Merge pull request #1 from ninech/master

upstream

.github/issue_template.md

@@ -0,0 +1,47 @@
+<!--
+
+Before raising an issue here, answer the following questions for yourself, please:
+
+* Did you read through the troubleshooting section? (https://github.com/ninech/netbox-docker/#troubleshooting)
+* Have you updated to the latest version and tried again? (i.e. `git pull` and `docker-compose pull`)
+* Have you reset the project and tried again? (i.e. `docker-compose down -v`)
+* Are you confident that your problem is related to the Docker or Docker Compose setup this project provides?
+  (Otherwise ask on the Netbox mailing list, please: https://groups.google.com/d/forum/netbox-discuss)
+* Have you looked through the issues already resolved?
+
+-->
+
+## Current Behavior
+
+<!-- describe what you did and how it misbehaved -->
+...
+
+## Expected Behavior
+
+<!-- describe what you expected instead -->
+...
+
+## Debug Information
+
+<!-- please fill in the following information that might helps us debug your problem more quickly -->
+The output of `docker-compose version`: `XXXXX`
+The output of `docker version`: `XXXXX`
+The output of `git rev-parse HEAD`: `XXXXX`
+The command you used to start the project: `XXXXX`
+
+The output of `docker-compose logs netbox`:
+<!-- if your log is very long, create a Gist instead: https://gist.github.com -->
+
+```
+LOG LOG LOG
+```
+
+<!--
+If you have get any 5xx http error, else delete this section.
+If your log is very long, create a Gist instead: https://gist.github.com
+-->
+The output of `docker-compose logs nginx`:
+
+```
+LOG LOG LOG
+```

.gitignore

@@ -0,0 +1 @@
+*.sql.gz

.travis.yml

@@ -20,8 +20,7 @@ after_script:
 after_success:
   - docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD"
   - if [ "$TRAVIS_BRANCH" = "master" -a "$TRAVIS_PULL_REQUEST" = "false" ]; then
-      ./build.sh master --push;
-      ./build.sh develop --push;
+      ./build-branches.sh --push;
       ./build-latest.sh --push;
       PRERELEASE=true ./build-latest.sh --push;
     fi

Dockerfile

@@ -6,6 +6,7 @@ RUN apk add --no-cache \
       ca-certificates \
       cyrus-sasl-dev \
       graphviz \
+      ttf-ubuntu-font-family \
       jpeg-dev \
       libffi-dev \
       libxml2-dev \
@@ -39,3 +40,5 @@ ENTRYPOINT [ "/docker-entrypoint.sh" ]
 VOLUME ["/etc/netbox-nginx/"]
 
 CMD ["gunicorn", "--log-level debug", "-c /opt/netbox/gunicorn_config.py", "netbox.wsgi"]
+
+LABEL SRC_URL="$URL"

README.md

@@ -1,42 +1,218 @@
 # netbox-docker
 
-[![Build Status](https://travis-ci.org/ninech/netbox-docker.svg?branch=master)](https://travis-ci.org/ninech/netbox-docker)
+[![Build Status](https://travis-ci.org/ninech/netbox-docker.svg?branch=master)][travis]
 
-This repository houses the components needed to build NetBox as a Docker container.
-Images built using this code are released to [Docker Hub](https://hub.docker.com/r/ninech/netbox) every night.
+This repository houses the components needed to build Netbox as a Docker container.
+Images built using this code are released to [Docker Hub][netbox-dockerhub] every night.
+
+[travis]: https://travis-ci.org/ninech/netbox-docker
+[netbox-dockerhub]: https://hub.docker.com/r/ninech/netbox/tags/
 
 ## Quickstart
 
-To get NetBox up and running:
+To get Netbox up and running:
 
 ```
 $ git clone -b master https://github.com/ninech/netbox-docker.git
 $ cd netbox-docker
+$ docker-compose pull
 $ docker-compose up -d
 ```
 
 The application will be available after a few minutes.
-Use `docker-compose port nginx 80` to find out where to connect to.
+Use `docker-compose port nginx 8080` to find out where to connect to.
 
 ```
-$ echo "http://$(docker-compose port nginx 80)/"
+$ echo "http://$(docker-compose port nginx 8080)/"
 http://0.0.0.0:32768/
 
 # Open netbox in your default browser on macOS:
-$ open "http://$(docker-compose port nginx 80)/"
+$ open "http://$(docker-compose port nginx 8080)/"
 
 # Open netbox in your default browser on (most) linuxes:
-$ xdg-open "http://$(docker-compose port nginx 80)/" &>/dev/null &
+$ xdg-open "http://$(docker-compose port nginx 8080)/" &>/dev/null &
 ```
 
+Alternatively, use something like [Reception][docker-reception] to
+connect to _docker-compose_ projects.
+
 Default credentials:
 
 * Username: **admin**
 * Password: **admin**
+* API Token: **0123456789abcdef0123456789abcdef01234567**
+
+[docker-reception]: https://github.com/ninech/reception
+
+## Dependencies
+
+This project relies only on *Docker* and *docker-compose* meeting this requirements:
+
+* The *Docker version* must be at least `1.13.0`.
+* The *docker-compose version* must be at least `1.10.0`.
+
+To ensure this, compare the output of `docker --version` and `docker-compose --version` with the requirements above.
 
 ## Configuration
 
 You can configure the app using environment variables. These are defined in `netbox.env`.
+Read [Environment Variables in Compose][compose-env] to understand about the various possibilities to overwrite these variables.
+(The easiest solution being simply adjusting that file.)
+
+To find all possible variables, have a look at the [configuration.docker.py][docker-config] and [docker-entrypoint.sh][entrypoint] files.
+Generally, the environment variables are called the same as their respective Netbox configuration variables.
+Variables which are arrays are usually composed by putting all the values into the same environment variables with the values separated by a whitespace ("` `").
+For example defining `ALLOWED_HOSTS=localhost ::1 127.0.0.1` would allows access to Netbox through `http://localhost:8080`, `http://[::1]:8080` and `http://127.0.0.1:8080`.
+
+[compose-env]: https://docs.docker.com/compose/environment-variables/
+
+### Custom Initialisation Code (e.g. Automatically Setting Up Custom Fields)
+
+When using `docker-compose`, all the python scripts present in `docker/startup_scripts` will automatically be executed after the application boots in the context of `./manage.py`.
+
+That mechanism can be used for many things, and in particular to load Netbox custom fields:
+
+```python
+# docker/startup_scripts/load_custom_fields.py
+from django.contrib.contenttypes.models import ContentType
+from extras.models import CF_TYPE_TEXT, CustomField
+
+from dcim.models import Device
+from dcim.models import DeviceType
+
+device      = ContentType.objects.get_for_model(Device)
+device_type = ContentType.objects.get_for_model(DeviceType)
+
+my_custom_field, created = CustomField.objects.get_or_create(
+    type=CF_TYPE_TEXT,
+    name='my_custom_field',
+    description='My own custom field'
+)
+
+if created:
+  my_custom_field.obj_type.add(device)
+  my_custom_field.obj_type.add(device_type)
+```
+
+### Production
+
+The default settings are optimized for (local) development environments.
+You should therefore adjust the configuration for production setups, at least the following variables:
+
+* `ALLOWED_HOSTS`: Add all URLs that lead to your netbox instance.
+* `DB_*`: Use a persistent database.
+* `EMAIL_*`: Use your own mailserver.
+* `MAX_PAGE_SIZE`: Use the recommended default of 1000.
+* `SUPERUSER_*`: Only define those variables during the initial setup, and drop them once the DB is set up.
+
+### Running on Docker Swarm / Kubernetes / OpenShift
+
+You may run this image in a cluster such as Docker Swarm, Kubernetes or OpenShift, but this is advanced level.
+
+In this case, we encourage you to statically configure Netbox by starting from [Netbox's example config file][default-config], and mounting it into your container using the mechanism provided by your container platform (i.e. [Docker Swarm configs][swarm-config], [Kubernetes ConfigMap][k8s-config], [OpenShift ConfigMaps][openshift-config]).
+
+But if you rather continue to configure your application through environment variables, you may continue to use [the built-in configuration file][docker-config].
+We discourage storing secrets in environment variables, as environment variable are passed on to all sub-processes and may leak easily into other systems, e.g. error collecting tools that often collect all environment variables whenever an error occurs.
+
+Therefore we *strongly advise* to make use of the secrets mechanism provided by your container platform (i.e. [Docker Swarm secrets][swarm-secrets], [Kubernetes secrets][k8s-secrets], [OpenShift secrets][openshift-secrets]).
+[The configuration file][docker-config] and [the entrypoint script][entrypoint] try to load the following secrets from the respective files.
+If a secret is defined by an environment variable and in the respective file at the same time, then the value from the environment variable is used.
+
+* `SUPERUSER_PASSWORD`: `/run/secrets/superuser_password`
+* `SUPERUSER_API_TOKEN`: `/run/secrets/superuser_api_token`
+* `DB_PASSWORD`: `/run/secrets/db_password`
+* `SECRET_KEY`: `/run/secrets/secret_key`
+* `EMAIL_PASSWORD`: `/run/secrets/email_password`
+* `NAPALM_PASSWORD`: `/run/secrets/napalm_password`
+
+Please also consider [the advice about running Netbox in production](#production) above!
+
+[docker-config]: https://github.com/ninech/netbox-docker/blob/master/docker/configuration.docker.py
+[default-config]: https://github.com/digitalocean/netbox/blob/develop/netbox/netbox/configuration.example.py
+[entrypoint]: https://github.com/ninech/netbox-docker/blob/master/docker/docker-entrypoint.sh
+[swarm-config]: https://docs.docker.com/engine/swarm/configs/
+[swarm-secrets]: https://docs.docker.com/engine/swarm/secrets/
+[openshift-config]: https://docs.openshift.org/latest/dev_guide/configmaps.html
+[openshift-secrets]: https://docs.openshift.org/latest/dev_guide/secrets.html
+[k8s-secrets]: https://kubernetes.io/docs/concepts/configuration/secret/
+[k8s-config]: https://kubernetes.io/docs/tasks/configure-pod-container/configmap/
+
+#### A Note On OpenShift
+
+OpenShift usually is configured with specific restrictions regarding root users.
+[Special care][openshift-root] has to be taken when building images for OpenShift.
+The Docker Image that may be built using this project (and which is available on Docker Hub) might not yet run without further customization on OpenShift.
+If you have this running on OpenShift, it would be nice if you could open a PR with the changes you needed to make.
+Or if you didn't do any changes and it just worked, that you could confirm this so that we can remove this notice.
+
+[openshift-root]: https://docs.openshift.org/latest/creating_images/guidelines.html#openshift-specific-guidelines
+
+## Version
+
+The `docker-compose.yml` file is prepared to run a specific version of Netbox.
+To use this feature, set the environment-variable `VERSION` before launching `docker-compose`, as shown below.
+`VERSION` may be set to the name of
+[any tag of the `ninech/netbox` Docker image on Docker Hub][netbox-dockerhub].
+
+```
+$ export VERSION=v2.2.6
+$ docker-compose pull netbox
+$ docker-compose up -d
+```
+
+You can also build a specific version of the Netbox image. This time, `VERSION` indicates any valid
+[Git Reference][git-ref] declared on [the 'digitalocean/netbox' Github repository][netbox-github].
+Most commonly you will specify a tag or branch name.
+
+```
+$ export VERSION=develop
+$ docker-compose build --no-cache netbox
+$ docker-compose up -d
+```
+
+Hint: If you're building a specific version by tag name, the `--no-cache` argument is not strictly necessary.
+This can increase the build speed if you're just adjusting the config, for example.
+
+[git-ref]: https://git-scm.com/book/en/v2/Git-Internals-Git-References
+[netbox-github]: https://github.com/digitalocean/netbox/releases
+
+## Troubleshooting
+
+This section is a collection of some common issues and how to resolve them.
+If your issue is not here, look through [the existing issues][issues] and eventually create a new issue.
+
+[issues]: (https://github.com/ninech/netbox-docker/issues)
+
+### Docker Compose basics
+
+* You can see all running containers belonging to this project using `docker-compose ps`.
+* You can see the logs by running `docker-compose logs -f`.
+  Running `docker-compose logs -f netbox` will just show the logs for netbox.
+* You can stop everything using `docker-compose stop`.
+* You can clean up everything using `docker-compose down -v --remove-orphans`. **This will also remove any related data.**
+* You can enter the shell of the running Netbox container using `docker-compose exec netbox /bin/bash`. Now you have access to `./manage.py`, e.g. to reset a password.
+* To access the database run `docker-compose exec postgres sh -c 'psql -U $POSTGRES_USER $POSTGRES_DB'`
+* To create a database backup run `docker-compose exec postgres sh -c 'pg_dump -cU $POSTGRES_USER $POSTGRES_DB' | gzip > db_dump.sql.gz`
+* To restore that database backup run `gunzip -c db_dump.sql.gz | docker exec -i $(docker-compose ps -q postgres) sh -c 'psql -U $POSTGRES_USER $POSTGRES_DB'`.
+
+### Getting a "Bad Request (400)"
+
+> When connecting to the Netbox instance, I get a "Bad Request (400)" error.
+
+This usually happens when the `ALLOWED_HOSTS` variable is not set correctly.
+
+### How to upgrade
+
+> How do I update to a newer version?
+
+It should be sufficient to pull the latest image from Docker Hub, stopping the container and starting it up again:
+
+```bash
+docker-compose pull netbox
+docker-compose stop netbox
+docker-compose rm -f netbox
+docker-compose up -d netbox
+```
 
 ## Rebuilding & Publishing images
 
@@ -63,7 +239,7 @@ You can use the following ENV variables to customize the build:
 
 ## Tests
 
-To run the bundled test, use the `docker-compose.test.yml` file.
+To run the test coming with Netbox, use the `docker-compose.test.yml` file as such:
 
 ```
 $ docker-compose -f docker-compose.test.yml run --rm app
@@ -71,6 +247,6 @@ $ docker-compose -f docker-compose.test.yml run --rm app
 
 ## About
 
-This repository is currently maintained and funded by [nine](https://nine.ch).
+This repository is currently maintained and funded by [nine](https://nine.ch), your cloud navigator.
 
 [![logo of the company 'nine'](https://logo.apps.at-nine.ch/Dmqied_eSaoBMQwk3vVgn4UIgDo=/trim/500x0/logo_claim.png)](https://www.nine.ch)

build-branches.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+ORIGINAL_GITHUB_REPO="digitalocean/netbox"
+GITHUB_REPO="${GITHUB_REPO-$ORIGINAL_GITHUB_REPO}"
+URL_RELEASES="https://api.github.com/repos/${GITHUB_REPO}/branches"
+
+CURL_OPTS="-s"
+CURL="curl ${CURL_OPTS}"
+
+BRANCHES=$($CURL "${URL_RELEASES}" | jq -r 'map(.name) | .[] | scan("^[^v].+")')
+
+for BRANCH in $BRANCHES; do
+  ./build.sh "${BRANCH}" $@
+done

build-latest.sh

@@ -1,12 +1,15 @@
 #!/bin/bash
 
-URL_RELEASES=https://api.github.com/repos/digitalocean/netbox/releases
+ORIGINAL_GITHUB_REPO="digitalocean/netbox"
+GITHUB_REPO="${GITHUB_REPO-$ORIGINAL_GITHUB_REPO}"
+URL_RELEASES="https://api.github.com/repos/${GITHUB_REPO}/releases"
 
 JQ_LATEST="group_by(.prerelease) | .[] | sort_by(.published_at) | reverse | .[0] | select(.prerelease==${PRERELEASE-false}) | .tag_name"
 
 CURL_OPTS="-s"
+CURL="curl ${CURL_OPTS}"
 
-VERSION=$(curl $CURL_OPTS "${URL_RELEASES}" | jq -r "${JQ_LATEST}")
+VERSION=$($CURL "${URL_RELEASES}" | jq -r "${JQ_LATEST}")
 
 # Check if the prerelease version is actually higher than stable version
 if [ "${PRERELEASE}" == "true" ]; then
@@ -25,4 +28,18 @@ if [ "${PRERELEASE}" == "true" ]; then
   fi
 fi
 
-./build.sh "${VERSION}" $@
+# Check if that version is not already available on docker hub:
+ORIGINAL_DOCKERHUB_REPO="ninech/netbox"
+DOCKERHUB_REPO="${DOCKERHUB_REPO-$ORIGINAL_DOCKERHUB_REPO}"
+URL_DOCKERHUB_TOKEN="https://auth.docker.io/token?service=registry.docker.io&scope=repository:${DOCKERHUB_REPO}:pull"
+BEARER_TOKEN="$($CURL "${URL_DOCKERHUB_TOKEN}" | jq -r .token)"
+
+URL_DOCKERHUB_TAG="https://registry.hub.docker.com/v2/${DOCKERHUB_REPO}/tags/list"
+AUTHORIZATION_HEADER="Authorization: Bearer ${BEARER_TOKEN}"
+ALREADY_BUILT="$($CURL -H "${AUTHORIZATION_HEADER}" "${URL_DOCKERHUB_TAG}" | jq -e ".tags | any(.==\"${VERSION}\")")"
+
+if [ "$ALREADY_BUILT" == "false" ]; then
+  ./build.sh "${VERSION}" $@
+else
+  echo "✅ ${VERSION} already exists on https://hub.docker.com/r/${DOCKERHUB_REPO}"
+fi

build.sh

@@ -8,16 +8,33 @@ if [ "${1}x" == "x" ] || [ "${1}" == "--help" ] || [ "${1}" == "-h" ]; then
   echo "  --push  Pushes built Docker image to docker hub."
   echo ""
   echo "You can use the following ENV variables to customize the build:"
+  echo "  DOCKER_OPTS Add parameters to Docker."
+  echo "           Default:"
+  echo "             When <TAG> starts with 'v':  \"\""
+  echo "             Else:                        \"--no-cache\""
   echo "  BRANCH   The branch to build."
   echo "           Also used for tagging the image."
-  echo "  DOCKER_REPO The Docker registry (i.e. hub.docker.com/r/DOCKER_REPO/netbox) "
+  echo "  TAG      The version part of the docker tag."
+  echo "           Default:"
+  echo "             When <BRANCH>=master:  latest"
+  echo "             When <BRANCH>=develop: snapshot"
+  echo "             Else:          same as <BRANCH>"
+  echo "  DOCKER_ORG The Docker registry (i.e. hub.docker.com/r/<DOCKER_ORG>/<DOCKER_REPO>) "
   echo "           Also used for tagging the image."
   echo "           Default: ninech"
-  echo "  SRC_REPO Which fork of netbox to use (i.e. github.com/<SRC_REPO>/netbox)."
+  echo "  DOCKER_REPO The Docker registry (i.e. hub.docker.com/r/<DOCKER_ORG>/<DOCKER_REPO>) "
+  echo "           Also used for tagging the image."
+  echo "           Default: netbox"
+  echo "  DOCKER_TAG The name of the tag which is applied to the image."
+  echo "           Useful for pushing into another registry than hub.docker.com."
+  echo "           Default: <DOCKER_ORG>/<DOCKER_REPO>:<BRANCH>"
+  echo "  SRC_ORG  Which fork of netbox to use (i.e. github.com/<SRC_ORG>/<SRC_REPO>)."
   echo "           Default: digitalocean"
+  echo "  SRC_REPO The name of the netbox for to use (i.e. github.com/<SRC_ORG>/<SRC_REPO>)."
+  echo "           Default: netbox"
   echo "  URL      Where to fetch the package from."
   echo "           Must be a tar.gz file of the source code."
-  echo "           Default: https://github.com/\${SRC_REPO}/netbox/archive/\$BRANCH.tar.gz"
+  echo "           Default: https://github.com/<SRC_ORG>/<SRC_REPO>/archive/\$BRANCH.tar.gz"
 
   if [ "${1}x" == "x" ]; then
     exit 1
@@ -26,28 +43,42 @@ if [ "${1}x" == "x" ] || [ "${1}" == "--help" ] || [ "${1}" == "-h" ]; then
   fi
 fi
 
-SRC_REPO="${SRC_REPO-digitalocean}"
-DOCKER_REPO="${DOCKER_REPO-ninech}"
+# variables for fetching the source
+SRC_ORG="${SRC_ORG-digitalocean}"
+SRC_REPO="${SRC_REPO-netbox}"
 BRANCH="${1}"
-URL="${URL-https://github.com/${SRC_REPO}/netbox/archive/$BRANCH.tar.gz}"
+URL="${URL-https://github.com/${SRC_ORG}/${SRC_REPO}/archive/$BRANCH.tar.gz}"
 
-if [ "${BRANCH}" == "master" ]; then
-  TAG="${TAG-latest}"
-  CACHE="--no-cache"
-elif [ "${BRANCH}" == "develop" ]; then
-  TAG="${TAG-snapshot}"
-  CACHE="--no-cache"
-else
-  TAG="${TAG-$BRANCH}"
-  CACHE=""
-fi
+# variables for tagging the docker image
+DOCKER_ORG="${DOCKER_ORG-ninech}"
+DOCKER_REPO="${DOCKER_REPO-netbox}"
+case "${BRANCH}" in
+  master)
+    TAG="${TAG-latest}";;
+  develop)
+    TAG="${TAG-snapshot}";;
+  *)
+    TAG="${TAG-$BRANCH}";;
+esac
+DOCKER_TAG="${DOCKER_TAG-${DOCKER_ORG}/${DOCKER_REPO}:${TAG}}"
 
-echo "🐳 Building the Docker image '${DOCKER_REPO}/netbox:${TAG}' from the branch '${BRANCH}'."
-docker build -t "${DOCKER_REPO}/netbox:${TAG}" --build-arg "BRANCH=${BRANCH}" --build-arg "URL=${URL}" --pull ${CACHE} .
-echo "✅ Finished building the Docker images '${DOCKER_REPO}/netbox:${TAG}'"
+# caching is only ok for version tags
+case "${TAG}" in
+  v*)
+    CACHE="${CACHE-}";;
+  *)
+    CACHE="${CACHE---no-cache}";;
+esac
+
+# Docker options
+DOCKER_OPTS="${DOCKER_OPTS-$CACHE}"
+
+echo "🐳 Building the Docker image '${DOCKER_TAG}' from the url '${URL}'."
+docker build -t "${DOCKER_TAG}" --build-arg "BRANCH=${BRANCH}" --build-arg "URL=${URL}" --pull ${DOCKER_OPTS} .
+echo "✅ Finished building the Docker images '${DOCKER_TAG}'"
 
 if [ "${2}" == "--push" ] ; then
-  echo "⏫ Pushing '${DOCKER_REPO}/netbox:${BRANCH}"
-  docker push "${DOCKER_REPO}/netbox:${TAG}"
-  echo "✅ Finished pushing the Docker image '${DOCKER_REPO}/netbox:${TAG}'."
+  echo "⏫ Pushing '${DOCKER_TAG}"
+  docker push "${DOCKER_TAG}"
+  echo "✅ Finished pushing the Docker image '${DOCKER_TAG}'."
 fi

docker-compose.test.yml

@@ -1,23 +1,22 @@
 version: '3'
 services:
     app:
-        build:
-          context: .
-          args:
-            - BRANCH=${BRANCH-master}
-        image: ninech/netbox:${BRANCH-latest}
-        depends_on:
-        - postgres
-        env_file: netbox.env
-        command:
-        - ./manage.py
-        - test
+      build:
+        context: .
+        args:
+        - BRANCH=${BRANCH-master}
+      image: ninech/netbox:${BRANCH-latest}
+      depends_on:
+      - postgres
+      env_file: netbox.env
+      command:
+      - ./manage.py
+      - test
     postgres:
-        image: postgres:9.6-alpine
-        env_file: postgres.env
-
+      image: postgres:9.6-alpine
+      env_file: postgres.env
 volumes:
-    netbox-static-files:
-        driver: local
-    netbox-nginx-config:
-        driver: local
+  netbox-static-files:
+    driver: local
+  netbox-nginx-config:
+    driver: local

docker-compose.yml

@@ -4,30 +4,41 @@ services:
         build:
           context: .
           args:
-            - BRANCH=${BRANCH-master}
-        image: ninech/netbox:${BRANCH-latest}
+            - BRANCH=${VERSION-master}
+        image: ninech/netbox:${VERSION-latest}
         depends_on:
         - postgres
         env_file: netbox.env
         volumes:
+        - ./docker/startup_scripts:/opt/netbox/netbox/startup_scripts
         - netbox-nginx-config:/etc/netbox-nginx/
         - netbox-static-files:/opt/netbox/netbox/static
+        - netbox-media-files:/opt/netbox/netbox/media
+        - netbox-report-files:/opt/netbox/netbox/reports
     nginx:
         image: nginx:1.11-alpine
         command: nginx -g 'daemon off;' -c /etc/netbox-nginx/nginx.conf
         depends_on:
         - netbox
         ports:
-        - 80
+        - 8080
         volumes:
         - netbox-static-files:/opt/netbox/netbox/static
         - netbox-nginx-config:/etc/netbox-nginx/
     postgres:
         image: postgres:9.6-alpine
         env_file: postgres.env
+        volumes:
+        - netbox-postgres-data:/var/lib/postgresql/data
 
 volumes:
     netbox-static-files:
         driver: local
     netbox-nginx-config:
         driver: local
+    netbox-media-files:
+        driver: local
+    netbox-report-files:
+        driver: local
+    netbox-postgres-data:
+        driver: local

docker/configuration.docker.py

@@ -1,4 +1,21 @@
 import os
+import socket
+
+# For reference see http://netbox.readthedocs.io/en/latest/configuration/mandatory-settings/
+# Based on https://github.com/digitalocean/netbox/blob/develop/netbox/netbox/configuration.example.py
+
+# Read secret from file
+def read_secret(secret_name):
+    try:
+        f = open('/run/secrets/' + secret_name, 'r', encoding='utf-8')
+    except EnvironmentError:
+        return ''
+    else:
+        with f:
+            return f.readline().strip()
+
+BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+
 #########################
 #                       #
 #   Required settings   #
@@ -9,13 +26,14 @@ import os
 # access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.
 #
 # Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']
-ALLOWED_HOSTS = os.environ.get('ALLOWED_HOSTS', '').split(' ')
+ALLOWED_HOSTS = os.environ.get('ALLOWED_HOSTS', socket.gethostname()).split(' ')
 
 # PostgreSQL database configuration.
 DATABASE = {
     'NAME': os.environ.get('DB_NAME', 'netbox'),         # Database name
     'USER': os.environ.get('DB_USER', ''),               # PostgreSQL username
-    'PASSWORD': os.environ.get('DB_PASSWORD', ''),       # PostgreSQL password
+    'PASSWORD': os.environ.get('DB_PASSWORD', read_secret('db_password')),
+                                                         # PostgreSQL password
     'HOST': os.environ.get('DB_HOST', 'localhost'),      # Database server
     'PORT': os.environ.get('DB_PORT', ''),               # Database port (leave blank for default)
 }
@@ -24,7 +42,7 @@ DATABASE = {
 # For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and
 # symbols. NetBox will not run without this defined. For more information, see
 # https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-SECRET_KEY
-SECRET_KEY = os.environ.get('SECRET_KEY', '')
+SECRET_KEY = os.environ.get('SECRET_KEY', read_secret('secret_key'))
 
 #########################
 #                       #
@@ -38,16 +56,51 @@ ADMINS = [
     # ['John Doe', 'jdoe@example.com'],
 ]
 
+# Optionally display a persistent banner at the top and/or bottom of every page. HTML is allowed. To display the same
+# content in both banners, define BANNER_TOP and set BANNER_BOTTOM = BANNER_TOP.
+BANNER_TOP = os.environ.get('BANNER_TOP', '')
+BANNER_BOTTOM = os.environ.get('BANNER_BOTTOM', '')
+
+# Text to include on the login page above the login form. HTML is allowed.
+BANNER_LOGIN = os.environ.get('BANNER_LOGIN', '')
+
+# Base URL path if accessing NetBox within a directory. For example, if installed at http://example.com/netbox/, set:
+# BASE_PATH = 'netbox/'
+BASE_PATH = os.environ.get('BASE_PATH', '')
+
+# API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be
+# allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or
+# CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers
+CORS_ORIGIN_ALLOW_ALL = os.environ.get('CORS_ORIGIN_ALLOW_ALL', False)
+CORS_ORIGIN_WHITELIST = os.environ.get('CORS_ORIGIN_WHITELIST', '').split(' ')
+CORS_ORIGIN_REGEX_WHITELIST = [
+    # r'^(https?://)?(\w+\.)?example\.com$',
+]
+
+# Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal
+# sensitive information about your installation. Only enable debugging while performing testing. Never enable debugging
+# on a production system.
+DEBUG = os.environ.get('DEBUG', False)
+
 # Email settings
 EMAIL = {
     'SERVER': os.environ.get('EMAIL_SERVER', 'localhost'),
-    'PORT': os.environ.get('EMAIL_PORT', 25),
+    'PORT': int(os.environ.get('EMAIL_PORT', 25)),
     'USERNAME': os.environ.get('EMAIL_USERNAME', ''),
-    'PASSWORD': os.environ.get('EMAIL_PASSWORD', ''),
-    'TIMEOUT': os.environ.get('EMAIL_TIMEOUT', 10),  # seconds
+    'PASSWORD': os.environ.get('EMAIL_PASSWORD', read_secret('email_password')),
+    'TIMEOUT': int(os.environ.get('EMAIL_TIMEOUT', 10)),  # seconds
     'FROM_EMAIL': os.environ.get('EMAIL_FROM', ''),
 }
 
+# Enforcement of unique IP space can be toggled on a per-VRF basis.
+# To enforce unique IP space within the global table (all prefixes and IP addresses not assigned to a VRF),
+# set ENFORCE_GLOBAL_UNIQUE to True.
+ENFORCE_GLOBAL_UNIQUE = os.environ.get('ENFORCE_GLOBAL_UNIQUE', False)
+
+# Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs:
+#   https://docs.djangoproject.com/en/1.11/topics/logging/
+LOGGING = {}
+
 # Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users
 # are permitted to access most data in NetBox (excluding secrets) but not make any changes.
 LOGIN_REQUIRED = os.environ.get('LOGIN_REQUIRED', False)
@@ -59,12 +112,36 @@ BASE_PATH = os.environ.get('BASE_PATH', '')
 # Setting this to True will display a "maintenance mode" banner at the top of every page.
 MAINTENANCE_MODE = os.environ.get('MAINTENANCE_MODE', False)
 
+# An API consumer can request an arbitrary number of objects =by appending the "limit" parameter to the URL (e.g.
+# "?limit=1000"). This setting defines the maximum limit. Setting it to 0 or None will allow an API consumer to request
+# all objects by specifying "?limit=0".
+MAX_PAGE_SIZE = int(os.environ.get('MAX_PAGE_SIZE', 1000))
+
+# The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. Note that
+# the default value of this setting is derived from the installed location.
+MEDIA_ROOT = os.environ.get('MEDIA_ROOT', os.path.join(BASE_DIR, 'media'))
+
 # Credentials that NetBox will use to access live devices.
 NAPALM_USERNAME = os.environ.get('NAPALM_USERNAME', '')
-NAPALM_PASSWORD = os.environ.get('NAPALM_PASSWORD', '')
+NAPALM_PASSWORD = os.environ.get('NAPALM_PASSWORD', read_secret('napalm_password'))
+
+# NAPALM timeout (in seconds). (Default: 30)
+NAPALM_TIMEOUT = int(os.environ.get('NAPALM_TIMEOUT', 30))
+
+# NAPALM optional arguments (see http://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must
+# be provided as a dictionary.
+NAPALM_ARGS = {}
 
 # Determine how many objects to display per page within a list. (Default: 50)
-PAGINATE_COUNT = os.environ.get('PAGINATE_COUNT', 50)
+PAGINATE_COUNT = int(os.environ.get('PAGINATE_COUNT', 50))
+
+# When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to True to
+# prefer IPv4 instead.
+PREFER_IPV4 = os.environ.get('PREFER_IPV4', False)
+
+# The file path where custom reports will be stored. A trailing slash is not needed. Note that the default value of
+# this setting is derived from the installed location.
+REPORTS_ROOT = os.environ.get('REPORTS_ROOT', os.path.join(BASE_DIR, 'reports'))
 
 # Time zone (default: UTC)
 TIME_ZONE = os.environ.get('TIME_ZONE', 'UTC')

docker/docker-entrypoint.sh

@@ -1,30 +1,52 @@
 #!/bin/bash
 set -e
 
-# run db migrations (retry on error)
+# wait shortly and then run db migrations (retry on error)
 while ! ./manage.py migrate 2>&1; do
-    sleep 5
+  echo "⏳ Waiting on DB..."
+  sleep 3
 done
 
 # create superuser silently
-if [[ -z ${SUPERUSER_NAME} || -z ${SUPERUSER_EMAIL} || -z ${SUPERUSER_PASSWORD} ]]; then
-        SUPERUSER_NAME='admin'
-        SUPERUSER_EMAIL='admin@example.com'
-        SUPERUSER_PASSWORD='admin'
-        echo "Using defaults: Username: ${SUPERUSER_NAME}, E-Mail: ${SUPERUSER_EMAIL}, Password: ${SUPERUSER_PASSWORD}"
+if [ -z ${SUPERUSER_NAME+x} ]; then
+  SUPERUSER_NAME='admin'
 fi
+if [ -z ${SUPERUSER_EMAIL+x} ]; then
+  SUPERUSER_EMAIL='admin@example.com'
+fi
+if [ -z ${SUPERUSER_PASSWORD+x} ]; then
+  if [ -f "/run/secrets/superuser_password" ]; then
+    SUPERUSER_PASSWORD="$(< /run/secrets/superuser_password)"
+  else
+    SUPERUSER_PASSWORD='admin'
+  fi
+fi
+if [ -z ${SUPERUSER_API_TOKEN+x} ]; then
+  if [ -f "/run/secrets/superuser_api_token" ]; then
+    SUPERUSER_API_TOKEN="$(< /run/secrets/superuser_api_token)"
+  else
+    SUPERUSER_API_TOKEN='0123456789abcdef0123456789abcdef01234567'
+  fi
+fi
+
+echo "💡 Username: ${SUPERUSER_NAME}, E-Mail: ${SUPERUSER_EMAIL}, Password: ${SUPERUSER_PASSWORD}, Token: ${SUPERUSER_API_TOKEN}"
 
 ./manage.py shell --plain << END
 from django.contrib.auth.models import User
+from users.models import Token
 if not User.objects.filter(username='${SUPERUSER_NAME}'):
-    User.objects.create_superuser('${SUPERUSER_NAME}', '${SUPERUSER_EMAIL}', '${SUPERUSER_PASSWORD}')
+    u=User.objects.create_superuser('${SUPERUSER_NAME}', '${SUPERUSER_EMAIL}', '${SUPERUSER_PASSWORD}')
+    Token.objects.create(user=u, key='${SUPERUSER_API_TOKEN}')
 END
 
+for script in $(ls startup_scripts/*.py 2> /dev/null); do
+  ./manage.py shell --plain < "${script}"
+done
+
 # copy static files
 ./manage.py collectstatic --no-input
 
-echo "✅ Initialisation is done. Launching CMD:"
-echo "exec ${@}"
+echo "✅ Initialisation is done."
 
 # launch whatever is passed by docker via RUN
 exec ${@}

docker/nginx.conf

@@ -1,24 +1,23 @@
 worker_processes 1;
 
 events {
-    worker_connections  1024;
+    worker_connections 1024;
 }
 
 http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-    sendfile        on;
-    tcp_nopush     on;
-    keepalive_timeout  65;
-    gzip  on;
-    server_tokens off;
+    include              /etc/nginx/mime.types;
+    default_type         application/octet-stream;
+    sendfile             on;
+    tcp_nopush           on;
+    keepalive_timeout    65;
+    gzip                 on;
+    server_tokens        off;
+    client_max_body_size 10M;
 
     server {
-        listen 80;
-
+        listen      8080;
         server_name localhost;
-
-        access_log off;
+        access_log  off;
 
         location /static/ {
             alias /opt/netbox/netbox/static/;

netbox.env

@@ -1,17 +1,18 @@
-SUPERUSER_NAME=admin
-SUPERUSER_EMAIL=admin@example.com
-SUPERUSER_PASSWORD=admin
-ALLOWED_HOSTS=localhost
+ALLOWED_HOSTS=localhost 0.0.0.0 127.0.0.1 [::1] netbox nginx netboxdocker.docker nginx.netboxdocker.docker
 DB_NAME=netbox
 DB_USER=netbox
 DB_PASSWORD=J5brHrAXFLQSif0K
 DB_HOST=postgres
-SECRET_KEY=r8OwDznj!!dci#P9ghmRfdu1Ysxm0AiPeDCQhKE+N_rClfWNj
 EMAIL_SERVER=localhost
 EMAIL_PORT=25
-EMAIL_USERNAME=foo
-EMAIL_PASSWORD=bar
-EMAIL_TIMEOUT=10
+EMAIL_USERNAME=netbox
+EMAIL_PASSWORD=
+EMAIL_TIMEOUT=5
 EMAIL_FROM=netbox@bar.com
-NETBOX_USERNAME=guest
-NETBOX_PASSWORD=guest
+NAPALM_TIMEOUT=5
+MAX_PAGE_SIZE=0
+SECRET_KEY=r8OwDznj!!dci#P9ghmRfdu1Ysxm0AiPeDCQhKE+N_rClfWNj
+SUPERUSER_NAME=admin
+SUPERUSER_EMAIL=admin@example.com
+SUPERUSER_PASSWORD=admin
+SUPERUSER_API_TOKEN=0123456789abcdef0123456789abcdef01234567