Merge pull request #796 from netbox-community/develop

Version 2.0.0

Author: tobiasge

.github/workflows/push.yml

@@ -17,7 +17,9 @@ jobs:
       with:
         # Full git history is needed to get a proper list of changed files within `super-linter`
         fetch-depth: 0
-    - uses: actions/setup-python@v3
+    - uses: actions/setup-python@v4
+      with:
+        python-version: '3.9'
     - name: Lint Code Base
       uses: github/super-linter@v4
       env:

.github/workflows/release.yml

@@ -42,7 +42,7 @@ jobs:
     # docker.io
     -
       name: Login to docker.io
-      uses: docker/login-action@v1
+      uses: docker/login-action@v2
       with:
         registry: docker.io
         username: ${{ secrets.dockerhub_username }}
@@ -56,7 +56,7 @@ jobs:
     # quay.io
     -
       name: Login to Quay.io
-      uses: docker/login-action@v1
+      uses: docker/login-action@v2
       with:
         registry: quay.io
         username: ${{ secrets.quayio_username }}
@@ -72,7 +72,7 @@ jobs:
     # ghcr.io
     -
       name: Login to GitHub Container Registry
-      uses: docker/login-action@v1
+      uses: docker/login-action@v2
       with:
         registry: ghcr.io
         username: ${{ github.repository_owner }}

.hadolint.yaml

@@ -1,3 +1,4 @@
 ignored:
 - DL3006
-- DL3018
+- DL3008
+- DL3003

Dockerfile

@@ -1,45 +1,27 @@
 ARG FROM
 FROM ${FROM} as builder
 
-RUN apk add --no-cache \
-      bash \
-      build-base \
-      cargo \
+RUN export DEBIAN_FRONTEND=noninteractive \
+    && apt-get update -qq \
+    && apt-get upgrade \
+      --yes -qq --no-install-recommends \
+    && apt-get install \
+      --yes -qq --no-install-recommends \
+      build-essential \
       ca-certificates \
-      cmake \
-      cyrus-sasl-dev \
-      git \
-      graphviz \
-      jpeg-dev \
-      libevent-dev \
-      libffi-dev \
-      libxslt-dev \
-      make \
-      musl-dev \
-      openldap-dev \
-      postgresql-dev \
-      py3-pip \
+      libldap-dev \
+      libpq-dev \
+      libsasl2-dev \
+      libssl-dev \
       python3-dev \
-  && python3 -m venv /opt/netbox/venv \
-  && /opt/netbox/venv/bin/python3 -m pip install --upgrade \
+      python3-pip \
+      python3-venv \
+    && python3 -m venv /opt/netbox/venv \
+    && /opt/netbox/venv/bin/python3 -m pip install --upgrade \
       pip \
       setuptools \
       wheel
 
-# Build libcrc32c for google-crc32c python module
-RUN git clone https://github.com/google/crc32c \
-    && cd crc32c \
-    && git submodule update --init --recursive \
-    && mkdir build \
-    && cd build \
-    && cmake \
-        -DCMAKE_BUILD_TYPE=Release \
-        -DCRC32C_BUILD_TESTS=no \
-        -DCRC32C_BUILD_BENCHMARKS=no \
-        -DBUILD_SHARED_LIBS=yes \
-        .. \
-    && make all install
-
 ARG NETBOX_PATH
 COPY ${NETBOX_PATH}/requirements.txt requirements-container.txt /
 RUN /opt/netbox/venv/bin/pip install \
@@ -53,35 +35,37 @@ RUN /opt/netbox/venv/bin/pip install \
 ARG FROM
 FROM ${FROM} as main
 
-RUN apk add --no-cache \
-      bash \
+RUN export DEBIAN_FRONTEND=noninteractive \
+    && apt-get update -qq \
+    && apt-get upgrade \
+      --yes -qq --no-install-recommends \
+    && apt-get install \
+      --yes -qq --no-install-recommends \
       ca-certificates \
       curl \
-      graphviz \
-      libevent \
-      libffi \
-      libjpeg-turbo \
-      libxslt \
+      libpq5 \
       openssl \
-      postgresql-client \
-      postgresql-libs \
-      py3-pip \
       python3 \
+      python3-distutils \
       tini \
-      unit \
-      unit-python3
-
-WORKDIR /opt
+    && curl -sL https://nginx.org/keys/nginx_signing.key \
+      > /etc/apt/trusted.gpg.d/nginx.asc && \
+    echo "deb https://packages.nginx.org/unit/debian/ bullseye unit" \
+      > /etc/apt/sources.list.d/unit.list \
+    && apt-get update -qq \
+    && apt-get install \
+      --yes -qq --no-install-recommends \
+      unit=1.27.0-1~bullseye \
+      unit-python3.9=1.27.0-1~bullseye \
+    && rm -rf /var/lib/apt/lists/*
 
-COPY --from=builder /usr/local/lib/libcrc32c.* /usr/local/lib/
-COPY --from=builder /usr/local/include/crc32c /usr/local/include
-COPY --from=builder /usr/local/lib/cmake/Crc32c /usr/local/lib/cmake/
 COPY --from=builder /opt/netbox/venv /opt/netbox/venv
 
 ARG NETBOX_PATH
 COPY ${NETBOX_PATH} /opt/netbox
 
 COPY docker/configuration.docker.py /opt/netbox/netbox/netbox/configuration.py
+COPY docker/ldap_config.docker.py /opt/netbox/netbox/netbox/ldap_config.py
 COPY docker/docker-entrypoint.sh /opt/netbox/docker-entrypoint.sh
 COPY docker/housekeeping.sh /opt/netbox/housekeeping.sh
 COPY docker/launch-netbox.sh /opt/netbox/launch-netbox.sh
@@ -101,26 +85,15 @@ RUN mkdir -p static /opt/unit/state/ /opt/unit/tmp/ \
           --config-file /opt/netbox/mkdocs.yml --site-dir /opt/netbox/netbox/project-static/docs/ \
       && SECRET_KEY="dummy" /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py collectstatic --no-input
 
-ENTRYPOINT [ "/sbin/tini", "--" ]
+ENV LANG=C.UTF-8
+ENTRYPOINT [ "/usr/bin/tini", "--" ]
 
 CMD [ "/opt/netbox/docker-entrypoint.sh", "/opt/netbox/launch-netbox.sh" ]
 
-LABEL ORIGINAL_TAG="" \
-      NETBOX_GIT_BRANCH="" \
-      NETBOX_GIT_REF="" \
-      NETBOX_GIT_URL="" \
-# See http://label-schema.org/rc1/#build-time-labels
-# Also https://microbadger.com/labels
-      org.label-schema.schema-version="1.0" \
-      org.label-schema.build-date="" \
-      org.label-schema.name="NetBox Docker" \
-      org.label-schema.description="A container based distribution of NetBox, the free and open IPAM and DCIM solution." \
-      org.label-schema.vendor="The netbox-docker contributors." \
-      org.label-schema.url="https://github.com/netbox-community/netbox-docker" \
-      org.label-schema.usage="https://github.com/netbox-community/netbox-docker/wiki" \
-      org.label-schema.vcs-url="https://github.com/netbox-community/netbox-docker.git" \
-      org.label-schema.vcs-ref="" \
-      org.label-schema.version="snapshot" \
+LABEL netbox.original-tag="" \
+      netbox.git-branch="" \
+      netbox.git-ref="" \
+      netbox.git-url="" \
 # See https://github.com/opencontainers/image-spec/blob/master/annotations.md#pre-defined-annotation-keys
       org.opencontainers.image.created="" \
       org.opencontainers.image.title="NetBox Docker" \
@@ -132,17 +105,4 @@ LABEL ORIGINAL_TAG="" \
       org.opencontainers.image.documentation="https://github.com/netbox-community/netbox-docker/wiki" \
       org.opencontainers.image.source="https://github.com/netbox-community/netbox-docker.git" \
       org.opencontainers.image.revision="" \
-      org.opencontainers.image.version="snapshot"
-
-#####
-## LDAP specific configuration
-#####
-
-FROM main as ldap
-
-RUN apk add --no-cache \
-      libsasl \
-      libldap \
-      util-linux
-
-COPY docker/ldap_config.docker.py /opt/netbox/netbox/netbox/ldap_config.py
+      org.opencontainers.image.version=""

VERSION

@@ -1 +1 @@
-1.6.1
+2.0.0

build.sh

@@ -49,10 +49,10 @@ if [ "${1}x" == "x" ] || [ "${1}" == "--help" ] || [ "${1}" == "-h" ]; then
   echo "  DOCKERFILE  The name of Dockerfile to use."
   echo "              Default: Dockerfile"
   echo "  DOCKER_FROM The base image to use."
-  echo "              Default: 'alpine:3.14'"
+  echo "              Default: 'debian:11-slim'"
   echo "  DOCKER_TARGET A specific target to build."
   echo "              It's currently not possible to pass multiple targets."
-  echo "              Default: main ldap"
+  echo "              Default: main"
   echo "  HTTP_PROXY  The proxy to use for http requests."
   echo "              Example: http://proxy.domain.tld:3128"
   echo "              Default: undefined"
@@ -170,23 +170,23 @@ fi
 # Determining the value for DOCKER_FROM
 ###
 if [ -z "$DOCKER_FROM" ]; then
-  DOCKER_FROM="alpine:3.14"
+  DOCKER_FROM="debian:11-slim"
 fi
 
 ###
 # Variables for labelling the docker image
 ###
 BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M+00:00')"
 
-if [ -d ".git" ]; then
+if [ -d ".git" ] && [ -z "${SKIP_GIT}" ]; then
   GIT_REF="$(git rev-parse HEAD)"
 fi
 
 # Read the project version from the `VERSION` file and trim it, see https://stackoverflow.com/a/3232433/172132
 PROJECT_VERSION="${PROJECT_VERSION-$(sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' VERSION)}"
 
 # Get the Git information from the netbox directory
-if [ -d "${NETBOX_PATH}/.git" ]; then
+if [ -d "${NETBOX_PATH}/.git" ] && [ -z "${SKIP_GIT}" ]; then
   NETBOX_GIT_REF=$(
     cd "${NETBOX_PATH}"
     git rev-parse HEAD
@@ -222,7 +222,7 @@ esac
 ###
 # Determine targets to build
 ###
-DEFAULT_DOCKER_TARGETS=("main" "ldap")
+DEFAULT_DOCKER_TARGETS=("main")
 DOCKER_TARGETS=("${DOCKER_TARGET:-"${DEFAULT_DOCKER_TARGETS[@]}"}")
 echo "🏭 Building the following targets:" "${DOCKER_TARGETS[@]}"
 
@@ -277,9 +277,9 @@ for DOCKER_TARGET in "${DOCKER_TARGETS[@]}"; do
     ###
     # Checking if the build is necessary,
     # meaning build only if one of those values changed:
-    # - Python base image digest (Label: PYTHON_BASE_DIGEST)
-    # - netbox git ref (Label: NETBOX_GIT_REF)
-    # - netbox-docker git ref (Label: org.label-schema.vcs-ref)
+    # - base image digest
+    # - netbox git ref (Label: netbox.git-ref)
+    # - netbox-docker git ref (Label: org.opencontainers.image.revision)
     ###
     # Load information from registry (only for docker.io)
     SHOULD_BUILD="false"
@@ -295,14 +295,14 @@ for DOCKER_TARGET in "${DOCKER_TARGETS[@]}"; do
         # Need to use "library/..." for images the have no two part name
         DOCKER_FROM_SPLIT[0]="library/${DOCKER_FROM_SPLIT[0]}"
       fi
-      PYTHON_LAST_LAYER=$(get_image_last_layer "${DOCKER_FROM_SPLIT[0]}" "${DOCKER_FROM_SPLIT[1]}")
+      BASE_LAST_LAYER=$(get_image_last_layer "${DOCKER_FROM_SPLIT[0]}" "${DOCKER_FROM_SPLIT[1]}")
       mapfile -t IMAGES_LAYERS_OLD < <(get_image_layers "${DOCKER_ORG}"/"${DOCKER_REPO}" "${TAG}")
-      NETBOX_GIT_REF_OLD=$(get_image_label NETBOX_GIT_REF "${DOCKER_ORG}"/"${DOCKER_REPO}" "${TAG}")
-      GIT_REF_OLD=$(get_image_label org.label-schema.vcs-ref "${DOCKER_ORG}"/"${DOCKER_REPO}" "${TAG}")
+      NETBOX_GIT_REF_OLD=$(get_image_label netbox.git-ref "${DOCKER_ORG}"/"${DOCKER_REPO}" "${TAG}")
+      GIT_REF_OLD=$(get_image_label org.opencontainers.image.revision "${DOCKER_ORG}"/"${DOCKER_REPO}" "${TAG}")
 
-      if ! printf '%s\n' "${IMAGES_LAYERS_OLD[@]}" | grep -q -P "^${PYTHON_LAST_LAYER}\$"; then
+      if ! printf '%s\n' "${IMAGES_LAYERS_OLD[@]}" | grep -q -P "^${BASE_LAST_LAYER}\$"; then
         SHOULD_BUILD="true"
-        BUILD_REASON="${BUILD_REASON} alpine"
+        BUILD_REASON="${BUILD_REASON} debian"
       fi
       if [ "${NETBOX_GIT_REF}" != "${NETBOX_GIT_REF_OLD}" ]; then
         SHOULD_BUILD="true"
@@ -335,30 +335,25 @@ for DOCKER_TARGET in "${DOCKER_TARGETS[@]}"; do
 
     # --label
     DOCKER_BUILD_ARGS+=(
-      --label "ORIGINAL_TAG=${TARGET_DOCKER_TAG_PROJECT}"
-
-      --label "org.label-schema.build-date=${BUILD_DATE}"
+      --label "netbox.original-tag=${TARGET_DOCKER_TAG_PROJECT}"
       --label "org.opencontainers.image.created=${BUILD_DATE}"
-
-      --label "org.label-schema.version=${PROJECT_VERSION}"
       --label "org.opencontainers.image.version=${PROJECT_VERSION}"
     )
     if [ -d ".git" ]; then
       DOCKER_BUILD_ARGS+=(
-        --label "org.label-schema.vcs-ref=${GIT_REF}"
         --label "org.opencontainers.image.revision=${GIT_REF}"
       )
     fi
     if [ -d "${NETBOX_PATH}/.git" ]; then
       DOCKER_BUILD_ARGS+=(
-        --label "NETBOX_GIT_BRANCH=${NETBOX_GIT_BRANCH}"
-        --label "NETBOX_GIT_REF=${NETBOX_GIT_REF}"
-        --label "NETBOX_GIT_URL=${NETBOX_GIT_URL}"
+        --label "netbox.git-branch=${NETBOX_GIT_BRANCH}"
+        --label "netbox.git-ref=${NETBOX_GIT_REF}"
+        --label "netbox.git-url=${NETBOX_GIT_URL}"
       )
     fi
     if [ -n "${BUILD_REASON}" ]; then
       BUILD_REASON=$(sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' <<<"$BUILD_REASON")
-      DOCKER_BUILD_ARGS+=(--label "BUILD_REASON=${BUILD_REASON}")
+      DOCKER_BUILD_ARGS+=(--label "netbox.build-reason=${BUILD_REASON}")
     fi
 
     # --build-arg
@@ -385,7 +380,7 @@ for DOCKER_TARGET in "${DOCKER_TARGETS[@]}"; do
       $DRY docker build "${DOCKER_BUILD_ARGS[@]}" .
       echo "✅ Finished building the Docker images '${TARGET_DOCKER_TAG_PROJECT}'"
       echo "🔎 Inspecting labels on '${TARGET_DOCKER_TAG_PROJECT}'"
-      $DRY docker inspect "${TARGET_DOCKER_TAG_PROJECT}" --format "{{json .Config.Labels}}"
+      $DRY docker inspect "${TARGET_DOCKER_TAG_PROJECT}" --format "{{json .Config.Labels}}" | jq
     else
       echo "Build skipped because sources didn't change"
       echo "::set-output name=skipped::true"

configuration/configuration.py

@@ -120,6 +120,11 @@ def _read_secret(secret_name, default = None):
 CORS_ORIGIN_WHITELIST = list(filter(None, environ.get('CORS_ORIGIN_WHITELIST', 'https://localhost').split(' ')))
 CORS_ORIGIN_REGEX_WHITELIST = [re.compile(r) for r in list(filter(None, environ.get('CORS_ORIGIN_REGEX_WHITELIST', '').split(' ')))]
 
+# Cross-Site-Request-Forgery-Attack settings. If Netbox is sitting behind a reverse proxy, you might need to set the CSRF_TRUSTED_ORIGINS flag.
+# Django 4.0 requires to specify the URL Scheme in this setting. An example environment variable could be specified like:
+# CSRF_TRUSTED_ORIGINS=https://demo.netbox.dev http://demo.netbox.dev
+CSRF_TRUSTED_ORIGINS = list(filter(None, environ.get('CSRF_TRUSTED_ORIGINS', '').split(' ')))
+
 # Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal
 # sensitive information about your installation. Only enable debugging while performing testing. Never enable debugging
 # on a production system.
@@ -165,6 +170,9 @@ def _read_secret(secret_name, default = None):
 # Setting this to True will display a "maintenance mode" banner at the top of every page.
 MAINTENANCE_MODE = environ.get('MAINTENANCE_MODE', 'False').lower() == 'true'
 
+# Maps provider
+MAPS_URL = environ.get('MAPS_URL', None)
+
 # An API consumer can request an arbitrary number of objects =by appending the "limit" parameter to the URL (e.g.
 # "?limit=1000"). This setting defines the maximum limit. Setting it to 0 or None will allow an API consumer to request
 # all objects by specifying "?limit=0".

docker-compose.test.yml

@@ -21,14 +21,14 @@ services:
     image: postgres:14-alpine
     env_file: env/postgres.env
   redis:
-    image: redis:6-alpine
+    image: redis:7-alpine
     command:
     - sh
     - -c # this is to evaluate the $REDIS_PASSWORD from the env
     - redis-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
     env_file: env/redis.env
   redis-cache:
-    image: redis:6-alpine
+    image: redis:7-alpine
     command:
     - sh
     - -c # this is to evaluate the $REDIS_PASSWORD from the env