netbox-docker/docker/docker-entrypoint.sh

#!/bin/bash
# Runs on every start of the NetBox Docker container

# Stop when an error occures
set -e

# Allows NetBox to be run as non-root users
umask 002

# Load correct Python3 env
# shellcheck disable=SC1091
source /opt/netbox/venv/bin/activate

# Try to connect to the DB
DB_WAIT_TIMEOUT=${DB_WAIT_TIMEOUT-3}
MAX_DB_WAIT_TIME=${MAX_DB_WAIT_TIME-30}
CUR_DB_WAIT_TIME=0
while [ "${CUR_DB_WAIT_TIME}" -lt "${MAX_DB_WAIT_TIME}" ]; do
  # Read and truncate connection error tracebacks to last line by default
  exec {psfd}< <(./manage.py showmigrations 2>&1)
  read -rd '' DB_ERR <&$psfd || :
  exec {psfd}<&-
  wait $! && break
  if [ -n "$DB_WAIT_DEBUG" ]; then
    echo "$DB_ERR"
  else
    readarray -tn 0 DB_ERR_LINES <<<"$DB_ERR"
    echo "${DB_ERR_LINES[@]: -1}"
    echo "[ Use DB_WAIT_DEBUG=1 in netbox.env to print full traceback for errors here ]"
  fi
  echo "⏳ Waiting on DB... (${CUR_DB_WAIT_TIME}s / ${MAX_DB_WAIT_TIME}s)"
  sleep "${DB_WAIT_TIMEOUT}"
  CUR_DB_WAIT_TIME=$((CUR_DB_WAIT_TIME + DB_WAIT_TIMEOUT))
done
if [ "${CUR_DB_WAIT_TIME}" -ge "${MAX_DB_WAIT_TIME}" ]; then
  echo "❌ Waited ${MAX_DB_WAIT_TIME}s or more for the DB to become ready."
  exit 1
fi
# Check if update is needed
if ! ./manage.py migrate --check >/dev/null 2>&1; then
  echo "⚙️ Applying database migrations"
  ./manage.py migrate --no-input
  echo "⚙️ Running trace_paths"
  ./manage.py trace_paths --no-input
  echo "⚙️ Removing stale content types"
  ./manage.py remove_stale_contenttypes --no-input
  echo "⚙️ Removing expired user sessions"
  ./manage.py clearsessions
  echo "⚙️ Building search index (lazy)"
  ./manage.py reindex --lazy
fi

# Create Superuser if required
if [ "$SKIP_SUPERUSER" == "true" ]; then
  echo "↩️ Skip creating the superuser"
else
  if [ -z ${SUPERUSER_NAME+x} ]; then
    SUPERUSER_NAME='admin'
  fi
  if [ -z ${SUPERUSER_EMAIL+x} ]; then
    SUPERUSER_EMAIL='admin@example.com'
  fi
  if [ -f "/run/secrets/superuser_password" ]; then
    SUPERUSER_PASSWORD="$(</run/secrets/superuser_password)"
  elif [ -z ${SUPERUSER_PASSWORD+x} ]; then
    SUPERUSER_PASSWORD='admin'
  fi
  if [ -f "/run/secrets/superuser_api_token" ]; then
    SUPERUSER_API_TOKEN="$(</run/secrets/superuser_api_token)"
  elif [ -z ${SUPERUSER_API_TOKEN+x} ]; then
    SUPERUSER_API_TOKEN='0123456789abcdef0123456789abcdef01234567'
  fi

  ./manage.py shell --interface python <<END
from users.models import Token, User
if not User.objects.filter(username='${SUPERUSER_NAME}'):
    u = User.objects.create_superuser('${SUPERUSER_NAME}', '${SUPERUSER_EMAIL}', '${SUPERUSER_PASSWORD}')
    Token.objects.create(user=u, key='${SUPERUSER_API_TOKEN}')
END

  echo "💡 Superuser Username: ${SUPERUSER_NAME}, E-Mail: ${SUPERUSER_EMAIL}"
fi

./manage.py shell --interface python <<END
from users.models import Token
try:
    old_default_token = Token.objects.get(key="0123456789abcdef0123456789abcdef01234567")
    if old_default_token:
        print("⚠️ Warning: You have the old default admin API token in your database. This token is widely known; please remove it. Log in as your superuser and check API Tokens in your user menu.")
except Token.DoesNotExist:
    pass
END

echo "✅ Initialisation is done."

# Launch whatever is passed by docker
# (i.e. the RUN instruction in the Dockerfile)
exec "$@"
Copied Docker components from main repo 2017-04-19 09:48:21 -05:00			`#!/bin/bash`
NetBox should always be referred to as NetBox Fix all instances of "Netbox". ```Shell git ls-files -z . \| xargs --null -I '{}' find './{}' -type f -print0 \| xargs --null sed --in-place --regexp-extended 's#Netbox#NetBox#g;' ``` Ref: https://netbox.readthedocs.io/en/stable/development/style-guide/#branding 2021-02-04 14:48:08 -06:00			`# Runs on every start of the NetBox Docker container`
Building the Docker image with Github Actions 2019-12-23 10:53:19 -06:00
			`# Stop when an error occures`
Copied Docker components from main repo 2017-04-19 09:48:21 -05:00			`set -e`
Building the Docker image with Github Actions 2019-12-23 10:53:19 -06:00
NetBox should always be referred to as NetBox Fix all instances of "Netbox". ```Shell git ls-files -z . \| xargs --null -I '{}' find './{}' -type f -print0 \| xargs --null sed --in-place --regexp-extended 's#Netbox#NetBox#g;' ``` Ref: https://netbox.readthedocs.io/en/stable/development/style-guide/#branding 2021-02-04 14:48:08 -06:00			`# Allows NetBox to be run as non-root users`
set umask in entrypoint 2019-11-26 05:09:26 -06:00			`umask 002`
Copied Docker components from main repo 2017-04-19 09:48:21 -05:00
Gunicorn is replaced with nginx-unit We now serve Netbox with an nginx-unit instance instead of Gunicorn. This allows us to get rid of the extra Nginx container because Unit is also serving the static files. The static files are now collected at container buildtime instead of every startup. 2020-11-10 08:23:07 -06:00			`# Load correct Python3 env`
Fix shellcheck complaint 2021-02-08 05:04:22 -06:00			`# shellcheck disable=SC1091`
Gunicorn is replaced with nginx-unit We now serve Netbox with an nginx-unit instance instead of Gunicorn. This allows us to get rid of the extra Nginx container because Unit is also serving the static files. The static files are now collected at container buildtime instead of every startup. 2020-11-10 08:23:07 -06:00			`source /opt/netbox/venv/bin/activate`

Building the Docker image with Github Actions 2019-12-23 10:53:19 -06:00			`# Try to connect to the DB`
			`DB_WAIT_TIMEOUT=${DB_WAIT_TIMEOUT-3}`
			`MAX_DB_WAIT_TIME=${MAX_DB_WAIT_TIME-30}`
			`CUR_DB_WAIT_TIME=0`
Print last line of django db connection error while waiting for db to start Fixes #562 2021-09-02 09:35:39 -05:00			`while [ "${CUR_DB_WAIT_TIME}" -lt "${MAX_DB_WAIT_TIME}" ]; do`
			`# Read and truncate connection error tracebacks to last line by default`
			`exec {psfd}< <(./manage.py showmigrations 2>&1)`
			`read -rd '' DB_ERR <&$psfd \|\| :`
			`exec {psfd}<&-`
			`wait $! && break`
			`if [ -n "$DB_WAIT_DEBUG" ]; then`
			`echo "$DB_ERR"`
			`else`
			`readarray -tn 0 DB_ERR_LINES <<<"$DB_ERR"`
			`echo "${DB_ERR_LINES[@]: -1}"`
			`echo "[ Use DB_WAIT_DEBUG=1 in netbox.env to print full traceback for errors here ]"`
			`fi`
Building the Docker image with Github Actions 2019-12-23 10:53:19 -06:00			`echo "⏳ Waiting on DB... (${CUR_DB_WAIT_TIME}s / ${MAX_DB_WAIT_TIME}s)"`
			`sleep "${DB_WAIT_TIMEOUT}"`
Format shell scripts with shfmt 2021-02-08 05:16:04 -06:00			`CUR_DB_WAIT_TIME=$((CUR_DB_WAIT_TIME + DB_WAIT_TIMEOUT))`
Copied Docker components from main repo 2017-04-19 09:48:21 -05:00			`done`
Building the Docker image with Github Actions 2019-12-23 10:53:19 -06:00			`if [ "${CUR_DB_WAIT_TIME}" -ge "${MAX_DB_WAIT_TIME}" ]; then`
			`echo "❌ Waited ${MAX_DB_WAIT_TIME}s or more for the DB to become ready."`
			`exit 1`
			`fi`
Optimise migrations on startup The migrations are only started if there are some that have not been applied. Additionally the maintenace task needed after an update are now run after the migrations 2021-05-05 04:31:32 -05:00			`# Check if update is needed`
			`if ! ./manage.py migrate --check >/dev/null 2>&1; then`
			`echo "⚙️ Applying database migrations"`
			`./manage.py migrate --no-input`
			`echo "⚙️ Running trace_paths"`
			`./manage.py trace_paths --no-input`
			`echo "⚙️ Removing stale content types"`
			`./manage.py remove_stale_contenttypes --no-input`
			`echo "⚙️ Removing expired user sessions"`
			`./manage.py clearsessions`
Fixes #947: Rebuild search index when needed This rebuilds the search index when models where updated. 2023-02-23 01:37:53 -06:00			`echo "⚙️ Building search index (lazy)"`
			`./manage.py reindex --lazy`
Optimise migrations on startup The migrations are only started if there are some that have not been applied. Additionally the maintenace task needed after an update are now run after the migrations 2021-05-05 04:31:32 -05:00			`fi`
Copied Docker components from main repo 2017-04-19 09:48:21 -05:00
Building the Docker image with Github Actions 2019-12-23 10:53:19 -06:00			`# Create Superuser if required`
Introduce $SKIP_SUPERUSER This adds a new variable to skip the creation of the superuser. That is useful for LDAP and for production environments. Fixes #160 2019-10-12 07:45:55 -05:00			`if [ "$SKIP_SUPERUSER" == "true" ]; then`
fix typo 2019-10-13 07:03:22 -05:00			`echo "↩️ Skip creating the superuser"`
Introduce $SKIP_SUPERUSER This adds a new variable to skip the creation of the superuser. That is useful for LDAP and for production environments. Fixes #160 2019-10-12 07:45:55 -05:00			`else`
			`if [ -z ${SUPERUSER_NAME+x} ]; then`
			`SUPERUSER_NAME='admin'`
❇️ Make the default configuration cluster ready This changes the default configuration to be better prepared for usage with container management platforms, such as Docker Swarm, Kubernetes or OpenShift. Closes #27. 2017-12-13 08:50:30 -06:00			`fi`
Introduce $SKIP_SUPERUSER This adds a new variable to skip the creation of the superuser. That is useful for LDAP and for production environments. Fixes #160 2019-10-12 07:45:55 -05:00			`if [ -z ${SUPERUSER_EMAIL+x} ]; then`
			`SUPERUSER_EMAIL='admin@example.com'`
			`fi`
Prefer secret to env variable if both are configured 2020-05-13 07:44:41 -05:00			`if [ -f "/run/secrets/superuser_password" ]; then`
Format shell scripts with shfmt 2021-02-08 05:16:04 -06:00			`SUPERUSER_PASSWORD="$(</run/secrets/superuser_password)"`
Prefer secret to env variable if both are configured 2020-05-13 07:44:41 -05:00			`elif [ -z ${SUPERUSER_PASSWORD+x} ]; then`
			`SUPERUSER_PASSWORD='admin'`
Introduce $SKIP_SUPERUSER This adds a new variable to skip the creation of the superuser. That is useful for LDAP and for production environments. Fixes #160 2019-10-12 07:45:55 -05:00			`fi`
Prefer secret to env variable if both are configured 2020-05-13 07:44:41 -05:00			`if [ -f "/run/secrets/superuser_api_token" ]; then`
Format shell scripts with shfmt 2021-02-08 05:16:04 -06:00			`SUPERUSER_API_TOKEN="$(</run/secrets/superuser_api_token)"`
Prefer secret to env variable if both are configured 2020-05-13 07:44:41 -05:00			`elif [ -z ${SUPERUSER_API_TOKEN+x} ]; then`
			`SUPERUSER_API_TOKEN='0123456789abcdef0123456789abcdef01234567'`
❇️ Make the default configuration cluster ready This changes the default configuration to be better prepared for usage with container management platforms, such as Docker Swarm, Kubernetes or OpenShift. Closes #27. 2017-12-13 08:50:30 -06:00			`fi`
Checks if the superuser exists before creating it 2017-04-21 06:43:44 -05:00
Format shell scripts with shfmt 2021-02-08 05:16:04 -06:00			`./manage.py shell --interface python <<END`
Prepare for Netbox 4.0 2024-03-28 04:39:51 -05:00			`from users.models import Token, User`
Checks if the superuser exists before creating it 2017-04-21 06:43:44 -05:00			`if not User.objects.filter(username='${SUPERUSER_NAME}'):`
Prepare for Netbox 4.0 2024-03-28 04:39:51 -05:00			`u = User.objects.create_superuser('${SUPERUSER_NAME}', '${SUPERUSER_EMAIL}', '${SUPERUSER_PASSWORD}')`
✨ Creates a token for admin by default 2017-11-29 08:08:55 -06:00			`Token.objects.create(user=u, key='${SUPERUSER_API_TOKEN}')`
Checks if the superuser exists before creating it 2017-04-21 06:43:44 -05:00			`END`
Copied Docker components from main repo 2017-04-19 09:48:21 -05:00
Introduce $SKIP_SUPERUSER This adds a new variable to skip the creation of the superuser. That is useful for LDAP and for production environments. Fixes #160 2019-10-12 07:45:55 -05:00			`echo "💡 Superuser Username: ${SUPERUSER_NAME}, E-Mail: ${SUPERUSER_EMAIL}"`
			`fi`

Don't create superuser with default credentials 2023-03-15 01:45:15 -05:00			`./manage.py shell --interface python <<END`
			`from users.models import Token`
Catch DoesNotExist preventing startup Fixes failing startup because of python error: ``` Traceback (most recent call last): File "/opt/netbox/netbox/./manage.py", line 10, in <module> execute_from_command_line(sys.argv) File "/opt/netbox/venv/lib/python3.10/site-packages/django/core/management/__init__.py", line 446, in execute_from_command_line utility.execute() File "/opt/netbox/venv/lib/python3.10/site-packages/django/core/management/__init__.py", line 440, in execute self.fetch_command(subcommand).run_from_argv(self.argv) File "/opt/netbox/venv/lib/python3.10/site-packages/django/core/management/base.py", line 402, in run_from_argv self.execute(args, cmd_options) File "/opt/netbox/venv/lib/python3.10/site-packages/django/core/management/base.py", line 448, in execute output = self.handle(args, *options) File "/opt/netbox/venv/lib/python3.10/site-packages/django/core/management/commands/shell.py", line 127, in handle exec(sys.stdin.read(), globals()) File "<string>", line 2, in <module> File "/opt/netbox/venv/lib/python3.10/site-packages/django/db/models/manager.py", line 85, in manager_method return getattr(self.get_queryset(), name)(args, **kwargs) File "/opt/netbox/venv/lib/python3.10/site-packages/django/db/models/query.py", line 650, in get raise self.model.DoesNotExist( users.models.Token.DoesNotExist: Token matching query does not exist. ``` 2023-03-15 15:53:59 -05:00			`try:`
			`old_default_token = Token.objects.get(key="0123456789abcdef0123456789abcdef01234567")`
			`if old_default_token:`
docker-entrypoint.sh: clarify default token message When a default admin API token is found, a warning is displayed. As it is only called "token", some users might not know what token is referred to. Also the message should give a hint or link to a documentation on how to remove it. 2024-01-19 02:12:56 -06:00			`print("⚠️ Warning: You have the old default admin API token in your database. This token is widely known; please remove it. Log in as your superuser and check API Tokens in your user menu.")`
Catch DoesNotExist preventing startup Fixes failing startup because of python error: ``` Traceback (most recent call last): File "/opt/netbox/netbox/./manage.py", line 10, in <module> execute_from_command_line(sys.argv) File "/opt/netbox/venv/lib/python3.10/site-packages/django/core/management/__init__.py", line 446, in execute_from_command_line utility.execute() File "/opt/netbox/venv/lib/python3.10/site-packages/django/core/management/__init__.py", line 440, in execute self.fetch_command(subcommand).run_from_argv(self.argv) File "/opt/netbox/venv/lib/python3.10/site-packages/django/core/management/base.py", line 402, in run_from_argv self.execute(args, cmd_options) File "/opt/netbox/venv/lib/python3.10/site-packages/django/core/management/base.py", line 448, in execute output = self.handle(args, *options) File "/opt/netbox/venv/lib/python3.10/site-packages/django/core/management/commands/shell.py", line 127, in handle exec(sys.stdin.read(), globals()) File "<string>", line 2, in <module> File "/opt/netbox/venv/lib/python3.10/site-packages/django/db/models/manager.py", line 85, in manager_method return getattr(self.get_queryset(), name)(args, **kwargs) File "/opt/netbox/venv/lib/python3.10/site-packages/django/db/models/query.py", line 650, in get raise self.model.DoesNotExist( users.models.Token.DoesNotExist: Token matching query does not exist. ``` 2023-03-15 15:53:59 -05:00			`except Token.DoesNotExist:`
			`pass`
Don't create superuser with default credentials 2023-03-15 01:45:15 -05:00			`END`

✨ Creates a token for admin by default 2017-11-29 08:08:55 -06:00			`echo "✅ Initialisation is done."`
🐳 Adds the possibility to overwrite the CMD 2017-08-30 04:09:56 -05:00
Building the Docker image with Github Actions 2019-12-23 10:53:19 -06:00			`# Launch whatever is passed by docker`
✨ Include Initializers Initializers are startup scripts for common tasks like creating custom fields. These are problems many users of Netbox Docker potentially face and are therefore worth sharing. 2018-02-16 03:25:26 -06:00			`# (i.e. the RUN instruction in the Dockerfile)`
Fix quoting of exec argument in the entrypoint script 2021-04-15 11:18:00 -05:00			`exec "$@"`