1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
--- a/opt/netbox/netbox/netbox/configuration.py 2021-07-11 22:24:55.365668931 +0000
+++ b/opt/netbox/netbox/netbox/configuration.py 2021-07-11 22:28:09.665982854 +0000
@@ -4,21 +4,35 @@
# #
#########################
+import os
+from django.contrib.vault_client import SimpleVaultClient
+
+
+def _is_affirmative(value):
+ value = "" if not value else value
+ return value.lower() in ["yes", "true", "on", "1"]
+
+
# This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write
# access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.
#
# Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']
-ALLOWED_HOSTS = []
+ALLOWED_HOSTS = ['*']
# PostgreSQL database configuration. See the Django documentation for a complete list of available parameters:
# https://docs.djangoproject.com/en/stable/ref/settings/#databases
+port = os.getenv("NETBOX_DB_PORT")
DATABASE = {
- 'NAME': 'netbox', # Database name
- 'USER': '', # PostgreSQL username
- 'PASSWORD': '', # PostgreSQL password
- 'HOST': 'localhost', # Database server
- 'PORT': '', # Database port (leave blank for default)
- 'CONN_MAX_AGE': 300, # Max database connection age
+ 'NAME': os.getenv("NETBOX_DB_NAME"),
+ 'HOST': os.getenv("NETBOX_DB_HOST"),
+ 'PORT': int(port) if port else "",
+ 'CONN_MAX_AGE': 300,
+ "VAULT_SKIP_VERIFY": os.getenv("VAULT_SKIP_VERIFY"),
+ "VAULT_ADDR": os.getenv("VAULT_ADDR"),
+ "VAULT_TOKEN": os.getenv("VAULT_TOKEN"),
+ "VAULT_DB_ROLE_NAME": os.getenv("VAULT_DB_ROLE_NAME"),
+ "VAULT_ROLE_ID": os.getenv("VAULT_ROLE_ID"),
+ "VAULT_SECRET_ID": os.getenv("VAULT_SECRET_ID"),
}
# Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate
@@ -26,26 +40,26 @@
# to use two separate database IDs.
REDIS = {
'tasks': {
- 'HOST': 'localhost',
+ 'HOST': os.getenv("NETBOX_REDIS_HOST"),
'PORT': 6379,
# Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
# 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
# 'SENTINEL_SERVICE': 'netbox',
'PASSWORD': '',
- 'DATABASE': 0,
+ 'DATABASE': int(os.getenv("NETBOX_REDIS_TASK_DB")),
'SSL': False,
# Set this to True to skip TLS certificate verification
# This can expose the connection to attacks, be careful
# 'INSECURE_SKIP_TLS_VERIFY': False,
},
'caching': {
- 'HOST': 'localhost',
+ 'HOST': os.getenv("NETBOX_REDIS_HOST"),
'PORT': 6379,
# Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
# 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
# 'SENTINEL_SERVICE': 'netbox',
'PASSWORD': '',
- 'DATABASE': 1,
+ 'DATABASE': int(os.getenv("NETBOX_REDIS_CACHE_DB")),
'SSL': False,
# Set this to True to skip TLS certificate verification
# This can expose the connection to attacks, be careful
@@ -57,7 +71,14 @@
# For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and
# symbols. NetBox will not run without this defined. For more information, see
# https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY
-SECRET_KEY = ''
+vc = SimpleVaultClient(
+ os.getenv("VAULT_ADDR"),
+ os.getenv("VAULT_ROLE_ID"),
+ os.getenv("VAULT_SECRET_ID"),
+ ssl_verify=not _is_affirmative(os.getenv("VAULT_SKIP_VERIFY"))
+)
+SECRET_KEY = vc.get_kv_secret(os.getenv("NETBOX_VAULT_SECRET_NAME"), "key")
+del vc
#########################
|
