From b88974ef9f1cc044fa7d5588729cd01737dbe5f6 Mon Sep 17 00:00:00 2001 From: Brady Lamprecht Date: Fri, 10 Aug 2018 17:55:09 -0600 Subject: [PATCH 1/8] Working implementation of webhooks using new 'redis' container --- Dockerfile | 15 ++++++++++++--- configuration/configuration.py | 13 +++++++++++++ configuration/supervisord.conf | 16 ++++++++++++++++ docker-compose.yml | 18 ++++++++++++++++++ netbox.env | 2 ++ redis-pass | 1 + 6 files changed, 62 insertions(+), 3 deletions(-) create mode 100644 configuration/supervisord.conf create mode 100644 redis-pass diff --git a/Dockerfile b/Dockerfile index aece64e..b6f0fe7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,8 @@ RUN apk add --no-cache \ libxslt-dev \ openldap-dev \ postgresql-dev \ - wget + wget \ + supervisor RUN pip install \ # gunicorn is used for launching netbox @@ -21,7 +22,14 @@ RUN pip install \ # napalm is used for gathering information from network devices napalm \ # ruamel is used in startup_scripts - ruamel.yaml + ruamel.yaml \ +# if the Django package is not installed here to this pinned version +# django-rq will install the latest version (currently 2.1) +# then, when the requirements.txt of netbox is run, it will be +# uninstalled because it currently causes problems with netbox + Django==2.0.8 \ +# django-rq is used for webhooks + django-rq WORKDIR /opt @@ -40,6 +48,7 @@ COPY docker/docker-entrypoint.sh docker-entrypoint.sh COPY startup_scripts/ /opt/netbox/startup_scripts/ COPY initializers/ /opt/netbox/initializers/ COPY configuration/configuration.py /etc/netbox/config/configuration.py +COPY configuration/supervisord.conf /etc/supervisord.conf WORKDIR /opt/netbox/netbox @@ -47,7 +56,7 @@ ENTRYPOINT [ "/opt/netbox/docker-entrypoint.sh" ] VOLUME ["/etc/netbox-nginx/"] -CMD ["gunicorn", "-c /etc/netbox/config/gunicorn_config.py", "netbox.wsgi"] +CMD ["supervisord", "-c /etc/supervisord.conf"] LABEL SRC_URL="$URL" diff --git a/configuration/configuration.py b/configuration/configuration.py index f65356e..4154092 100644 --- a/configuration/configuration.py +++ b/configuration/configuration.py @@ -139,6 +139,19 @@ PAGINATE_COUNT = int(os.environ.get('PAGINATE_COUNT', 50)) # prefer IPv4 instead. PREFER_IPV4 = os.environ.get('PREFER_IPV4', 'False').lower() == 'true' +# The Webhook event backend is disabled by default. Set this to True to enable it. Note that this requires a Redis +# database be configured and accessible by NetBox (see `REDIS` below). +WEBHOOKS_ENABLED = os.environ.get('WEBHOOKS_ENABLED', 'True').lower() == 'true' + +# Redis database settings (optional). A Redis database is required only if the webhooks backend is enabled. +REDIS = { + 'HOST': os.environ.get('REDIS_HOST', 'localhost'), + 'PORT': os.environ.get('REDIS_PORT', '6379'), + 'PASSWORD': os.environ.get('REDIS_PASSWORD', ''), + 'DATABASE': os.environ.get('REDIS_DATABASE', '0'), + 'DEFAULT_TIMEOUT': os.environ.get('REDIS_TIMEOUT', '300'), +} + # The file path where custom reports will be stored. A trailing slash is not needed. Note that the default value of # this setting is derived from the installed location. REPORTS_ROOT = os.environ.get('REPORTS_ROOT', '/etc/netbox/reports') diff --git a/configuration/supervisord.conf b/configuration/supervisord.conf new file mode 100644 index 0000000..423e7b3 --- /dev/null +++ b/configuration/supervisord.conf @@ -0,0 +1,16 @@ +[supervisord] +nodaemon=true + +[supervisorctl] + +[program:netbox] +command = gunicorn -c /etc/netbox/config/gunicorn_config.py netbox.wsgi +directory = /opt/netbox/netbox/ +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +user = nobody + +[program:netbox-rqworker] +command = python3 /opt/netbox/netbox/manage.py rqworker +directory = /opt/netbox/netbox/ +user = nobody diff --git a/docker-compose.yml b/docker-compose.yml index d227b86..b6d825b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -8,6 +8,7 @@ services: image: ninech/netbox:${VERSION-latest} depends_on: - postgres + - redis env_file: netbox.env volumes: - ./startup_scripts:/opt/netbox/startup_scripts:ro @@ -32,6 +33,21 @@ services: env_file: postgres.env volumes: - netbox-postgres-data:/var/lib/postgresql/data + redis: + image: redis:4-alpine + environment: + REDIS_PASS_FILE: /run/secrets/redis-pass + command: [ + "sh", "-c", + ' + docker-entrypoint.sh + --appendonly yes + --requirepass "$$(cat $$REDIS_PASS_FILE)" + ' + ] + volumes: + - ./redis-pass:/run/secrets/redis-pass + - netbox-redis-data:/data volumes: netbox-static-files: @@ -44,3 +60,5 @@ volumes: driver: local netbox-postgres-data: driver: local + netbox-redis-data: + driver: local diff --git a/netbox.env b/netbox.env index a9958ea..9efe6c7 100644 --- a/netbox.env +++ b/netbox.env @@ -13,6 +13,8 @@ NAPALM_USERNAME= NAPALM_PASSWORD= NAPALM_TIMEOUT=10 MAX_PAGE_SIZE=0 +REDIS_HOST=redis +REDIS_PASSWORD=J5brHrAXFLQSif0K SECRET_KEY=r8OwDznj!!dci#P9ghmRfdu1Ysxm0AiPeDCQhKE+N_rClfWNj SUPERUSER_NAME=admin SUPERUSER_EMAIL=admin@example.com diff --git a/redis-pass b/redis-pass new file mode 100644 index 0000000..d9fb997 --- /dev/null +++ b/redis-pass @@ -0,0 +1 @@ +J5brHrAXFLQSif0K From bf557877d13c7d1efe36b91ead250e426ab5462b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Ma=CC=88der?= Date: Mon, 13 Aug 2018 13:16:10 -0700 Subject: [PATCH 2/8] =?UTF-8?q?=E2=9C=A8=20Read=20redis=20password=20like?= =?UTF-8?q?=20any=20other=20secret?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- configuration/configuration.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configuration/configuration.py b/configuration/configuration.py index 4154092..d269981 100644 --- a/configuration/configuration.py +++ b/configuration/configuration.py @@ -147,7 +147,7 @@ WEBHOOKS_ENABLED = os.environ.get('WEBHOOKS_ENABLED', 'True').lower() == 'true' REDIS = { 'HOST': os.environ.get('REDIS_HOST', 'localhost'), 'PORT': os.environ.get('REDIS_PORT', '6379'), - 'PASSWORD': os.environ.get('REDIS_PASSWORD', ''), + 'PASSWORD': os.environ.get('REDIS_PASSWORD', read_secret('redis_password')), 'DATABASE': os.environ.get('REDIS_DATABASE', '0'), 'DEFAULT_TIMEOUT': os.environ.get('REDIS_TIMEOUT', '300'), } From b8885e4b7967d68ea10321425c1863a3d87452f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Ma=CC=88der?= Date: Mon, 13 Aug 2018 13:17:41 -0700 Subject: [PATCH 3/8] =?UTF-8?q?=E2=9C=A8=20Disable=20webhooks=20by=20defau?= =?UTF-8?q?lt*?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit *but enable it by default for anyone who checks out the netbox-docker project via the netbox.env file. --- configuration/configuration.py | 2 +- netbox.env | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/configuration/configuration.py b/configuration/configuration.py index d269981..57b2320 100644 --- a/configuration/configuration.py +++ b/configuration/configuration.py @@ -141,7 +141,7 @@ PREFER_IPV4 = os.environ.get('PREFER_IPV4', 'False').lower() == 'true' # The Webhook event backend is disabled by default. Set this to True to enable it. Note that this requires a Redis # database be configured and accessible by NetBox (see `REDIS` below). -WEBHOOKS_ENABLED = os.environ.get('WEBHOOKS_ENABLED', 'True').lower() == 'true' +WEBHOOKS_ENABLED = os.environ.get('WEBHOOKS_ENABLED', 'False').lower() == 'true' # Redis database settings (optional). A Redis database is required only if the webhooks backend is enabled. REDIS = { diff --git a/netbox.env b/netbox.env index 9efe6c7..f8a3086 100644 --- a/netbox.env +++ b/netbox.env @@ -20,3 +20,4 @@ SUPERUSER_NAME=admin SUPERUSER_EMAIL=admin@example.com SUPERUSER_PASSWORD=admin SUPERUSER_API_TOKEN=0123456789abcdef0123456789abcdef01234567 +WEBHOOKS_ENABLED=true From 013f81b791e558be1b268e084406f89eb85d651b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Ma=CC=88der?= Date: Mon, 13 Aug 2018 14:04:09 -0700 Subject: [PATCH 4/8] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20Make=20netbox-worker?= =?UTF-8?q?=20it's=20own=20container?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit One container should ideally have one responsibility [1]. Therefore I implemented the netbox-worker to start in it's own container. This is possible, because netbox and the worker communicate via redis anyway. They still use the same image underneath, just the "command" they execute while starting different. Or in other words: I see no reason to introduce supervisord, when we already have docker-compose which can take care of running multiple processes. Also, here's another benefit: Now it's possible to view the logs of the webhook worker independently of the other netbox logs (and vice-versa). Other changes in this commit: * I don't see a reason to put a password for Redis in the docker-compose setup, so I removed it. * Slightly changed the nginx config, so that the nginx startup command becomes simpler and any error should be visible in the docker log. * Some housekeeping in the `Dockerfile`. * Added some troubleshooting advice regarding webhooks to the README. I'd like to thank Brady (@bdlamprecht [2]) here who did the harder work of figuring out what's even required to have webhooks working. [3] [1] https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#decouple-applications [2] https://github.com/bdlamprecht [3] https://github.com/ninech/netbox-docker/pull/90 --- Dockerfile | 10 +-- README.md | 72 +++++++++++++++++--- configuration/supervisord.conf | 16 ----- docker-compose.yml | 121 ++++++++++++++++----------------- docker/nginx.conf | 4 +- netbox.env | 1 - redis-pass | 1 - 7 files changed, 129 insertions(+), 96 deletions(-) delete mode 100644 configuration/supervisord.conf delete mode 100644 redis-pass diff --git a/Dockerfile b/Dockerfile index b6f0fe7..a65b33e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,15 +6,14 @@ RUN apk add --no-cache \ ca-certificates \ cyrus-sasl-dev \ graphviz \ - ttf-ubuntu-font-family \ jpeg-dev \ libffi-dev \ libxml2-dev \ libxslt-dev \ openldap-dev \ postgresql-dev \ - wget \ - supervisor + ttf-ubuntu-font-family \ + wget RUN pip install \ # gunicorn is used for launching netbox @@ -48,15 +47,12 @@ COPY docker/docker-entrypoint.sh docker-entrypoint.sh COPY startup_scripts/ /opt/netbox/startup_scripts/ COPY initializers/ /opt/netbox/initializers/ COPY configuration/configuration.py /etc/netbox/config/configuration.py -COPY configuration/supervisord.conf /etc/supervisord.conf WORKDIR /opt/netbox/netbox ENTRYPOINT [ "/opt/netbox/docker-entrypoint.sh" ] -VOLUME ["/etc/netbox-nginx/"] - -CMD ["supervisord", "-c /etc/supervisord.conf"] +CMD ["gunicorn", "-c /etc/netbox/config/gunicorn_config.py", "netbox.wsgi"] LABEL SRC_URL="$URL" diff --git a/README.md b/README.md index 1b821d5..00b8eeb 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,8 @@ To ensure this, compare the output of `docker --version` and `docker-compose --v ## Configuration -You can configure the app using environment variables. These are defined in `netbox.env`. +You can configure the app using environment variables. +These are defined in `netbox.env`. Read [Environment Variables in Compose][compose-env] to understand about the various possibilities to overwrite these variables. (The easiest solution being simply adjusting that file.) @@ -75,6 +76,7 @@ You should therefore adjust the configuration for production setups, at least th * `EMAIL_*`: Use your own mailserver. * `MAX_PAGE_SIZE`: Use the recommended default of 1000. * `SUPERUSER_*`: Only define those variables during the initial setup, and drop them once the DB is set up. +* `REDIS_*`: Use a persistent redis. ### Running on Docker Swarm / Kubernetes / OpenShift @@ -95,6 +97,7 @@ If a secret is defined by an environment variable and in the respective file at * `SECRET_KEY`: `/run/secrets/secret_key` * `EMAIL_PASSWORD`: `/run/secrets/email_password` * `NAPALM_PASSWORD`: `/run/secrets/napalm_password` +* `REDIS_PASSWORD`: `/run/secrets/redis_password` Please also consider [the advice about running NetBox in production](#production) above! @@ -257,26 +260,71 @@ This usually happens when the `ALLOWED_HOSTS` variable is not set correctly. ### How to upgrade -> How do I update to a newer version? +> How do I update to a newer version of netbox? It should be sufficient to pull the latest image from Docker Hub, stopping the container and starting it up again: ```bash docker-compose pull netbox -docker-compose stop netbox -docker-compose rm -f netbox -docker-compose up -d netbox +docker-compose stop netbox netbox-worker +docker-compose rm -f netbox netbox-worker +docker-compose up -d netbox netbox-worker ``` +### Webhooks don't work + +First make sure that the webhooks feature is enabled in your Netbox configuration and that a redis host is defined. +Check `netbox.env` if the following variables are defined: + +``` +WEBHOOKS_ENABLED=true +REDIS_HOST=redis +``` + +Then make sure that the `redis` container and at least one `netbox-worker` are running. + +``` +$ docker-compose ps + +Name Command State Ports +-------------------------------------------------------------------------------------------------------- +netbox-docker_netbox-worker_1 /opt/netbox/docker-entrypo ... Up +netbox-docker_netbox_1 /opt/netbox/docker-entrypo ... Up +netbox-docker_nginx_1 nginx -c /etc/netbox-nginx ... Up 80/tcp, 0.0.0.0:32776->8080/tcp +netbox-docker_postgres_1 docker-entrypoint.sh postgres Up 5432/tcp +netbox-docker_redis_1 docker-entrypoint.sh redis ... Up 6379/tcp +``` + +If `redis` and the `netbox-worker` are not available, make sure you have updated your `docker-compose.yml` file! + +Everything's up and running? Then check the log of the `netbox-worker` and/or `redis`: + +```bash +docker-compose logs -f netbox-worker +docker-compose logs -f redis +``` + +Still no clue? You can connect to the `redis` container and have it report any command that is currently executed on the server: + +```bash +docker-compose run --rm -T redis redis-cli -h redis monitor + +# Hit CTRL-C a few times to leave +``` + +If you don't see anything happening after you triggered a webhook, double-check the configuration of the `netbox` and the `netbox-worker` containers and also check the configuration of your webhook in the admin interface of Netbox. + ### Breaking Changes -From time to time it might become necessary to re-order the structure of the container. -Things like the `docker-compose.yml` file or your Kubernets or OpenShift configurations have to be adjusted as a consequence. +From time to time it might become necessary to re-engineer the structure of this setup. +Things like the `docker-compose.yml` file or your Kubernetes or OpenShift configurations have to be adjusted as a consequence. Since April 2018 each image built from this repo contains a `NETBOX_DOCKER_PROJECT_VERSION` label. You can check the label of your local image by running `docker inspect ninech/netbox:v2.3.1 --format "{{json .ContainerConfig.Labels}}"`. +Compare the version with the list below to check whether a breaking change was introduced with that version. -The following is a list of breaking changes: +The following is a list of breaking changes of the `netbox-docker` project: +* 0.4.0: In order to use Netbox webhooks you need to add Redis and a netbox-worker to your docker-compose.yml. * 0.3.0: Field `filterable: /etc/netbox/config` and `/etc/reports -> /etc/netbox/reports`. Fixes [#54](https://github.com/ninech/netbox-docker/issues/54). * 0.1.0: Introduction of the `NETBOX_DOCKER_PROJECT_VERSION`. (Not a breaking change per se.) @@ -304,9 +352,15 @@ You can use the following ENV variables to customize the build: Default: https://github.com/${SRC_REPO}/netbox/archive/$BRANCH.tar.gz ``` +### Publishing Docker Images + +New Docker Images are built and published every 24h by using travis: + +[![Build Status](https://travis-ci.org/ninech/netbox-docker.svg?branch=master)][travis] + ## Tests -To run the test coming with NetBox, use the `docker-compose.yml` file as such: +To run the tests coming with NetBox, use the `docker-compose.yml` file as such: ``` $ docker-compose run netbox ./manage.py test diff --git a/configuration/supervisord.conf b/configuration/supervisord.conf deleted file mode 100644 index 423e7b3..0000000 --- a/configuration/supervisord.conf +++ /dev/null @@ -1,16 +0,0 @@ -[supervisord] -nodaemon=true - -[supervisorctl] - -[program:netbox] -command = gunicorn -c /etc/netbox/config/gunicorn_config.py netbox.wsgi -directory = /opt/netbox/netbox/ -stdout_logfile=/dev/stdout -stdout_logfile_maxbytes=0 -user = nobody - -[program:netbox-rqworker] -command = python3 /opt/netbox/netbox/manage.py rqworker -directory = /opt/netbox/netbox/ -user = nobody diff --git a/docker-compose.yml b/docker-compose.yml index b6d825b..76a5764 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,64 +1,63 @@ version: '3' services: - netbox: - build: - context: . - args: - - BRANCH=${VERSION-master} - image: ninech/netbox:${VERSION-latest} - depends_on: - - postgres - - redis - env_file: netbox.env - volumes: - - ./startup_scripts:/opt/netbox/startup_scripts:ro - - ./initializers:/opt/netbox/initializers:ro - - ./configuration:/etc/netbox/config:ro - - netbox-nginx-config:/etc/netbox-nginx/ - - netbox-static-files:/opt/netbox/netbox/static - - netbox-media-files:/opt/netbox/netbox/media - - netbox-report-files:/etc/netbox/reports:ro - nginx: - image: nginx:1.13-alpine - command: nginx -g 'daemon off;' -c /etc/netbox-nginx/nginx.conf - depends_on: - - netbox - ports: - - 8080 - volumes: - - netbox-static-files:/opt/netbox/netbox/static:ro - - netbox-nginx-config:/etc/netbox-nginx/:ro - postgres: - image: postgres:10.4-alpine - env_file: postgres.env - volumes: - - netbox-postgres-data:/var/lib/postgresql/data - redis: - image: redis:4-alpine - environment: - REDIS_PASS_FILE: /run/secrets/redis-pass - command: [ - "sh", "-c", - ' - docker-entrypoint.sh - --appendonly yes - --requirepass "$$(cat $$REDIS_PASS_FILE)" - ' - ] - volumes: - - ./redis-pass:/run/secrets/redis-pass - - netbox-redis-data:/data - + netbox: &netbox + build: + context: . + args: + - BRANCH=${VERSION-master} + image: ninech/netbox:${VERSION-latest} + depends_on: + - postgres + - redis + - netbox-worker + env_file: netbox.env + volumes: + - ./startup_scripts:/opt/netbox/startup_scripts:ro + - ./initializers:/opt/netbox/initializers:ro + - ./configuration:/etc/netbox/config:ro + - netbox-nginx-config:/etc/netbox-nginx/ + - netbox-static-files:/opt/netbox/netbox/static + - netbox-media-files:/opt/netbox/netbox/media + - netbox-report-files:/etc/netbox/reports:ro + netbox-worker: + <<: *netbox + depends_on: + - redis + entrypoint: + - python3 + - /opt/netbox/netbox/manage.py + command: + - rqworker + nginx: + image: nginx:1.13-alpine + command: nginx -c /etc/netbox-nginx/nginx.conf + depends_on: + - netbox + ports: + - 8080 + volumes: + - netbox-static-files:/opt/netbox/netbox/static:ro + - netbox-nginx-config:/etc/netbox-nginx/:ro + postgres: + image: postgres:10.4-alpine + env_file: postgres.env + volumes: + - netbox-postgres-data:/var/lib/postgresql/data + redis: + image: redis:4-alpine + command: redis-server --appendonly yes + volumes: + - netbox-redis-data:/data volumes: - netbox-static-files: - driver: local - netbox-nginx-config: - driver: local - netbox-media-files: - driver: local - netbox-report-files: - driver: local - netbox-postgres-data: - driver: local - netbox-redis-data: - driver: local + netbox-static-files: + driver: local + netbox-nginx-config: + driver: local + netbox-media-files: + driver: local + netbox-report-files: + driver: local + netbox-postgres-data: + driver: local + netbox-redis-data: + driver: local diff --git a/docker/nginx.conf b/docker/nginx.conf index 02efd01..3b78a9f 100644 --- a/docker/nginx.conf +++ b/docker/nginx.conf @@ -1,5 +1,8 @@ +daemon off; worker_processes 1; +error_log /dev/stderr info; + events { worker_connections 1024; } @@ -16,7 +19,6 @@ http { server { listen 8080; - server_name localhost; access_log off; location /static/ { diff --git a/netbox.env b/netbox.env index f8a3086..1f9d4ef 100644 --- a/netbox.env +++ b/netbox.env @@ -14,7 +14,6 @@ NAPALM_PASSWORD= NAPALM_TIMEOUT=10 MAX_PAGE_SIZE=0 REDIS_HOST=redis -REDIS_PASSWORD=J5brHrAXFLQSif0K SECRET_KEY=r8OwDznj!!dci#P9ghmRfdu1Ysxm0AiPeDCQhKE+N_rClfWNj SUPERUSER_NAME=admin SUPERUSER_EMAIL=admin@example.com diff --git a/redis-pass b/redis-pass deleted file mode 100644 index d9fb997..0000000 --- a/redis-pass +++ /dev/null @@ -1 +0,0 @@ -J5brHrAXFLQSif0K From 645ec1281c18091084590e8061de7c14f97e7830 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Ma=CC=88der?= Date: Mon, 13 Aug 2018 15:19:29 -0700 Subject: [PATCH 5/8] =?UTF-8?q?=E2=9C=A8=20Use=20a=20default=20Redis=20pas?= =?UTF-8?q?sword?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Although it does not provide any additional security, it shows how to configure Redis with a password and how to use Netbox using a password protected redis server. Something that might be considered in a classic production deployment. (But is mostly irrelevant in e.g. a Kubernetes / OpenShift deployment as the isolation is usually on a network level.) --- README.md | 18 ++++++++++++------ docker-compose.yml | 6 +++++- netbox.env | 1 + redis.env | 1 + 4 files changed, 19 insertions(+), 7 deletions(-) create mode 100644 redis.env diff --git a/README.md b/README.md index 00b8eeb..9e607d0 100644 --- a/README.md +++ b/README.md @@ -71,12 +71,12 @@ For example defining `ALLOWED_HOSTS=localhost ::1 127.0.0.1` would allows access The default settings are optimized for (local) development environments. You should therefore adjust the configuration for production setups, at least the following variables: -* `ALLOWED_HOSTS`: Add all URLs that lead to your NetBox instance. -* `DB_*`: Use a persistent database. +* `ALLOWED_HOSTS`: Add all URLs that lead to your NetBox instance, space separated. E.g. `ALLOWED_HOSTS=netbox.mycorp.com server042.mycorp.com 2a02:123::42 10.0.0.42 localhost ::1 127.0.0.1` (It's good advice to always allow localhost connections for easy debugging, i.e. `localhost ::1 127.0.0.1`.) +* `DB_*`: Use your own persistent database. Don't use the default passwords! * `EMAIL_*`: Use your own mailserver. * `MAX_PAGE_SIZE`: Use the recommended default of 1000. -* `SUPERUSER_*`: Only define those variables during the initial setup, and drop them once the DB is set up. -* `REDIS_*`: Use a persistent redis. +* `SUPERUSER_*`: Only define those variables during the initial setup, and drop them once the DB is set up. Don't use the default passwords! +* `REDIS_*`: Use your own persistent redis. Don't use the default passwords! ### Running on Docker Swarm / Kubernetes / OpenShift @@ -284,6 +284,7 @@ REDIS_HOST=redis Then make sure that the `redis` container and at least one `netbox-worker` are running. ``` +# check the container status $ docker-compose ps Name Command State Ports @@ -293,11 +294,16 @@ netbox-docker_netbox_1 /opt/netbox/docker-entrypo ... Up netbox-docker_nginx_1 nginx -c /etc/netbox-nginx ... Up 80/tcp, 0.0.0.0:32776->8080/tcp netbox-docker_postgres_1 docker-entrypoint.sh postgres Up 5432/tcp netbox-docker_redis_1 docker-entrypoint.sh redis ... Up 6379/tcp + +# connect to redis and send PING command: +$ docker-compose run --rm -T redis sh -c 'redis-cli -h redis -a $REDIS_PASSWORD ping' +Warning: Using a password with '-a' option on the command line interface may not be safe. +PONG ``` If `redis` and the `netbox-worker` are not available, make sure you have updated your `docker-compose.yml` file! -Everything's up and running? Then check the log of the `netbox-worker` and/or `redis`: +Everything's up and running? Then check the log of `netbox-worker` and/or `redis`: ```bash docker-compose logs -f netbox-worker @@ -307,7 +313,7 @@ docker-compose logs -f redis Still no clue? You can connect to the `redis` container and have it report any command that is currently executed on the server: ```bash -docker-compose run --rm -T redis redis-cli -h redis monitor +docker-compose run --rm -T redis sh -c 'redis-cli -h redis -a $REDIS_PASSWORD monitor' # Hit CTRL-C a few times to leave ``` diff --git a/docker-compose.yml b/docker-compose.yml index 76a5764..ec075ab 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -45,7 +45,11 @@ services: - netbox-postgres-data:/var/lib/postgresql/data redis: image: redis:4-alpine - command: redis-server --appendonly yes + command: + - sh + - -c # this is to evaluate the $REDIS_PASSWORD from the env + - redis-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose + env_file: redis.env volumes: - netbox-redis-data:/data volumes: diff --git a/netbox.env b/netbox.env index 1f9d4ef..f44c328 100644 --- a/netbox.env +++ b/netbox.env @@ -14,6 +14,7 @@ NAPALM_PASSWORD= NAPALM_TIMEOUT=10 MAX_PAGE_SIZE=0 REDIS_HOST=redis +REDIS_PASSWORD=H733Kdjndks81 SECRET_KEY=r8OwDznj!!dci#P9ghmRfdu1Ysxm0AiPeDCQhKE+N_rClfWNj SUPERUSER_NAME=admin SUPERUSER_EMAIL=admin@example.com diff --git a/redis.env b/redis.env new file mode 100644 index 0000000..44a1987 --- /dev/null +++ b/redis.env @@ -0,0 +1 @@ +REDIS_PASSWORD=H733Kdjndks81 From fdefa3465daaa4896850078607e329f822ebe25a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Ma=CC=88der?= Date: Mon, 13 Aug 2018 15:30:43 -0700 Subject: [PATCH 6/8] =?UTF-8?q?=F0=9F=86=99=20Update=20nginx=20to=20the=20?= =?UTF-8?q?latest=20version?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index ec075ab..449ab17 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -29,8 +29,8 @@ services: command: - rqworker nginx: - image: nginx:1.13-alpine command: nginx -c /etc/netbox-nginx/nginx.conf + image: nginx:1.15-alpine depends_on: - netbox ports: From fb22a198934f8e725cf6bd78c2abd995deb98ca1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Ma=CC=88der?= Date: Mon, 13 Aug 2018 15:37:06 -0700 Subject: [PATCH 7/8] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Added=20nginx=20troubl?= =?UTF-8?q?eshooting=20section?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/README.md b/README.md index 9e607d0..23287f3 100644 --- a/README.md +++ b/README.md @@ -252,6 +252,32 @@ If your issue is not here, look through [the existing issues][issues] and eventu * To create a database backup run `docker-compose exec postgres sh -c 'pg_dump -cU $POSTGRES_USER $POSTGRES_DB' | gzip > db_dump.sql.gz` * To restore that database backup run `gunzip -c db_dump.sql.gz | docker exec -i $(docker-compose ps -q postgres) sh -c 'psql -U $POSTGRES_USER $POSTGRES_DB'`. +### Nginx doesn't start + +As a first step, stop your docker-compose setup. +Then locate the `netbox-nginx-config` volume and remove it: + +```bash +# Stop your local netbox-docker installation +$ docker-compose down + +# Find the volume +$ docker volume ls | grep netbox-nginx-config +local netbox-docker_netbox-nginx-config + +# Remove the volume +$ docker volume rm netbox-docker_netbox-nginx-config +netbox-docker_netbox-nginx-config +``` + +Now start everything up again. + +If this didn't help, try to see if there's anything in the logs indicating why nginx doesn't start: + +```bash +$ docker-compose logs -f nginx +``` + ### Getting a "Bad Request (400)" > When connecting to the NetBox instance, I get a "Bad Request (400)" error. From 2b3f8317491b4a6eb7c6ce8efe596579218c4c14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Ma=CC=88der?= Date: Tue, 14 Aug 2018 10:08:34 -0700 Subject: [PATCH 8/8] =?UTF-8?q?=E2=9C=A8=20Don't=20lock=20Django=20to=20ex?= =?UTF-8?q?plicit=20version?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ... but rather use the same definition that is currently used in Netbox's `requirements.txt`. --- Dockerfile | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index a65b33e..fd31ad3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,11 +22,10 @@ RUN pip install \ napalm \ # ruamel is used in startup_scripts ruamel.yaml \ -# if the Django package is not installed here to this pinned version -# django-rq will install the latest version (currently 2.1) -# then, when the requirements.txt of netbox is run, it will be -# uninstalled because it currently causes problems with netbox - Django==2.0.8 \ +# pinning django to the version required by netbox +# adding it here, to install the correct version of +# django-rq + 'Django>=1.11,<2.1' \ # django-rq is used for webhooks django-rq