Merge pull request #899 from netbox-community/develop

Release 2.4.0

.github/workflows/push.yml

@@ -31,6 +31,7 @@ jobs:
           LINTER_RULES_PATH: /
           VALIDATE_ALL_CODEBASE: false
           VALIDATE_DOCKERFILE: false
+          VALIDATE_GITLEAKS: false
           FILTER_REGEX_EXCLUDE: (.*/)?(LICENSE|configuration/.*)
           EDITORCONFIG_FILE_NAME: .ecrc
           DOCKERFILE_HADOLINT_FILE_NAME: .hadolint.yaml

Dockerfile

@@ -13,6 +13,13 @@ RUN export DEBIAN_FRONTEND=noninteractive \
       libpq-dev \
       libsasl2-dev \
       libssl-dev \
+      libxml2-dev \
+      libxml2-dev \
+      libxmlsec1 \
+      libxmlsec1-dev \
+      libxmlsec1-openssl \
+      libxslt-dev \
+      pkg-config \
       python3-dev \
       python3-pip \
       python3-venv \
@@ -24,7 +31,8 @@ RUN export DEBIAN_FRONTEND=noninteractive \
 
 ARG NETBOX_PATH
 COPY ${NETBOX_PATH}/requirements.txt requirements-container.txt /
-RUN /opt/netbox/venv/bin/pip install \
+RUN sed -i -e '/psycopg2-binary/d' requirements.txt && \
+    /opt/netbox/venv/bin/pip install \
       -r /requirements.txt \
       -r /requirements-container.txt
 
@@ -46,6 +54,7 @@ RUN export DEBIAN_FRONTEND=noninteractive \
       curl \
       libldap-common \
       libpq5 \
+      libxmlsec1-openssl \
       openssl \
       python3 \
       python3-distutils \

VERSION

@@ -1 +1 @@
-2.3.0
+2.4.0

configuration/ldap/ldap_config.py

@@ -49,6 +49,16 @@ AUTH_LDAP_START_TLS = environ.get('AUTH_LDAP_START_TLS', 'False').lower() == 'tr
 #     ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
 LDAP_IGNORE_CERT_ERRORS = environ.get('LDAP_IGNORE_CERT_ERRORS', 'False').lower() == 'true'
 
+# Include this setting if you want to validate the LDAP server certificates against a CA certificate directory on your server
+# Note that this is a NetBox-specific setting which sets:
+#     ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, LDAP_CA_CERT_DIR)
+LDAP_CA_CERT_DIR = environ.get('LDAP_CA_CERT_DIR', None)
+
+# Include this setting if you want to validate the LDAP server certificates against your own CA.
+# Note that this is a NetBox-specific setting which sets:
+#     ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, LDAP_CA_CERT_FILE)
+LDAP_CA_CERT_FILE = environ.get('LDAP_CA_CERT_FILE', None)
+
 AUTH_LDAP_USER_SEARCH_BASEDN = environ.get('AUTH_LDAP_USER_SEARCH_BASEDN', '')
 AUTH_LDAP_USER_SEARCH_ATTR = environ.get('AUTH_LDAP_USER_SEARCH_ATTR', 'sAMAccountName')
 AUTH_LDAP_USER_SEARCH = LDAPSearch(

docker-compose.test.yml

@@ -3,12 +3,13 @@ services:
   netbox:
     image: ${IMAGE-netboxcommunity/netbox:latest}
     depends_on:
-    - postgres
+      postgres:
-    - redis
+        condition: service_healthy
-    - redis-cache
+      redis:
+        condition: service_started
+      redis-cache:
+        condition: service_started
     env_file: env/netbox.env
-    environment:
-      SKIP_STARTUP_SCRIPTS: ${SKIP_STARTUP_SCRIPTS-false}
     user: 'unit:root'
     volumes:
     - ./configuration:/etc/netbox/config:z,ro
@@ -17,8 +18,13 @@ services:
     - ./scripts:/etc/netbox/scripts:z,ro
     - netbox-media-files:/opt/netbox/netbox/media:z
   postgres:
-    image: postgres:14-alpine
+    image: postgres:15-alpine
     env_file: env/postgres.env
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
   redis:
     image: redis:7-alpine
     command:

docker-compose.yml

@@ -1,14 +1,18 @@
 version: '3.4'
 services:
   netbox: &netbox
-    image: netboxcommunity/netbox:${VERSION-v3.3-2.3.0}
+    image: netboxcommunity/netbox:${VERSION-v3.4-2.4.0}
     depends_on:
     - postgres
     - redis
     - redis-cache
-    - netbox-worker
     env_file: env/netbox.env
     user: 'unit:root'
+    healthcheck:
+      start_period: 60s
+      timeout: 3s
+      interval: 15s
+      test: "curl -f http://localhost:8080/api/ || exit 1"
     volumes:
     - ./configuration:/etc/netbox/config:z,ro
     - ./reports:/etc/netbox/reports:z,ro
@@ -17,23 +21,33 @@ services:
   netbox-worker:
     <<: *netbox
     depends_on:
-    - redis
+      netbox:
-    - postgres
+        condition: service_healthy
     command:
     - /opt/netbox/venv/bin/python
     - /opt/netbox/netbox/manage.py
     - rqworker
+    healthcheck:
+      start_period: 20s
+      timeout: 3s
+      interval: 15s
+      test: "ps -aux | grep -v grep | grep -q rqworker || exit 1"
   netbox-housekeeping:
     <<: *netbox
     depends_on:
-    - redis
+      netbox:
-    - postgres
+        condition: service_healthy
     command:
     - /opt/netbox/housekeeping.sh
+    healthcheck:
+      start_period: 20s
+      timeout: 3s
+      interval: 15s
+      test: "ps -aux | grep -v grep | grep -q housekeeping || exit 1"
 
   # postgres
   postgres:
-    image: postgres:14-alpine
+    image: postgres:15-alpine
     env_file: env/postgres.env
     volumes:
     - netbox-postgres-data:/var/lib/postgresql/data
@@ -56,7 +70,7 @@ services:
     - redis-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
     env_file: env/redis-cache.env
     volumes:
-    - netbox-redis-cache-data:/data    
+    - netbox-redis-cache-data:/data
 
 volumes:
   netbox-media-files:
@@ -66,4 +80,4 @@ volumes:
   netbox-redis-data:
     driver: local
   netbox-redis-cache-data:
-    driver: local    
+    driver: local

docker/docker-entrypoint.sh

@@ -80,15 +80,6 @@ END
   echo "💡 Superuser Username: ${SUPERUSER_NAME}, E-Mail: ${SUPERUSER_EMAIL}"
 fi
 
-# Print warning if startup scripts (and initializers) would've been run # Remove for next release
-if [ "$SKIP_STARTUP_SCRIPTS" == "true" ]; then
-  # Nothing to do
-  echo "" # Empty block not allowed
-else
-  echo "⚠️⚠️⚠️ WARNING: The initializers have been moved to a plugin. See release notes."
-  echo "⚠️⚠️⚠️ Set environment variable 'SKIP_STARTUP_SCRIPTS' to 'true' to remove this warning."
-fi
-
 echo "✅ Initialisation is done."
 
 # Launch whatever is passed by docker

docker/housekeeping.sh

@@ -1,8 +1,8 @@
 #!/bin/bash
-SECONDS=${HOUSEKEEPING_INTERVAL:=86400}
+SLEEP_SECONDS=${HOUSEKEEPING_INTERVAL:=86400}
-echo "Interval set to ${SECONDS} seconds"
+echo "Interval set to ${SLEEP_SECONDS} seconds"
 while true; do
   date
   /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py housekeeping
-  sleep "${SECONDS}s"
+  sleep "${SLEEP_SECONDS}s"
 done

docker/nginx-unit.json

@@ -1,6 +1,9 @@
 {
   "listeners": {
-    "*:8080": {
+    "0.0.0.0:8080": {
+      "pass": "routes"
+    },
+    "[::]:8080": {
       "pass": "routes"
     }
   },

requirements-container.txt

@@ -1,5 +1,6 @@
 django-auth-ldap==4.1.0
 django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.13.1
 napalm==4.0.0
-psycopg2==2.9.4
+psycopg2==2.9.5
-social-auth-core[openidconnect]==4.3.0
+python3-saml==1.14.0
+social-auth-core[all]==4.3.0

test.sh

@@ -35,10 +35,14 @@ if [ -z "${IMAGE}" ]; then
 fi
 
 # The docker compose command to use
-doco="docker-compose --file docker-compose.test.yml --project-name netbox_docker_test_${1}"
+doco="docker compose --file docker-compose.test.yml --project-name netbox_docker_test"
 
 test_setup() {
   echo "🏗 Setup up test environment"
+  $doco up --detach --quiet-pull --wait --force-recreate --renew-anon-volumes --no-start
+  $doco start postgres
+  $doco start redis
+  $doco start redis-cache
 }
 
 test_netbox_unit_tests() {
@@ -46,9 +50,14 @@ test_netbox_unit_tests() {
   $doco run --rm netbox /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py test
 }
 
+test_compose_db_setup() {
+  echo "⏱ Running NetBox DB migrations"
+  $doco run --rm netbox /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py migrate
+}
+
 test_cleanup() {
   echo "💣 Cleaning Up"
-  $doco down -v
+  $doco down --volumes
 }
 
 echo "🐳🐳🐳 Start testing '${IMAGE}'"
@@ -58,5 +67,6 @@ trap test_cleanup EXIT ERR
 test_setup
 
 test_netbox_unit_tests
+test_compose_db_setup
 
 echo "🐳🐳🐳 Done testing '${IMAGE}'"