We now serve Netbox with an nginx-unit instance instead of Gunicorn.
This allows us to get rid of the extra Nginx container because Unit is
also serving the static files. The static files are now collected at container
buildtime instead of every startup.
Our docker-compose.yml pointed the env file for the Redis cache to the
wrong file. Now the Redis cache password between the netbox.env and
redis-cache.env match.
This commit introduces a huge change in the build process.
What changed:
- Dockerfile.ldap was integrated into Dockerfile as a seperate
[build stage][multistage-build].
- All the build scripts were refactored according to this.
- The `docker-compose.yml` file was adjusted likewise.
- The main build script, `/build.sh`, now always builds all
targets (formerly called variants).
- The minimal requirements for Docker and docker-compose
have increased.
- The build on hub.docker.com must be adjusted.
This change should also fix#156 permanently.
[multistage-build]: https://docs.docker.com/develop/develop-images/multistage-build/
Although it does not provide any additional security, it shows how to
configure Redis with a password and how to use Netbox using a password
protected redis server. Something that might be considered in a classic
production deployment. (But is mostly irrelevant in e.g. a Kubernetes /
OpenShift deployment as the isolation is usually on a network level.)
One container should ideally have one responsibility [1]. Therefore I
implemented the netbox-worker to start in it's own container. This is
possible, because netbox and the worker communicate via redis anyway.
They still use the same image underneath, just the "command" they
execute while starting different.
Or in other words: I see no reason to introduce supervisord, when we
already have docker-compose which can take care of running multiple
processes.
Also, here's another benefit: Now it's possible to view the logs of the
webhook worker independently of the other netbox logs (and vice-versa).
Other changes in this commit:
* I don't see a reason to put a password for Redis in the docker-compose
setup, so I removed it.
* Slightly changed the nginx config, so that the nginx startup command
becomes simpler and any error should be visible in the docker log.
* Some housekeeping in the `Dockerfile`.
* Added some troubleshooting advice regarding webhooks to the README.
I'd like to thank Brady (@bdlamprecht [2]) here who did the harder
work of figuring out what's even required to have webhooks working. [3]
[1]
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#decouple-applications
[2] https://github.com/bdlamprecht
[3] https://github.com/ninech/netbox-docker/pull/90
With this the configuration is moved to /etc/netbox/config and the
default reports directory is set to /etc/netbox/reports. This enables
the user to mount reports from a config map or persistent volume in
OpenShift.
With these modifications the netbox containers can run on Openshift.
The configuration files can be imported from a config map to the
'/etc/netbox' directory and will be loaded from there.
Initializers are startup scripts for common tasks like creating custom
fields. These are problems many users of Netbox Docker potentially face
and are therefore worth sharing.
This changes the default configuration to be better prepared for
usage with container management platforms, such as Docker Swarm,
Kubernetes or OpenShift.
Closes#27.