Mascali/netbox-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #1 from ninech/master

Browse source 
upstream
This commit is contained in:
Jo Knight 2018-02-04 22:13:50 +00:00 committed by GitHub
commit c14151aeaf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 495 additions and 98 deletions
Download patch file Download diff file Expand all files Collapse all files

47
.github/issue_template.md vendored Normal file
View file

@ -0,0 +1,47 @@
<!--
Before raising an issue here, answer the following questions for yourself, please:
* Did you read through the troubleshooting section? (https://github.com/ninech/netbox-docker/#troubleshooting)
* Have you updated to the latest version and tried again? (i.e. `git pull` and `docker-compose pull`)
* Have you reset the project and tried again? (i.e. `docker-compose down -v`)
* Are you confident that your problem is related to the Docker or Docker Compose setup this project provides?
(Otherwise ask on the Netbox mailing list, please: https://groups.google.com/d/forum/netbox-discuss)
* Have you looked through the issues already resolved?
-->
## Current Behavior
<!-- describe what you did and how it misbehaved -->
...
## Expected Behavior
<!-- describe what you expected instead -->
...
## Debug Information
<!-- please fill in the following information that might helps us debug your problem more quickly -->
The output of `docker-compose version`: `XXXXX`
The output of `docker version`: `XXXXX`
The output of `git rev-parse HEAD`: `XXXXX`
The command you used to start the project: `XXXXX`
The output of `docker-compose logs netbox`:
<!-- if your log is very long, create a Gist instead: https://gist.github.com -->
```
LOG LOG LOG
```
<!--
If you have get any 5xx http error, else delete this section.
If your log is very long, create a Gist instead: https://gist.github.com
-->
The output of `docker-compose logs nginx`:
```
LOG LOG LOG
```

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
*.sql.gz

3
.travis.yml
View file

@ -20,8 +20,7 @@ after_script:
after_success: after_success:
- docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD" - docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD"
- if [ "$TRAVIS_BRANCH" = "master" -a "$TRAVIS_PULL_REQUEST" = "false" ]; then - if [ "$TRAVIS_BRANCH" = "master" -a "$TRAVIS_PULL_REQUEST" = "false" ]; then
./build.sh master --push; ./build-branches.sh --push;
./build.sh develop --push;
./build-latest.sh --push; ./build-latest.sh --push;
PRERELEASE=true ./build-latest.sh --push; PRERELEASE=true ./build-latest.sh --push;
fi fi

3
Dockerfile
View file

@ -6,6 +6,7 @@ RUN apk add --no-cache \
ca-certificates \ ca-certificates \
cyrus-sasl-dev \ cyrus-sasl-dev \
graphviz \ graphviz \
ttf-ubuntu-font-family \
jpeg-dev \ jpeg-dev \
libffi-dev \ libffi-dev \
libxml2-dev \ libxml2-dev \
@ -39,3 +40,5 @@ ENTRYPOINT [ "/docker-entrypoint.sh" ]
VOLUME ["/etc/netbox-nginx/"] VOLUME ["/etc/netbox-nginx/"]
CMD ["gunicorn", "--log-level debug", "-c /opt/netbox/gunicorn_config.py", "netbox.wsgi"] CMD ["gunicorn", "--log-level debug", "-c /opt/netbox/gunicorn_config.py", "netbox.wsgi"]
LABEL SRC_URL="$URL"

196
README.md
View file

@ -1,42 +1,218 @@
# netbox-docker # netbox-docker
[![Build Status](https://travis-ci.org/ninech/netbox-docker.svg?branch=master)](https://travis-ci.org/ninech/netbox-docker) [![Build Status](https://travis-ci.org/ninech/netbox-docker.svg?branch=master)][travis]
This repository houses the components needed to build NetBox as a Docker container. This repository houses the components needed to build Netbox as a Docker container.
Images built using this code are released to [Docker Hub](https://hub.docker.com/r/ninech/netbox) every night. Images built using this code are released to [Docker Hub][netbox-dockerhub] every night.
[travis]: https://travis-ci.org/ninech/netbox-docker
[netbox-dockerhub]: https://hub.docker.com/r/ninech/netbox/tags/
## Quickstart ## Quickstart
To get NetBox up and running: To get Netbox up and running:
``` ```
$ git clone -b master https://github.com/ninech/netbox-docker.git $ git clone -b master https://github.com/ninech/netbox-docker.git
$ cd netbox-docker $ cd netbox-docker
$ docker-compose pull
$ docker-compose up -d $ docker-compose up -d
``` ```
The application will be available after a few minutes. The application will be available after a few minutes.
Use `docker-compose port nginx 80` to find out where to connect to. Use `docker-compose port nginx 8080` to find out where to connect to.
``` ```
$ echo "http://$(docker-compose port nginx 80)/" $ echo "http://$(docker-compose port nginx 8080)/"
http://0.0.0.0:32768/ http://0.0.0.0:32768/
# Open netbox in your default browser on macOS: # Open netbox in your default browser on macOS:
$ open "http://$(docker-compose port nginx 80)/" $ open "http://$(docker-compose port nginx 8080)/"
# Open netbox in your default browser on (most) linuxes: # Open netbox in your default browser on (most) linuxes:
$ xdg-open "http://$(docker-compose port nginx 80)/" &>/dev/null & $ xdg-open "http://$(docker-compose port nginx 8080)/" &>/dev/null &
``` ```
Alternatively, use something like [Reception][docker-reception] to
connect to _docker-compose_ projects.
Default credentials: Default credentials:
* Username: **admin** * Username: **admin**
* Password: **admin** * Password: **admin**
* API Token: **0123456789abcdef0123456789abcdef01234567**
[docker-reception]: https://github.com/ninech/reception
## Dependencies
This project relies only on *Docker* and *docker-compose* meeting this requirements:
* The *Docker version* must be at least `1.13.0`.
* The *docker-compose version* must be at least `1.10.0`.
To ensure this, compare the output of `docker --version` and `docker-compose --version` with the requirements above.
## Configuration ## Configuration
You can configure the app using environment variables. These are defined in `netbox.env`. You can configure the app using environment variables. These are defined in `netbox.env`.
Read [Environment Variables in Compose][compose-env] to understand about the various possibilities to overwrite these variables.
(The easiest solution being simply adjusting that file.)
To find all possible variables, have a look at the [configuration.docker.py][docker-config] and [docker-entrypoint.sh][entrypoint] files.
Generally, the environment variables are called the same as their respective Netbox configuration variables.
Variables which are arrays are usually composed by putting all the values into the same environment variables with the values separated by a whitespace ("` `").
For example defining `ALLOWED_HOSTS=localhost ::1 127.0.0.1` would allows access to Netbox through `http://localhost:8080`, `http://[::1]:8080` and `http://127.0.0.1:8080`.
[compose-env]: https://docs.docker.com/compose/environment-variables/
### Custom Initialisation Code (e.g. Automatically Setting Up Custom Fields)
When using `docker-compose`, all the python scripts present in `docker/startup_scripts` will automatically be executed after the application boots in the context of `./manage.py`.
That mechanism can be used for many things, and in particular to load Netbox custom fields:
```python
# docker/startup_scripts/load_custom_fields.py
from django.contrib.contenttypes.models import ContentType
from extras.models import CF_TYPE_TEXT, CustomField
from dcim.models import Device
from dcim.models import DeviceType
device = ContentType.objects.get_for_model(Device)
device_type = ContentType.objects.get_for_model(DeviceType)
my_custom_field, created = CustomField.objects.get_or_create(
type=CF_TYPE_TEXT,
name='my_custom_field',
description='My own custom field'
)
if created:
my_custom_field.obj_type.add(device)
my_custom_field.obj_type.add(device_type)
```
### Production
The default settings are optimized for (local) development environments.
You should therefore adjust the configuration for production setups, at least the following variables:
* `ALLOWED_HOSTS`: Add all URLs that lead to your netbox instance.
* `DB_*`: Use a persistent database.
* `EMAIL_*`: Use your own mailserver.
* `MAX_PAGE_SIZE`: Use the recommended default of 1000.
* `SUPERUSER_*`: Only define those variables during the initial setup, and drop them once the DB is set up.
### Running on Docker Swarm / Kubernetes / OpenShift
You may run this image in a cluster such as Docker Swarm, Kubernetes or OpenShift, but this is advanced level.
In this case, we encourage you to statically configure Netbox by starting from [Netbox's example config file][default-config], and mounting it into your container using the mechanism provided by your container platform (i.e. [Docker Swarm configs][swarm-config], [Kubernetes ConfigMap][k8s-config], [OpenShift ConfigMaps][openshift-config]).
But if you rather continue to configure your application through environment variables, you may continue to use [the built-in configuration file][docker-config].
We discourage storing secrets in environment variables, as environment variable are passed on to all sub-processes and may leak easily into other systems, e.g. error collecting tools that often collect all environment variables whenever an error occurs.
Therefore we *strongly advise* to make use of the secrets mechanism provided by your container platform (i.e. [Docker Swarm secrets][swarm-secrets], [Kubernetes secrets][k8s-secrets], [OpenShift secrets][openshift-secrets]).
[The configuration file][docker-config] and [the entrypoint script][entrypoint] try to load the following secrets from the respective files.
If a secret is defined by an environment variable and in the respective file at the same time, then the value from the environment variable is used.
* `SUPERUSER_PASSWORD`: `/run/secrets/superuser_password`
* `SUPERUSER_API_TOKEN`: `/run/secrets/superuser_api_token`
* `DB_PASSWORD`: `/run/secrets/db_password`
* `SECRET_KEY`: `/run/secrets/secret_key`
* `EMAIL_PASSWORD`: `/run/secrets/email_password`
* `NAPALM_PASSWORD`: `/run/secrets/napalm_password`
Please also consider [the advice about running Netbox in production](#production) above!
[docker-config]: https://github.com/ninech/netbox-docker/blob/master/docker/configuration.docker.py
[default-config]: https://github.com/digitalocean/netbox/blob/develop/netbox/netbox/configuration.example.py
[entrypoint]: https://github.com/ninech/netbox-docker/blob/master/docker/docker-entrypoint.sh
[swarm-config]: https://docs.docker.com/engine/swarm/configs/
[swarm-secrets]: https://docs.docker.com/engine/swarm/secrets/
[openshift-config]: https://docs.openshift.org/latest/dev_guide/configmaps.html
[openshift-secrets]: https://docs.openshift.org/latest/dev_guide/secrets.html
[k8s-secrets]: https://kubernetes.io/docs/concepts/configuration/secret/
[k8s-config]: https://kubernetes.io/docs/tasks/configure-pod-container/configmap/
#### A Note On OpenShift
OpenShift usually is configured with specific restrictions regarding root users.
[Special care][openshift-root] has to be taken when building images for OpenShift.
The Docker Image that may be built using this project (and which is available on Docker Hub) might not yet run without further customization on OpenShift.
If you have this running on OpenShift, it would be nice if you could open a PR with the changes you needed to make.
Or if you didn't do any changes and it just worked, that you could confirm this so that we can remove this notice.
[openshift-root]: https://docs.openshift.org/latest/creating_images/guidelines.html#openshift-specific-guidelines
## Version
The `docker-compose.yml` file is prepared to run a specific version of Netbox.
To use this feature, set the environment-variable `VERSION` before launching `docker-compose`, as shown below.
`VERSION` may be set to the name of
[any tag of the `ninech/netbox` Docker image on Docker Hub][netbox-dockerhub].
```
$ export VERSION=v2.2.6
$ docker-compose pull netbox
$ docker-compose up -d
```
You can also build a specific version of the Netbox image. This time, `VERSION` indicates any valid
[Git Reference][git-ref] declared on [the 'digitalocean/netbox' Github repository][netbox-github].
Most commonly you will specify a tag or branch name.
```
$ export VERSION=develop
$ docker-compose build --no-cache netbox
$ docker-compose up -d
```
Hint: If you're building a specific version by tag name, the `--no-cache` argument is not strictly necessary.
This can increase the build speed if you're just adjusting the config, for example.
[git-ref]: https://git-scm.com/book/en/v2/Git-Internals-Git-References
[netbox-github]: https://github.com/digitalocean/netbox/releases
## Troubleshooting
This section is a collection of some common issues and how to resolve them.
If your issue is not here, look through [the existing issues][issues] and eventually create a new issue.
[issues]: (https://github.com/ninech/netbox-docker/issues)
### Docker Compose basics
* You can see all running containers belonging to this project using `docker-compose ps`.
* You can see the logs by running `docker-compose logs -f`.
Running `docker-compose logs -f netbox` will just show the logs for netbox.
* You can stop everything using `docker-compose stop`.
* You can clean up everything using `docker-compose down -v --remove-orphans`. **This will also remove any related data.**
* You can enter the shell of the running Netbox container using `docker-compose exec netbox /bin/bash`. Now you have access to `./manage.py`, e.g. to reset a password.
* To access the database run `docker-compose exec postgres sh -c 'psql -U $POSTGRES_USER $POSTGRES_DB'`
* To create a database backup run `docker-compose exec postgres sh -c 'pg_dump -cU $POSTGRES_USER $POSTGRES_DB' | gzip > db_dump.sql.gz`
* To restore that database backup run `gunzip -c db_dump.sql.gz | docker exec -i $(docker-compose ps -q postgres) sh -c 'psql -U $POSTGRES_USER $POSTGRES_DB'`.
### Getting a "Bad Request (400)"
> When connecting to the Netbox instance, I get a "Bad Request (400)" error.
This usually happens when the `ALLOWED_HOSTS` variable is not set correctly.
### How to upgrade
> How do I update to a newer version?
It should be sufficient to pull the latest image from Docker Hub, stopping the container and starting it up again:
```bash
docker-compose pull netbox
docker-compose stop netbox
docker-compose rm -f netbox
docker-compose up -d netbox
```
## Rebuilding & Publishing images ## Rebuilding & Publishing images
@ -63,7 +239,7 @@ You can use the following ENV variables to customize the build:
## Tests ## Tests
To run the bundled test, use the `docker-compose.test.yml` file. To run the test coming with Netbox, use the `docker-compose.test.yml` file as such:
``` ```
$ docker-compose -f docker-compose.test.yml run --rm app $ docker-compose -f docker-compose.test.yml run --rm app
@ -71,6 +247,6 @@ $ docker-compose -f docker-compose.test.yml run --rm app
## About ## About
This repository is currently maintained and funded by [nine](https://nine.ch). This repository is currently maintained and funded by [nine](https://nine.ch), your cloud navigator.
[![logo of the company 'nine'](https://logo.apps.at-nine.ch/Dmqied_eSaoBMQwk3vVgn4UIgDo=/trim/500x0/logo_claim.png)](https://www.nine.ch) [![logo of the company 'nine'](https://logo.apps.at-nine.ch/Dmqied_eSaoBMQwk3vVgn4UIgDo=/trim/500x0/logo_claim.png)](https://www.nine.ch)

14
build-branches.sh Executable file
View file

@ -0,0 +1,14 @@
#!/bin/bash
ORIGINAL_GITHUB_REPO="digitalocean/netbox"
GITHUB_REPO="${GITHUB_REPO-$ORIGINAL_GITHUB_REPO}"
URL_RELEASES="https://api.github.com/repos/${GITHUB_REPO}/branches"
CURL_OPTS="-s"
CURL="curl ${CURL_OPTS}"
BRANCHES=$($CURL "${URL_RELEASES}" | jq -r 'map(.name) | .[] | scan("^[^v].+")')
for BRANCH in $BRANCHES; do
./build.sh "${BRANCH}" $@
done

23
build-latest.sh
View file

@ -1,12 +1,15 @@
#!/bin/bash #!/bin/bash
URL_RELEASES=https://api.github.com/repos/digitalocean/netbox/releases ORIGINAL_GITHUB_REPO="digitalocean/netbox"
GITHUB_REPO="${GITHUB_REPO-$ORIGINAL_GITHUB_REPO}"
URL_RELEASES="https://api.github.com/repos/${GITHUB_REPO}/releases"
JQ_LATEST="group_by(.prerelease) | .[] | sort_by(.published_at) | reverse | .[0] | select(.prerelease==${PRERELEASE-false}) | .tag_name" JQ_LATEST="group_by(.prerelease) | .[] | sort_by(.published_at) | reverse | .[0] | select(.prerelease==${PRERELEASE-false}) | .tag_name"
CURL_OPTS="-s" CURL_OPTS="-s"
CURL="curl ${CURL_OPTS}"
VERSION=$(curl $CURL_OPTS "${URL_RELEASES}" | jq -r "${JQ_LATEST}") VERSION=$($CURL "${URL_RELEASES}" | jq -r "${JQ_LATEST}")
# Check if the prerelease version is actually higher than stable version # Check if the prerelease version is actually higher than stable version
if [ "${PRERELEASE}" == "true" ]; then if [ "${PRERELEASE}" == "true" ]; then
@ -25,4 +28,18 @@ if [ "${PRERELEASE}" == "true" ]; then
fi fi
fi fi
./build.sh "${VERSION}" $@ # Check if that version is not already available on docker hub:
ORIGINAL_DOCKERHUB_REPO="ninech/netbox"
DOCKERHUB_REPO="${DOCKERHUB_REPO-$ORIGINAL_DOCKERHUB_REPO}"
URL_DOCKERHUB_TOKEN="https://auth.docker.io/token?service=registry.docker.io&scope=repository:${DOCKERHUB_REPO}:pull"
BEARER_TOKEN="$($CURL "${URL_DOCKERHUB_TOKEN}" | jq -r .token)"
URL_DOCKERHUB_TAG="https://registry.hub.docker.com/v2/${DOCKERHUB_REPO}/tags/list"
AUTHORIZATION_HEADER="Authorization: Bearer ${BEARER_TOKEN}"
ALREADY_BUILT="$($CURL -H "${AUTHORIZATION_HEADER}" "${URL_DOCKERHUB_TAG}" | jq -e ".tags | any(.==\"${VERSION}\")")"
if [ "$ALREADY_BUILT" == "false" ]; then
./build.sh "${VERSION}" $@
else
echo "${VERSION} already exists on https://hub.docker.com/r/${DOCKERHUB_REPO}"
fi

75
build.sh
View file

@ -8,16 +8,33 @@ if [ "${1}x" == "x" ] || [ "${1}" == "--help" ] || [ "${1}" == "-h" ]; then
echo " --push Pushes built Docker image to docker hub." echo " --push Pushes built Docker image to docker hub."
echo "" echo ""
echo "You can use the following ENV variables to customize the build:" echo "You can use the following ENV variables to customize the build:"
echo " DOCKER_OPTS Add parameters to Docker."
echo " Default:"
echo " When <TAG> starts with 'v': \"\""
echo " Else: \"--no-cache\""
echo " BRANCH The branch to build." echo " BRANCH The branch to build."
echo " Also used for tagging the image." echo " Also used for tagging the image."
echo " DOCKER_REPO The Docker registry (i.e. hub.docker.com/r/DOCKER_REPO/netbox) " echo " TAG The version part of the docker tag."
echo " Default:"
echo " When <BRANCH>=master: latest"
echo " When <BRANCH>=develop: snapshot"
echo " Else: same as <BRANCH>"
echo " DOCKER_ORG The Docker registry (i.e. hub.docker.com/r/<DOCKER_ORG>/<DOCKER_REPO>) "
echo " Also used for tagging the image." echo " Also used for tagging the image."
echo " Default: ninech" echo " Default: ninech"
echo " SRC_REPO Which fork of netbox to use (i.e. github.com/<SRC_REPO>/netbox)." echo " DOCKER_REPO The Docker registry (i.e. hub.docker.com/r/<DOCKER_ORG>/<DOCKER_REPO>) "
echo " Also used for tagging the image."
echo " Default: netbox"
echo " DOCKER_TAG The name of the tag which is applied to the image."
echo " Useful for pushing into another registry than hub.docker.com."
echo " Default: <DOCKER_ORG>/<DOCKER_REPO>:<BRANCH>"
echo " SRC_ORG Which fork of netbox to use (i.e. github.com/<SRC_ORG>/<SRC_REPO>)."
echo " Default: digitalocean" echo " Default: digitalocean"
echo " SRC_REPO The name of the netbox for to use (i.e. github.com/<SRC_ORG>/<SRC_REPO>)."
echo " Default: netbox"
echo " URL Where to fetch the package from." echo " URL Where to fetch the package from."
echo " Must be a tar.gz file of the source code." echo " Must be a tar.gz file of the source code."
echo " Default: https://github.com/\${SRC_REPO}/netbox/archive/\$BRANCH.tar.gz" echo " Default: https://github.com/<SRC_ORG>/<SRC_REPO>/archive/\$BRANCH.tar.gz"
if [ "${1}x" == "x" ]; then if [ "${1}x" == "x" ]; then
exit 1 exit 1
@ -26,28 +43,42 @@ if [ "${1}x" == "x" ] || [ "${1}" == "--help" ] || [ "${1}" == "-h" ]; then
fi fi
fi fi
SRC_REPO="${SRC_REPO-digitalocean}" # variables for fetching the source
DOCKER_REPO="${DOCKER_REPO-ninech}" SRC_ORG="${SRC_ORG-digitalocean}"
SRC_REPO="${SRC_REPO-netbox}"
BRANCH="${1}" BRANCH="${1}"
URL="${URL-https://github.com/${SRC_REPO}/netbox/archive/$BRANCH.tar.gz}" URL="${URL-https://github.com/${SRC_ORG}/${SRC_REPO}/archive/$BRANCH.tar.gz}"
if [ "${BRANCH}" == "master" ]; then # variables for tagging the docker image
TAG="${TAG-latest}" DOCKER_ORG="${DOCKER_ORG-ninech}"
CACHE="--no-cache" DOCKER_REPO="${DOCKER_REPO-netbox}"
elif [ "${BRANCH}" == "develop" ]; then case "${BRANCH}" in
TAG="${TAG-snapshot}" master)
CACHE="--no-cache" TAG="${TAG-latest}";;
else develop)
TAG="${TAG-$BRANCH}" TAG="${TAG-snapshot}";;
CACHE="" *)
fi TAG="${TAG-$BRANCH}";;
esac
DOCKER_TAG="${DOCKER_TAG-${DOCKER_ORG}/${DOCKER_REPO}:${TAG}}"
echo "🐳 Building the Docker image '${DOCKER_REPO}/netbox:${TAG}' from the branch '${BRANCH}'." # caching is only ok for version tags
docker build -t "${DOCKER_REPO}/netbox:${TAG}" --build-arg "BRANCH=${BRANCH}" --build-arg "URL=${URL}" --pull ${CACHE} . case "${TAG}" in
echo "✅ Finished building the Docker images '${DOCKER_REPO}/netbox:${TAG}'" v*)
CACHE="${CACHE-}";;
*)
CACHE="${CACHE---no-cache}";;
esac
# Docker options
DOCKER_OPTS="${DOCKER_OPTS-$CACHE}"
echo "🐳 Building the Docker image '${DOCKER_TAG}' from the url '${URL}'."
docker build -t "${DOCKER_TAG}" --build-arg "BRANCH=${BRANCH}" --build-arg "URL=${URL}" --pull ${DOCKER_OPTS} .
echo "✅ Finished building the Docker images '${DOCKER_TAG}'"
if [ "${2}" == "--push" ] ; then if [ "${2}" == "--push" ] ; then
echo "⏫ Pushing '${DOCKER_REPO}/netbox:${BRANCH}" echo "⏫ Pushing '${DOCKER_TAG}"
docker push "${DOCKER_REPO}/netbox:${TAG}" docker push "${DOCKER_TAG}"
echo "✅ Finished pushing the Docker image '${DOCKER_REPO}/netbox:${TAG}'." echo "✅ Finished pushing the Docker image '${DOCKER_TAG}'."
fi fi

35
docker-compose.test.yml
View file

@ -1,23 +1,22 @@
version: '3' version: '3'
services: services:
app: app:
build: build:
context: . context: .
args: args:
- BRANCH=${BRANCH-master} - BRANCH=${BRANCH-master}
image: ninech/netbox:${BRANCH-latest} image: ninech/netbox:${BRANCH-latest}
depends_on: depends_on:
- postgres - postgres
env_file: netbox.env env_file: netbox.env
command: command:
- ./manage.py - ./manage.py
- test - test
postgres: postgres:
image: postgres:9.6-alpine image: postgres:9.6-alpine
env_file: postgres.env env_file: postgres.env
volumes: volumes:
netbox-static-files: netbox-static-files:
driver: local driver: local
netbox-nginx-config: netbox-nginx-config:
driver: local driver: local

17
docker-compose.yml
View file

@ -4,30 +4,41 @@ services:
build: build:
context: . context: .
args: args:
- BRANCH=${BRANCH-master} - BRANCH=${VERSION-master}
image: ninech/netbox:${BRANCH-latest} image: ninech/netbox:${VERSION-latest}
depends_on: depends_on:
- postgres - postgres
env_file: netbox.env env_file: netbox.env
volumes: volumes:
- ./docker/startup_scripts:/opt/netbox/netbox/startup_scripts
- netbox-nginx-config:/etc/netbox-nginx/ - netbox-nginx-config:/etc/netbox-nginx/
- netbox-static-files:/opt/netbox/netbox/static - netbox-static-files:/opt/netbox/netbox/static
- netbox-media-files:/opt/netbox/netbox/media
- netbox-report-files:/opt/netbox/netbox/reports
nginx: nginx:
image: nginx:1.11-alpine image: nginx:1.11-alpine
command: nginx -g 'daemon off;' -c /etc/netbox-nginx/nginx.conf command: nginx -g 'daemon off;' -c /etc/netbox-nginx/nginx.conf
depends_on: depends_on:
- netbox - netbox
ports: ports:
- 80 - 8080
volumes: volumes:
- netbox-static-files:/opt/netbox/netbox/static - netbox-static-files:/opt/netbox/netbox/static
- netbox-nginx-config:/etc/netbox-nginx/ - netbox-nginx-config:/etc/netbox-nginx/
postgres: postgres:
image: postgres:9.6-alpine image: postgres:9.6-alpine
env_file: postgres.env env_file: postgres.env
volumes:
- netbox-postgres-data:/var/lib/postgresql/data
volumes: volumes:
netbox-static-files: netbox-static-files:
driver: local driver: local
netbox-nginx-config: netbox-nginx-config:
driver: local driver: local
netbox-media-files:
driver: local
netbox-report-files:
driver: local
netbox-postgres-data:
driver: local

93
docker/configuration.docker.py
View file

@ -1,4 +1,21 @@
import os import os
import socket
# For reference see http://netbox.readthedocs.io/en/latest/configuration/mandatory-settings/
# Based on https://github.com/digitalocean/netbox/blob/develop/netbox/netbox/configuration.example.py
# Read secret from file
def read_secret(secret_name):
try:
f = open('/run/secrets/' + secret_name, 'r', encoding='utf-8')
except EnvironmentError:
return ''
else:
with f:
return f.readline().strip()
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
######################### #########################
# # # #
# Required settings # # Required settings #
@ -9,13 +26,14 @@ import os
# access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name. # access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.
# #
# Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local'] # Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']
ALLOWED_HOSTS = os.environ.get('ALLOWED_HOSTS', '').split(' ') ALLOWED_HOSTS = os.environ.get('ALLOWED_HOSTS', socket.gethostname()).split(' ')
# PostgreSQL database configuration. # PostgreSQL database configuration.
DATABASE = { DATABASE = {
'NAME': os.environ.get('DB_NAME', 'netbox'), # Database name 'NAME': os.environ.get('DB_NAME', 'netbox'), # Database name
'USER': os.environ.get('DB_USER', ''), # PostgreSQL username 'USER': os.environ.get('DB_USER', ''), # PostgreSQL username
'PASSWORD': os.environ.get('DB_PASSWORD', ''), # PostgreSQL password 'PASSWORD': os.environ.get('DB_PASSWORD', read_secret('db_password')),
# PostgreSQL password
'HOST': os.environ.get('DB_HOST', 'localhost'), # Database server 'HOST': os.environ.get('DB_HOST', 'localhost'), # Database server
'PORT': os.environ.get('DB_PORT', ''), # Database port (leave blank for default) 'PORT': os.environ.get('DB_PORT', ''), # Database port (leave blank for default)
} }
@ -24,7 +42,7 @@ DATABASE = {
# For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and # For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and
# symbols. NetBox will not run without this defined. For more information, see # symbols. NetBox will not run without this defined. For more information, see
# https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-SECRET_KEY # https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-SECRET_KEY
SECRET_KEY = os.environ.get('SECRET_KEY', '') SECRET_KEY = os.environ.get('SECRET_KEY', read_secret('secret_key'))
######################### #########################
# # # #
@ -38,16 +56,51 @@ ADMINS = [
# ['John Doe', 'jdoe@example.com'], # ['John Doe', 'jdoe@example.com'],
] ]
# Optionally display a persistent banner at the top and/or bottom of every page. HTML is allowed. To display the same
# content in both banners, define BANNER_TOP and set BANNER_BOTTOM = BANNER_TOP.
BANNER_TOP = os.environ.get('BANNER_TOP', '')
BANNER_BOTTOM = os.environ.get('BANNER_BOTTOM', '')
# Text to include on the login page above the login form. HTML is allowed.
BANNER_LOGIN = os.environ.get('BANNER_LOGIN', '')
# Base URL path if accessing NetBox within a directory. For example, if installed at http://example.com/netbox/, set:
# BASE_PATH = 'netbox/'
BASE_PATH = os.environ.get('BASE_PATH', '')
# API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be
# allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or
# CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers
CORS_ORIGIN_ALLOW_ALL = os.environ.get('CORS_ORIGIN_ALLOW_ALL', False)
CORS_ORIGIN_WHITELIST = os.environ.get('CORS_ORIGIN_WHITELIST', '').split(' ')
CORS_ORIGIN_REGEX_WHITELIST = [
# r'^(https?://)?(\w+\.)?example\.com$',
]
# Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal
# sensitive information about your installation. Only enable debugging while performing testing. Never enable debugging
# on a production system.
DEBUG = os.environ.get('DEBUG', False)
# Email settings # Email settings
EMAIL = { EMAIL = {
'SERVER': os.environ.get('EMAIL_SERVER', 'localhost'), 'SERVER': os.environ.get('EMAIL_SERVER', 'localhost'),
'PORT': os.environ.get('EMAIL_PORT', 25), 'PORT': int(os.environ.get('EMAIL_PORT', 25)),
'USERNAME': os.environ.get('EMAIL_USERNAME', ''), 'USERNAME': os.environ.get('EMAIL_USERNAME', ''),
'PASSWORD': os.environ.get('EMAIL_PASSWORD', ''), 'PASSWORD': os.environ.get('EMAIL_PASSWORD', read_secret('email_password')),
'TIMEOUT': os.environ.get('EMAIL_TIMEOUT', 10), # seconds 'TIMEOUT': int(os.environ.get('EMAIL_TIMEOUT', 10)), # seconds
'FROM_EMAIL': os.environ.get('EMAIL_FROM', ''), 'FROM_EMAIL': os.environ.get('EMAIL_FROM', ''),
} }
# Enforcement of unique IP space can be toggled on a per-VRF basis.
# To enforce unique IP space within the global table (all prefixes and IP addresses not assigned to a VRF),
# set ENFORCE_GLOBAL_UNIQUE to True.
ENFORCE_GLOBAL_UNIQUE = os.environ.get('ENFORCE_GLOBAL_UNIQUE', False)
# Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs:
# https://docs.djangoproject.com/en/1.11/topics/logging/
LOGGING = {}
# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users # Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users
# are permitted to access most data in NetBox (excluding secrets) but not make any changes. # are permitted to access most data in NetBox (excluding secrets) but not make any changes.
LOGIN_REQUIRED = os.environ.get('LOGIN_REQUIRED', False) LOGIN_REQUIRED = os.environ.get('LOGIN_REQUIRED', False)
@ -59,12 +112,36 @@ BASE_PATH = os.environ.get('BASE_PATH', '')
# Setting this to True will display a "maintenance mode" banner at the top of every page. # Setting this to True will display a "maintenance mode" banner at the top of every page.
MAINTENANCE_MODE = os.environ.get('MAINTENANCE_MODE', False) MAINTENANCE_MODE = os.environ.get('MAINTENANCE_MODE', False)
# An API consumer can request an arbitrary number of objects =by appending the "limit" parameter to the URL (e.g.
# "?limit=1000"). This setting defines the maximum limit. Setting it to 0 or None will allow an API consumer to request
# all objects by specifying "?limit=0".
MAX_PAGE_SIZE = int(os.environ.get('MAX_PAGE_SIZE', 1000))
# The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. Note that
# the default value of this setting is derived from the installed location.
MEDIA_ROOT = os.environ.get('MEDIA_ROOT', os.path.join(BASE_DIR, 'media'))
# Credentials that NetBox will use to access live devices. # Credentials that NetBox will use to access live devices.
NAPALM_USERNAME = os.environ.get('NAPALM_USERNAME', '') NAPALM_USERNAME = os.environ.get('NAPALM_USERNAME', '')
NAPALM_PASSWORD = os.environ.get('NAPALM_PASSWORD', '') NAPALM_PASSWORD = os.environ.get('NAPALM_PASSWORD', read_secret('napalm_password'))
# NAPALM timeout (in seconds). (Default: 30)
NAPALM_TIMEOUT = int(os.environ.get('NAPALM_TIMEOUT', 30))
# NAPALM optional arguments (see http://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must
# be provided as a dictionary.
NAPALM_ARGS = {}
# Determine how many objects to display per page within a list. (Default: 50) # Determine how many objects to display per page within a list. (Default: 50)
PAGINATE_COUNT = os.environ.get('PAGINATE_COUNT', 50) PAGINATE_COUNT = int(os.environ.get('PAGINATE_COUNT', 50))
# When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to True to
# prefer IPv4 instead.
PREFER_IPV4 = os.environ.get('PREFER_IPV4', False)
# The file path where custom reports will be stored. A trailing slash is not needed. Note that the default value of
# this setting is derived from the installed location.
REPORTS_ROOT = os.environ.get('REPORTS_ROOT', os.path.join(BASE_DIR, 'reports'))
# Time zone (default: UTC) # Time zone (default: UTC)
TIME_ZONE = os.environ.get('TIME_ZONE', 'UTC') TIME_ZONE = os.environ.get('TIME_ZONE', 'UTC')

42
docker/docker-entrypoint.sh
View file

@ -1,30 +1,52 @@
#!/bin/bash #!/bin/bash
set -e set -e
# run db migrations (retry on error) # wait shortly and then run db migrations (retry on error)
while ! ./manage.py migrate 2>&1; do while ! ./manage.py migrate 2>&1; do
sleep 5 echo "⏳ Waiting on DB..."
sleep 3
done done
# create superuser silently # create superuser silently
if [[ -z ${SUPERUSER_NAME} || -z ${SUPERUSER_EMAIL} || -z ${SUPERUSER_PASSWORD} ]]; then if [ -z ${SUPERUSER_NAME+x} ]; then
SUPERUSER_NAME='admin' SUPERUSER_NAME='admin'
SUPERUSER_EMAIL='admin@example.com'
SUPERUSER_PASSWORD='admin'
echo "Using defaults: Username: ${SUPERUSER_NAME}, E-Mail: ${SUPERUSER_EMAIL}, Password: ${SUPERUSER_PASSWORD}"
fi fi
if [ -z ${SUPERUSER_EMAIL+x} ]; then
SUPERUSER_EMAIL='admin@example.com'
fi
if [ -z ${SUPERUSER_PASSWORD+x} ]; then
if [ -f "/run/secrets/superuser_password" ]; then
SUPERUSER_PASSWORD="$(< /run/secrets/superuser_password)"
else
SUPERUSER_PASSWORD='admin'
fi
fi
if [ -z ${SUPERUSER_API_TOKEN+x} ]; then
if [ -f "/run/secrets/superuser_api_token" ]; then
SUPERUSER_API_TOKEN="$(< /run/secrets/superuser_api_token)"
else
SUPERUSER_API_TOKEN='0123456789abcdef0123456789abcdef01234567'
fi
fi
echo "💡 Username: ${SUPERUSER_NAME}, E-Mail: ${SUPERUSER_EMAIL}, Password: ${SUPERUSER_PASSWORD}, Token: ${SUPERUSER_API_TOKEN}"
./manage.py shell --plain << END ./manage.py shell --plain << END
from django.contrib.auth.models import User from django.contrib.auth.models import User
from users.models import Token
if not User.objects.filter(username='${SUPERUSER_NAME}'): if not User.objects.filter(username='${SUPERUSER_NAME}'):
User.objects.create_superuser('${SUPERUSER_NAME}', '${SUPERUSER_EMAIL}', '${SUPERUSER_PASSWORD}') u=User.objects.create_superuser('${SUPERUSER_NAME}', '${SUPERUSER_EMAIL}', '${SUPERUSER_PASSWORD}')
Token.objects.create(user=u, key='${SUPERUSER_API_TOKEN}')
END END
for script in $(ls startup_scripts/*.py 2> /dev/null); do
./manage.py shell --plain < "${script}"
done
# copy static files # copy static files
./manage.py collectstatic --no-input ./manage.py collectstatic --no-input
echo "✅ Initialisation is done. Launching CMD:" echo "✅ Initialisation is done."
echo "exec ${@}"
# launch whatever is passed by docker via RUN # launch whatever is passed by docker via RUN
exec ${@} exec ${@}

23
docker/nginx.conf
View file

@ -1,24 +1,23 @@
worker_processes 1; worker_processes 1;
events { events {
worker_connections 1024; worker_connections 1024;
} }
http { http {
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
default_type application/octet-stream; default_type application/octet-stream;
sendfile on; sendfile on;
tcp_nopush on; tcp_nopush on;
keepalive_timeout 65; keepalive_timeout 65;
gzip on; gzip on;
server_tokens off; server_tokens off;
client_max_body_size 10M;
server { server {
listen 80; listen 8080;
server_name localhost; server_name localhost;
access_log off;
access_log off;
location /static/ { location /static/ {
alias /opt/netbox/netbox/static/; alias /opt/netbox/netbox/static/;

0
docker/startup_scripts/.gitkeep Normal file
View file

21
netbox.env
View file

@ -1,17 +1,18 @@
SUPERUSER_NAME=admin ALLOWED_HOSTS=localhost 0.0.0.0 127.0.0.1 [::1] netbox nginx netboxdocker.docker nginx.netboxdocker.docker
SUPERUSER_EMAIL=admin@example.com
SUPERUSER_PASSWORD=admin
ALLOWED_HOSTS=localhost
DB_NAME=netbox DB_NAME=netbox
DB_USER=netbox DB_USER=netbox
DB_PASSWORD=J5brHrAXFLQSif0K DB_PASSWORD=J5brHrAXFLQSif0K
DB_HOST=postgres DB_HOST=postgres
SECRET_KEY=r8OwDznj!!dci#P9ghmRfdu1Ysxm0AiPeDCQhKE+N_rClfWNj
EMAIL_SERVER=localhost EMAIL_SERVER=localhost
EMAIL_PORT=25 EMAIL_PORT=25
EMAIL_USERNAME=foo EMAIL_USERNAME=netbox
EMAIL_PASSWORD=bar EMAIL_PASSWORD=
EMAIL_TIMEOUT=10 EMAIL_TIMEOUT=5
EMAIL_FROM=netbox@bar.com EMAIL_FROM=netbox@bar.com
NETBOX_USERNAME=guest NAPALM_TIMEOUT=5
NETBOX_PASSWORD=guest MAX_PAGE_SIZE=0
SECRET_KEY=r8OwDznj!!dci#P9ghmRfdu1Ysxm0AiPeDCQhKE+N_rClfWNj
SUPERUSER_NAME=admin
SUPERUSER_EMAIL=admin@example.com
SUPERUSER_PASSWORD=admin
SUPERUSER_API_TOKEN=0123456789abcdef0123456789abcdef01234567