Update .github/workflows/build_image.yaml

.github/workflows/build_image.yaml

@@ -0,0 +1,31 @@
+name: ci
+
+on:
+  push:
+    branches:
+      - 'release'
+
+jobs:
+  docker:
+    runs-on: ubuntu-22.04
+    steps:
+      #-
+      #  name: Set up QEMU
+      #  uses: docker/setup-qemu-action@v3
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Login to Docker Hub
+        uses: SeptBlast/docker-login@v1.1.2
+        with:
+          login-server: harbor.fisherhome.xyz
+          username: ${{ secrets.HARBOR_USERNAME }}
+          password: ${{ secrets.HARBOR_PASSWORD }}
+
+      - uses: actions/checkout@v3
+      - name: Build and push
+        run: |
+          docker login --username ${{ secrets.HARBOR_USERNAME }} --password ${{ secrets.HARBOR_PASSWORD }} harbor.fisherhome.xyz
+          docker build --no-cache ./ -t harbor.fisherhome.xyz/library/netbox:latest
+          docker push harbor.fisherhome.xyz/library/netbox:latest  

Dockerfile

@@ -63,16 +63,17 @@ RUN export DEBIAN_FRONTEND=noninteractive \
       openssh-client \
       openssl \
       python3 \
+      python3-distutils \
       tini \
-    && curl --silent --output /etc/apt/keyrings/nginx-keyring.gpg \
+    && curl --silent --output /usr/share/keyrings/nginx-keyring.gpg \
       https://unit.nginx.org/keys/nginx-keyring.gpg \
-    && echo "deb [signed-by=/etc/apt/keyrings/nginx-keyring.gpg] https://packages.nginx.org/unit/ubuntu/ mantic unit" \
+    && echo "deb [signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://packages.nginx.org/unit/ubuntu/ mantic unit" \
       > /etc/apt/sources.list.d/unit.list \
     && apt-get update -qq \
     && apt-get install \
       --yes -qq --no-install-recommends \
-      unit=1.32.1-1~mantic \
-      unit-python3.12=1.32.1-1~mantic \
+      unit=1.32.0-1~mantic \
+      unit-python3.11=1.32.0-1~mantic \
     && rm -rf /var/lib/apt/lists/*
 
 COPY --from=builder /opt/netbox/venv /opt/netbox/venv

Dockerfile-Plugins

@@ -0,0 +1,9 @@
+FROM netboxcommunity/netbox:latest
+
+COPY ./plugin_requirements.txt /opt/netbox/
+RUN /opt/netbox/venv/bin/pip install  --no-warn-script-location -r /opt/netbox/plugin_requirements.txt
+
+# These lines are only required if your plugin has its own static files.
+COPY configuration/configuration.py /etc/netbox/config/configuration.py
+COPY configuration/plugins.py /etc/netbox/config/plugins.py
+RUN SECRET_KEY="dummydummydummydummydummydummydummydummydummydummy" /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py collectstatic --no-input

build.sh

@@ -61,7 +61,7 @@ DOCKERFILE  The name of Dockerfile to use.
             ${_GREEN}Default:${_CLEAR} Dockerfile
 
 DOCKER_FROM The base image to use.
-            ${_GREEN}Default:${_CLEAR} 'ubuntu:24.04'
+            ${_GREEN}Default:${_CLEAR} 'ubuntu:23.10'
 
 BUILDX_PLATFORMS
             Specifies the platform(s) to build the image for.
@@ -219,7 +219,7 @@ fi
 # Determining the value for DOCKER_FROM
 ###
 if [ -z "$DOCKER_FROM" ]; then
-  DOCKER_FROM="docker.io/ubuntu:24.04"
+  DOCKER_FROM="docker.io/ubuntu:23.10"
 fi
 
 ###

configuration/configuration.py

@@ -200,10 +200,10 @@ if 'CENSUS_REPORTING_ENABLED' in environ:
 EXEMPT_VIEW_PERMISSIONS = _environ_get_and_map('EXEMPT_VIEW_PERMISSIONS', '', _AS_LIST)
 
 # HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks).
-HTTP_PROXIES = {
-    'http': environ.get('HTTP_PROXY', None),
-    'https': environ.get('HTTPS_PROXY', None),
-}
+# HTTP_PROXIES = {
+#     'http': 'http://10.10.1.10:3128',
+#     'https': 'http://10.10.1.10:1080',
+# }
 
 # IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing
 # NetBox from an internal IP.
@@ -221,9 +221,9 @@ if 'GRAPHQL_ENABLED' in environ:
 # authenticated to NetBox indefinitely.
 LOGIN_PERSISTENCE = _environ_get_and_map('LOGIN_PERSISTENCE', 'False', _AS_BOOL)
 
-# When enabled, only authenticated users are permitted to access any part of NetBox.
-# Disabling this will allow unauthenticated users to access most areas of NetBox (but not make any changes).
-LOGIN_REQUIRED = _environ_get_and_map('LOGIN_REQUIRED', 'True', _AS_BOOL)
+# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users
+# are permitted to access most data in NetBox (excluding secrets) but not make any changes.
+LOGIN_REQUIRED = _environ_get_and_map('LOGIN_REQUIRED', 'False', _AS_BOOL)
 
 # The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to
 # re-authenticate. (Default: 1209600 [14 days])
@@ -286,23 +286,12 @@ if 'RACK_ELEVATION_DEFAULT_UNIT_WIDTH' in environ:
     RACK_ELEVATION_DEFAULT_UNIT_WIDTH = _environ_get_and_map('RACK_ELEVATION_DEFAULT_UNIT_WIDTH', None, _AS_INT)
 
 # Remote authentication support
-REMOTE_AUTH_AUTO_CREATE_GROUPS = _environ_get_and_map('REMOTE_AUTH_AUTO_CREATE_GROUPS', 'False', _AS_BOOL)
-REMOTE_AUTH_AUTO_CREATE_USER = _environ_get_and_map('REMOTE_AUTH_AUTO_CREATE_USER', 'False', _AS_BOOL)
-REMOTE_AUTH_BACKEND = _environ_get_and_map('REMOTE_AUTH_BACKEND', 'netbox.authentication.RemoteUserBackend', _AS_LIST)
-REMOTE_AUTH_DEFAULT_GROUPS = _environ_get_and_map('REMOTE_AUTH_DEFAULT_GROUPS', '', _AS_LIST)
-# REMOTE_AUTH_DEFAULT_PERMISSIONS = {} # dicts can't be configured via environment variables. See extra.py instead.
 REMOTE_AUTH_ENABLED = _environ_get_and_map('REMOTE_AUTH_ENABLED', 'False', _AS_BOOL)
-REMOTE_AUTH_GROUP_HEADER = _environ_get_and_map('REMOTE_AUTH_GROUP_HEADER', 'HTTP_REMOTE_USER_GROUP')
-REMOTE_AUTH_GROUP_SEPARATOR = _environ_get_and_map('REMOTE_AUTH_GROUP_SEPARATOR', '|')
-REMOTE_AUTH_GROUP_SYNC_ENABLED = _environ_get_and_map('REMOTE_AUTH_GROUP_SYNC_ENABLED', 'False', _AS_BOOL)
+REMOTE_AUTH_BACKEND = _environ_get_and_map('REMOTE_AUTH_BACKEND', 'netbox.authentication.RemoteUserBackend', _AS_LIST)
 REMOTE_AUTH_HEADER = environ.get('REMOTE_AUTH_HEADER', 'HTTP_REMOTE_USER')
-REMOTE_AUTH_USER_EMAIL = environ.get('REMOTE_AUTH_USER_EMAIL', 'HTTP_REMOTE_USER_EMAIL')
-REMOTE_AUTH_USER_FIRST_NAME = environ.get('REMOTE_AUTH_USER_FIRST_NAME', 'HTTP_REMOTE_USER_FIRST_NAME')
-REMOTE_AUTH_USER_LAST_NAME = environ.get('REMOTE_AUTH_USER_LAST_NAME', 'HTTP_REMOTE_USER_LAST_NAME')
-REMOTE_AUTH_SUPERUSER_GROUPS = _environ_get_and_map('REMOTE_AUTH_SUPERUSER_GROUPS', '', _AS_LIST)
-REMOTE_AUTH_SUPERUSERS = _environ_get_and_map('REMOTE_AUTH_SUPERUSERS', '', _AS_LIST)
-REMOTE_AUTH_STAFF_GROUPS = _environ_get_and_map('REMOTE_AUTH_STAFF_GROUPS', '', _AS_LIST)
-REMOTE_AUTH_STAFF_USERS = _environ_get_and_map('REMOTE_AUTH_STAFF_USERS', '', _AS_LIST)
+REMOTE_AUTH_AUTO_CREATE_USER = _environ_get_and_map('REMOTE_AUTH_AUTO_CREATE_USER', 'False', _AS_BOOL)
+REMOTE_AUTH_DEFAULT_GROUPS = _environ_get_and_map('REMOTE_AUTH_DEFAULT_GROUPS', '', _AS_LIST)
+# REMOTE_AUTH_DEFAULT_PERMISSIONS = {}
 
 # This repository is used to check whether there is a new release of NetBox available. Set to None to disable the
 # version check or use the URL below to check for release in the official NetBox repository.

configuration/plugins.py

@@ -4,7 +4,7 @@
 # To learn how to build images with your required plugins
 # See https://github.com/netbox-community/netbox-docker/wiki/Using-Netbox-Plugins
 
-# PLUGINS = ["netbox_bgp"]
+PLUGINS = ["netbox_bgp","netbox_secrets","netbox_dns"],
 
 # PLUGINS_CONFIG = {
 #   "netbox_bgp": {

docker-compose.override.yml

@@ -0,0 +1,16 @@
+version: '3.4' # This is NOT the version of NetBox! No need to adjust :)
+services:
+  netbox:
+    image: netbox:latest-plugins
+    pull_policy: never
+    ports:
+      - 8000:8080
+    build:
+      context: .
+      dockerfile: Dockerfile-Plugins
+  netbox-worker:
+    image: netbox:latest-plugins
+    pull_policy: never
+  netbox-housekeeping:
+    image: netbox:latest-plugins
+    pull_policy: never

docker-compose.test.yml

@@ -1,6 +1,6 @@
 services:
   netbox: &netbox
-    image: ${IMAGE-docker.io/netboxcommunity/netbox:latest}
+    image: ${IMAGE-netboxcommunity/netbox:latest}
     depends_on:
       postgres:
         condition: service_healthy
@@ -13,10 +13,10 @@ services:
     volumes:
     - ./test-configuration/test_config.py:/etc/netbox/config/test_config.py:z,ro
     healthcheck:
-      test: curl -f http://localhost:8080/login/ || exit 1
       start_period: ${NETBOX_START_PERIOD-120s}
       timeout: 3s
       interval: 15s
+      test: "curl -f http://localhost:8080/api/ || exit 1"
   netbox-worker:
     <<: *netbox
     command:
@@ -24,47 +24,42 @@ services:
     - /opt/netbox/netbox/manage.py
     - rqworker
     healthcheck:
-      test: ps -aux | grep -v grep | grep -q rqworker || exit 1
       start_period: 40s
       timeout: 3s
       interval: 15s
+      test: "ps -aux | grep -v grep | grep -q rqworker || exit 1"
   netbox-housekeeping:
     <<: *netbox
     command:
     - /opt/netbox/housekeeping.sh
     healthcheck:
-      test: ps -aux | grep -v grep | grep -q housekeeping || exit 1
       start_period: 40s
       timeout: 3s
       interval: 15s
-
+      test: "ps -aux | grep -v grep | grep -q housekeeping || exit 1"
   postgres:
-    image: docker.io/postgres:16-alpine
+    image: postgres:16-alpine
     env_file: env/postgres.env
     healthcheck:
-      test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER ## $$ because of docker-compose
-      start_period: 20s
-      interval: 1s
+      test: "pg_isready -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER" ## $$ because of docker-compose
+      interval: 10s
       timeout: 5s
       retries: 5
-
   redis: &redis
-    image: docker.io/valkey/valkey:8.0-alpine
+    image: redis:7-alpine
     command:
     - sh
     - -c # this is to evaluate the $REDIS_PASSWORD from the env
-    - valkey-server --save "" --appendonly no --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
+    - redis-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
     env_file: env/redis.env
     healthcheck:
-      test: "[ $$(valkey-cli --pass \"$${REDIS_PASSWORD}\" ping) = 'PONG' ]"
-      start_period: 5s
+      start_period: 20s
       timeout: 3s
-      interval: 1s
-      retries: 5
+      interval: 15s
+      test: "timeout 2 redis-cli ping"
   redis-cache:
     <<: *redis
     env_file: env/redis-cache.env
-
 volumes:
   netbox-media-files:
     driver: local

docker-compose.yml

@@ -8,10 +8,10 @@ services:
     env_file: env/netbox.env
     user: 'unit:root'
     healthcheck:
-      test: curl -f http://localhost:8080/login/ || exit 1
-      start_period: 90s
+      start_period: 60s
       timeout: 3s
       interval: 15s
+      test: "curl -f http://localhost:8080/login/ || exit 1"
     volumes:
     - ./configuration:/etc/netbox/config:z,ro
     - netbox-media-files:/opt/netbox/netbox/media:rw
@@ -27,10 +27,10 @@ services:
     - /opt/netbox/netbox/manage.py
     - rqworker
     healthcheck:
-      test: ps -aux | grep -v grep | grep -q rqworker || exit 1
       start_period: 20s
       timeout: 3s
       interval: 15s
+      test: "ps -aux | grep -v grep | grep -q rqworker || exit 1"
   netbox-housekeeping:
     <<: *netbox
     depends_on:
@@ -39,47 +39,34 @@ services:
     command:
     - /opt/netbox/housekeeping.sh
     healthcheck:
-      test: ps -aux | grep -v grep | grep -q housekeeping || exit 1
       start_period: 20s
       timeout: 3s
       interval: 15s
+      test: "ps -aux | grep -v grep | grep -q housekeeping || exit 1"
 
   # postgres
   postgres:
     image: docker.io/postgres:16-alpine
-    healthcheck:
-      test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER
-      start_period: 20s
-      timeout: 30s
-      interval: 10s
-      retries: 5
     env_file: env/postgres.env
     volumes:
     - netbox-postgres-data:/var/lib/postgresql/data
 
   # redis
   redis:
-    image: docker.io/valkey/valkey:8.0-alpine
+    image: docker.io/redis:7-alpine
     command:
     - sh
     - -c # this is to evaluate the $REDIS_PASSWORD from the env
-    - valkey-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
-    healthcheck: &redis-healthcheck
-      test: "[ $$(valkey-cli --pass \"$${REDIS_PASSWORD}\" ping) = 'PONG' ]"
-      start_period: 5s
-      timeout: 3s
-      interval: 1s
-      retries: 5
+    - redis-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
     env_file: env/redis.env
     volumes:
     - netbox-redis-data:/data
   redis-cache:
-    image: docker.io/valkey/valkey:8.0-alpine
+    image: docker.io/redis:7-alpine
     command:
     - sh
     - -c # this is to evaluate the $REDIS_PASSWORD from the env
-    - valkey-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
-    healthcheck: *redis-healthcheck
+    - redis-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
     env_file: env/redis-cache.env
     volumes:
     - netbox-redis-cache-data:/data

env/netbox.env

@@ -1,16 +1,16 @@
 CORS_ORIGIN_ALLOW_ALL=True
-DB_HOST=postgres
+DB_HOST='10.0.100.171'
 DB_NAME=netbox
-DB_PASSWORD=J5brHrAXFLQSif0K
+DB_PASSWORD=QHMKWXHkkDzNMaWt22
 DB_USER=netbox
-EMAIL_FROM=netbox@bar.com
+EMAIL_FROM=netbox@fisherhome.xyz
 EMAIL_PASSWORD=
 EMAIL_PORT=25
-EMAIL_SERVER=localhost
+EMAIL_SERVER=postfix.lan.fisherhome.xyz
 EMAIL_SSL_CERTFILE=
 EMAIL_SSL_KEYFILE=
 EMAIL_TIMEOUT=5
-EMAIL_USERNAME=netbox
+EMAIL_USERNAME=
 # EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`!
 EMAIL_USE_SSL=false
 EMAIL_USE_TLS=false
@@ -26,7 +26,7 @@ REDIS_CACHE_SSL=false
 REDIS_DATABASE=0
 REDIS_HOST=redis
 REDIS_INSECURE_SKIP_TLS_VERIFY=false
-REDIS_PASSWORD=H733Kdjndks81
+REDIS_PASSWORD=FDFD733Kdjndks81
 REDIS_SSL=false
 RELEASE_CHECK_URL=https://api.github.com/repos/netbox-community/netbox/releases
 SECRET_KEY='r(m)9nLGnz$(_q3N4z1k(EFsMCjjjzx08x9VhNVcfd%6RF#r!6DE@+V5Zk2X'

plugin_requirements.txt

@@ -0,0 +1,2 @@
+netbox-secrets
+netbox_dns

requirements-container.txt

@@ -1,5 +1,5 @@
 django-auth-ldap==4.8.0
-django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.14.4
+django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.14.3
 dulwich==0.22.1
-python3-saml==1.16.0 --no-binary lxml,xmlsec
-sentry-sdk[django]==2.12.0
+python3-saml==1.16.0 --no-binary lxml
+sentry-sdk[django]==2.1.1

test-configuration/test_config.py

@@ -4,4 +4,3 @@ LOGGING = {
 }
 
 DEFAULT_PERMISSIONS = {}
-LOGIN_REQUIRED = False

test.sh

@@ -84,7 +84,7 @@ test_netbox_web() {
       --retry 5 \
       --retry-delay 0 \
       --retry-max-time 40 \
-      http://127.0.0.1:8000/login/
+      http://127.0.0.1:8000/
   )
   if [ "$RESP_CODE" == "200" ]; then
     echo "Webservice running"