Prefer secret to env variable if both are configured
This commit is contained in:
parent
df3ab69c0f
commit
6bada6660a
@ -6,11 +6,11 @@ import socket
|
|||||||
# Based on https://github.com/netbox-community/netbox/blob/develop/netbox/netbox/configuration.example.py
|
# Based on https://github.com/netbox-community/netbox/blob/develop/netbox/netbox/configuration.example.py
|
||||||
|
|
||||||
# Read secret from file
|
# Read secret from file
|
||||||
def read_secret(secret_name):
|
def read_secret(secret_name, default=''):
|
||||||
try:
|
try:
|
||||||
f = open('/run/secrets/' + secret_name, 'r', encoding='utf-8')
|
f = open('/run/secrets/' + secret_name, 'r', encoding='utf-8')
|
||||||
except EnvironmentError:
|
except EnvironmentError:
|
||||||
return ''
|
return default
|
||||||
else:
|
else:
|
||||||
with f:
|
with f:
|
||||||
return f.readline().strip()
|
return f.readline().strip()
|
||||||
@ -33,7 +33,7 @@ ALLOWED_HOSTS = os.environ.get('ALLOWED_HOSTS', '*').split(' ')
|
|||||||
DATABASE = {
|
DATABASE = {
|
||||||
'NAME': os.environ.get('DB_NAME', 'netbox'), # Database name
|
'NAME': os.environ.get('DB_NAME', 'netbox'), # Database name
|
||||||
'USER': os.environ.get('DB_USER', ''), # PostgreSQL username
|
'USER': os.environ.get('DB_USER', ''), # PostgreSQL username
|
||||||
'PASSWORD': os.environ.get('DB_PASSWORD', read_secret('db_password')),
|
'PASSWORD': read_secret('db_password', os.environ.get('DB_PASSWORD', '')),
|
||||||
# PostgreSQL password
|
# PostgreSQL password
|
||||||
'HOST': os.environ.get('DB_HOST', 'localhost'), # Database server
|
'HOST': os.environ.get('DB_HOST', 'localhost'), # Database server
|
||||||
'PORT': os.environ.get('DB_PORT', ''), # Database port (leave blank for default)
|
'PORT': os.environ.get('DB_PORT', ''), # Database port (leave blank for default)
|
||||||
@ -47,7 +47,7 @@ DATABASE = {
|
|||||||
# For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and
|
# For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and
|
||||||
# symbols. NetBox will not run without this defined. For more information, see
|
# symbols. NetBox will not run without this defined. For more information, see
|
||||||
# https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-SECRET_KEY
|
# https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-SECRET_KEY
|
||||||
SECRET_KEY = os.environ.get('SECRET_KEY', read_secret('secret_key'))
|
SECRET_KEY = read_secret('secret_key', os.environ.get('SECRET_KEY', ''))
|
||||||
|
|
||||||
# Redis database settings. The Redis database is used for caching and background processing such as webhooks
|
# Redis database settings. The Redis database is used for caching and background processing such as webhooks
|
||||||
REDIS = {
|
REDIS = {
|
||||||
@ -62,7 +62,7 @@ REDIS = {
|
|||||||
'webhooks': { # legacy setting, can be removed after Netbox seizes support for it
|
'webhooks': { # legacy setting, can be removed after Netbox seizes support for it
|
||||||
'HOST': os.environ.get('REDIS_HOST', 'localhost'),
|
'HOST': os.environ.get('REDIS_HOST', 'localhost'),
|
||||||
'PORT': int(os.environ.get('REDIS_PORT', 6379)),
|
'PORT': int(os.environ.get('REDIS_PORT', 6379)),
|
||||||
'PASSWORD': os.environ.get('REDIS_PASSWORD', read_secret('redis_password')),
|
'PASSWORD': read_secret('redis_password', os.environ.get('REDIS_PASSWORD', '')),
|
||||||
'DATABASE': int(os.environ.get('REDIS_DATABASE', 0)),
|
'DATABASE': int(os.environ.get('REDIS_DATABASE', 0)),
|
||||||
'DEFAULT_TIMEOUT': int(os.environ.get('REDIS_TIMEOUT', 300)),
|
'DEFAULT_TIMEOUT': int(os.environ.get('REDIS_TIMEOUT', 300)),
|
||||||
'SSL': os.environ.get('REDIS_SSL', 'False').lower() == 'true',
|
'SSL': os.environ.get('REDIS_SSL', 'False').lower() == 'true',
|
||||||
@ -70,7 +70,7 @@ REDIS = {
|
|||||||
'caching': {
|
'caching': {
|
||||||
'HOST': os.environ.get('REDIS_CACHE_HOST', os.environ.get('REDIS_HOST', 'localhost')),
|
'HOST': os.environ.get('REDIS_CACHE_HOST', os.environ.get('REDIS_HOST', 'localhost')),
|
||||||
'PORT': int(os.environ.get('REDIS_CACHE_PORT', os.environ.get('REDIS_PORT', 6379))),
|
'PORT': int(os.environ.get('REDIS_CACHE_PORT', os.environ.get('REDIS_PORT', 6379))),
|
||||||
'PASSWORD': os.environ.get('REDIS_CACHE_PASSWORD', os.environ.get('REDIS_PASSWORD', read_secret('redis_cache_password'))),
|
'PASSWORD': read_secret('redis_cache_password', os.environ.get('REDIS_CACHE_PASSWORD', read_secret('redis_password', os.environ.get('REDIS_PASSWORD', '')))),
|
||||||
'DATABASE': int(os.environ.get('REDIS_CACHE_DATABASE', 1)),
|
'DATABASE': int(os.environ.get('REDIS_CACHE_DATABASE', 1)),
|
||||||
'DEFAULT_TIMEOUT': int(os.environ.get('REDIS_CACHE_TIMEOUT', os.environ.get('REDIS_TIMEOUT', 300))),
|
'DEFAULT_TIMEOUT': int(os.environ.get('REDIS_CACHE_TIMEOUT', os.environ.get('REDIS_TIMEOUT', 300))),
|
||||||
'SSL': os.environ.get('REDIS_CACHE_SSL', os.environ.get('REDIS_SSL', 'False')).lower() == 'true',
|
'SSL': os.environ.get('REDIS_CACHE_SSL', os.environ.get('REDIS_SSL', 'False')).lower() == 'true',
|
||||||
@ -124,7 +124,7 @@ EMAIL = {
|
|||||||
'SERVER': os.environ.get('EMAIL_SERVER', 'localhost'),
|
'SERVER': os.environ.get('EMAIL_SERVER', 'localhost'),
|
||||||
'PORT': int(os.environ.get('EMAIL_PORT', 25)),
|
'PORT': int(os.environ.get('EMAIL_PORT', 25)),
|
||||||
'USERNAME': os.environ.get('EMAIL_USERNAME', ''),
|
'USERNAME': os.environ.get('EMAIL_USERNAME', ''),
|
||||||
'PASSWORD': os.environ.get('EMAIL_PASSWORD', read_secret('email_password')),
|
'PASSWORD': read_secret('email_password', os.environ.get('EMAIL_PASSWORD', '')),
|
||||||
'TIMEOUT': int(os.environ.get('EMAIL_TIMEOUT', 10)), # seconds
|
'TIMEOUT': int(os.environ.get('EMAIL_TIMEOUT', 10)), # seconds
|
||||||
'FROM_EMAIL': os.environ.get('EMAIL_FROM', ''),
|
'FROM_EMAIL': os.environ.get('EMAIL_FROM', ''),
|
||||||
'USE_SSL': os.environ.get('EMAIL_USE_SSL', 'False').lower() == 'true',
|
'USE_SSL': os.environ.get('EMAIL_USE_SSL', 'False').lower() == 'true',
|
||||||
@ -171,7 +171,7 @@ METRICS_ENABLED = os.environ.get('METRICS_ENABLED', 'False').lower() == 'true'
|
|||||||
|
|
||||||
# Credentials that NetBox will use to access live devices.
|
# Credentials that NetBox will use to access live devices.
|
||||||
NAPALM_USERNAME = os.environ.get('NAPALM_USERNAME', '')
|
NAPALM_USERNAME = os.environ.get('NAPALM_USERNAME', '')
|
||||||
NAPALM_PASSWORD = os.environ.get('NAPALM_PASSWORD', read_secret('napalm_password'))
|
NAPALM_PASSWORD = read_secret('napalm_password', os.environ.get('NAPALM_PASSWORD', ''))
|
||||||
|
|
||||||
# NAPALM timeout (in seconds). (Default: 30)
|
# NAPALM timeout (in seconds). (Default: 30)
|
||||||
NAPALM_TIMEOUT = int(os.environ.get('NAPALM_TIMEOUT', 30))
|
NAPALM_TIMEOUT = int(os.environ.get('NAPALM_TIMEOUT', 30))
|
||||||
|
@ -5,11 +5,11 @@ from django_auth_ldap.config import LDAPSearch
|
|||||||
from importlib import import_module
|
from importlib import import_module
|
||||||
|
|
||||||
# Read secret from file
|
# Read secret from file
|
||||||
def read_secret(secret_name):
|
def read_secret(secret_name, default=''):
|
||||||
try:
|
try:
|
||||||
f = open('/run/secrets/' + secret_name, 'r', encoding='utf-8')
|
f = open('/run/secrets/' + secret_name, 'r', encoding='utf-8')
|
||||||
except EnvironmentError:
|
except EnvironmentError:
|
||||||
return ''
|
return default
|
||||||
else:
|
else:
|
||||||
with f:
|
with f:
|
||||||
return f.readline().strip()
|
return f.readline().strip()
|
||||||
@ -32,7 +32,7 @@ AUTH_LDAP_CONNECTION_OPTIONS = {
|
|||||||
|
|
||||||
# Set the DN and password for the NetBox service account.
|
# Set the DN and password for the NetBox service account.
|
||||||
AUTH_LDAP_BIND_DN = os.environ.get('AUTH_LDAP_BIND_DN', '')
|
AUTH_LDAP_BIND_DN = os.environ.get('AUTH_LDAP_BIND_DN', '')
|
||||||
AUTH_LDAP_BIND_PASSWORD = os.environ.get('AUTH_LDAP_BIND_PASSWORD', read_secret('auth_ldap_bind_password'))
|
AUTH_LDAP_BIND_PASSWORD = read_secret('auth_ldap_bind_password', os.environ.get('AUTH_LDAP_BIND_PASSWORD', ''))
|
||||||
|
|
||||||
# Set a string template that describes any user’s distinguished name based on the username.
|
# Set a string template that describes any user’s distinguished name based on the username.
|
||||||
AUTH_LDAP_USER_DN_TEMPLATE = os.environ.get('AUTH_LDAP_USER_DN_TEMPLATE', None)
|
AUTH_LDAP_USER_DN_TEMPLATE = os.environ.get('AUTH_LDAP_USER_DN_TEMPLATE', None)
|
||||||
|
@ -31,20 +31,16 @@ else
|
|||||||
if [ -z ${SUPERUSER_EMAIL+x} ]; then
|
if [ -z ${SUPERUSER_EMAIL+x} ]; then
|
||||||
SUPERUSER_EMAIL='admin@example.com'
|
SUPERUSER_EMAIL='admin@example.com'
|
||||||
fi
|
fi
|
||||||
if [ -z ${SUPERUSER_PASSWORD+x} ]; then
|
|
||||||
if [ -f "/run/secrets/superuser_password" ]; then
|
if [ -f "/run/secrets/superuser_password" ]; then
|
||||||
SUPERUSER_PASSWORD="$(< /run/secrets/superuser_password)"
|
SUPERUSER_PASSWORD="$(< /run/secrets/superuser_password)"
|
||||||
else
|
elif [ -z ${SUPERUSER_PASSWORD+x} ]; then
|
||||||
SUPERUSER_PASSWORD='admin'
|
SUPERUSER_PASSWORD='admin'
|
||||||
fi
|
fi
|
||||||
fi
|
|
||||||
if [ -z ${SUPERUSER_API_TOKEN+x} ]; then
|
|
||||||
if [ -f "/run/secrets/superuser_api_token" ]; then
|
if [ -f "/run/secrets/superuser_api_token" ]; then
|
||||||
SUPERUSER_API_TOKEN="$(< /run/secrets/superuser_api_token)"
|
SUPERUSER_API_TOKEN="$(< /run/secrets/superuser_api_token)"
|
||||||
else
|
elif [ -z ${SUPERUSER_API_TOKEN+x} ]; then
|
||||||
SUPERUSER_API_TOKEN='0123456789abcdef0123456789abcdef01234567'
|
SUPERUSER_API_TOKEN='0123456789abcdef0123456789abcdef01234567'
|
||||||
fi
|
fi
|
||||||
fi
|
|
||||||
|
|
||||||
./manage.py shell --interface python << END
|
./manage.py shell --interface python << END
|
||||||
from django.contrib.auth.models import User
|
from django.contrib.auth.models import User
|
||||||
|
Loading…
Reference in New Issue
Block a user