Add Netbox Docker Compose files 🐳

2023-11-10 18:06:55 +01:00
parent 6084479d6a
commit 4c9fa076a8
19 changed files with 1170 additions and 0 deletions
--- a/netbox/docker/configuration.docker.py
+++ b/netbox/docker/configuration.docker.py
@@ -0,0 +1,91 @@
+## Generic Parts
+# These functions are providing the functionality to load
+# arbitrary configuration files.
+#
+# They can be imported by other code (see `ldap_config.py` for an example).
+
+import importlib.util
+import sys
+from os import scandir
+from os.path import abspath, isfile
+
+
+def _filename(f):
+    return f.name
+
+
+def _import(module_name, path, loaded_configurations):
+    spec = importlib.util.spec_from_file_location("", path)
+    module = importlib.util.module_from_spec(spec)
+    spec.loader.exec_module(module)
+    sys.modules[module_name] = module
+
+    loaded_configurations.insert(0, module)
+
+    print(f"🧬 loaded config '{path}'")
+
+
+def read_configurations(config_module, config_dir, main_config):
+    loaded_configurations = []
+
+    main_config_path = abspath(f"{config_dir}/{main_config}.py")
+    if isfile(main_config_path):
+        _import(f"{config_module}.{main_config}", main_config_path, loaded_configurations)
+    else:
+        print(f"⚠️ Main configuration '{main_config_path}' not found.")
+
+    with scandir(config_dir) as it:
+        for f in sorted(it, key=_filename):
+            if not f.is_file():
+                continue
+
+            if f.name.startswith("__"):
+                continue
+
+            if not f.name.endswith(".py"):
+                continue
+
+            if f.name == f"{main_config}.py":
+                continue
+
+            if f.name == f"{config_dir}.py":
+                continue
+
+            module_name = f"{config_module}.{f.name[:-len('.py')]}".replace(".", "_")
+            _import(module_name, f.path, loaded_configurations)
+
+    if len(loaded_configurations) == 0:
+        print(f"‼️ No configuration files found in '{config_dir}'.")
+        raise ImportError(f"No configuration files found in '{config_dir}'.")
+
+    return loaded_configurations
+
+
+## Specific Parts
+# This section's code actually loads the various configuration files
+# into the module with the given name.
+# It contains the logic to resolve arbitrary configuration options by
+# levaraging dynamic programming using `__getattr__`.
+
+
+_loaded_configurations = read_configurations(
+    config_dir="/etc/netbox/config/",
+    config_module="netbox.configuration",
+    main_config="configuration",
+)
+
+
+def __getattr__(name):
+    for config in _loaded_configurations:
+        try:
+            return getattr(config, name)
+        except:
+            pass
+    raise AttributeError
+
+
+def __dir__():
+    names = []
+    for config in _loaded_configurations:
+        names.extend(config.__dir__())
+    return names
--- a/netbox/docker/docker-entrypoint.sh
+++ b/netbox/docker/docker-entrypoint.sh
@@ -0,0 +1,99 @@
+#!/bin/bash
+# Runs on every start of the NetBox Docker container
+
+# Stop when an error occures
+set -e
+
+# Allows NetBox to be run as non-root users
+umask 002
+
+# Load correct Python3 env
+# shellcheck disable=SC1091
+source /opt/netbox/venv/bin/activate
+
+# Try to connect to the DB
+DB_WAIT_TIMEOUT=${DB_WAIT_TIMEOUT-3}
+MAX_DB_WAIT_TIME=${MAX_DB_WAIT_TIME-30}
+CUR_DB_WAIT_TIME=0
+while [ "${CUR_DB_WAIT_TIME}" -lt "${MAX_DB_WAIT_TIME}" ]; do
+  # Read and truncate connection error tracebacks to last line by default
+  exec {psfd}< <(./manage.py showmigrations 2>&1)
+  read -rd '' DB_ERR <&$psfd || :
+  exec {psfd}<&-
+  wait $! && break
+  if [ -n "$DB_WAIT_DEBUG" ]; then
+    echo "$DB_ERR"
+  else
+    readarray -tn 0 DB_ERR_LINES <<<"$DB_ERR"
+    echo "${DB_ERR_LINES[@]: -1}"
+    echo "[ Use DB_WAIT_DEBUG=1 in netbox.env to print full traceback for errors here ]"
+  fi
+  echo "⏳ Waiting on DB... (${CUR_DB_WAIT_TIME}s / ${MAX_DB_WAIT_TIME}s)"
+  sleep "${DB_WAIT_TIMEOUT}"
+  CUR_DB_WAIT_TIME=$((CUR_DB_WAIT_TIME + DB_WAIT_TIMEOUT))
+done
+if [ "${CUR_DB_WAIT_TIME}" -ge "${MAX_DB_WAIT_TIME}" ]; then
+  echo "❌ Waited ${MAX_DB_WAIT_TIME}s or more for the DB to become ready."
+  exit 1
+fi
+# Check if update is needed
+if ! ./manage.py migrate --check >/dev/null 2>&1; then
+  echo "⚙️ Applying database migrations"
+  ./manage.py migrate --no-input
+  echo "⚙️ Running trace_paths"
+  ./manage.py trace_paths --no-input
+  echo "⚙️ Removing stale content types"
+  ./manage.py remove_stale_contenttypes --no-input
+  echo "⚙️ Removing expired user sessions"
+  ./manage.py clearsessions
+  echo "⚙️ Building search index (lazy)"
+  ./manage.py reindex --lazy
+fi
+
+# Create Superuser if required
+if [ "$SKIP_SUPERUSER" == "true" ]; then
+  echo "↩️ Skip creating the superuser"
+else
+  if [ -z ${SUPERUSER_NAME+x} ]; then
+    SUPERUSER_NAME='admin'
+  fi
+  if [ -z ${SUPERUSER_EMAIL+x} ]; then
+    SUPERUSER_EMAIL='admin@example.com'
+  fi
+  if [ -f "/run/secrets/superuser_password" ]; then
+    SUPERUSER_PASSWORD="$(</run/secrets/superuser_password)"
+  elif [ -z ${SUPERUSER_PASSWORD+x} ]; then
+    SUPERUSER_PASSWORD='admin'
+  fi
+  if [ -f "/run/secrets/superuser_api_token" ]; then
+    SUPERUSER_API_TOKEN="$(</run/secrets/superuser_api_token)"
+  elif [ -z ${SUPERUSER_API_TOKEN+x} ]; then
+    SUPERUSER_API_TOKEN='0123456789abcdef0123456789abcdef01234567'
+  fi
+
+  ./manage.py shell --interface python <<END
+from django.contrib.auth.models import User
+from users.models import Token
+if not User.objects.filter(username='${SUPERUSER_NAME}'):
+    u=User.objects.create_superuser('${SUPERUSER_NAME}', '${SUPERUSER_EMAIL}', '${SUPERUSER_PASSWORD}')
+    Token.objects.create(user=u, key='${SUPERUSER_API_TOKEN}')
+END
+
+  echo "💡 Superuser Username: ${SUPERUSER_NAME}, E-Mail: ${SUPERUSER_EMAIL}"
+fi
+
+./manage.py shell --interface python <<END
+from users.models import Token
+try:
+    old_default_token = Token.objects.get(key="0123456789abcdef0123456789abcdef01234567")
+    if old_default_token:
+        print("⚠️ Warning: You have the old default admin token in your database. This token is widely known; please remove it.")
+except Token.DoesNotExist:
+    pass
+END
+
+echo "✅ Initialisation is done."
+
+# Launch whatever is passed by docker
+# (i.e. the RUN instruction in the Dockerfile)
+exec "$@"
--- a/netbox/docker/housekeeping.sh
+++ b/netbox/docker/housekeeping.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+SLEEP_SECONDS=${HOUSEKEEPING_INTERVAL:=86400}
+echo "Interval set to ${SLEEP_SECONDS} seconds"
+while true; do
+  date
+  /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py housekeeping
+  sleep "${SLEEP_SECONDS}s"
+done
--- a/netbox/docker/launch-netbox.sh
+++ b/netbox/docker/launch-netbox.sh
@@ -0,0 +1,57 @@
+#!/bin/bash
+
+UNIT_CONFIG="${UNIT_CONFIG-/etc/unit/nginx-unit.json}"
+# Also used in "nginx-unit.json"
+UNIT_SOCKET="/opt/unit/unit.sock"
+
+load_configuration() {
+  MAX_WAIT=10
+  WAIT_COUNT=0
+  while [ ! -S $UNIT_SOCKET ]; do
+    if [ $WAIT_COUNT -ge $MAX_WAIT ]; then
+      echo "⚠️ No control socket found; configuration will not be loaded."
+      return 1
+    fi
+
+    WAIT_COUNT=$((WAIT_COUNT + 1))
+    echo "⏳ Waiting for control socket to be created... (${WAIT_COUNT}/${MAX_WAIT})"
+
+    sleep 1
+  done
+
+  # even when the control socket exists, it does not mean unit has finished initialisation
+  # this curl call will get a reply once unit is fully launched
+  curl --silent --output /dev/null --request GET --unix-socket $UNIT_SOCKET http://localhost/
+
+  echo "⚙️ Applying configuration from $UNIT_CONFIG"
+
+  RESP_CODE=$(
+    curl \
+      --silent \
+      --output /dev/null \
+      --write-out '%{http_code}' \
+      --request PUT \
+      --data-binary "@${UNIT_CONFIG}" \
+      --unix-socket $UNIT_SOCKET \
+      http://localhost/config
+  )
+  if [ "$RESP_CODE" != "200" ]; then
+    echo "⚠️ Could no load Unit configuration"
+    kill "$(cat /opt/unit/unit.pid)"
+    return 1
+  fi
+
+  echo "✅ Unit configuration loaded successfully"
+}
+
+load_configuration &
+
+exec unitd \
+  --no-daemon \
+  --control unix:$UNIT_SOCKET \
+  --pid /opt/unit/unit.pid \
+  --log /dev/stdout \
+  --statedir /opt/unit/state/ \
+  --tmpdir /opt/unit/tmp/ \
+  --user unit \
+  --group root
--- a/netbox/docker/ldap_config.docker.py
+++ b/netbox/docker/ldap_config.docker.py
@@ -0,0 +1,23 @@
+from .configuration import read_configurations
+
+_loaded_configurations = read_configurations(
+    config_dir="/etc/netbox/config/ldap/",
+    config_module="netbox.configuration.ldap",
+    main_config="ldap_config",
+)
+
+
+def __getattr__(name):
+    for config in _loaded_configurations:
+        try:
+            return getattr(config, name)
+        except:
+            pass
+    raise AttributeError
+
+
+def __dir__():
+    names = []
+    for config in _loaded_configurations:
+        names.extend(config.__dir__())
+    return names
--- a/netbox/docker/nginx-unit.json
+++ b/netbox/docker/nginx-unit.json
@@ -0,0 +1,57 @@
+{
+  "listeners": {
+    "0.0.0.0:8080": {
+      "pass": "routes/main"
+    },
+    "[::]:8080": {
+      "pass": "routes/main"
+    },
+    "0.0.0.0:8081": {
+      "pass": "routes/status"
+    },
+    "[::]:8081": {
+      "pass": "routes/status"
+    }
+  },
+  "routes": {
+    "main": [
+      {
+        "match": {
+          "uri": "/static/*"
+        },
+        "action": {
+          "share": "/opt/netbox/netbox${uri}"
+        }
+      },
+      {
+        "action": {
+          "pass": "applications/netbox"
+        }
+      }
+    ],
+    "status": [
+      {
+        "match": {
+          "uri": "/status/*"
+        },
+        "action": {
+          "proxy": "http://unix:/opt/unit/unit.sock"
+        }
+      }
+    ]
+  },
+  "applications": {
+    "netbox": {
+      "type": "python 3",
+      "path": "/opt/netbox/netbox/",
+      "module": "netbox.wsgi",
+      "home": "/opt/netbox/venv",
+      "processes": {
+        "max": 4,
+        "spare": 1,
+        "idle_timeout": 120
+      }
+    }
+  },
+  "access_log": "/dev/stdout"
+}