diff options
| author | Mike Crute <mike@crute.us> | 2022-12-04 22:20:03 -0800 |
|---|---|---|
| committer | Mike Crute <mike@crute.us> | 2022-12-04 22:20:03 -0800 |
| commit | 1b297be993b39c38a29f2d4a512fe8f3a9b3cacf (patch) | |
| tree | 5309589797fd0a8e75b3e8aec37ac3acd96c12bb /netbox/config-patch2.diff | |
| parent | d4efff4950b6105f1d62362f8944a24659af4ea7 (diff) | |
| download | dockerfiles-1b297be993b39c38a29f2d4a512fe8f3a9b3cacf.tar.bz2 dockerfiles-1b297be993b39c38a29f2d4a512fe8f3a9b3cacf.tar.xz dockerfiles-1b297be993b39c38a29f2d4a512fe8f3a9b3cacf.zip | |
netbox: upgrade to 3.3.9 and remove patches
This change migrates to using simplevisor which handles Vault credential
fetching and renewal. It removes quite a lot of fragile hacks at the
Django layer in favor of straightforward environment variable passing.
Diffstat (limited to 'netbox/config-patch2.diff')
| -rw-r--r-- | netbox/config-patch2.diff | 92 |
1 files changed, 0 insertions, 92 deletions
diff --git a/netbox/config-patch2.diff b/netbox/config-patch2.diff deleted file mode 100644 index 69162e4..0000000 --- a/netbox/config-patch2.diff +++ /dev/null | |||
| @@ -1,92 +0,0 @@ | |||
| 1 | --- a/opt/netbox/netbox/netbox/configuration.py 2021-07-11 22:24:55.365668931 +0000 | ||
| 2 | +++ b/opt/netbox/netbox/netbox/configuration.py 2021-07-11 22:28:09.665982854 +0000 | ||
| 3 | @@ -4,21 +4,35 @@ | ||
| 4 | # # | ||
| 5 | ######################### | ||
| 6 | |||
| 7 | +import os | ||
| 8 | +from django.contrib.vault_client import SimpleVaultClient | ||
| 9 | + | ||
| 10 | + | ||
| 11 | +def _is_affirmative(value): | ||
| 12 | + value = "" if not value else value | ||
| 13 | + return value.lower() in ["yes", "true", "on", "1"] | ||
| 14 | + | ||
| 15 | + | ||
| 16 | # This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write | ||
| 17 | # access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name. | ||
| 18 | # | ||
| 19 | # Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local'] | ||
| 20 | -ALLOWED_HOSTS = [] | ||
| 21 | +ALLOWED_HOSTS = ['*'] | ||
| 22 | |||
| 23 | # PostgreSQL database configuration. See the Django documentation for a complete list of available parameters: | ||
| 24 | # https://docs.djangoproject.com/en/stable/ref/settings/#databases | ||
| 25 | +port = os.getenv("NETBOX_DB_PORT") | ||
| 26 | DATABASE = { | ||
| 27 | - 'NAME': 'netbox', # Database name | ||
| 28 | - 'USER': '', # PostgreSQL username | ||
| 29 | - 'PASSWORD': '', # PostgreSQL password | ||
| 30 | - 'HOST': 'localhost', # Database server | ||
| 31 | - 'PORT': '', # Database port (leave blank for default) | ||
| 32 | - 'CONN_MAX_AGE': 300, # Max database connection age | ||
| 33 | + 'NAME': os.getenv("NETBOX_DB_NAME"), | ||
| 34 | + 'HOST': os.getenv("NETBOX_DB_HOST"), | ||
| 35 | + 'PORT': int(port) if port else "", | ||
| 36 | + 'CONN_MAX_AGE': 300, | ||
| 37 | + "VAULT_SKIP_VERIFY": os.getenv("VAULT_SKIP_VERIFY"), | ||
| 38 | + "VAULT_ADDR": os.getenv("VAULT_ADDR"), | ||
| 39 | + "VAULT_TOKEN": os.getenv("VAULT_TOKEN"), | ||
| 40 | + "VAULT_DB_ROLE_NAME": os.getenv("VAULT_DB_ROLE_NAME"), | ||
| 41 | + "VAULT_ROLE_ID": os.getenv("VAULT_ROLE_ID"), | ||
| 42 | + "VAULT_SECRET_ID": os.getenv("VAULT_SECRET_ID"), | ||
| 43 | } | ||
| 44 | |||
| 45 | # Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate | ||
| 46 | @@ -26,26 +40,26 @@ | ||
| 47 | # to use two separate database IDs. | ||
| 48 | REDIS = { | ||
| 49 | 'tasks': { | ||
| 50 | - 'HOST': 'localhost', | ||
| 51 | + 'HOST': os.getenv("NETBOX_REDIS_HOST"), | ||
| 52 | 'PORT': 6379, | ||
| 53 | # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel | ||
| 54 | # 'SENTINELS': [('mysentinel.redis.example.com', 6379)], | ||
| 55 | # 'SENTINEL_SERVICE': 'netbox', | ||
| 56 | 'PASSWORD': '', | ||
| 57 | - 'DATABASE': 0, | ||
| 58 | + 'DATABASE': int(os.getenv("NETBOX_REDIS_TASK_DB")), | ||
| 59 | 'SSL': False, | ||
| 60 | # Set this to True to skip TLS certificate verification | ||
| 61 | # This can expose the connection to attacks, be careful | ||
| 62 | # 'INSECURE_SKIP_TLS_VERIFY': False, | ||
| 63 | }, | ||
| 64 | 'caching': { | ||
| 65 | - 'HOST': 'localhost', | ||
| 66 | + 'HOST': os.getenv("NETBOX_REDIS_HOST"), | ||
| 67 | 'PORT': 6379, | ||
| 68 | # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel | ||
| 69 | # 'SENTINELS': [('mysentinel.redis.example.com', 6379)], | ||
| 70 | # 'SENTINEL_SERVICE': 'netbox', | ||
| 71 | 'PASSWORD': '', | ||
| 72 | - 'DATABASE': 1, | ||
| 73 | + 'DATABASE': int(os.getenv("NETBOX_REDIS_CACHE_DB")), | ||
| 74 | 'SSL': False, | ||
| 75 | # Set this to True to skip TLS certificate verification | ||
| 76 | # This can expose the connection to attacks, be careful | ||
| 77 | @@ -57,7 +71,14 @@ | ||
| 78 | # For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and | ||
| 79 | # symbols. NetBox will not run without this defined. For more information, see | ||
| 80 | # https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY | ||
| 81 | -SECRET_KEY = '' | ||
| 82 | +vc = SimpleVaultClient( | ||
| 83 | + os.getenv("VAULT_ADDR"), | ||
| 84 | + os.getenv("VAULT_ROLE_ID"), | ||
| 85 | + os.getenv("VAULT_SECRET_ID"), | ||
| 86 | + ssl_verify=not _is_affirmative(os.getenv("VAULT_SKIP_VERIFY")) | ||
| 87 | +) | ||
| 88 | +SECRET_KEY = vc.get_kv_secret(os.getenv("NETBOX_VAULT_SECRET_NAME"), "key") | ||
| 89 | +del vc | ||
| 90 | |||
| 91 | |||
| 92 | ######################### | ||