Merge pull request #349 from netbox-community/develop

Version 0.26.0

Author: cimnine

.github/FUNDING.yml

@@ -0,0 +1,14 @@
+# These are supported funding model platforms
+
+github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+- cimnine
+- tobiasge
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

.github/workflows/push.yml

@@ -18,10 +18,9 @@ jobs:
         - ./build-next.sh
         - ./build.sh develop
         docker_from:
-        - '' # use the default of the DOCKERFILE
-        - python:3.7-alpine
+        - '' # use the default of the build script
         - python:3.8-alpine
-        # - python:3.9-rc-alpine # disable until Netbox's unit tests work
+        - python:3.9-alpine
       fail-fast: false
     runs-on: ubuntu-latest
     name: Builds new Netbox Docker Images

.gitignore

@@ -3,3 +3,9 @@
 .initializers
 docker-compose.override.yml
 *.pem
+configuration/*
+!configuration/configuration.py
+!configuration/extra.py
+configuration/ldap/*
+!configuration/ldap/ldap_config.py
+prometheus.yml

Dockerfile

@@ -61,12 +61,12 @@ ARG NETBOX_PATH
 COPY ${NETBOX_PATH} /opt/netbox
 
 COPY docker/configuration.docker.py /opt/netbox/netbox/netbox/configuration.py
-COPY configuration/gunicorn_config.py /etc/netbox/config/
+COPY docker/gunicorn_config.py /etc/netbox/
 COPY docker/nginx.conf /etc/netbox-nginx/nginx.conf
 COPY docker/docker-entrypoint.sh /opt/netbox/docker-entrypoint.sh
 COPY startup_scripts/ /opt/netbox/startup_scripts/
 COPY initializers/ /opt/netbox/initializers/
-COPY configuration/configuration.py /etc/netbox/config/configuration.py
+COPY configuration/ /etc/netbox/config/
 
 WORKDIR /opt/netbox/netbox
 
@@ -79,7 +79,7 @@ RUN mkdir static && chmod -R g+w static media
 
 ENTRYPOINT [ "/opt/netbox/docker-entrypoint.sh" ]
 
-CMD ["gunicorn", "-c /etc/netbox/config/gunicorn_config.py", "netbox.wsgi"]
+CMD ["gunicorn", "-c /etc/netbox/gunicorn_config.py", "netbox.wsgi"]
 
 LABEL ORIGINAL_TAG="" \
       NETBOX_GIT_BRANCH="" \
@@ -122,4 +122,3 @@ RUN apk add --no-cache \
       util-linux
 
 COPY docker/ldap_config.docker.py /opt/netbox/netbox/netbox/ldap_config.py
-COPY configuration/ldap_config.py /etc/netbox/config/ldap_config.py

README.md

@@ -79,7 +79,7 @@ The default credentials are:
 ## Documentation
 
 Please refer [to our wiki on Github][netbox-docker-wiki] for further information on how to use this Netbox Docker image properly.
-It covers advanced topics such as using secret files, deployment to Kubernetes as well as NAPALM and LDAP configuration.
+It covers advanced topics such as using files for secrets, deployment to Kubernetes, monitoring and configuring NAPALM or LDAP.
 
 [netbox-docker-wiki]: https://github.com/netbox-community/netbox-docker/wiki/
 

VERSION

@@ -1 +1 @@
-0.25.0
+0.26.0

build.sh

@@ -49,7 +49,7 @@ if [ "${1}x" == "x" ] || [ "${1}" == "--help" ] || [ "${1}" == "-h" ]; then
   echo "  DOCKERFILE  The name of Dockerfile to use."
   echo "              Default: Dockerfile"
   echo "  DOCKER_FROM The base image to use."
-  echo "              Default: 'python:3.7-alpine'"
+  echo "              Default: 'python:3.8-alpine'"
   echo "  DOCKER_TARGET A specific target to build."
   echo "              It's currently not possible to pass multiple targets."
   echo "              Default: main ldap"
@@ -157,7 +157,7 @@ fi
 # Determining the value for DOCKER_FROM
 ###
 if [ -z "$DOCKER_FROM" ]; then
-  DOCKER_FROM="python:3.7-alpine"
+  DOCKER_FROM="python:3.8-alpine"
 fi
 
 ###
@@ -216,7 +216,7 @@ for DOCKER_TARGET in "${DOCKER_TARGETS[@]}"; do
     TARGET_DOCKER_TAG="${TARGET_DOCKER_TAG}-${DOCKER_TARGET}"
   fi
   if [ -n "${GH_ACTION}" ]; then
-    echo "::set-env name=FINAL_DOCKER_TAG::${TARGET_DOCKER_TAG}"
+    echo "FINAL_DOCKER_TAG=${TARGET_DOCKER_TAG}" >> $GITHUB_ENV
     echo "::set-output name=skipped::false"
   fi
 

configuration/configuration.py

@@ -0,0 +1,55 @@
+####
+## This file contains extra configuration options that can't be configured
+## directly through environment variables.
+####
+
+## Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of
+## application errors (assuming correct email settings are provided).
+# ADMINS = [
+#     # ['John Doe', 'jdoe@example.com'],
+# ]
+
+
+## URL schemes that are allowed within links in NetBox
+# ALLOWED_URL_SCHEMES = (
+#     'file', 'ftp', 'ftps', 'http', 'https', 'irc', 'mailto', 'sftp', 'ssh', 'tel', 'telnet', 'tftp', 'vnc', 'xmpp',
+# )
+
+
+## NAPALM optional arguments (see http://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must
+## be provided as a dictionary.
+# NAPALM_ARGS = {}
+
+
+## Enable installed plugins. Add the name of each plugin to the list.
+# from netbox.configuration.configuration import PLUGINS
+# PLUGINS.append('my_plugin')
+
+## Plugins configuration settings. These settings are used by various plugins that the user may have installed.
+## Each key in the dictionary is the name of an installed plugin and its value is a dictionary of settings.
+# from netbox.configuration.configuration import PLUGINS_CONFIG
+# PLUGINS_CONFIG['my_plugin'] = {
+#   'foo': 'bar',
+#   'buzz': 'bazz'
+# }
+
+
+## Remote authentication support
+# REMOTE_AUTH_DEFAULT_PERMISSIONS = {}
+
+
+## By default uploaded media is stored on the local filesystem. Using Django-storages is also supported. Provide the
+## class path of the storage driver in STORAGE_BACKEND and any configuration options in STORAGE_CONFIG. For example:
+# STORAGE_BACKEND = 'storages.backends.s3boto3.S3Boto3Storage'
+# STORAGE_CONFIG = {
+#     'AWS_ACCESS_KEY_ID': 'Key ID',
+#     'AWS_SECRET_ACCESS_KEY': 'Secret',
+#     'AWS_STORAGE_BUCKET_NAME': 'netbox',
+#     'AWS_S3_REGION_NAME': 'eu-west-1',
+# }
+
+
+## This file can contain arbitrary Python code, e.g.:
+# from datetime import datetime
+# now = datetime.now().strftime("%d/%m/%Y %H:%M:%S")
+# BANNER_TOP = f'<marquee width="200px">This instance started on {now}.</marquee>'

configuration/extra.py

@@ -1,83 +1,84 @@
 import ldap
-import os
 
 from django_auth_ldap.config import LDAPSearch
 from importlib import import_module
+from os import environ
 
 # Read secret from file
-def read_secret(secret_name):
+def _read_secret(secret_name, default=None):
     try:
         f = open('/run/secrets/' + secret_name, 'r', encoding='utf-8')
     except EnvironmentError:
-        return ''
+        return default
     else:
         with f:
             return f.readline().strip()
 
 # Import and return the group type based on string name
-def import_group_type(group_type_name):
+def _import_group_type(group_type_name):
     mod = import_module('django_auth_ldap.config')
     try:
         return getattr(mod, group_type_name)()
     except:
         return None
 
 # Server URI
-AUTH_LDAP_SERVER_URI = os.environ.get('AUTH_LDAP_SERVER_URI', '')
+AUTH_LDAP_SERVER_URI = environ.get('AUTH_LDAP_SERVER_URI', '')
 
 # The following may be needed if you are binding to Active Directory.
 AUTH_LDAP_CONNECTION_OPTIONS = {
     ldap.OPT_REFERRALS: 0
 }
 
 # Set the DN and password for the NetBox service account.
-AUTH_LDAP_BIND_DN = os.environ.get('AUTH_LDAP_BIND_DN', '')
-AUTH_LDAP_BIND_PASSWORD = os.environ.get('AUTH_LDAP_BIND_PASSWORD', read_secret('auth_ldap_bind_password'))
+AUTH_LDAP_BIND_DN = environ.get('AUTH_LDAP_BIND_DN', '')
+AUTH_LDAP_BIND_PASSWORD = _read_secret('auth_ldap_bind_password', environ.get('AUTH_LDAP_BIND_PASSWORD', ''))
 
 # Set a string template that describes any user’s distinguished name based on the username.
-AUTH_LDAP_USER_DN_TEMPLATE = os.environ.get('AUTH_LDAP_USER_DN_TEMPLATE', None)
+AUTH_LDAP_USER_DN_TEMPLATE = environ.get('AUTH_LDAP_USER_DN_TEMPLATE', None)
 
 # Enable STARTTLS for ldap authentication.
-AUTH_LDAP_START_TLS = os.environ.get('AUTH_LDAP_START_TLS', 'False').lower() == 'true'
+AUTH_LDAP_START_TLS = environ.get('AUTH_LDAP_START_TLS', 'False').lower() == 'true'
 
 # Include this setting if you want to ignore certificate errors. This might be needed to accept a self-signed cert.
 # Note that this is a NetBox-specific setting which sets:
 #     ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
-LDAP_IGNORE_CERT_ERRORS = os.environ.get('LDAP_IGNORE_CERT_ERRORS', 'False').lower() == 'true'
+LDAP_IGNORE_CERT_ERRORS = environ.get('LDAP_IGNORE_CERT_ERRORS', 'False').lower() == 'true'
 
-AUTH_LDAP_USER_SEARCH_BASEDN = os.environ.get('AUTH_LDAP_USER_SEARCH_BASEDN', '')
-AUTH_LDAP_USER_SEARCH_ATTR = os.environ.get('AUTH_LDAP_USER_SEARCH_ATTR', 'sAMAccountName')
+AUTH_LDAP_USER_SEARCH_BASEDN = environ.get('AUTH_LDAP_USER_SEARCH_BASEDN', '')
+AUTH_LDAP_USER_SEARCH_ATTR = environ.get('AUTH_LDAP_USER_SEARCH_ATTR', 'sAMAccountName')
 AUTH_LDAP_USER_SEARCH = LDAPSearch(AUTH_LDAP_USER_SEARCH_BASEDN,
                                    ldap.SCOPE_SUBTREE,
                                    "(" + AUTH_LDAP_USER_SEARCH_ATTR + "=%(user)s)")
 
 # This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group
 # heirarchy.
-AUTH_LDAP_GROUP_SEARCH_BASEDN = os.environ.get('AUTH_LDAP_GROUP_SEARCH_BASEDN', '')
-AUTH_LDAP_GROUP_SEARCH_CLASS = os.environ.get('AUTH_LDAP_GROUP_SEARCH_CLASS', 'group')
+AUTH_LDAP_GROUP_SEARCH_BASEDN = environ.get('AUTH_LDAP_GROUP_SEARCH_BASEDN', '')
+AUTH_LDAP_GROUP_SEARCH_CLASS = environ.get('AUTH_LDAP_GROUP_SEARCH_CLASS', 'group')
 AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_BASEDN, ldap.SCOPE_SUBTREE,
                                     "(objectClass=" + AUTH_LDAP_GROUP_SEARCH_CLASS + ")")
-AUTH_LDAP_GROUP_TYPE = import_group_type(os.environ.get('AUTH_LDAP_GROUP_TYPE', 'GroupOfNamesType'))
+AUTH_LDAP_GROUP_TYPE = _import_group_type(environ.get('AUTH_LDAP_GROUP_TYPE', 'GroupOfNamesType'))
 
 # Define a group required to login.
-AUTH_LDAP_REQUIRE_GROUP = os.environ.get('AUTH_LDAP_REQUIRE_GROUP_DN', '')
+AUTH_LDAP_REQUIRE_GROUP = environ.get('AUTH_LDAP_REQUIRE_GROUP_DN', '')
 
 # Define special user types using groups. Exercise great caution when assigning superuser status.
 AUTH_LDAP_USER_FLAGS_BY_GROUP = {
-    "is_active": os.environ.get('AUTH_LDAP_REQUIRE_GROUP_DN', ''),
-    "is_staff": os.environ.get('AUTH_LDAP_IS_ADMIN_DN', ''),
-    "is_superuser": os.environ.get('AUTH_LDAP_IS_SUPERUSER_DN', '')
+    "is_active": environ.get('AUTH_LDAP_REQUIRE_GROUP_DN', ''),
+    "is_staff": environ.get('AUTH_LDAP_IS_ADMIN_DN', ''),
+    "is_superuser": environ.get('AUTH_LDAP_IS_SUPERUSER_DN', '')
 }
 
 # For more granular permissions, we can map LDAP groups to Django groups.
-AUTH_LDAP_FIND_GROUP_PERMS = os.environ.get('AUTH_LDAP_FIND_GROUP_PERMS', 'True').lower() == 'true'
+AUTH_LDAP_FIND_GROUP_PERMS = environ.get('AUTH_LDAP_FIND_GROUP_PERMS', 'True').lower() == 'true'
+AUTH_LDAP_MIRROR_GROUPS = environ.get('AUTH_LDAP_MIRROR_GROUPS', None).lower() == 'true'
 
 # Cache groups for one hour to reduce LDAP traffic
-AUTH_LDAP_CACHE_TIMEOUT = int(os.environ.get('AUTH_LDAP_CACHE_TIMEOUT', 3600))
+AUTH_LDAP_CACHE_TIMEOUT = int(environ.get('AUTH_LDAP_CACHE_TIMEOUT', 3600))
 
 # Populate the Django user from the LDAP directory.
 AUTH_LDAP_USER_ATTR_MAP = {
-    "first_name": os.environ.get('AUTH_LDAP_ATTR_FIRSTNAME', 'givenName'),
-    "last_name": os.environ.get('AUTH_LDAP_ATTR_LASTNAME', 'sn'),
-    "email": os.environ.get('AUTH_LDAP_ATTR_MAIL', 'mail')
+    "first_name": environ.get('AUTH_LDAP_ATTR_FIRSTNAME', 'givenName'),
+    "last_name": environ.get('AUTH_LDAP_ATTR_LASTNAME', 'sn'),
+    "email": environ.get('AUTH_LDAP_ATTR_MAIL', 'mail')
 }