diff options
author | Mike Crute <mike@crute.us> | 2022-12-04 22:20:03 -0800 |
---|---|---|
committer | Mike Crute <mike@crute.us> | 2022-12-04 22:20:03 -0800 |
commit | 1b297be993b39c38a29f2d4a512fe8f3a9b3cacf (patch) | |
tree | 5309589797fd0a8e75b3e8aec37ac3acd96c12bb /netbox/config-patch2.diff | |
parent | d4efff4950b6105f1d62362f8944a24659af4ea7 (diff) | |
download | dockerfiles-1b297be993b39c38a29f2d4a512fe8f3a9b3cacf.tar.bz2 dockerfiles-1b297be993b39c38a29f2d4a512fe8f3a9b3cacf.tar.xz dockerfiles-1b297be993b39c38a29f2d4a512fe8f3a9b3cacf.zip |
netbox: upgrade to 3.3.9 and remove patches
This change migrates to using simplevisor which handles Vault credential
fetching and renewal. It removes quite a lot of fragile hacks at the
Django layer in favor of straightforward environment variable passing.
Diffstat (limited to 'netbox/config-patch2.diff')
-rw-r--r-- | netbox/config-patch2.diff | 92 |
1 files changed, 0 insertions, 92 deletions
diff --git a/netbox/config-patch2.diff b/netbox/config-patch2.diff deleted file mode 100644 index 69162e4..0000000 --- a/netbox/config-patch2.diff +++ /dev/null | |||
@@ -1,92 +0,0 @@ | |||
1 | --- a/opt/netbox/netbox/netbox/configuration.py 2021-07-11 22:24:55.365668931 +0000 | ||
2 | +++ b/opt/netbox/netbox/netbox/configuration.py 2021-07-11 22:28:09.665982854 +0000 | ||
3 | @@ -4,21 +4,35 @@ | ||
4 | # # | ||
5 | ######################### | ||
6 | |||
7 | +import os | ||
8 | +from django.contrib.vault_client import SimpleVaultClient | ||
9 | + | ||
10 | + | ||
11 | +def _is_affirmative(value): | ||
12 | + value = "" if not value else value | ||
13 | + return value.lower() in ["yes", "true", "on", "1"] | ||
14 | + | ||
15 | + | ||
16 | # This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write | ||
17 | # access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name. | ||
18 | # | ||
19 | # Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local'] | ||
20 | -ALLOWED_HOSTS = [] | ||
21 | +ALLOWED_HOSTS = ['*'] | ||
22 | |||
23 | # PostgreSQL database configuration. See the Django documentation for a complete list of available parameters: | ||
24 | # https://docs.djangoproject.com/en/stable/ref/settings/#databases | ||
25 | +port = os.getenv("NETBOX_DB_PORT") | ||
26 | DATABASE = { | ||
27 | - 'NAME': 'netbox', # Database name | ||
28 | - 'USER': '', # PostgreSQL username | ||
29 | - 'PASSWORD': '', # PostgreSQL password | ||
30 | - 'HOST': 'localhost', # Database server | ||
31 | - 'PORT': '', # Database port (leave blank for default) | ||
32 | - 'CONN_MAX_AGE': 300, # Max database connection age | ||
33 | + 'NAME': os.getenv("NETBOX_DB_NAME"), | ||
34 | + 'HOST': os.getenv("NETBOX_DB_HOST"), | ||
35 | + 'PORT': int(port) if port else "", | ||
36 | + 'CONN_MAX_AGE': 300, | ||
37 | + "VAULT_SKIP_VERIFY": os.getenv("VAULT_SKIP_VERIFY"), | ||
38 | + "VAULT_ADDR": os.getenv("VAULT_ADDR"), | ||
39 | + "VAULT_TOKEN": os.getenv("VAULT_TOKEN"), | ||
40 | + "VAULT_DB_ROLE_NAME": os.getenv("VAULT_DB_ROLE_NAME"), | ||
41 | + "VAULT_ROLE_ID": os.getenv("VAULT_ROLE_ID"), | ||
42 | + "VAULT_SECRET_ID": os.getenv("VAULT_SECRET_ID"), | ||
43 | } | ||
44 | |||
45 | # Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate | ||
46 | @@ -26,26 +40,26 @@ | ||
47 | # to use two separate database IDs. | ||
48 | REDIS = { | ||
49 | 'tasks': { | ||
50 | - 'HOST': 'localhost', | ||
51 | + 'HOST': os.getenv("NETBOX_REDIS_HOST"), | ||
52 | 'PORT': 6379, | ||
53 | # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel | ||
54 | # 'SENTINELS': [('mysentinel.redis.example.com', 6379)], | ||
55 | # 'SENTINEL_SERVICE': 'netbox', | ||
56 | 'PASSWORD': '', | ||
57 | - 'DATABASE': 0, | ||
58 | + 'DATABASE': int(os.getenv("NETBOX_REDIS_TASK_DB")), | ||
59 | 'SSL': False, | ||
60 | # Set this to True to skip TLS certificate verification | ||
61 | # This can expose the connection to attacks, be careful | ||
62 | # 'INSECURE_SKIP_TLS_VERIFY': False, | ||
63 | }, | ||
64 | 'caching': { | ||
65 | - 'HOST': 'localhost', | ||
66 | + 'HOST': os.getenv("NETBOX_REDIS_HOST"), | ||
67 | 'PORT': 6379, | ||
68 | # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel | ||
69 | # 'SENTINELS': [('mysentinel.redis.example.com', 6379)], | ||
70 | # 'SENTINEL_SERVICE': 'netbox', | ||
71 | 'PASSWORD': '', | ||
72 | - 'DATABASE': 1, | ||
73 | + 'DATABASE': int(os.getenv("NETBOX_REDIS_CACHE_DB")), | ||
74 | 'SSL': False, | ||
75 | # Set this to True to skip TLS certificate verification | ||
76 | # This can expose the connection to attacks, be careful | ||
77 | @@ -57,7 +71,14 @@ | ||
78 | # For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and | ||
79 | # symbols. NetBox will not run without this defined. For more information, see | ||
80 | # https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY | ||
81 | -SECRET_KEY = '' | ||
82 | +vc = SimpleVaultClient( | ||
83 | + os.getenv("VAULT_ADDR"), | ||
84 | + os.getenv("VAULT_ROLE_ID"), | ||
85 | + os.getenv("VAULT_SECRET_ID"), | ||
86 | + ssl_verify=not _is_affirmative(os.getenv("VAULT_SKIP_VERIFY")) | ||
87 | +) | ||
88 | +SECRET_KEY = vc.get_kv_secret(os.getenv("NETBOX_VAULT_SECRET_NAME"), "key") | ||
89 | +del vc | ||
90 | |||
91 | |||
92 | ######################### | ||