diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 3dc25ba..acd08d4 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -31,6 +31,7 @@ jobs: LINTER_RULES_PATH: / VALIDATE_ALL_CODEBASE: false VALIDATE_DOCKERFILE: false + VALIDATE_GITLEAKS: false FILTER_REGEX_EXCLUDE: (.*/)?(LICENSE|configuration/.*) EDITORCONFIG_FILE_NAME: .ecrc DOCKERFILE_HADOLINT_FILE_NAME: .hadolint.yaml diff --git a/Dockerfile b/Dockerfile index 2bc5dff..fcf01b0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,6 +13,13 @@ RUN export DEBIAN_FRONTEND=noninteractive \ libpq-dev \ libsasl2-dev \ libssl-dev \ + libxml2-dev \ + libxml2-dev \ + libxmlsec1 \ + libxmlsec1-dev \ + libxmlsec1-openssl \ + libxslt-dev \ + pkg-config \ python3-dev \ python3-pip \ python3-venv \ @@ -24,7 +31,8 @@ RUN export DEBIAN_FRONTEND=noninteractive \ ARG NETBOX_PATH COPY ${NETBOX_PATH}/requirements.txt requirements-container.txt / -RUN /opt/netbox/venv/bin/pip install \ +RUN sed -i -e '/psycopg2-binary/d' requirements.txt && \ + /opt/netbox/venv/bin/pip install \ -r /requirements.txt \ -r /requirements-container.txt @@ -46,6 +54,7 @@ RUN export DEBIAN_FRONTEND=noninteractive \ curl \ libldap-common \ libpq5 \ + libxmlsec1-openssl \ openssl \ python3 \ python3-distutils \ diff --git a/VERSION b/VERSION index 276cbf9..197c4d5 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.0 +2.4.0 diff --git a/configuration/ldap/ldap_config.py b/configuration/ldap/ldap_config.py index 7fb62d7..8aa3ecb 100644 --- a/configuration/ldap/ldap_config.py +++ b/configuration/ldap/ldap_config.py @@ -49,6 +49,16 @@ AUTH_LDAP_START_TLS = environ.get('AUTH_LDAP_START_TLS', 'False').lower() == 'tr # ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) LDAP_IGNORE_CERT_ERRORS = environ.get('LDAP_IGNORE_CERT_ERRORS', 'False').lower() == 'true' +# Include this setting if you want to validate the LDAP server certificates against a CA certificate directory on your server +# Note that this is a NetBox-specific setting which sets: +# ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, LDAP_CA_CERT_DIR) +LDAP_CA_CERT_DIR = environ.get('LDAP_CA_CERT_DIR', None) + +# Include this setting if you want to validate the LDAP server certificates against your own CA. +# Note that this is a NetBox-specific setting which sets: +# ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, LDAP_CA_CERT_FILE) +LDAP_CA_CERT_FILE = environ.get('LDAP_CA_CERT_FILE', None) + AUTH_LDAP_USER_SEARCH_BASEDN = environ.get('AUTH_LDAP_USER_SEARCH_BASEDN', '') AUTH_LDAP_USER_SEARCH_ATTR = environ.get('AUTH_LDAP_USER_SEARCH_ATTR', 'sAMAccountName') AUTH_LDAP_USER_SEARCH = LDAPSearch( diff --git a/docker-compose.test.yml b/docker-compose.test.yml index 3e4686e..b8444f0 100644 --- a/docker-compose.test.yml +++ b/docker-compose.test.yml @@ -3,12 +3,13 @@ services: netbox: image: ${IMAGE-netboxcommunity/netbox:latest} depends_on: - - postgres - - redis - - redis-cache + postgres: + condition: service_healthy + redis: + condition: service_started + redis-cache: + condition: service_started env_file: env/netbox.env - environment: - SKIP_STARTUP_SCRIPTS: ${SKIP_STARTUP_SCRIPTS-false} user: 'unit:root' volumes: - ./configuration:/etc/netbox/config:z,ro @@ -17,8 +18,13 @@ services: - ./scripts:/etc/netbox/scripts:z,ro - netbox-media-files:/opt/netbox/netbox/media:z postgres: - image: postgres:14-alpine + image: postgres:15-alpine env_file: env/postgres.env + healthcheck: + test: ["CMD-SHELL", "pg_isready"] + interval: 10s + timeout: 5s + retries: 5 redis: image: redis:7-alpine command: diff --git a/docker-compose.yml b/docker-compose.yml index 3d50c77..d3e8234 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,14 +1,18 @@ version: '3.4' services: netbox: &netbox - image: netboxcommunity/netbox:${VERSION-v3.3-2.3.0} + image: netboxcommunity/netbox:${VERSION-v3.4-2.4.0} depends_on: - postgres - redis - redis-cache - - netbox-worker env_file: env/netbox.env user: 'unit:root' + healthcheck: + start_period: 60s + timeout: 3s + interval: 15s + test: "curl -f http://localhost:8080/api/ || exit 1" volumes: - ./configuration:/etc/netbox/config:z,ro - ./reports:/etc/netbox/reports:z,ro @@ -17,23 +21,33 @@ services: netbox-worker: <<: *netbox depends_on: - - redis - - postgres + netbox: + condition: service_healthy command: - /opt/netbox/venv/bin/python - /opt/netbox/netbox/manage.py - rqworker + healthcheck: + start_period: 20s + timeout: 3s + interval: 15s + test: "ps -aux | grep -v grep | grep -q rqworker || exit 1" netbox-housekeeping: <<: *netbox depends_on: - - redis - - postgres + netbox: + condition: service_healthy command: - /opt/netbox/housekeeping.sh + healthcheck: + start_period: 20s + timeout: 3s + interval: 15s + test: "ps -aux | grep -v grep | grep -q housekeeping || exit 1" # postgres postgres: - image: postgres:14-alpine + image: postgres:15-alpine env_file: env/postgres.env volumes: - netbox-postgres-data:/var/lib/postgresql/data @@ -56,7 +70,7 @@ services: - redis-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose env_file: env/redis-cache.env volumes: - - netbox-redis-cache-data:/data + - netbox-redis-cache-data:/data volumes: netbox-media-files: @@ -66,4 +80,4 @@ volumes: netbox-redis-data: driver: local netbox-redis-cache-data: - driver: local + driver: local diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh index 6afa1ea..ff495e6 100755 --- a/docker/docker-entrypoint.sh +++ b/docker/docker-entrypoint.sh @@ -80,15 +80,6 @@ END echo "💡 Superuser Username: ${SUPERUSER_NAME}, E-Mail: ${SUPERUSER_EMAIL}" fi -# Print warning if startup scripts (and initializers) would've been run # Remove for next release -if [ "$SKIP_STARTUP_SCRIPTS" == "true" ]; then - # Nothing to do - echo "" # Empty block not allowed -else - echo "⚠️⚠️⚠️ WARNING: The initializers have been moved to a plugin. See release notes." - echo "⚠️⚠️⚠️ Set environment variable 'SKIP_STARTUP_SCRIPTS' to 'true' to remove this warning." -fi - echo "✅ Initialisation is done." # Launch whatever is passed by docker diff --git a/docker/housekeeping.sh b/docker/housekeeping.sh index cfe06b1..47a4a3d 100755 --- a/docker/housekeeping.sh +++ b/docker/housekeeping.sh @@ -1,8 +1,8 @@ #!/bin/bash -SECONDS=${HOUSEKEEPING_INTERVAL:=86400} -echo "Interval set to ${SECONDS} seconds" +SLEEP_SECONDS=${HOUSEKEEPING_INTERVAL:=86400} +echo "Interval set to ${SLEEP_SECONDS} seconds" while true; do date /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py housekeeping - sleep "${SECONDS}s" + sleep "${SLEEP_SECONDS}s" done diff --git a/docker/nginx-unit.json b/docker/nginx-unit.json index 87a186b..d6ff9cc 100644 --- a/docker/nginx-unit.json +++ b/docker/nginx-unit.json @@ -1,6 +1,9 @@ { "listeners": { - "*:8080": { + "0.0.0.0:8080": { + "pass": "routes" + }, + "[::]:8080": { "pass": "routes" } }, diff --git a/requirements-container.txt b/requirements-container.txt index f8b720e..96f3aa3 100644 --- a/requirements-container.txt +++ b/requirements-container.txt @@ -1,5 +1,6 @@ django-auth-ldap==4.1.0 django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.13.1 napalm==4.0.0 -psycopg2==2.9.4 -social-auth-core[openidconnect]==4.3.0 +psycopg2==2.9.5 +python3-saml==1.14.0 +social-auth-core[all]==4.3.0 diff --git a/test.sh b/test.sh index ca36a8f..31b4d87 100755 --- a/test.sh +++ b/test.sh @@ -35,10 +35,14 @@ if [ -z "${IMAGE}" ]; then fi # The docker compose command to use -doco="docker-compose --file docker-compose.test.yml --project-name netbox_docker_test_${1}" +doco="docker compose --file docker-compose.test.yml --project-name netbox_docker_test" test_setup() { echo "🏗 Setup up test environment" + $doco up --detach --quiet-pull --wait --force-recreate --renew-anon-volumes --no-start + $doco start postgres + $doco start redis + $doco start redis-cache } test_netbox_unit_tests() { @@ -46,9 +50,14 @@ test_netbox_unit_tests() { $doco run --rm netbox /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py test } +test_compose_db_setup() { + echo "⏱ Running NetBox DB migrations" + $doco run --rm netbox /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py migrate +} + test_cleanup() { echo "💣 Cleaning Up" - $doco down -v + $doco down --volumes } echo "🐳🐳🐳 Start testing '${IMAGE}'" @@ -58,5 +67,6 @@ trap test_cleanup EXIT ERR test_setup test_netbox_unit_tests +test_compose_db_setup echo "🐳🐳🐳 Done testing '${IMAGE}'"