From 03a17932089a9a9dd074e6c70924606a4bd86bb6 Mon Sep 17 00:00:00 2001 From: Tobias Genannt Date: Fri, 30 Jul 2021 21:42:05 +0200 Subject: [PATCH 1/9] Drops privileges to user 101 and group 0 When the container is started as root the default was to drop privileges to "unit:unit". This caused some problems with temporary files. Now the privileges are drop to "101:0". When the container is started as a normal user unit prints a warning that changing the user and group is not possible. This warning is safe to ignore. --- docker/launch-netbox.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docker/launch-netbox.sh b/docker/launch-netbox.sh index 3245c38..117772f 100755 --- a/docker/launch-netbox.sh +++ b/docker/launch-netbox.sh @@ -51,4 +51,6 @@ exec unitd \ --pid /opt/unit/unit.pid \ --log /dev/stdout \ --state /opt/unit/state/ \ - --tmp /opt/unit/tmp/ + --tmp /opt/unit/tmp/ \ + --user 101 \ + --group 0 From fc4b78f74af79e5aa74cd6bb68fcfe755f30d5bf Mon Sep 17 00:00:00 2001 From: Mike Kazantsev Date: Thu, 2 Sep 2021 19:35:39 +0500 Subject: [PATCH 2/9] Print last line of django db connection error while waiting for db to start Fixes #562 --- docker/docker-entrypoint.sh | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh index 1610d8f..ed5605f 100755 --- a/docker/docker-entrypoint.sh +++ b/docker/docker-entrypoint.sh @@ -15,7 +15,19 @@ source /opt/netbox/venv/bin/activate DB_WAIT_TIMEOUT=${DB_WAIT_TIMEOUT-3} MAX_DB_WAIT_TIME=${MAX_DB_WAIT_TIME-30} CUR_DB_WAIT_TIME=0 -while ! ./manage.py showmigrations >/dev/null 2>&1 && [ "${CUR_DB_WAIT_TIME}" -lt "${MAX_DB_WAIT_TIME}" ]; do +while [ "${CUR_DB_WAIT_TIME}" -lt "${MAX_DB_WAIT_TIME}" ]; do + # Read and truncate connection error tracebacks to last line by default + exec {psfd}< <(./manage.py showmigrations 2>&1) + read -rd '' DB_ERR <&$psfd || : + exec {psfd}<&- + wait $! && break + if [ -n "$DB_WAIT_DEBUG" ]; then + echo "$DB_ERR" + else + readarray -tn 0 DB_ERR_LINES <<<"$DB_ERR" + echo "${DB_ERR_LINES[@]: -1}" + echo "[ Use DB_WAIT_DEBUG=1 in netbox.env to print full traceback for errors here ]" + fi echo "⏳ Waiting on DB... (${CUR_DB_WAIT_TIME}s / ${MAX_DB_WAIT_TIME}s)" sleep "${DB_WAIT_TIMEOUT}" CUR_DB_WAIT_TIME=$((CUR_DB_WAIT_TIME + DB_WAIT_TIMEOUT)) From 58debafa8ae5a0c767b5f883088d625fe21e7c1e Mon Sep 17 00:00:00 2001 From: Tobias Genannt Date: Fri, 3 Sep 2021 12:48:30 +0200 Subject: [PATCH 3/9] Added container for Netbox housekeeping command Adds an additional container in which the new "housekeeping" command from Netbox v3.0.0 is run. --- Dockerfile | 6 ++++-- docker-compose.yml | 15 ++++++++++++++- docker/housekeeping.sh | 8 ++++++++ env/netbox.env | 1 + 4 files changed, 27 insertions(+), 3 deletions(-) create mode 100755 docker/housekeeping.sh diff --git a/Dockerfile b/Dockerfile index 005d919..d87c7d2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -62,11 +62,12 @@ RUN apk add --no-cache \ libevent \ libffi \ libjpeg-turbo \ - openssl \ libxslt \ + openssl \ postgresql-libs \ - python3 \ py3-pip \ + python3 \ + tini \ unit \ unit-python3 @@ -82,6 +83,7 @@ COPY ${NETBOX_PATH} /opt/netbox COPY docker/configuration.docker.py /opt/netbox/netbox/netbox/configuration.py COPY docker/docker-entrypoint.sh /opt/netbox/docker-entrypoint.sh +COPY docker/housekeeping.sh /opt/netbox/housekeeping.sh COPY docker/launch-netbox.sh /opt/netbox/launch-netbox.sh COPY startup_scripts/ /opt/netbox/startup_scripts/ COPY initializers/ /opt/netbox/initializers/ diff --git a/docker-compose.yml b/docker-compose.yml index 09d52a7..f38665b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -20,11 +20,24 @@ services: <<: *netbox depends_on: - redis + - postgres entrypoint: + - "/sbin/tini" + - "--" + command: - /opt/netbox/venv/bin/python - /opt/netbox/netbox/manage.py - command: - rqworker + netbox-housekeeping: + <<: *netbox + depends_on: + - redis + - postgres + entrypoint: + - "/sbin/tini" + - "--" + command: + - /opt/netbox/housekeeping.sh # postgres postgres: diff --git a/docker/housekeeping.sh b/docker/housekeeping.sh new file mode 100755 index 0000000..a098087 --- /dev/null +++ b/docker/housekeeping.sh @@ -0,0 +1,8 @@ +#!/bin/bash +SECONDS=${HOUSEKEEPING_INTERVAL:=86400} +echo "Interval set to ${SECONDS} seconds" +while true; do + date + /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py housekeeping + sleep ${SECONDS}s +done diff --git a/env/netbox.env b/env/netbox.env index 1f6f896..1300873 100644 --- a/env/netbox.env +++ b/env/netbox.env @@ -14,6 +14,7 @@ EMAIL_USERNAME=netbox # EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`! EMAIL_USE_SSL=false EMAIL_USE_TLS=false +HOUSEKEEPING_INTERVAL=86400 MAX_PAGE_SIZE=1000 MEDIA_ROOT=/opt/netbox/netbox/media METRICS_ENABLED=false From 2926d1a11d3e9826866072602c13766498c4cd7e Mon Sep 17 00:00:00 2001 From: Tobias Genannt Date: Tue, 7 Sep 2021 09:47:38 +0200 Subject: [PATCH 4/9] Quote variable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Christian Mäder --- docker/housekeeping.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/housekeeping.sh b/docker/housekeeping.sh index a098087..cfe06b1 100755 --- a/docker/housekeeping.sh +++ b/docker/housekeeping.sh @@ -4,5 +4,5 @@ echo "Interval set to ${SECONDS} seconds" while true; do date /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py housekeeping - sleep ${SECONDS}s + sleep "${SECONDS}s" done From 97e70221219fceafdfc2a80324f9f3791386c09c Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 7 Sep 2021 22:27:44 +0000 Subject: [PATCH 5/9] Update dependency google-crc32c to v1.1.5 --- requirements-container.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-container.txt b/requirements-container.txt index e50d461..0982388 100644 --- a/requirements-container.txt +++ b/requirements-container.txt @@ -1,5 +1,5 @@ napalm==3.3.1 ruamel.yaml==0.17.16 django-auth-ldap==3.0.0 -google-crc32c==1.1.4 +google-crc32c==1.1.5 django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.11.1 From a8b6883183078ec927655be53ba36b02a31a9274 Mon Sep 17 00:00:00 2001 From: Tobias Genannt Date: Mon, 13 Sep 2021 08:18:23 +0200 Subject: [PATCH 6/9] Changed entrypoint to "tini". --- Dockerfile | 4 ++-- docker-compose.test.yml | 2 -- docker-compose.yml | 6 ------ test.sh | 4 ++-- 4 files changed, 4 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index d87c7d2..27597e5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -100,9 +100,9 @@ RUN mkdir -p static /opt/unit/state/ /opt/unit/tmp/ \ --config-file /opt/netbox/mkdocs.yml --site-dir /opt/netbox/netbox/project-static/docs/ \ && SECRET_KEY="dummy" /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py collectstatic --no-input -ENTRYPOINT [ "/opt/netbox/docker-entrypoint.sh" ] +ENTRYPOINT [ "/sbin/tini", "--" ] -CMD [ "/opt/netbox/launch-netbox.sh" ] +CMD [ "/opt/netbox/docker-entrypoint.sh", "/opt/netbox/launch-netbox.sh" ] LABEL ORIGINAL_TAG="" \ NETBOX_GIT_BRANCH="" \ diff --git a/docker-compose.test.yml b/docker-compose.test.yml index df681d2..1ca0903 100644 --- a/docker-compose.test.yml +++ b/docker-compose.test.yml @@ -17,8 +17,6 @@ services: - ./reports:/etc/netbox/reports:z,ro - ./scripts:/etc/netbox/scripts:z,ro - netbox-media-files:/opt/netbox/netbox/media:z - ports: - - 8080 postgres: image: postgres:13-alpine env_file: env/postgres.env diff --git a/docker-compose.yml b/docker-compose.yml index f38665b..2dbd7df 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -21,9 +21,6 @@ services: depends_on: - redis - postgres - entrypoint: - - "/sbin/tini" - - "--" command: - /opt/netbox/venv/bin/python - /opt/netbox/netbox/manage.py @@ -33,9 +30,6 @@ services: depends_on: - redis - postgres - entrypoint: - - "/sbin/tini" - - "--" command: - /opt/netbox/housekeeping.sh diff --git a/test.sh b/test.sh index f472477..d2091e4 100755 --- a/test.sh +++ b/test.sh @@ -56,13 +56,13 @@ test_setup() { test_netbox_unit_tests() { echo "⏱ Running NetBox Unit Tests" - SKIP_STARTUP_SCRIPTS=true $doco run --rm netbox ./manage.py test + $doco run --rm netbox /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py test } test_initializers() { echo "🏭 Testing Initializers" export INITIALIZERS_DIR - $doco run --rm netbox ./manage.py check + $doco run --rm netbox /opt/netbox/docker-entrypoint.sh ./manage.py check } test_cleanup() { From d0c429c8a12ddb80bc36e836a09e9e7225cb4dfd Mon Sep 17 00:00:00 2001 From: Tobias Genannt Date: Mon, 13 Sep 2021 09:09:24 +0200 Subject: [PATCH 7/9] Check if remote branch exists before checkout --- build.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/build.sh b/build.sh index e980411..8b12c12 100755 --- a/build.sh +++ b/build.sh @@ -118,6 +118,14 @@ NETBOX_PATH="${NETBOX_PATH-.netbox}" # Fetching the NetBox source ### if [ "${2}" != "--push-only" ] && [ -z "${SKIP_GIT}" ]; then + REMOTE_EXISTS=$(git ls-remote --heads --tags "${URL}" "${NETBOX_BRANCH}" | wc -l) + if [ "${REMOTE_EXISTS}" != "1" ]; then + echo "❌ Remote branch '${NETBOX_BRANCH}' not found in '${URL}'; Nothing to do" + if [ -n "${GH_ACTION}" ]; then + echo "::set-output name=skipped::true" + fi + exit 0 + fi echo "🌐 Checking out '${NETBOX_BRANCH}' of NetBox from the url '${URL}' into '${NETBOX_PATH}'" if [ ! -d "${NETBOX_PATH}" ]; then $DRY git clone -q --depth 10 -b "${NETBOX_BRANCH}" "${URL}" "${NETBOX_PATH}" From c4d545a2565047461f0d1e2e9ba816f0a66bd50e Mon Sep 17 00:00:00 2001 From: Tobias Genannt Date: Mon, 13 Sep 2021 22:50:06 +0200 Subject: [PATCH 8/9] Improved check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Christian Mäder --- build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.sh b/build.sh index 8b12c12..f33a2d1 100755 --- a/build.sh +++ b/build.sh @@ -119,7 +119,7 @@ NETBOX_PATH="${NETBOX_PATH-.netbox}" ### if [ "${2}" != "--push-only" ] && [ -z "${SKIP_GIT}" ]; then REMOTE_EXISTS=$(git ls-remote --heads --tags "${URL}" "${NETBOX_BRANCH}" | wc -l) - if [ "${REMOTE_EXISTS}" != "1" ]; then + if [ "${REMOTE_EXISTS}" == "0" ]; then echo "❌ Remote branch '${NETBOX_BRANCH}' not found in '${URL}'; Nothing to do" if [ -n "${GH_ACTION}" ]; then echo "::set-output name=skipped::true" From f2dbc4f717729069e9884465db530a0d10fedcad Mon Sep 17 00:00:00 2001 From: Tobias Genannt Date: Fri, 17 Sep 2021 10:56:50 +0200 Subject: [PATCH 9/9] Preparation for 1.4.0 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 3a3cd8c..88c5fb8 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.3.1 +1.4.0