diff --git a/nested-labvm/atd-docker/docker-compose.yml b/nested-labvm/atd-docker/docker-compose.yml index 5336b672c..c250ed1cb 100644 --- a/nested-labvm/atd-docker/docker-compose.yml +++ b/nested-labvm/atd-docker/docker-compose.yml @@ -97,7 +97,7 @@ services: # - /opt/ceos:/opt/ceos:rw uilanding: container_name: atd-uilanding - image: us.gcr.io/beta-atds/atddocker_uilanding:2.1.2 + image: us.gcr.io/beta-atds/atddocker_uilanding:2.2.0 restart: always environment: - PYTHONUNBUFFERED=1 @@ -129,12 +129,13 @@ services: - "1813:1813/udp" nginx: container_name: atd-nginx - image: us.gcr.io/beta-atds/atddocker_nginx:2.4.1 + image: us.gcr.io/beta-atds/atddocker_nginx:2.5.1 restart: always depends_on: - uilanding - jenkins - coder + - nautobot ports: - "80:80/tcp" - "443:443/tcp" @@ -142,6 +143,7 @@ services: - nginx_log:/var/log/nginx:rw - /etc/atd:/etc/atd:ro - /opt/nginx/certs:/opt/nginx/certs:ro + - /opt/atd/nested-labvm/atd-docker/nginx/src/atd.conf:/etc/nginx/conf.d/atd.conf:ro networks: - atd_nginx monitor: @@ -205,6 +207,87 @@ services: - "/home/arista/arista-dir/apps/webui:/config:rw" networks: - atd_nginx + nautobot: + container_name: atd-nbot-ui + image: "networktocode/nautobot:1.5-py3.9" + env_file: + - ./nautobot/nbot-local.env + networks: + - atd_nginx + ports: + - "8080:8080" + restart: "unless-stopped" + volumes: + - nautobot:/opt/nautobot:rw + - "/opt/atd:/opt/atd:rw" + nautobot-worker: + container_name: atd-nbot-worker + image: "networktocode/nautobot:1.5-py3.9" + entrypoint: "sh -c 'nautobot-server celery worker'" + healthcheck: + interval: "5s" + timeout: "5s" + start_period: "5s" + retries: 3 + test: ["CMD", "nautobot-server", "health_check"] + env_file: + - ./nautobot/nbot-local.env + volumes: + - /opt/atd/nested-labvm/atd-docker/nautobot/nautobot_config.py:/opt/atd/nested-labvm/atd-docker/nautobot/nautobot_config.py:ro + depends_on: + - "nautobot" + - "redis-queue" + restart: "unless-stopped" + redis-cacheops: + container_name: atd-nbot-redis-cacheops + image: "redis:alpine" + env_file: + - ./nautobot/nbot-local.env + command: + - "sh" + - "-c" # this is to evaluate the $REDIS_PASSWORD from the env + - "redis-server --appendonly yes --requirepass $$NAUTOBOT_REDIS_PASSWORD" ## $$ because of docker-compose + restart: "unless-stopped" + nautobot-beat: + container_name: atd-nbot-beat + image: "networktocode/nautobot:1.5-py3.9" + entrypoint: "sh -c 'nautobot-server celery beat'" + healthcheck: + interval: "5s" + timeout: "5s" + start_period: "5s" + retries: 3 + test: ["CMD", "nautobot-server", "health_check"] + volumes: + - /opt/atd/nested-labvm/atd-docker/nautobot/nautobot_config.py:/opt/atd/nested-labvm/atd-docker/nautobot/nautobot_config.py:ro + depends_on: + - "nautobot" + - "redis-queue" + env_file: + - ./nautobot/nbot-local.env + restart: "unless-stopped" + redis-queue: + container_name: atd-nbot-redis-queue + image: "redis:alpine" + ports: + - "6379:6379" + env_file: + - ./nautobot/nbot-local.env + command: + - "sh" + - "-c" # this is to evaluate the $REDIS_PASSWORD from the env + - "redis-server --appendonly yes --requirepass $$NAUTOBOT_REDIS_PASSWORD" ## $$ because of docker-compose + restart: "unless-stopped" + postgres: + container_name: atd-nbot-postgres + image: "postgres:10" + ports: + - "5432:5432" + env_file: + - ./nautobot/nbot-local.env + volumes: + - "postgres_data:/var/lib/postgresql/data" + restart: "unless-stopped" networks: atd_nginx: volumes: @@ -213,3 +296,5 @@ volumes: jenkins_home: cvp_dir: nginx_log: + postgres_data: + nautobot: diff --git a/nested-labvm/atd-docker/nautobot/nautobot_config.py b/nested-labvm/atd-docker/nautobot/nautobot_config.py new file mode 100644 index 000000000..dada0ef02 --- /dev/null +++ b/nested-labvm/atd-docker/nautobot/nautobot_config.py @@ -0,0 +1,512 @@ +import os +import sys + +from nautobot.core.settings import * # noqa F401,F403 +from nautobot.core.settings_funcs import is_truthy, parse_redis_connection + +######################### +# # +# Required settings # +# # +######################### + +# This is a list of valid fully-qualified domain names (FQDNs) for the Nautobot server. Nautobot will not permit write +# access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name. +# +# Example: ALLOWED_HOSTS = ['nautobot.example.com', 'nautobot.internal.local'] +ALLOWED_HOSTS = ['*'] +# +# ALLOWED_HOSTS = os.getenv("NAUTOBOT_ALLOWED_HOSTS", "").split(" ") + +# The django-redis cache is used to establish concurrent locks using Redis. The +# django-rq settings will use the same instance/database by default. +# +# CACHES = { +# "default": { +# "BACKEND": os.getenv( +# "NAUTOBOT_CACHES_BACKEND", +# "django_prometheus.cache.backends.redis.RedisCache" if METRICS_ENABLED else "django_redis.cache.RedisCache", +# ), +# "LOCATION": parse_redis_connection(redis_database=0), +# "TIMEOUT": 300, +# "OPTIONS": { +# "CLIENT_CLASS": "django_redis.client.DefaultClient", +# "PASSWORD": "", +# }, +# } +# } + +# Redis connection to use for caching. +# +# CACHEOPS_REDIS = os.getenv("NAUTOBOT_CACHEOPS_REDIS", parse_redis_connection(redis_database=1)) + +# Celery broker URL used to tell workers where queues are located +# +# CELERY_BROKER_URL = os.getenv("NAUTOBOT_CELERY_BROKER_URL", parse_redis_connection(redis_database=0)) + +# Celery results backend URL to tell workers where to publish task results +# +# CELERY_RESULT_BACKEND = os.getenv("NAUTOBOT_CELERY_RESULT_BACKEND", parse_redis_connection(redis_database=0)) + +# Database configuration. See the Django documentation for a complete list of available parameters: +# https://docs.djangoproject.com/en/stable/ref/settings/#databases +# +# DATABASES = { +# "default": { +# "NAME": os.getenv("NAUTOBOT_DB_NAME", "nautobot"), # Database name +# "USER": os.getenv("NAUTOBOT_DB_USER", ""), # Database username +# "PASSWORD": os.getenv("NAUTOBOT_DB_PASSWORD", ""), # Database password +# "HOST": os.getenv("NAUTOBOT_DB_HOST", "localhost"), # Database server +# "PORT": os.getenv("NAUTOBOT_DB_PORT", ""), # Database port (leave blank for default) +# "CONN_MAX_AGE": int(os.getenv("NAUTOBOT_DB_TIMEOUT", "300")), # Database timeout +# "ENGINE": os.getenv( +# "NAUTOBOT_DB_ENGINE", +# "django_prometheus.db.backends.postgresql" if METRICS_ENABLED else "django.db.backends.postgresql", +# ), # Database driver ("mysql" or "postgresql") +# } +# } + +# Ensure proper Unicode handling for MySQL +# +if DATABASES["default"]["ENGINE"] == "django.db.backends.mysql": + DATABASES["default"]["OPTIONS"] = {"charset": "utf8mb4"} + +# These defaults utilize the Django caches setting defined for django-redis. +# See: https://github.com/rq/django-rq#support-for-django-redis-and-django-redis-cache +# +# RQ_QUEUES = { +# "default": { +# "USE_REDIS_CACHE": "default", +# }, +# "check_releases": { +# "USE_REDIS_CACHE": "default", +# }, +# "custom_fields": { +# "USE_REDIS_CACHE": "default", +# }, +# "webhooks": { +# "USE_REDIS_CACHE": "default", +# }, +# } + +# This key is used for secure generation of random numbers and strings. It must never be exposed outside of this file. +# For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and +# symbols. Nautobot will not run without this defined. For more information, see +# https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY +SECRET_KEY = os.getenv("NAUTOBOT_SECRET_KEY", "7@qf-kj$z83ey%cwrs#=wmx&38jo287lq2#y8u4s&w(#%68_e8") + +##################################### +# # +# Optional Django core settings # +# # +##################################### + +# Specify one or more name and email address tuples representing Nautobot administrators. +# These people will be notified of application errors (assuming correct email settings are provided). +# +# ADMINS = [ +# ['John Doe', 'jdoe@example.com'], +# ] + +# FQDNs that are considered trusted origins for secure, cross-domain, requests such as HTTPS POST. +# If running Nautobot under a single domain, you may not need to set this variable; +# if running on multiple domains, you *may* need to set this variable to more or less the same as ALLOWED_HOSTS above. +# https://docs.djangoproject.com/en/stable/ref/settings/#csrf-trusted-origins +# +# CSRF_TRUSTED_ORIGINS = [] + +# Date/time formatting. See the following link for supported formats: +# https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date +# +# DATE_FORMAT = os.getenv("NAUTOBOT_DATE_FORMAT", "N j, Y") +# SHORT_DATE_FORMAT = os.getenv("NAUTOBOT_SHORT_DATE_FORMAT", "Y-m-d") +# TIME_FORMAT = os.getenv("NAUTOBOT_TIME_FORMAT", "g:i a") +# SHORT_TIME_FORMAT = os.getenv("NAUTOBOT_SHORT_TIME_FORMAT", "H:i:s") +# DATETIME_FORMAT = os.getenv("NAUTOBOT_DATETIME_FORMAT", "N j, Y g:i a") +# SHORT_DATETIME_FORMAT = os.getenv("NAUTOBOT_SHORT_DATETIME_FORMAT", "Y-m-d H:i") + +# Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal +# sensitive information about your installation. Only enable debugging while performing testing. Never enable debugging +# on a production system. +# +# DEBUG = is_truthy(os.getenv("NAUTOBOT_DEBUG", "False")) + +# If hosting Nautobot in a subdirectory, you must set this value to match the base URL prefix configured in your +# HTTP server (e.g. `/nautobot/`). When not set, URLs will default to being prefixed by `/`. +# +# FORCE_SCRIPT_NAME = "/nautobot" + +# IP addresses recognized as internal to the system. +# +# INTERNAL_IPS = ("127.0.0.1", "::1") + +# Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs: +# https://docs.djangoproject.com/en/stable/topics/logging/ +# +# LOGGING = { +# "version": 1, +# "disable_existing_loggers": False, +# "formatters": { +# "normal": { +# "format": "%(asctime)s.%(msecs)03d %(levelname)-7s %(name)s :\n %(message)s", +# "datefmt": "%H:%M:%S", +# }, +# "verbose": { +# "format": "%(asctime)s.%(msecs)03d %(levelname)-7s %(name)-20s %(filename)-15s %(funcName)30s() :\n %(message)s", +# "datefmt": "%H:%M:%S", +# }, +# }, +# "handlers": { +# "normal_console": { +# "level": "INFO", +# "class": "logging.StreamHandler", +# "formatter": "normal", +# }, +# "verbose_console": { +# "level": "DEBUG", +# "class": "logging.StreamHandler", +# "formatter": "verbose", +# }, +# }, +# "loggers": { +# "django": {"handlers": ["normal_console"], "level": "INFO"}, +# "nautobot": { +# "handlers": ["verbose_console" if DEBUG else "normal_console"], +# "level": "DEBUG" if DEBUG else "INFO", +# }, +# }, +# } + +# The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. +# +# MEDIA_ROOT = os.path.join(NAUTOBOT_ROOT, "media").rstrip("/") + +# The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to +# re-authenticate. (Default: 1209600 [14 days]) +# +# SESSION_COOKIE_AGE = int(os.getenv("NAUTOBOT_SESSION_COOKIE_AGE", "1209600")) # 2 weeks, in seconds + +# Where Nautobot stores user session data. +# +# SESSION_ENGINE = "django.contrib.sessions.backends.db" + +# By default, Nautobot will store session data in the database. Alternatively, a file path can be specified here to use +# local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only +# database access.) Note that the user as which Nautobot runs must have read and write permissions to this path. +# +# SESSION_FILE_PATH = os.getenv("NAUTOBOT_SESSION_FILE_PATH", None) + +# Where static files (CSS, JavaScript, etc.) are stored +# +# STATIC_ROOT = os.path.join(NAUTOBOT_ROOT, "static") + +# Time zone (default: UTC) +# +# TIME_ZONE = os.getenv("NAUTOBOT_TIME_ZONE", "UTC") + +################################################################### +# # +# Optional settings specific to Nautobot and its related apps # +# # +################################################################### + +# URL schemes that are allowed within links in Nautobot +# +# ALLOWED_URL_SCHEMES = ( +# "file", +# "ftp", +# "ftps", +# "http", +# "https", +# "irc", +# "mailto", +# "sftp", +# "ssh", +# "tel", +# "telnet", +# "tftp", +# "vnc", +# "xmpp", +# ) + +# Banners (HTML is permitted) to display at the top and/or bottom of all Nautobot pages, and on the login page itself. +# +# BANNER_BOTTOM = "" +# BANNER_LOGIN = "" +# BANNER_TOP = "" + +# Branding logo locations. The logo takes the place of the Nautobot logo in the top right of the nav bar. +# The filepath should be relative to the `MEDIA_ROOT`. +# +# BRANDING_FILEPATHS = { +# "logo": os.getenv("NAUTOBOT_BRANDING_FILEPATHS_LOGO", None), # Navbar logo +# "favicon": os.getenv("NAUTOBOT_BRANDING_FILEPATHS_FAVICON", None), # Browser favicon +# "icon_16": os.getenv("NAUTOBOT_BRANDING_FILEPATHS_ICON_16", None), # 16x16px icon +# "icon_32": os.getenv("NAUTOBOT_BRANDING_FILEPATHS_ICON_32", None), # 32x32px icon +# "icon_180": os.getenv( +# "NAUTOBOT_BRANDING_FILEPATHS_ICON_180", None +# ), # 180x180px icon - used for the apple-touch-icon header +# "icon_192": os.getenv("NAUTOBOT_BRANDING_FILEPATHS_ICON_192", None), # 192x192px icon +# "icon_mask": os.getenv( +# "NAUTOBOT_BRANDING_FILEPATHS_ICON_MASK", None +# ), # mono-chrome icon used for the mask-icon header +# } + +# Prepended to CSV, YAML and export template filenames (i.e. `nautobot_device.yml`) +# +# BRANDING_PREPENDED_FILENAME = os.getenv("NAUTOBOT_BRANDING_PREPENDED_FILENAME", "nautobot_") + +# Title to use in place of "Nautobot" +# +# BRANDING_TITLE = os.getenv("NAUTOBOT_BRANDING_TITLE", "Nautobot") + +# Branding URLs (links in the bottom right of the footer) +# +# BRANDING_URLS = { +# "code": os.getenv("NAUTOBOT_BRANDING_URLS_CODE", "https://github.com/nautobot/nautobot"), +# "docs": os.getenv("NAUTOBOT_BRANDING_URLS_DOCS", None), +# "help": os.getenv("NAUTOBOT_BRANDING_URLS_HELP", "https://github.com/nautobot/nautobot/wiki"), +# } + +# Cache timeout in seconds. Cannot be 0. Defaults to 900 (15 minutes). To disable caching, set CACHEOPS_ENABLED to False +# +# CACHEOPS_DEFAULTS = {"timeout": int(os.getenv("NAUTOBOT_CACHEOPS_TIMEOUT", "900"))} + +# Set to True to enable caching with cacheops. (Default: False) +# +# CACHEOPS_ENABLED = is_truthy(os.getenv("NAUTOBOT_CACHEOPS_ENABLED", "False")) + +# Set to True to enable periodic health checks for the Redis server connection used by cacheops. +# +# CACHEOPS_HEALTH_CHECK_ENABLED = False + +# Options to pass to the Celery broker transport, for example when using Celery with Redis Sentinel. +# +# CELERY_BROKER_TRANSPORT_OPTIONS = {} + +# Options to pass to the Celery result backend transport, for example when using Celery with Redis Sentinel. +# +# CELERY_RESULT_BACKEND_TRANSPORT_OPTIONS = {} + +# Default celery queue name that will be used by workers and tasks if no queue is specified +# CELERY_TASK_DEFAULT_QUEUE = os.getenv("NAUTOBOT_CELERY_TASK_DEFAULT_QUEUE", "default") + +# Global task time limits (seconds) +# Exceeding the soft limit will result in a SoftTimeLimitExceeded exception, +# while exceeding the hard limit will result in a SIGKILL. +# +# CELERY_TASK_SOFT_TIME_LIMIT = int(os.getenv("NAUTOBOT_CELERY_TASK_SOFT_TIME_LIMIT", str(5 * 60))) +# CELERY_TASK_TIME_LIMIT = int(os.getenv("NAUTOBOT_CELERY_TASK_TIME_LIMIT", str(10 * 60))) + +# Ports for prometheus metric HTTP server running on the celery worker. +# Normally this should be set to a single port, unless you have multiple workers running on a single machine, i.e. +# sharing the same available ports. In that case you need to specify a range of ports greater than or equal to the +# highest amount of workers you are running on a single machine (comma-separated, like "8080,8081,8082"). You can then +# use the `target_limit` parameter to the Prometheus `scrape_config` to ensure you are not getting duplicate metrics in +# that case. Set this to an empty string to disable it. +# CELERY_WORKER_PROMETHEUS_PORTS = [] +# if os.getenv("NAUTOBOT_CELERY_WORKER_PROMETHEUS_PORTS"): +# CELERY_WORKER_PROMETHEUS_PORTS = [ +# int(value) for value in os.getenv("NAUTOBOT_CELERY_WORKER_PROMETHEUS_PORTS").split(",") +# ] + + +# Number of days to retain changelog entries. Set to 0 to retain changes indefinitely. +# +# CHANGELOG_RETENTION = 90 + +# If True, all origins will be allowed. Other settings restricting allowed origins will be ignored. +# Defaults to False. Setting this to True can be dangerous, as it allows any website to make +# cross-origin requests to yours. Generally you'll want to restrict the list of allowed origins with +# CORS_ALLOWED_ORIGINS or CORS_ALLOWED_ORIGIN_REGEXES. +# +# CORS_ALLOW_ALL_ORIGINS = is_truthy(os.getenv("NAUTOBOT_CORS_ALLOW_ALL_ORIGINS", "False")) + +# A list of origins that are authorized to make cross-site HTTP requests. Defaults to []. +# +# CORS_ALLOWED_ORIGINS = [ +# 'https://hostname.example.com', +# ] + +# A list of strings representing regexes that match Origins that are authorized to make cross-site +# HTTP requests. Defaults to []. +# +# CORS_ALLOWED_ORIGIN_REGEXES = [ +# r'^(https?://)?(\w+\.)?example\.com$', +# ] + +# Set to True to disable rendering of the IP prefix hierarchy in the the IPAM prefix list view. +# Useful in case of poor performance when rendering this page. +# +# DISABLE_PREFIX_LIST_HIERARCHY = False + +# Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce unique IP space +# within the global table (all prefixes and IP addresses not assigned to a VRF), set ENFORCE_GLOBAL_UNIQUE to True. +# +# ENFORCE_GLOBAL_UNIQUE = is_truthy(os.getenv("NAUTOBOT_ENFORCE_GLOBAL_UNIQUE", "False")) + +# Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and +# by anonymous users. List models in the form `.`. Add '*' to this list to exempt all models. +# Defaults to []. +# +# EXEMPT_VIEW_PERMISSIONS = [ +# 'dcim.site', +# 'dcim.region', +# 'ipam.prefix', +# ] + +# Global 3rd-party authentication settings +# +# EXTERNAL_AUTH_DEFAULT_GROUPS = [] +# EXTERNAL_AUTH_DEFAULT_PERMISSIONS = {} + +# Directory where cloned Git repositories will be stored. +# +# GIT_ROOT = os.getenv("NAUTOBOT_GIT_ROOT", os.path.join(NAUTOBOT_ROOT, "git").rstrip("/")) + +# Prefixes to use for custom fields, relationships, and computed fields in GraphQL representation of data. +# +# GRAPHQL_COMPUTED_FIELD_PREFIX = "cpf" +# GRAPHQL_CUSTOM_FIELD_PREFIX = "cf" +# GRAPHQL_RELATIONSHIP_PREFIX = "rel" + +# Set to True to hide rather than disabling UI elements that a user doesn't have permission to access. +# +# HIDE_RESTRICTED_UI = False + +# HTTP proxies Nautobot should use when sending outbound HTTP requests (e.g. for webhooks). +# +# HTTP_PROXIES = { +# 'http': 'http://10.10.1.10:3128', +# 'https': 'http://10.10.1.10:1080', +# } + +# Directory where Jobs can be discovered. +# +# JOBS_ROOT = os.getenv("NAUTOBOT_JOBS_ROOT", os.path.join(NAUTOBOT_ROOT, "jobs").rstrip("/")) + +# Log Nautobot deprecation warnings. Note that this setting is ignored (deprecation logs always enabled) if DEBUG = True +# +# LOG_DEPRECATION_WARNINGS = is_truthy(os.getenv("NAUTOBOT_LOG_DEPRECATION_WARNINGS", "False")) + +# Setting this to True will display a "maintenance mode" banner at the top of every page. +# +# MAINTENANCE_MODE = is_truthy(os.getenv("NAUTOBOT_MAINTENANCE_MODE", "False")) + +# Maximum number of objects that the UI and API will retrieve in a single request. +# +# MAX_PAGE_SIZE = 1000 + +# Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics' +# +# METRICS_ENABLED = is_truthy(os.getenv("NAUTOBOT_METRICS_ENABLED", "False")) + +# Credentials that Nautobot will uses to authenticate to devices when connecting via NAPALM. +# +# NAPALM_USERNAME = os.getenv("NAUTOBOT_NAPALM_USERNAME", "") +# NAPALM_PASSWORD = os.getenv("NAUTOBOT_NAPALM_PASSWORD", "") + +# NAPALM timeout (in seconds). (Default: 30) +# +# NAPALM_TIMEOUT = int(os.getenv("NAUTOBOT_NAPALM_TIMEOUT", "30")) + +# NAPALM optional arguments (see https://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must +# be provided as a dictionary. +# +# NAPALM_ARGS = {} + +# Default number of objects to display per page of the UI and REST API. +# +# PAGINATE_COUNT = 50 + +# Options given in the web UI for the number of objects to display per page. +# +# PER_PAGE_DEFAULTS = [25, 50, 100, 250, 500, 1000] + +# Enable installed plugins. Add the name of each plugin to the list. +# +# PLUGINS = [] + +# Plugins configuration settings. These settings are used by various plugins that the user may have installed. +# Each key in the dictionary is the name of an installed plugin and its value is a dictionary of settings. +# +# PLUGINS_CONFIG = { +# 'my_plugin': { +# 'foo': 'bar', +# 'buzz': 'bazz' +# } +# } + +# Prefer IPv6 addresses or IPv4 addresses in selecting a device's primary IP address? +# +# PREFER_IPV4 = False + +# Default height and width in pixels of a single rack unit in rendered rack elevations. +# +# RACK_ELEVATION_DEFAULT_UNIT_HEIGHT = 22 +# RACK_ELEVATION_DEFAULT_UNIT_WIDTH = 220 + +# Sets an age out timer of redis lock. This is NOT implicitly applied to locks, must be added +# to a lock creation as `timeout=settings.REDIS_LOCK_TIMEOUT` +# +# REDIS_LOCK_TIMEOUT = int(os.getenv("NAUTOBOT_REDIS_LOCK_TIMEOUT", "600")) + +# How frequently to check for a new Nautobot release on GitHub, and the URL to check for this information. +# +# RELEASE_CHECK_TIMEOUT = 24 * 3600 +# RELEASE_CHECK_URL = None + +# Remote auth backend settings +# +# REMOTE_AUTH_AUTO_CREATE_USER = False +# REMOTE_AUTH_HEADER = "HTTP_REMOTE_USER" + +# Job log entry sanitization and similar +# +# SANITIZER_PATTERNS = [ +# # General removal of username-like and password-like tokens +# (re.compile(r"(https?://)?\S+\s*@", re.IGNORECASE), r"\1{replacement}@"), +# (re.compile(r"(username|password|passwd|pwd)((?:\s+is.?|:)?\s+)\S+", re.IGNORECASE), r"\1\2{replacement}"), +# ] + +# Configure SSO, for more information see docs/configuration/authentication/sso.md +# +# SOCIAL_AUTH_POSTGRES_JSONFIELD = False + +# By default uploaded media is stored on the local filesystem. Using Django-storages is also supported. Provide the +# class path of the storage driver in STORAGE_BACKEND and any configuration options in STORAGE_CONFIG. +# These default to None and {} respectively. +# +# STORAGE_BACKEND = 'storages.backends.s3boto3.S3Boto3Storage' +# STORAGE_CONFIG = { +# 'AWS_ACCESS_KEY_ID': 'Key ID', +# 'AWS_SECRET_ACCESS_KEY': 'Secret', +# 'AWS_STORAGE_BUCKET_NAME': 'nautobot', +# 'AWS_S3_REGION_NAME': 'eu-west-1', +# } + +# Reject invalid UI/API filter parameters, or discard them while logging a warning? +# +# STRICT_FILTERING = is_truthy(os.getenv("NAUTOBOT_STRICT_FILTERING", "True")) + +# UI_RACK_VIEW_TRUNCATE_FUNCTION +# +# def UI_RACK_VIEW_TRUNCATE_FUNCTION(device_display_name): +# """Given device display name, truncate to fit the rack elevation view. +# +# :param device_display_name: Full display name of the device attempting to be rendered in the rack elevation. +# :type device_display_name: str +# +# :return: Truncated device name +# :type: str +# """ +# return str(device_display_name).split(".")[0] + +# A list of strings designating all applications that are enabled in this Django installation. +# Each string should be a dotted Python path to an application configuration class (preferred), +# or a package containing an application. +# https://docs.nautobot.com/projects/core/en/latest/configuration/optional-settings/#extra-applications +# EXTRA_INSTALLED_APPS = [] +#BASE_PATH = os.environ.get("BASE_PATH", "nautobot/") +#LOGIN_URL = f"/{BASE_PATH}login" +#FORCE_SCRIPT_NAME = '/ipam' diff --git a/nested-labvm/atd-docker/nautobot/nbot-local.env b/nested-labvm/atd-docker/nautobot/nbot-local.env new file mode 100644 index 000000000..00752838c --- /dev/null +++ b/nested-labvm/atd-docker/nautobot/nbot-local.env @@ -0,0 +1,39 @@ +# # This should be limited to the hosts that are going to be the web app. +# https://docs.djangoproject.com/en/3.2/ref/settings/#allowed-hosts +NAUTOBOT_ALLOWED_HOSTS=* +NAUTOBOT_CHANGELOG_RETENTION=0 +NAUTOBOT_CONFIG=/opt/atd/nested-labvm/atd-docker/nautobot/nautobot_config.py +# +# THIS SHOULD BE CHANGED! These are the settings for the database +# +NAUTOBOT_DB_HOST=192.168.0.1 +NAUTOBOT_DB_NAME=nautobot +NAUTOBOT_DB_PASSWORD=decinablesprewad +NAUTOBOT_DB_USER=nautobot +NAUTOBOT_MAX_PAGE_SIZE=0 +NAUTOBOT_NAPALM_TIMEOUT=5 +# NAUTOBOT REDIS SETTINGS +# When updating NAUTOBOT_REDIS_PASSWORD, make sure to update the password in +# the NAUTOBOT_CACHEOPS_REDIS line as well! +# +NAUTOBOT_REDIS_HOST=192.168.0.1 +NAUTOBOT_REDIS_PASSWORD=decinablesprewad +NAUTOBOT_CACHEOPS_REDIS=redis://:decinablesprewad@192.168.0.1:6379/0 +NAUTOBOT_REDIS_PORT=6379 +# Uncomment REDIS_SSL if using SSL +# NAUTOBOT_REDIS_SSL=True +# It is required if you export the database to other locations +NAUTOBOT_SECRET_KEY=012345678901234567890123456789012345678901234567890123456789 +# Needed for Postgres should match the values for Nautobot above, this is used in the Postgres container +PGPASSWORD=decinablesprewad +POSTGRES_DB=nautobot +POSTGRES_PASSWORD=decinablesprewad +POSTGRES_USER=nautobot +# Needed for Redis should match the values for Nautobot above +NAUTOBOT_HIDE_RESTRICTED_UI=True +# Set Super User Credentials +NAUTOBOT_CREATE_SUPERUSER=true +NAUTOBOT_SUPERUSER_NAME=arista +NAUTOBOT_SUPERUSER_EMAIL=admin@example.com +NAUTOBOT_SUPERUSER_PASSWORD={ARISTA_REPLACE} +NAUTOBOT_SUPERUSER_API_TOKEN=0123456789abcdef0123456789abcdef01234567 diff --git a/nested-labvm/atd-docker/nautobot/uwsgi.ini b/nested-labvm/atd-docker/nautobot/uwsgi.ini new file mode 100644 index 000000000..b66c7961b --- /dev/null +++ b/nested-labvm/atd-docker/nautobot/uwsgi.ini @@ -0,0 +1,56 @@ +[uwsgi] +; The IP address (typically localhost) and port that the WSGI process should listen on +http = 0.0.0.0:8080 +; https = 0.0.0.0:8443,/opt/nautobot/nautobot.crt,/opt/nautobot/nautobot.key +manage-script-name = true +; Fail to start if any parameter in the configuration file isn’t explicitly understood by uWSGI +strict = false + +; Enable master process to gracefully re-spawn and pre-fork workers +master = true + +; Allow Python app-generated threads to run +enable-threads = true + +; Try to remove all of the generated file/sockets during shutdown +vacuum = true + +; Do not use multiple interpreters, allowing only Nautobot to run +single-interpreter = true + +; Shutdown when receiving SIGTERM (default is respawn) +die-on-term = true + +; Prevents uWSGI from starting if it is unable load Nautobot (usually due to errors) +need-app = true + +; By default, uWSGI has rather verbose logging that can be noisy +; disable-logging = true + +; Assert that critical 4xx and 5xx errors are still logged +log-4xx = true +log-5xx = true + +; Enable HTTP 1.1 keepalive support +http-keepalive = 1 + +; +; Advanced settings (disabled by default) +; Customize these for your environment if and only if you need them. +; Ref: https://uwsgi-docs.readthedocs.io/en/latest/Options.html +; + +; Number of uWSGI workers to spawn. This should typically be 2n+1, where n is the number of CPU cores present. Default 3 as n will be >= 1 +processes = 3 + +; set the socket listen queue size, in production the suggested value is 1024, however RHEL based kernels have a max of 128 by default +; you may need to increase the somaxconn parameter in your kernel +listen = 128 + +; If using subdirectory hosting e.g. example.com/nautobot, you must uncomment this line. Otherwise you'll get double paths e.g. example.com/nautobot/nautobot/. +; See: https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.11.html#fixpathinfo-routing-action +; route-run = fixpathinfo: /nautobot/ + +; For larger installations, certain API calls (example: Relationships, GraphQL) can have a length of query parameters that go over uWSGI default limit. +; Setting the buffer size to larger than default (4096) can have an impact on memory utilization, but can be set as high as the header limit of 65535. +buffer-size = 4096 diff --git a/nested-labvm/atd-docker/nginx/Dockerfile b/nested-labvm/atd-docker/nginx/Dockerfile index 5425c9a32..5cd5dadc1 100644 --- a/nested-labvm/atd-docker/nginx/Dockerfile +++ b/nested-labvm/atd-docker/nginx/Dockerfile @@ -1,7 +1,5 @@ FROM nginx:latest -COPY src/atd.conf /etc/nginx/conf.d/ - COPY src/atd-certs.sh /docker-entrypoint.d/ RUN mkdir /etc/nginx/certs diff --git a/nested-labvm/atd-docker/nginx/src/atd.conf b/nested-labvm/atd-docker/nginx/src/atd.conf index 1daf4cb15..fc5ba9821 100644 --- a/nested-labvm/atd-docker/nginx/src/atd.conf +++ b/nested-labvm/atd-docker/nginx/src/atd.conf @@ -13,7 +13,8 @@ server { return 301 https://$host$request_uri; } server { - listen 443 ssl http2; + listen 443 ssl; + http2 on; ssl_certificate /etc/nginx/certs/fullchain.pem; ssl_certificate_key /etc/nginx/certs/privkey.pem; ssl_session_cache builtin:1000 shared:SSL:10m; @@ -58,6 +59,22 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } + location /ipam { + proxy_pass http://atd-nbot-ui:8080/; + rewrite /ipam/?(.*) /$1 break; + sub_filter "/static" "/ipam/static"; + sub_filter "/api" "/ipam/api"; + sub_filter "/login" "/ipam/login"; + sub_filter "/logout" "/ipam/logout"; + sub_filter "/graphql" "/ipam/graphql"; + sub_filter "/nautobot/" "/ipam/nautobot/"; + sub_filter "/search" "/ipam/search"; + sub_filter "next=/" "next=/ipam/"; + sub_filter 'href="/' 'href="/ipam/'; + sub_filter_once off; + proxy_redirect / /ipam/; + } + location /uptime { access_log off; proxy_pass http://atd-uptime:50010; diff --git a/nested-labvm/atd-docker/uilanding/src/html/index.html b/nested-labvm/atd-docker/uilanding/src/html/index.html index d1d664fb6..3e2d1f895 100755 --- a/nested-labvm/atd-docker/uilanding/src/html/index.html +++ b/nested-labvm/atd-docker/uilanding/src/html/index.html @@ -61,6 +61,11 @@ Jenkins {% end %} + {% if "ipam" not in disable_links %} +
  • + ipam +
    • + {% end %}