ENT-23: add hooks for running pre- and post-init scripts

configuration/configuration.py

@@ -221,9 +221,9 @@ if 'GRAPHQL_ENABLED' in environ:
 # authenticated to NetBox indefinitely.
 LOGIN_PERSISTENCE = _environ_get_and_map('LOGIN_PERSISTENCE', 'False', _AS_BOOL)
 
-# When enabled, only authenticated users are permitted to access any part of NetBox.
+# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users
-# Disabling this will allow unauthenticated users to access most areas of NetBox (but not make any changes).
+# are permitted to access most data in NetBox (excluding secrets) but not make any changes.
-LOGIN_REQUIRED = _environ_get_and_map('LOGIN_REQUIRED', 'True', _AS_BOOL)
+LOGIN_REQUIRED = _environ_get_and_map('LOGIN_REQUIRED', 'False', _AS_BOOL)
 
 # The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to
 # re-authenticate. (Default: 1209600 [14 days])
@@ -286,23 +286,12 @@ if 'RACK_ELEVATION_DEFAULT_UNIT_WIDTH' in environ:
     RACK_ELEVATION_DEFAULT_UNIT_WIDTH = _environ_get_and_map('RACK_ELEVATION_DEFAULT_UNIT_WIDTH', None, _AS_INT)
 
 # Remote authentication support
-REMOTE_AUTH_AUTO_CREATE_GROUPS = _environ_get_and_map('REMOTE_AUTH_AUTO_CREATE_GROUPS', 'False', _AS_BOOL)
-REMOTE_AUTH_AUTO_CREATE_USER = _environ_get_and_map('REMOTE_AUTH_AUTO_CREATE_USER', 'False', _AS_BOOL)
-REMOTE_AUTH_BACKEND = _environ_get_and_map('REMOTE_AUTH_BACKEND', 'netbox.authentication.RemoteUserBackend', _AS_LIST)
-REMOTE_AUTH_DEFAULT_GROUPS = _environ_get_and_map('REMOTE_AUTH_DEFAULT_GROUPS', '', _AS_LIST)
-# REMOTE_AUTH_DEFAULT_PERMISSIONS = {} # dicts can't be configured via environment variables. See extra.py instead.
 REMOTE_AUTH_ENABLED = _environ_get_and_map('REMOTE_AUTH_ENABLED', 'False', _AS_BOOL)
-REMOTE_AUTH_GROUP_HEADER = _environ_get_and_map('REMOTE_AUTH_GROUP_HEADER', 'HTTP_REMOTE_USER_GROUP')
+REMOTE_AUTH_BACKEND = _environ_get_and_map('REMOTE_AUTH_BACKEND', 'netbox.authentication.RemoteUserBackend', _AS_LIST)
-REMOTE_AUTH_GROUP_SEPARATOR = _environ_get_and_map('REMOTE_AUTH_GROUP_SEPARATOR', '|')
-REMOTE_AUTH_GROUP_SYNC_ENABLED = _environ_get_and_map('REMOTE_AUTH_GROUP_SYNC_ENABLED', 'False', _AS_BOOL)
 REMOTE_AUTH_HEADER = environ.get('REMOTE_AUTH_HEADER', 'HTTP_REMOTE_USER')
-REMOTE_AUTH_USER_EMAIL = environ.get('REMOTE_AUTH_USER_EMAIL', 'HTTP_REMOTE_USER_EMAIL')
+REMOTE_AUTH_AUTO_CREATE_USER = _environ_get_and_map('REMOTE_AUTH_AUTO_CREATE_USER', 'False', _AS_BOOL)
-REMOTE_AUTH_USER_FIRST_NAME = environ.get('REMOTE_AUTH_USER_FIRST_NAME', 'HTTP_REMOTE_USER_FIRST_NAME')
+REMOTE_AUTH_DEFAULT_GROUPS = _environ_get_and_map('REMOTE_AUTH_DEFAULT_GROUPS', '', _AS_LIST)
-REMOTE_AUTH_USER_LAST_NAME = environ.get('REMOTE_AUTH_USER_LAST_NAME', 'HTTP_REMOTE_USER_LAST_NAME')
+# REMOTE_AUTH_DEFAULT_PERMISSIONS = {}
-REMOTE_AUTH_SUPERUSER_GROUPS = _environ_get_and_map('REMOTE_AUTH_SUPERUSER_GROUPS', '', _AS_LIST)
-REMOTE_AUTH_SUPERUSERS = _environ_get_and_map('REMOTE_AUTH_SUPERUSERS', '', _AS_LIST)
-REMOTE_AUTH_STAFF_GROUPS = _environ_get_and_map('REMOTE_AUTH_STAFF_GROUPS', '', _AS_LIST)
-REMOTE_AUTH_STAFF_USERS = _environ_get_and_map('REMOTE_AUTH_STAFF_USERS', '', _AS_LIST)
 
 # This repository is used to check whether there is a new release of NetBox available. Set to None to disable the
 # version check or use the URL below to check for release in the official NetBox repository.

docker-compose.test.yml

@@ -1,6 +1,6 @@
 services:
   netbox: &netbox
-    image: ${IMAGE-docker.io/netboxcommunity/netbox:latest}
+    image: ${IMAGE-netboxcommunity/netbox:latest}
     depends_on:
       postgres:
         condition: service_healthy
@@ -13,10 +13,10 @@ services:
     volumes:
     - ./test-configuration/test_config.py:/etc/netbox/config/test_config.py:z,ro
     healthcheck:
-      test: curl -f http://localhost:8080/login/ || exit 1
       start_period: ${NETBOX_START_PERIOD-120s}
       timeout: 3s
       interval: 15s
+      test: "curl -f http://localhost:8080/api/ || exit 1"
   netbox-worker:
     <<: *netbox
     command:
@@ -24,47 +24,42 @@ services:
     - /opt/netbox/netbox/manage.py
     - rqworker
     healthcheck:
-      test: ps -aux | grep -v grep | grep -q rqworker || exit 1
       start_period: 40s
       timeout: 3s
       interval: 15s
+      test: "ps -aux | grep -v grep | grep -q rqworker || exit 1"
   netbox-housekeeping:
     <<: *netbox
     command:
     - /opt/netbox/housekeeping.sh
     healthcheck:
-      test: ps -aux | grep -v grep | grep -q housekeeping || exit 1
       start_period: 40s
       timeout: 3s
       interval: 15s
-
+      test: "ps -aux | grep -v grep | grep -q housekeeping || exit 1"
   postgres:
-    image: docker.io/postgres:16-alpine
+    image: postgres:16-alpine
     env_file: env/postgres.env
     healthcheck:
-      test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER ## $$ because of docker-compose
+      test: "pg_isready -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER" ## $$ because of docker-compose
-      start_period: 20s
+      interval: 10s
-      interval: 1s
       timeout: 5s
       retries: 5
-
   redis: &redis
-    image: docker.io/valkey/valkey:7.2-alpine
+    image: redis:7-alpine
     command:
     - sh
     - -c # this is to evaluate the $REDIS_PASSWORD from the env
-    - valkey-server --save "" --appendonly no --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
+    - redis-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
     env_file: env/redis.env
     healthcheck:
-      test: "[ $$(valkey-cli --pass \"$${REDIS_PASSWORD}\" ping) = 'PONG' ]"
+      start_period: 20s
-      start_period: 5s
       timeout: 3s
-      interval: 1s
+      interval: 15s
-      retries: 5
+      test: "timeout 2 redis-cli ping"
   redis-cache:
     <<: *redis
     env_file: env/redis-cache.env
-
 volumes:
   netbox-media-files:
     driver: local

docker-compose.yml

@@ -8,12 +8,13 @@ services:
     env_file: env/netbox.env
     user: 'unit:root'
     healthcheck:
-      test: curl -f http://localhost:8080/login/ || exit 1
+      start_period: 60s
-      start_period: 90s
       timeout: 3s
       interval: 15s
+      test: "curl -f http://localhost:8080/login/ || exit 1"
     volumes:
     - ./configuration:/etc/netbox/config:z,ro
+    - init-files:/opt/init:ro
     - netbox-media-files:/opt/netbox/netbox/media:rw
     - netbox-reports-files:/opt/netbox/netbox/reports:rw
     - netbox-scripts-files:/opt/netbox/netbox/scripts:rw
@@ -27,10 +28,10 @@ services:
     - /opt/netbox/netbox/manage.py
     - rqworker
     healthcheck:
-      test: ps -aux | grep -v grep | grep -q rqworker || exit 1
       start_period: 20s
       timeout: 3s
       interval: 15s
+      test: "ps -aux | grep -v grep | grep -q rqworker || exit 1"
   netbox-housekeeping:
     <<: *netbox
     depends_on:
@@ -39,52 +40,41 @@ services:
     command:
     - /opt/netbox/housekeeping.sh
     healthcheck:
-      test: ps -aux | grep -v grep | grep -q housekeeping || exit 1
       start_period: 20s
       timeout: 3s
       interval: 15s
+      test: "ps -aux | grep -v grep | grep -q housekeeping || exit 1"
 
   # postgres
   postgres:
     image: docker.io/postgres:16-alpine
-    healthcheck:
-      test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER
-      start_period: 20s
-      timeout: 30s
-      interval: 10s
-      retries: 5
     env_file: env/postgres.env
     volumes:
     - netbox-postgres-data:/var/lib/postgresql/data
 
   # redis
   redis:
-    image: docker.io/valkey/valkey:7.2-alpine
+    image: docker.io/redis:7-alpine
     command:
     - sh
     - -c # this is to evaluate the $REDIS_PASSWORD from the env
-    - valkey-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
+    - redis-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
-    healthcheck: &redis-healthcheck
-      test: "[ $$(valkey-cli --pass \"$${REDIS_PASSWORD}\" ping) = 'PONG' ]"
-      start_period: 5s
-      timeout: 3s
-      interval: 1s
-      retries: 5
     env_file: env/redis.env
     volumes:
     - netbox-redis-data:/data
   redis-cache:
-    image: docker.io/valkey/valkey:7.2-alpine
+    image: docker.io/redis:7-alpine
     command:
     - sh
     - -c # this is to evaluate the $REDIS_PASSWORD from the env
-    - valkey-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
+    - redis-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
-    healthcheck: *redis-healthcheck
     env_file: env/redis-cache.env
     volumes:
     - netbox-redis-cache-data:/data
 
 volumes:
+  init-files:
+    driver: local
   netbox-media-files:
     driver: local
   netbox-postgres-data:

docker/docker-entrypoint.sh

@@ -1,12 +1,19 @@
 #!/bin/bash
 # Runs on every start of the NetBox Docker container
 
-# Stop when an error occures
+# Stop when an error occurs
 set -e
 
 # Allows NetBox to be run as non-root users
 umask 002
 
+if [ -d /opt/init/pre ]; then
+  find /opt/init/pre -type f -name \*.sh | sort -u | while read -r FILE; do
+    echo "⚙️ Running pre-init script '${FILE}'..."
+    /bin/bash -e "${FILE}" "$@"
+  done
+fi
+
 # Load correct Python3 env
 # shellcheck disable=SC1091
 source /opt/netbox/venv/bin/activate
@@ -91,8 +98,15 @@ except Token.DoesNotExist:
     pass
 END
 
+if [ -d /opt/init/post ]; then
+  find /opt/init/post -type f -name \*.sh | sort -u | while read -r FILE; do
+    echo "⚙️ Running post-init script '${FILE}'..."
+    /bin/bash -e "${FILE}" "$@"
+  done
+fi
+
 echo "✅ Initialisation is done."
 
 # Launch whatever is passed by docker
-# (i.e. the RUN instruction in the Dockerfile)
+# (i.e. the CMD instruction in the Dockerfile)
 exec "$@"

requirements-container.txt

@@ -1,5 +1,5 @@
 django-auth-ldap==4.8.0
 django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.14.3
 dulwich==0.22.1
-python3-saml==1.16.0 --no-binary lxml,xmlsec
+python3-saml==1.16.0 --no-binary lxml
-sentry-sdk[django]==2.3.1
+sentry-sdk[django]==2.1.1

test-configuration/test_config.py

@@ -4,4 +4,3 @@ LOGGING = {
 }
 
 DEFAULT_PERMISSIONS = {}
-LOGIN_REQUIRED = False

test.sh

@@ -84,7 +84,7 @@ test_netbox_web() {
       --retry 5 \
       --retry-delay 0 \
       --retry-max-time 40 \
-      http://127.0.0.1:8000/login/
+      http://127.0.0.1:8000/
   )
   if [ "$RESP_CODE" == "200" ]; then
     echo "Webservice running"