Initialize and add Netbox Docker image

This commit is contained in:
Lennard Brinkhaus 2022-01-14 17:07:44 +01:00
commit 062c2f8a64
Signed by: lennard.brinkhaus
GPG Key ID: D4C9B6A87F97B070
10 changed files with 682 additions and 0 deletions

8
.dockerignore Normal file
View File

@ -0,0 +1,8 @@
.git
.gitignore
.github
.gitattributes
.idea
.drone.yml
READMETEMPLATE.md
README.md

20
.editorconfig Normal file
View File

@ -0,0 +1,20 @@
# This file is globally distributed to all container image projects from
# https://github.com/linuxserver/docker-jenkins-builder/blob/master/.editorconfig
# top-most EditorConfig file
root = true
# Unix-style newlines with a newline ending every file
[*]
end_of_line = lf
insert_final_newline = true
# trim_trailing_whitespace may cause unintended issues and should not be globally set true
trim_trailing_whitespace = false
[{Dockerfile*,**.yml}]
indent_style = space
indent_size = 2
[{**.sh,root/etc/cont-init.d/**,root/etc/services.d/**}]
indent_style = space
indent_size = 4

17
.gitattributes vendored Normal file
View File

@ -0,0 +1,17 @@
# Auto detect text files and perform LF normalization
* text=auto
# Custom for Visual Studio
*.cs diff=csharp
# Standard to msysgit
*.doc diff=astextplain
*.DOC diff=astextplain
*.docx diff=astextplain
*.DOCX diff=astextplain
*.dot diff=astextplain
*.DOT diff=astextplain
*.pdf diff=astextplain
*.PDF diff=astextplain
*.rtf diff=astextplain
*.RTF diff=astextplain

195
.gitignore vendored Normal file
View File

@ -0,0 +1,195 @@
# Windows image file caches
Thumbs.db
ehthumbs.db
# Folder config file
Desktop.ini
# Recycle Bin used on file shares
$RECYCLE.BIN/
# Windows Installer files
*.cab
*.msi
*.msm
*.msp
# Windows shortcuts
*.lnk
# =========================
# Operating System Files
# =========================
# OSX
# =========================
.DS_Store
.AppleDouble
.LSOverride
# Thumbnails
._*
# Files that might appear on external disk
.Spotlight-V100
.Trashes
# Directories potentially created on remote AFP share
.AppleDB
.AppleDesktop
Network Trash Folder
Temporary Items
.apdisk
.history/
.jenkins-external
# ---> Go
# Binaries for programs and plugins
*.exe
*.exe~
*.dll
*.so
*.dylib
# Test binary, build with `go test -c`
*.test
# Output of the go coverage tool, specifically when used with LiteIDE
*.out
# ---> JetBrains
# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and WebStorm
# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
# User-specific stuff
.idea/**/workspace.xml
.idea/**/tasks.xml
.idea/**/usage.statistics.xml
.idea/**/dictionaries
.idea/**/shelf
# Generated files
.idea/**/contentModel.xml
# Sensitive or high-churn files
.idea/**/dataSources/
.idea/**/dataSources.ids
.idea/**/dataSources.local.xml
.idea/**/sqlDataSources.xml
.idea/**/dynamic.xml
.idea/**/uiDesigner.xml
.idea/**/dbnavigator.xml
# Gradle
.idea/**/gradle.xml
.idea/**/libraries
# Gradle and Maven with auto-import
# When using Gradle or Maven with auto-import, you should exclude module files,
# since they will be recreated, and may cause churn. Uncomment if using
# auto-import.
# .idea/modules.xml
# .idea/*.iml
# .idea/modules
# CMake
cmake-build-*/
# Mongo Explorer plugin
.idea/**/mongoSettings.xml
# File-based project format
*.iws
# IntelliJ
out/
# mpeltonen/sbt-idea plugin
.idea_modules/
# JIRA plugin
atlassian-ide-plugin.xml
# Cursive Clojure plugin
.idea/replstate.xml
# Crashlytics plugin (for Android Studio and IntelliJ)
com_crashlytics_export_strings.xml
crashlytics.properties
crashlytics-build.properties
fabric.properties
# Editor-based Rest Client
.idea/httpRequests
# Android studio 3.1+ serialized cache file
.idea/caches/build_file_checksums.ser
# ---> Eclipse
.metadata
bin/
tmp/
*.tmp
*.bak
*.swp
*~.nib
local.properties
.settings/
.loadpath
.recommenders
# External tool builders
.externalToolBuilders/
# Locally stored "Eclipse launch configurations"
*.launch
# PyDev specific (Python IDE for Eclipse)
*.pydevproject
# CDT-specific (C/C++ Development Tooling)
.cproject
# CDT- autotools
.autotools
# Java annotation processor (APT)
.factorypath
# PDT-specific (PHP Development Tools)
.buildpath
# sbteclipse plugin
.target
# Tern plugin
.tern-project
# TeXlipse plugin
.texlipse
# STS (Spring Tool Suite)
.springBeans
# Code Recommenders
.recommenders/
# Annotation Processing
.apt_generated/
# Scala IDE specific (Scala & Java development for Eclipse)
.cache-main
.scala_dependencies
.worksheet
# ---> VisualStudioCode
.vscode/*
!.vscode/settings.json
!.vscode/tasks.json
!.vscode/launch.json
!.vscode/extensions.json
.idea

71
Dockerfile Normal file
View File

@ -0,0 +1,71 @@
FROM harbor.dragse.it/base/alpine:3.15
LABEL maintainer="Lennard Brinkhaus <lennard.brinkhaus@dragse.de>"
RUN echo $'http://nexus.dragse.it/repository/apk-main/\nhttp://nexus.dragse.it/repository/apk-community/' > /etc/apk/repositories
RUN apk --no-cache upgrade \
&& apk --no-cache add ca-certificates wget openssl \
&& update-ca-certificates
# set version label
ARG NETBOX_RELEASE="v3.1.5"
RUN echo "**** install runtime packages ****" && \
apk add --no-cache --upgrade \
postgresql-client \
py3-pillow \
py3-setuptools \
python3 \
uwsgi \
uwsgi-python
RUN \
echo "**** install build packages ****" && \
apk add --no-cache --upgrade --virtual=build-dependencies \
curl \
cargo \
gcc \
git \
jpeg-dev \
libffi-dev \
libxslt-dev \
libxml2-dev \
musl-dev \
openssl-dev \
postgresql-dev \
python3-dev \
zlib-dev && \
echo "**** install netbox ****" && \
mkdir -p /app/netbox && \
if [ -z ${NETBOX_RELEASE+x} ]; then \
NETBOX_RELEASE=$(curl -sX GET "https://api.github.com/repos/netbox-community/netbox/releases/latest" \
| awk '/tag_name/{print $4;exit}' FS='[""]'); \
fi && \
curl -o \
/tmp/netbox.tar.gz -L \
"https://github.com/netbox-community/netbox/archive/${NETBOX_RELEASE}.tar.gz" && \
tar xf \
/tmp/netbox.tar.gz -C \
/app/netbox/ --strip-components=1 && \
echo "**** install pip packages ****" && \
python3 -m ensurepip && \
rm -rf /usr/lib/python*/ensurepip && \
cd /app/netbox && \
pip3 install --no-cache-dir -U pip wheel && \
pip3 install --no-cache-dir --ignore-installed --find-links https://wheel-index.linuxserver.io/alpine/ -r requirements.txt && \
echo "**** cleanup ****" && \
apk del --purge \
build-dependencies && \
rm -rf \
/tmp/* \
${HOME}/.cargo \
${HOME}/.cache
# copy local files
COPY root/ /
# ports and volumes
EXPOSE 8000
VOLUME /config

1
README.md Normal file
View File

@ -0,0 +1 @@
# netbox

View File

@ -0,0 +1,282 @@
#########################
# #
# Required settings #
# #
#########################
# This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write
# access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.
#
# Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']
ALLOWED_HOSTS = ['{{ALLOWED_HOST}}']
# PostgreSQL database configuration. See the Django documentation for a complete list of available parameters:
# https://docs.djangoproject.com/en/stable/ref/settings/#databases
DATABASE = {
'NAME': '{{DB_NAME}}', # Database name
'USER': '{{DB_USER}}', # PostgreSQL username
'PASSWORD': '{{DB_PASSWORD}}', # PostgreSQL password
'HOST': '{{DB_HOST}}', # Database server
'PORT': '{{DB_PORT}}', # Database port (leave blank for default)
'CONN_MAX_AGE': 300, # Max database connection age
}
# Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate
# configuration exists for each. Full connection details are required in both sections, and it is strongly recommended
# to use two separate database IDs.
REDIS = {
'tasks': {
'HOST': '{{REDIS_HOST}}',
'PORT': {{REDIS_PORT}},
# Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
# 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
# 'SENTINEL_SERVICE': 'netbox',
'PASSWORD': '{{REDIS_PASSWORD}}',
'DATABASE': {{REDIS_DB_TASK}},
'SSL': False,
# Set this to True to skip TLS certificate verification
# This can expose the connection to attacks, be careful
# 'INSECURE_SKIP_TLS_VERIFY': False,
},
'caching': {
'HOST': '{{REDIS_HOST}}',
'PORT': {{REDIS_PORT}},
# Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
# 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
# 'SENTINEL_SERVICE': 'netbox',
'PASSWORD': '{{REDIS_PASSWORD}}',
'DATABASE': {{REDIS_DB_CACHE}},
'SSL': False,
# Set this to True to skip TLS certificate verification
# This can expose the connection to attacks, be careful
# 'INSECURE_SKIP_TLS_VERIFY': False,
}
}
# This key is used for secure generation of random numbers and strings. It must never be exposed outside of this file.
# For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and
# symbols. NetBox will not run without this defined. For more information, see
# https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY
SECRET_KEY = '{{SECRET_KEY}}'
#########################
# #
# Optional settings #
# #
#########################
# Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of
# application errors (assuming correct email settings are provided).
ADMINS = [
# ('John Doe', 'jdoe@example.com'),
]
# URL schemes that are allowed within links in NetBox
ALLOWED_URL_SCHEMES = (
'file', 'ftp', 'ftps', 'http', 'https', 'irc', 'mailto', 'sftp', 'ssh', 'tel', 'telnet', 'tftp', 'vnc', 'xmpp',
)
# Optionally display a persistent banner at the top and/or bottom of every page. HTML is allowed. To display the same
# content in both banners, define BANNER_TOP and set BANNER_BOTTOM = BANNER_TOP.
BANNER_TOP = ''
BANNER_BOTTOM = ''
# Text to include on the login page above the login form. HTML is allowed.
BANNER_LOGIN = ''
# Base URL path if accessing NetBox within a directory. For example, if installed at https://example.com/netbox/, set:
# BASE_PATH = 'netbox/'
BASE_PATH = '{{BASE_PATH}}'
# Maximum number of days to retain logged changes. Set to 0 to retain changes indefinitely. (Default: 90)
CHANGELOG_RETENTION = 90
# API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be
# allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or
# CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers
CORS_ORIGIN_ALLOW_ALL = False
CORS_ORIGIN_WHITELIST = [
# 'https://hostname.example.com',
]
CORS_ORIGIN_REGEX_WHITELIST = [
# r'^(https?://)?(\w+\.)?example\.com$',
]
# Specify any custom validators here, as a mapping of model to a list of validators classes. Validators should be
# instances of or inherit from CustomValidator.
# from extras.validators import CustomValidator
CUSTOM_VALIDATORS = {
# 'dcim.site': [
# CustomValidator({
# 'name': {
# 'min_length': 10,
# 'regex': r'\d{3}$',
# }
# })
# ],
}
# Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal
# sensitive information about your installation. Only enable debugging while performing testing. Never enable debugging
# on a production system.
DEBUG = False
# Email settings
EMAIL = {
'SERVER': 'localhost',
'PORT': 25,
'USERNAME': '',
'PASSWORD': '',
'USE_SSL': False,
'USE_TLS': False,
'TIMEOUT': 10, # seconds
'FROM_EMAIL': '',
}
# Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce unique IP space within the global table
# (all prefixes and IP addresses not assigned to a VRF), set ENFORCE_GLOBAL_UNIQUE to True.
ENFORCE_GLOBAL_UNIQUE = False
# Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and
# by anonymous users. List models in the form `<app>.<model>`. Add '*' to this list to exempt all models.
EXEMPT_VIEW_PERMISSIONS = [
# 'dcim.site',
# 'dcim.region',
# 'ipam.prefix',
]
# Enable the GraphQL API
GRAPHQL_ENABLED = True
# HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks).
# HTTP_PROXIES = {
# 'http': 'http://10.10.1.10:3128',
# 'https': 'http://10.10.1.10:1080',
# }
# IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing
# NetBox from an internal IP.
INTERNAL_IPS = ('127.0.0.1', '::1')
# Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs:
# https://docs.djangoproject.com/en/stable/topics/logging/
LOGGING = {}
# Automatically reset the lifetime of a valid session upon each authenticated request. Enables users to remain
# authenticated to NetBox indefinitely.
LOGIN_PERSISTENCE = False
# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users
# are permitted to access most data in NetBox but not make any changes.
LOGIN_REQUIRED = False
# The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to
# re-authenticate. (Default: 1209600 [14 days])
LOGIN_TIMEOUT = None
# Setting this to True will display a "maintenance mode" banner at the top of every page.
MAINTENANCE_MODE = False
# The URL to use when mapping physical addresses or GPS coordinates
MAPS_URL = 'https://maps.google.com/?q='
# An API consumer can request an arbitrary number of objects =by appending the "limit" parameter to the URL (e.g.
# "?limit=1000"). This setting defines the maximum limit. Setting it to 0 or None will allow an API consumer to request
# all objects by specifying "?limit=0".
MAX_PAGE_SIZE = 1000
# The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. Note that
# the default value of this setting is derived from the installed location.
# MEDIA_ROOT = '/opt/netbox/netbox/media'
# By default uploaded media is stored on the local filesystem. Using Django-storages is also supported. Provide the
# class path of the storage driver in STORAGE_BACKEND and any configuration options in STORAGE_CONFIG. For example:
# STORAGE_BACKEND = 'storages.backends.s3boto3.S3Boto3Storage'
# STORAGE_CONFIG = {
# 'AWS_ACCESS_KEY_ID': 'Key ID',
# 'AWS_SECRET_ACCESS_KEY': 'Secret',
# 'AWS_STORAGE_BUCKET_NAME': 'netbox',
# 'AWS_S3_REGION_NAME': 'eu-west-1',
# }
# Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics'
METRICS_ENABLED = False
# Credentials that NetBox will uses to authenticate to devices when connecting via NAPALM.
NAPALM_USERNAME = ''
NAPALM_PASSWORD = ''
# NAPALM timeout (in seconds). (Default: 30)
NAPALM_TIMEOUT = 30
# NAPALM optional arguments (see https://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must
# be provided as a dictionary.
NAPALM_ARGS = {}
# Determine how many objects to display per page within a list. (Default: 50)
PAGINATE_COUNT = 50
# Enable installed plugins. Add the name of each plugin to the list.
PLUGINS = []
# Plugins configuration settings. These settings are used by various plugins that the user may have installed.
# Each key in the dictionary is the name of an installed plugin and its value is a dictionary of settings.
# PLUGINS_CONFIG = {
# 'my_plugin': {
# 'foo': 'bar',
# 'buzz': 'bazz'
# }
# }
# When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to True to
# prefer IPv4 instead.
PREFER_IPV4 = False
# Rack elevation size defaults, in pixels. For best results, the ratio of width to height should be roughly 10:1.
RACK_ELEVATION_DEFAULT_UNIT_HEIGHT = 22
RACK_ELEVATION_DEFAULT_UNIT_WIDTH = 220
# Remote authentication support
REMOTE_AUTH_ENABLED = {{REMOTE_AUTH_ENABLED}}
REMOTE_AUTH_BACKEND = '{{REMOTE_AUTH_BACKEND}}'
REMOTE_AUTH_HEADER = '{{REMOTE_AUTH_HEADER}}'
REMOTE_AUTH_AUTO_CREATE_USER = {{REMOTE_AUTH_AUTO_CREATE_USER}}
REMOTE_AUTH_DEFAULT_GROUPS = {{REMOTE_AUTH_DEFAULT_GROUPS}}
REMOTE_AUTH_DEFAULT_PERMISSIONS = {{REMOTE_AUTH_DEFAULT_PERMISSIONS}}
# This repository is used to check whether there is a new release of NetBox available. Set to None to disable the
# version check or use the URL below to check for release in the official NetBox repository.
RELEASE_CHECK_URL = None
# RELEASE_CHECK_URL = 'https://api.github.com/repos/netbox-community/netbox/releases'
# The file path where custom reports will be stored. A trailing slash is not needed. Note that the default value of
# this setting is derived from the installed location.
# REPORTS_ROOT = '/opt/netbox/netbox/reports'
# Maximum execution time for background tasks, in seconds.
RQ_DEFAULT_TIMEOUT = 300
# The file path where custom scripts will be stored. A trailing slash is not needed. Note that the default value of
# this setting is derived from the installed location.
SCRIPTS_ROOT = '/config/scripts'
# The name to use for the session cookie.
SESSION_COOKIE_NAME = 'sessionid'
# By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use
# local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only
# database access.) Note that the user as which NetBox runs must have read and write permissions to this path.
SESSION_FILE_PATH = None
# Time zone (default: UTC)
TIME_ZONE = 'UTC'
# Date/time formatting. See the following link for supported formats:
# https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date
DATE_FORMAT = 'N j, Y'
SHORT_DATE_FORMAT = 'Y-m-d'
TIME_FORMAT = 'g:i a'
SHORT_TIME_FORMAT = 'H:i:s'
DATETIME_FORMAT = 'N j, Y g:i a'
SHORT_DATETIME_FORMAT = 'Y-m-d H:i'

11
root/defaults/uwsgi.ini Normal file
View File

@ -0,0 +1,11 @@
[uwsgi]
http-socket = :8000
enable-threads
plugin = python3
module = netbox.wsgi:application
static-map = /static=static
static-gzip-dir = static/CACHE
hook-pre-app = exec:/usr/bin/python3 ./manage.py collectstatic --noinput
hook-pre-app = exec:/usr/bin/python3 ./manage.py remove_stale_contenttypes --no-input
hook-pre-app = exec:/usr/bin/python3 ./manage.py clearsessions
attach-daemon = /usr/bin/python3 ./manage.py rqworker

View File

@ -0,0 +1,71 @@
#!/usr/bin/with-contenv bash
mkdir -p /config/scripts
declare -A NETBOX_CONF
NETBOX_CONF[ALLOWED_HOST]=${ALLOWED_HOST:-netbox.example.com}
NETBOX_CONF[BASE_PATH]=${BASE_PATH:-}
NETBOX_CONF[DB_NAME]=${DB_NAME:-netbox}
NETBOX_CONF[DB_USER]=${DB_USER:-root}
NETBOX_CONF[DB_PASSWORD]=${DB_PASSWORD:-}
NETBOX_CONF[DB_HOST]=${DB_HOST:-postgres}
NETBOX_CONF[DB_PORT]=${DB_PORT:-}
NETBOX_CONF[REDIS_HOST]=${REDIS_HOST:-redis}
NETBOX_CONF[REDIS_PORT]=${REDIS_PORT:-6379}
NETBOX_CONF[REDIS_PASSWORD]=${REDIS_PASSWORD:-}
NETBOX_CONF[REDIS_DB_TASK]=${REDIS_DB_TASK:-0}
NETBOX_CONF[REDIS_DB_CACHE]=${REDIS_DB_CACHE:-1}
NETBOX_CONF[REMOTE_AUTH_ENABLED]=${REMOTE_AUTH_ENABLED:-False}
NETBOX_CONF[REMOTE_AUTH_BACKEND]=${REMOTE_AUTH_BACKEND:-netbox.authentication.RemoteUserBackend}
NETBOX_CONF[REMOTE_AUTH_HEADER]=${REMOTE_AUTH_HEADER:-HTTP_REMOTE_USER}
NETBOX_CONF[REMOTE_AUTH_AUTO_CREATE_USER]=${REMOTE_AUTH_AUTO_CREATE_USER:-False}
NETBOX_CONF[REMOTE_AUTH_DEFAULT_GROUPS]=${REMOTE_AUTH_DEFAULT_GROUPS:-[]}
NETBOX_CONF[REMOTE_AUTH_DEFAULT_PERMISSIONS]=${REMOTE_AUTH_DEFAULT_PERMISSIONS:-{}}
cd /app/netbox/netbox/netbox
NETBOX_CONF[SECRET_KEY]=${SECRET_KEY:-$(python3 ../generate_secret_key.py)}
if [ ! -f "/config/configuration.py" ]; then
cp /defaults/configuration.py /config/configuration.py
# sed in values or skip if value not set
for KEY in "${!NETBOX_CONF[@]}"; do \
sed -i 's|{{'$KEY'}}|'${NETBOX_CONF[$KEY]}'|g' /config/configuration.py
done
fi
[[ ! -e "/config/media" ]] && \
mv /app/netbox/netbox/media /config/media
rm -rf /app/netbox/netbox/media
ln -sf /config/media /app/netbox/netbox/media
ln -sf /config/configuration.py /app/netbox/netbox/netbox/configuration.py
mv /defaults/uwsgi.ini /app/netbox/netbox/uwsgi.ini > /dev/null 2>&1
# permissions
chown -R abc:abc \
/app/netbox \
/config
cd /app/netbox || exit
s6-setuidgid abc /usr/bin/python3 netbox/manage.py migrate
if [ -n "$SUPERUSER_EMAIL" ] && [ -n "$SUPERUSER_PASSWORD" ];
then
cat << EOF | s6-setuidgid abc python3 /app/netbox/netbox/manage.py shell
from django.contrib.auth.models import User;
username = 'admin';
password = '$SUPERUSER_PASSWORD';
email = '$SUPERUSER_EMAIL';
if User.objects.filter(username=username).count()==0:
User.objects.create_superuser(username, email, password);
print('Superuser created.');
else:
print('Superuser creation skipped. Already exists.');
EOF
fi

View File

@ -0,0 +1,6 @@
#!/usr/bin/with-contenv bash
cd /app/netbox/netbox || exit
exec \
s6-setuidgid abc /usr/sbin/uwsgi uwsgi.ini