS_USERNAME', '')),
'PASSWORD': _read_secret('redis_cache_password', environ.get('REDIS_CACHE_PASSWORD', environ.get('REDIS_PASSWORD', ''))),
'DATABASE': _environ_get_and_map('REDIS_CACHE_DATABASE', '1', _AS_INT),
'SSL': _environ_get_and_map('REDIS_CACHE_SSL', environ.get('REDIS_SSL', 'False'), _AS_BOOL),
@ -116,11 +104,6 @@ REDIS = {
# https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY
SECRET_KEY = _read_secret('secret_key', environ.get('SECRET_KEY', ''))
API_TOKEN_PEPPERS = {}
if api_token_pepper := _read_secret('api_token_pepper_1', environ.get('API_TOKEN_PEPPER_1', '')):
API_TOKEN_PEPPERS.update({1: api_token_pepper})
#########################
# #
@ -148,16 +131,17 @@ if 'BANNER_BOTTOM' in environ:
if 'BANNER_LOGIN' in environ:
BANNER_LOGIN = environ.get('BANNER_LOGIN', None)
# Base URL path if accessing NetBox within a directory. For example, if installed at http://example.com/netbox/, set:
# BASE_PATH = 'netbox/'
BASE_PATH = environ.get('BASE_PATH', '')
# Maximum number of days to retain logged changes. Set to 0 to retain changes indefinitely. (Default: 90)
if 'CHANGELOG_RETENTION' in environ:
CHANGELOG_RETENTION = _environ_get_and_map('CHANGELOG_RETENTION', None, _AS_INT)
# Maximum number of days to retain job results (scripts and reports). Set to 0 to retain job results in the database indefinitely. (Default: 90)
if 'JOB_RETENTION' in environ:
JOB_RETENTION = _environ_get_and_map('JOB_RETENTION', None, _AS_INT)
# JOBRESULT_RETENTION was renamed to JOB_RETENTION in the v3.5.0 release of NetBox. For backwards compatibility, map JOBRESULT_RETENTION to JOB_RETENTION
elif 'JOBRESULT_RETENTION' in environ:
JOB_RETENTION = _environ_get_and_map('JOBRESULT_RETENTION', None, _AS_INT)
if 'JOBRESULT_RETENTION' in environ:
JOBRESULT_RETENTION = _environ_get_and_map('JOBRESULT_RETENTION', None, _AS_INT)
# API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be
# allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or
@ -195,22 +179,15 @@ EMAIL = {
if 'ENFORCE_GLOBAL_UNIQUE' in environ:
ENFORCE_GLOBAL_UNIQUE = _environ_get_and_map('ENFORCE_GLOBAL_UNIQUE', None, _AS_BOOL)
# By default, netbox sends census reporting data using a single HTTP request each time a worker starts.
# This data enables the project maintainers to estimate how many NetBox deployments exist and track the adoption of new versions over time.
# The only data reported by this function are the NetBox version, Python version, and a pseudorandom unique identifier.
# To opt out of census reporting, set CENSUS_REPORTING_ENABLED to False.
if 'CENSUS_REPORTING_ENABLED' in environ:
CENSUS_REPORTING_ENABLED = _environ_get_and_map('CENSUS_REPORTING_ENABLED', None, _AS_BOOL)
# Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and
# by anonymous users. List models in the form `<app>.<model>`. Add '*' to this list to exempt all models.
EXEMPT_VIEW_PERMISSIONS = _environ_get_and_map('EXEMPT_VIEW_PERMISSIONS', '', _AS_LIST)
# HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks).
HTTP_PROXIES = {
'http': environ.get('HTTP_PROXY', None),
'https': environ.get('HTTPS_PROXY', None),
}
# HTTP_PROXIES = {
# 'http': 'http://10.10.1.10:3128',
# 'https': 'http://10.10.1.10:1080',
# }
# IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing
# NetBox from an internal IP.
@ -228,9 +205,9 @@ if 'GRAPHQL_ENABLED' in environ:
# authenticated to NetBox indefinitely.
LOGIN_PERSISTENCE = _environ_get_and_map('LOGIN_PERSISTENCE', 'False', _AS_BOOL)
# When enabled, only authenticated users are permitted to access any part of NetBox.
# Disabling this will allow unauthenticated users to access most areas of NetBox (but not make any changes).
LOGIN_REQUIRED = _environ_get_and_map('LOGIN_REQUIRED', 'True', _AS_BOOL)
# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users
# are permitted to access most data in NetBox (excluding secrets) but not make any changes.
LOGIN_REQUIRED = _environ_get_and_map('LOGIN_REQUIRED', 'False', _AS_BOOL)
# The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to
# re-authenticate. (Default: 1209600 [14 days])
@ -257,6 +234,20 @@ MEDIA_ROOT = environ.get('MEDIA_ROOT', join(_BASE_DIR, 'media'))
# Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics'
METRICS_ENABLED = _environ_get_and_map('METRICS_ENABLED', 'False', _AS_BOOL)
# Credentials that NetBox will uses to authenticate to devices when connecting via NAPALM.
if 'NAPALM_USERNAME' in environ:
NAPALM_USERNAME = environ.get('NAPALM_USERNAME', None)
if 'NAPALM_PASSWORD' in environ:
NAPALM_PASSWORD = _read_secret('napalm_password', environ.get('NAPALM_PASSWORD', None))
# NAPALM timeout (in seconds). (Default: 30)
if 'NAPALM_TIMEOUT' in environ:
NAPALM_TIMEOUT = _environ_get_and_map('NAPALM_TIMEOUT', None, _AS_INT)
# # NAPALM optional arguments (see http://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must
# # be provided as a dictionary.
# NAPALM_ARGS = None
# Determine how many objects to display per page within a list. (Default: 50)
if 'PAGINATE_COUNT' in environ:
PAGINATE_COUNT = _environ_get_and_map('PAGINATE_COUNT', None, _AS_INT)
@ -293,32 +284,29 @@ if 'RACK_ELEVATION_DEFAULT_UNIT_WIDTH' in environ:
RACK_ELEVATION_DEFAULT_UNIT_WIDTH = _environ_get_and_map('RACK_ELEVATION_DEFAULT_UNIT_WIDTH', None, _AS_INT)
# Remote authentication support
REMOTE_AUTH_AUTO_CREATE_GROUPS = _environ_get_and_map('REMOTE_AUTH_AUTO_CREATE_GROUPS', 'False', _AS_BOOL)
REMOTE_AUTH_AUTO_CREATE_USER = _environ_get_and_map('REMOTE_AUTH_AUTO_CREATE_USER', 'False', _AS_BOOL)
REMOTE_AUTH_BACKEND = _environ_get_and_map('REMOTE_AUTH_BACKEND', 'netbox.authentication.RemoteUserBackend', _AS_LIST)
REMOTE_AUTH_DEFAULT_GROUPS = _environ_get_and_map('REMOTE_AUTH_DEFAULT_GROUPS', '', _AS_LIST)
# REMOTE_AUTH_DEFAULT_PERMISSIONS = {} # dicts can't be configured via environment variables. See extra.py instead.
REMOTE_AUTH_ENABLED = _environ_get_and_map('REMOTE_AUTH_ENABLED', 'False', _AS_BOOL)
REMOTE_AUTH_GROUP_HEADER = _environ_get_and_map('REMOTE_AUTH_GROUP_HEADER', 'HTTP_REMOTE_USER_GROUP')
REMOTE_AUTH_GROUP_SEPARATOR = _environ_get_and_map('REMOTE_AUTH_GROUP_SEPARATOR', '|')
REMOTE_AUTH_GROUP_SYNC_ENABLED = _environ_get_and_map('REMOTE_AUTH_GROUP_SYNC_ENABLED', 'False', _AS_BOOL)
REMOTE_AUTH_BACKEND = environ.get('REMOTE_AUTH_BACKEND', 'netbox.authentication.RemoteUserBackend')
REMOTE_AUTH_HEADER = environ.get('REMOTE_AUTH_HEADER', 'HTTP_REMOTE_USER')
REMOTE_AUTH_USER_EMAIL = environ.get('REMOTE_AUTH_USER_EMAIL', 'HTTP_REMOTE_USER_EMAIL')
REMOTE_AUTH_USER_FIRST_NAME = environ.get('REMOTE_AUTH_USER_FIRST_NAME', 'HTTP_REMOTE_USER_FIRST_NAME')
REMOTE_AUTH_USER_LAST_NAME = environ.get('REMOTE_AUTH_USER_LAST_NAME', 'HTTP_REMOTE_USER_LAST_NAME')
REMOTE_AUTH_SUPERUSER_GROUPS = _environ_get_and_map('REMOTE_AUTH_SUPERUSER_GROUPS', '', _AS_LIST)
REMOTE_AUTH_SUPERUSERS = _environ_get_and_map('REMOTE_AUTH_SUPERUSERS', '', _AS_LIST)
REMOTE_AUTH_STAFF_GROUPS = _environ_get_and_map('REMOTE_AUTH_STAFF_GROUPS', '', _AS_LIST)
REMOTE_AUTH_STAFF_USERS = _environ_get_and_map('REMOTE_AUTH_STAFF_USERS', '', _AS_LIST)
REMOTE_AUTH_AUTO_CREATE_USER = _environ_get_and_map('REMOTE_AUTH_AUTO_CREATE_USER', 'True', _AS_BOOL)
REMOTE_AUTH_DEFAULT_GROUPS = _environ_get_and_map('REMOTE_AUTH_DEFAULT_GROUPS', '', _AS_LIST)
# REMOTE_AUTH_DEFAULT_PERMISSIONS = {}
# This repository is used to check whether there is a new release of NetBox available. Set to None to disable the
# version check or use the URL below to check for release in the official NetBox repository.
RELEASE_CHECK_URL = environ.get('RELEASE_CHECK_URL', None)
# RELEASE_CHECK_URL = 'https://api.github.com/repos/netbox-community/netbox/releases'
# The file path where custom reports will be stored. A trailing slash is not needed. Note that the default value of
# this setting is derived from the installed location.
REPORTS_ROOT = environ.get('REPORTS_ROOT', '/etc/netbox/reports')
# Maximum execution time for background tasks, in seconds.
RQ_DEFAULT_TIMEOUT = _environ_get_and_map('RQ_DEFAULT_TIMEOUT', 300, _AS_INT)
# The file path where custom scripts will be stored. A trailing slash is not needed. Note that the default value of
# this setting is derived from the installed location.
SCRIPTS_ROOT = environ.get('SCRIPTS_ROOT', '/etc/netbox/scripts')
# The name to use for the csrf token cookie.
CSRF_COOKIE_NAME = environ.get('CSRF_COOKIE_NAME', 'csrftoken')
@ -330,23 +318,6 @@ CSRF_TRUSTED_ORIGINS = _environ_get_and_map('CSRF_TRUSTED_ORIGINS', '', _AS_LIST
# The name to use for the session cookie.
SESSION_COOKIE_NAME = environ.get('SESSION_COOKIE_NAME', 'sessionid')
# If true, the `includeSubDomains` directive will be included in the HTTP Strict Transport Security (HSTS) header.
# This directive instructs the browser to apply the HSTS policy to all subdomains of the current domain.
SECURE_HSTS_INCLUDE_SUBDOMAINS = _environ_get_and_map('SECURE_HSTS_INCLUDE_SUBDOMAINS', 'False', _AS_BOOL)
# If true, the `preload` directive will be included in the HTTP Strict Transport Security (HSTS) header.
# This directive instructs the browser to preload the site in HTTPS. Browsers that use the HSTS preload list will force the
# site to be accessed via HTTPS even if the user types HTTP in the address bar.
SECURE_HSTS_PRELOAD = _environ_get_and_map('SECURE_HSTS_PRELOAD', 'False', _AS_BOOL)
# If set to a non-zero integer value, the SecurityMiddleware sets the HTTP Strict Transport Security (HSTS) header on all
# responses that do not already have it. This will instruct the browser that the website must be accessed via HTTPS,
# blocking any HTTP request.
SECURE_HSTS_SECONDS = _environ_get_and_map('SECURE_HSTS_SECONDS', 0, _AS_INT)
# If true, all non-HTTPS requests will be automatically redirected to use HTTPS.
SECURE_SSL_REDIRECT = _environ_get_and_map('SECURE_SSL_REDIRECT', 'False', _AS_BOOL)
# By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use
# local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only
# database access.) Note that the user as which NetBox runs must have read and write permissions to this path.
@ -355,5 +326,11 @@ SESSION_FILE_PATH = environ.get('SESSION_FILE_PATH', environ.get('SESSIONS_ROOT'
# Time zone (default: UTC)
TIME_ZONE = environ.get('TIME_ZONE', 'UTC')
# If true disables miscellaneous functionality which depends on access to the Internet.
ISOLATED_DEPLOYMENT = _environ_get_and_map('ISOLATED_DEPLOYMENT', 'False', _AS_BOOL)
# Date/time formatting. See the following link for supported formats:
# https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date
DATE_FORMAT = environ.get('DATE_FORMAT', 'N j, Y')
SHORT_DATE_FORMAT = environ.get('SHORT_DATE_FORMAT', 'Y-m-d')
TIME_FORMAT = environ.get('TIME_FORMAT', 'g:i a')
SHORT_TIME_FORMAT = environ.get('SHORT_TIME_FORMAT', 'H:i:s')
DATETIME_FORMAT = environ.get('DATETIME_FORMAT', 'N j, Y g:i a')
SHORT_DATETIME_FORMAT = environ.get('SHORT_DATETIME_FORMAT', 'Y-m-d H:i')

6
configuration/extra.py
View file

@ -15,6 +15,12 @@
# 'file', 'ftp', 'ftps', 'http', 'https', 'irc', 'mailto', 'sftp', 'ssh', 'tel', 'telnet', 'tftp', 'vnc', 'xmpp',
# )
## NAPALM optional arguments (see http://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must
## be provided as a dictionary.
# NAPALM_ARGS = {}
## Enable installed plugins. Add the name of each plugin to the list.
# from netbox.configuration.configuration import PLUGINS
# PLUGINS.append('my_plugin')

21
configuration/ldap/ldap_config.py
View file

@ -61,26 +61,18 @@ LDAP_CA_CERT_FILE = environ.get('LDAP_CA_CERT_FILE', None)
AUTH_LDAP_USER_SEARCH_BASEDN = environ.get('AUTH_LDAP_USER_SEARCH_BASEDN', '')
AUTH_LDAP_USER_SEARCH_ATTR = environ.get('AUTH_LDAP_USER_SEARCH_ATTR', 'sAMAccountName')
AUTH_LDAP_USER_SEARCH_FILTER: str = environ.get(
'AUTH_LDAP_USER_SEARCH_FILTER', f'({AUTH_LDAP_USER_SEARCH_ATTR}=%(user)s)'
)
AUTH_LDAP_USER_SEARCH = LDAPSearch(
AUTH_LDAP_USER_SEARCH_BASEDN, ldap.SCOPE_SUBTREE, AUTH_LDAP_USER_SEARCH_FILTER
AUTH_LDAP_USER_SEARCH_BASEDN,
ldap.SCOPE_SUBTREE,
"(" + AUTH_LDAP_USER_SEARCH_ATTR + "=%(user)s)"
)
# This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group
# heirarchy.
AUTH_LDAP_GROUP_SEARCH_BASEDN = environ.get('AUTH_LDAP_GROUP_SEARCH_BASEDN', '')
AUTH_LDAP_GROUP_SEARCH_CLASS = environ.get('AUTH_LDAP_GROUP_SEARCH_CLASS', 'group')
AUTH_LDAP_GROUP_SEARCH_FILTER: str = environ.get(
'AUTH_LDAP_GROUP_SEARCH_FILTER', f'(objectclass={AUTH_LDAP_GROUP_SEARCH_CLASS})'
)
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
AUTH_LDAP_GROUP_SEARCH_BASEDN, ldap.SCOPE_SUBTREE, AUTH_LDAP_GROUP_SEARCH_FILTER
)
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_BASEDN, ldap.SCOPE_SUBTREE,
"(objectClass=" + AUTH_LDAP_GROUP_SEARCH_CLASS + ")")
AUTH_LDAP_GROUP_TYPE = _import_group_type(environ.get('AUTH_LDAP_GROUP_TYPE', 'GroupOfNamesType'))
# Define a group required to login.
@ -109,6 +101,3 @@ AUTH_LDAP_USER_ATTR_MAP = {
"last_name": environ.get('AUTH_LDAP_ATTR_LASTNAME', 'sn'),
"email": environ.get('AUTH_LDAP_ATTR_MAIL', 'mail')
}
# Update user object with the latest values from the LDAP directory every time the user logs in.
AUTH_LDAP_ALWAYS_UPDATE_USER = environ.get('AUTH_LDAP_ALWAYS_UPDATE_USER', 'True').lower() == 'true'

21
docker-compose.override.yml.example
View file

@ -1,22 +1,5 @@
version: '3.4'
services:
netbox:
ports:
- "8000:8080"
# If you want the Nginx unit status page visible from the
# outside of the container add the following port mapping:
# - "8001:8081"
# healthcheck:
# Time for which the health check can fail after the container is started.
# This depends mostly on the performance of your database. On the first start,
# when all tables need to be created the start_period should be higher than on
# subsequent starts. For the first start after major version upgrades of NetBox
# the start_period might also need to be set higher.
# Default value in our docker-compose.yml is 60s
# start_period: 90s
# environment:
# SKIP_SUPERUSER: "false"
# SUPERUSER_API_TOKEN: ""
# SUPERUSER_EMAIL: ""
# SUPERUSER_NAME: ""
# SUPERUSER_PASSWORD: ""
- 8000:8080

5
docker-compose.test.override.yml
View file

@ -1,5 +0,0 @@
services:
netbox:
ports:
- "127.0.0.1:8000:8080"

65
docker-compose.test.yml
View file

@ -1,61 +1,44 @@
version: '3.4'
services:
netbox: &netbox
image: ${IMAGE-docker.io/netboxcommunity/netbox:latest}
netbox:
image: ${IMAGE-netboxcommunity/netbox:latest}
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
condition: service_started
redis-cache:
condition: service_healthy
condition: service_started
env_file: env/netbox.env
user: "unit:root"
user: 'unit:root'
volumes:
- ./test-configuration/test_config.py:/etc/netbox/config/test_config.py:z,ro
healthcheck:
test: curl -f http://localhost:8080/login/ || exit 1
start_period: ${NETBOX_START_PERIOD-120s}
timeout: 3s
interval: 15s
netbox-worker:
<<: *netbox
command:
- /opt/netbox/venv/bin/python
- /opt/netbox/netbox/manage.py
- rqworker
healthcheck:
test: ps -aux | grep -v grep | grep -q rqworker || exit 1
start_period: 40s
timeout: 3s
interval: 15s
- ./configuration:/etc/netbox/config:z,ro
- ./test-configuration/logging.py:/etc/netbox/config/logging.py:z,ro
- ./reports:/etc/netbox/reports:z,ro
- ./scripts:/etc/netbox/scripts:z,ro
- netbox-media-files:/opt/netbox/netbox/media:z
postgres:
image: docker.io/postgres:17-alpine
image: postgres:15-alpine
env_file: env/postgres.env
healthcheck:
test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER ## $$ because of docker-compose
start_period: 20s
interval: 1s
test: ["CMD-SHELL", "pg_isready"]
interval: 10s
timeout: 5s
retries: 5
redis: &redis
image: docker.io/valkey/valkey:8.1-alpine
redis:
image: redis:7-alpine
command:
- sh
- -c # this is to evaluate the $REDIS_PASSWORD from the env
- valkey-server --save "" --appendonly no --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
- sh
- -c # this is to evaluate the $REDIS_PASSWORD from the env
- redis-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
env_file: env/redis.env
healthcheck:
test: '[ $$(valkey-cli --pass "$${REDIS_PASSWORD}" ping) = ''PONG'' ]'
start_period: 5s
timeout: 3s
interval: 1s
retries: 5
redis-cache:
<<: *redis
image: redis:7-alpine
command:
- sh
- -c # this is to evaluate the $REDIS_PASSWORD from the env
- redis-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
env_file: env/redis-cache.env
volumes:
netbox-media-files:
driver: local

86
docker-compose.yml
View file

@ -1,87 +1,83 @@
version: '3.4'
services:
netbox: &netbox
image: docker.io/netboxcommunity/netbox:${VERSION-v4.4-3.4.1}
image: netboxcommunity/netbox:${VERSION-v3.4-2.4.0}
depends_on:
- postgres
- redis
- redis-cache
- postgres
- redis
- redis-cache
env_file: env/netbox.env
user: "unit:root"
user: 'unit:root'
healthcheck:
test: curl -f http://localhost:8080/login/ || exit 1
start_period: 90s
start_period: 60s
timeout: 3s
interval: 15s
test: "curl -f http://localhost:8080/api/ || exit 1"
volumes:
- ./configuration:/etc/netbox/config:z,ro
- netbox-media-files:/opt/netbox/netbox/media:rw
- netbox-reports-files:/opt/netbox/netbox/reports:rw
- netbox-scripts-files:/opt/netbox/netbox/scripts:rw
- ./configuration:/etc/netbox/config:z,ro
- ./reports:/etc/netbox/reports:z,ro
- ./scripts:/etc/netbox/scripts:z,ro
- netbox-media-files:/opt/netbox/netbox/media:z
netbox-worker:
<<: *netbox
depends_on:
netbox:
condition: service_healthy
command:
- /opt/netbox/venv/bin/python
- /opt/netbox/netbox/manage.py
- rqworker
- /opt/netbox/venv/bin/python
- /opt/netbox/netbox/manage.py
- rqworker
healthcheck:
test: ps -aux | grep -v grep | grep -q rqworker || exit 1
start_period: 20s
timeout: 3s
interval: 15s
test: "ps -aux | grep -v grep | grep -q rqworker || exit 1"
netbox-housekeeping:
<<: *netbox
depends_on:
netbox:
condition: service_healthy
command:
- /opt/netbox/housekeeping.sh
healthcheck:
start_period: 20s
timeout: 3s
interval: 15s
test: "ps -aux | grep -v grep | grep -q housekeeping || exit 1"
# postgres
postgres:
image: docker.io/postgres:17-alpine
healthcheck:
test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER
start_period: 20s
timeout: 30s
interval: 10s
retries: 5
image: postgres:15-alpine
env_file: env/postgres.env
volumes:
- netbox-postgres-data:/var/lib/postgresql/data
- netbox-postgres-data:/var/lib/postgresql/data
# redis
redis:
image: docker.io/valkey/valkey:8.1-alpine
image: redis:7-alpine
command:
- sh
- -c # this is to evaluate the $REDIS_PASSWORD from the env
- valkey-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
healthcheck: &redis-healthcheck
test: '[ $$(valkey-cli --pass "$${REDIS_PASSWORD}" ping) = ''PONG'' ]'
start_period: 5s
timeout: 3s
interval: 1s
retries: 5
- sh
- -c # this is to evaluate the $REDIS_PASSWORD from the env
- redis-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
env_file: env/redis.env
volumes:
- netbox-redis-data:/data
- netbox-redis-data:/data
redis-cache:
image: docker.io/valkey/valkey:8.1-alpine
image: redis:7-alpine
command:
- sh
- -c # this is to evaluate the $REDIS_PASSWORD from the env
- valkey-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
healthcheck: *redis-healthcheck
- sh
- -c # this is to evaluate the $REDIS_PASSWORD from the env
- redis-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
env_file: env/redis-cache.env
volumes:
- netbox-redis-cache-data:/data
- netbox-redis-cache-data:/data
volumes:
netbox-media-files:
driver: local
netbox-postgres-data:
driver: local
netbox-redis-cache-data:
driver: local
netbox-redis-data:
driver: local
netbox-reports-files:
driver: local
netbox-scripts-files:
netbox-redis-cache-data:
driver: local

17
docker/docker-entrypoint.sh
View file

@ -46,8 +46,6 @@ if ! ./manage.py migrate --check >/dev/null 2>&1; then
./manage.py remove_stale_contenttypes --no-input
echo "⚙️ Removing expired user sessions"
./manage.py clearsessions
echo "⚙️ Building search index (lazy)"
./manage.py reindex --lazy
fi
# Create Superuser if required
@ -72,25 +70,16 @@ else
fi
./manage.py shell --interface python <<END
from users.models import Token, User
from django.contrib.auth.models import User
from users.models import Token
if not User.objects.filter(username='${SUPERUSER_NAME}'):
u = User.objects.create_superuser('${SUPERUSER_NAME}', '${SUPERUSER_EMAIL}', '${SUPERUSER_PASSWORD}')
u=User.objects.create_superuser('${SUPERUSER_NAME}', '${SUPERUSER_EMAIL}', '${SUPERUSER_PASSWORD}')
Token.objects.create(user=u, key='${SUPERUSER_API_TOKEN}')
END
echo "💡 Superuser Username: ${SUPERUSER_NAME}, E-Mail: ${SUPERUSER_EMAIL}"
fi
./manage.py shell --interface python <<END
from users.models import Token
try:
old_default_token = Token.objects.get(key="0123456789abcdef0123456789abcdef01234567")
if old_default_token:
print("⚠️ Warning: You have the old default admin API token in your database. This token is widely known; please remove it. Log in as your superuser and check API Tokens in your user menu.")
except Token.DoesNotExist:
pass
END
echo "✅ Initialisation is done."
# Launch whatever is passed by docker

8
docker/housekeeping.sh Executable file
View file

@ -0,0 +1,8 @@
#!/bin/bash
SLEEP_SECONDS=${HOUSEKEEPING_INTERVAL:=86400}
echo "Interval set to ${SLEEP_SECONDS} seconds"
while true; do
date
/opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py housekeeping
sleep "${SLEEP_SECONDS}s"
done

7
docker/launch-netbox.sh
View file

@ -1,7 +1,6 @@
#!/bin/bash
UNIT_CONFIG="${UNIT_CONFIG-/etc/unit/nginx-unit.json}"
# Also used in "nginx-unit.json"
UNIT_SOCKET="/opt/unit/unit.sock"
load_configuration() {
@ -36,7 +35,7 @@ load_configuration() {
http://localhost/config
)
if [ "$RESP_CODE" != "200" ]; then
echo "⚠️ Could not load Unit configuration"
echo "⚠️ Could no load Unit configuration"
kill "$(cat /opt/unit/unit.pid)"
return 1
fi
@ -51,7 +50,7 @@ exec unitd \
--control unix:$UNIT_SOCKET \
--pid /opt/unit/unit.pid \
--log /dev/stdout \
--statedir /opt/unit/state/ \
--tmpdir /opt/unit/tmp/ \
--state /opt/unit/state/ \
--tmp /opt/unit/tmp/ \
--user unit \
--group root

77
docker/nginx-unit.json
View file

@ -1,65 +1,30 @@
{
"listeners": {
"0.0.0.0:8080": {
"pass": "routes/main",
"forwarded": {
"client_ip": "X-Forwarded-For",
"protocol": "X-Forwarded-Proto",
"source": ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
}
},
"0.0.0.0:8081": {
"pass": "routes/status",
"forwarded": {
"client_ip": "X-Forwarded-For",
"protocol": "X-Forwarded-Proto",
"source": ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
}
"pass": "routes"
},
"[::]:8080": {
"pass": "routes/main",
"forwarded": {
"client_ip": "X-Forwarded-For",
"protocol": "X-Forwarded-Proto",
"source": ["fc00::/7", "fe80::/10"]
}
},
"[::]:8081": {
"pass": "routes/status",
"forwarded": {
"client_ip": "X-Forwarded-For",
"protocol": "X-Forwarded-Proto",
"source": ["fc00::/7", "fe80::/10"]
}
"pass": "routes"
}
},
"routes": {
"main": [
{
"match": {
"uri": "/static/*"
},
"action": {
"share": "/opt/netbox/netbox${uri}"
}
"routes": [
{
"match": {
"uri": "/static/*"
},
{
"action": {
"pass": "applications/netbox"
}
"action": {
"share": "/opt/netbox/netbox${uri}"
}
],
"status": [
{
"match": {
"uri": "/status/*"
},
"action": {
"proxy": "http://unix:/opt/unit/unit.sock"
}
},
{
"action": {
"pass": "applications/netbox"
}
]
},
}
],
"applications": {
"netbox": {
"type": "python 3",
@ -73,10 +38,6 @@
}
}
},
"access_log": "/dev/stdout",
"settings": {
"http": {
"max_body_size": 104857600
}
}
"access_log": "/dev/stdout"
}

1
docker/unit.list
View file

@ -1 +0,0 @@
deb [signed-by=/usr/share/keyrings/nginx-keyring.gpg] http://packages.nginx.org/unit/ubuntu/ noble unit

10
env/netbox.env vendored
View file

@ -1,4 +1,3 @@
API_TOKEN_PEPPER_1=Qy+F=OTeGskWQ(wTMgjc+NPPlz6YwFXY=KHIIg=wpYXT&e(6u8
CORS_ORIGIN_ALLOW_ALL=True
DB_HOST=postgres
DB_NAME=netbox
@ -16,6 +15,7 @@ EMAIL_USERNAME=netbox
EMAIL_USE_SSL=false
EMAIL_USE_TLS=false
GRAPHQL_ENABLED=true
HOUSEKEEPING_INTERVAL=86400
MEDIA_ROOT=/opt/netbox/netbox/media
METRICS_ENABLED=false
REDIS_CACHE_DATABASE=1
@ -29,6 +29,10 @@ REDIS_INSECURE_SKIP_TLS_VERIFY=false
REDIS_PASSWORD=H733Kdjndks81
REDIS_SSL=false
RELEASE_CHECK_URL=https://api.github.com/repos/netbox-community/netbox/releases
SECRET_KEY='r(m)9nLGnz$(_q3N4z1k(EFsMCjjjzx08x9VhNVcfd%6RF#r!6DE@+V5Zk2X'
SKIP_SUPERUSER=true
SECRET_KEY=r8OwDznj!!dci#P9ghmRfdu1Ysxm0AiPeDCQhKE+N_rClfWNj
SKIP_SUPERUSER=false
SUPERUSER_API_TOKEN=0123456789abcdef0123456789abcdef01234567
SUPERUSER_EMAIL=admin@example.com
SUPERUSER_NAME=admin
SUPERUSER_PASSWORD=admin
WEBHOOKS_ENABLED=true

46
reports/devices.py.example Normal file
View file

@ -0,0 +1,46 @@
from dcim.choices import DeviceStatusChoices
from dcim.models import ConsolePort, Device, PowerPort
from extras.reports import Report
class DeviceConnectionsReport(Report):
description = "Validate the minimum physical connections for each device"
def test_console_connection(self):
# Check that every console port for every active device has a connection defined.
active = DeviceStatusChoices.STATUS_ACTIVE
for console_port in ConsolePort.objects.prefetch_related('device').filter(device__status=active):
if console_port.connected_endpoint is None:
self.log_failure(
console_port.device,
"No console connection defined for {}".format(console_port.name)
)
elif not console_port.connection_status:
self.log_warning(
console_port.device,
"Console connection for {} marked as planned".format(console_port.name)
)
else:
self.log_success(console_port.device)
def test_power_connections(self):
# Check that every active device has at least two connected power supplies.
for device in Device.objects.filter(status=DeviceStatusChoices.STATUS_ACTIVE):
connected_ports = 0
for power_port in PowerPort.objects.filter(device=device):
if power_port.connected_endpoint is not None:
connected_ports += 1
if not power_port.connection_status:
self.log_warning(
device,
"Power connection for {} marked as planned".format(power_port.name)
)
if connected_ports < 2:
self.log_failure(
device,
"{} connected power supplies found (2 needed)".format(connected_ports)
)
else:
self.log_success(device)

12
requirements-container.txt
View file

@ -1,6 +1,6 @@
django-auth-ldap==5.2.0
dulwich==0.24.8
python3-saml==1.16.0
--no-binary lxml
--no-binary xmlsec
sentry-sdk[django]==2.43.0
django-auth-ldap==4.1.0
django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.13.1
napalm==4.0.0
psycopg2==2.9.5
python3-saml==1.14.0
social-auth-core[all]==4.3.0

0
scripts/__init__.py Normal file
View file

4
test-configuration/logging.py Normal file
View file

@ -0,0 +1,4 @@
LOGGING = {
'version': 1,
'disable_existing_loggers': True
}

16
test-configuration/test_config.py
View file

@ -1,16 +0,0 @@
LOGGING = {
'version': 1,
'disable_existing_loggers': True
}
PLUGINS = [
'netbox.tests.dummy_plugin',
]
ALLOW_TOKEN_RETRIEVAL = True
DEFAULT_PERMISSIONS = {}
API_TOKEN_PEPPERS = {
1: 'TEST-VALUE-DO-NOT-USE-TEST-VALUE-DO-NOT-USE-TEST-VALUE-DO-NOT-USE',
}

49
test.sh
View file

@ -14,8 +14,6 @@
# exit when a command exits with an exit code != 0
set -e
source ./build-functions/gh-functions.sh
# IMAGE is used by `docker-compose.yml` do determine the tag
# of the Docker Image that is to be used
if [ "${1}x" != "x" ]; then
@ -37,72 +35,29 @@ if [ -z "${IMAGE}" ]; then
fi
# The docker compose command to use
doco="docker compose --file docker-compose.test.yml --file docker-compose.test.override.yml --project-name netbox_docker_test"
doco="docker compose --file docker-compose.test.yml --project-name netbox_docker_test"
test_setup() {
gh_echo "::group:: Test setup"
echo "🏗 Setup up test environment"
$doco up --detach --quiet-pull --wait --force-recreate --renew-anon-volumes --no-start
$doco start postgres
$doco start redis
$doco start redis-cache
gh_echo "::endgroup::"
}
test_netbox_unit_tests() {
gh_echo "::group:: Netbox unit tests"
echo "⏱ Running NetBox Unit Tests"
$doco run --rm netbox /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py test
gh_echo "::endgroup::"
}
test_compose_db_setup() {
gh_echo "::group:: Netbox DB migrations"
echo "⏱ Running NetBox DB migrations"
$doco run --rm netbox /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py migrate
gh_echo "::endgroup::"
}
test_netbox_start() {
gh_echo "::group:: Start Netbox service"
echo "⏱ Starting NetBox services"
$doco up --detach --wait
gh_echo "::endgroup::"
}
test_netbox_web() {
gh_echo "::group:: Web service test"
echo "⏱ Starting web service test"
RESP_CODE=$(
curl \
--silent \
--output /dev/null \
--write-out '%{http_code}' \
--request GET \
--connect-timeout 5 \
--max-time 10 \
--retry 5 \
--retry-delay 0 \
--retry-max-time 40 \
http://127.0.0.1:8000/login/
)
if [ "$RESP_CODE" == "200" ]; then
echo "Webservice running"
else
echo "⚠️ Got response code '$RESP_CODE' but expected '200'"
exit 1
fi
gh_echo "::endgroup::"
}
test_cleanup() {
echo "💣 Cleaning Up"
gh_echo "::group:: Docker compose logs"
$doco logs --no-color
gh_echo "::endgroup::"
gh_echo "::group:: Docker compose down"
$doco down --volumes
gh_echo "::endgroup::"
}
echo "🐳🐳🐳 Start testing '${IMAGE}'"
@ -113,7 +68,5 @@ test_setup
test_netbox_unit_tests
test_compose_db_setup
test_netbox_start
test_netbox_web
echo "🐳🐳🐳 Done testing '${IMAGE}'"