Netbox 4.0.0 container unhealthy with LOGIN_REQUIRED set to true #1222

Fredouye · 2024-05-07T04:59:24Z

Current Behavior

Hi

after upgrading from 3.7.8 to 4.0.0, Netbox container is unhealthy if LOGIN_REQUIRED is set to true.

Update was done using :

[root@forge01 netbox]# git checkout release
Already on 'release'
Your branch is up to date with 'origin/release'.

[root@forge01 netbox]# git pull -p origin release
remote: Enumerating objects: 152, done.
remote: Counting objects: 100% (99/99), done.
remote: Compressing objects: 100% (11/11), done.
remote: Total 152 (delta 89), reused 91 (delta 87), pack-reused 53
Receiving objects: 100% (152/152), 45.34 KiB | 1.51 MiB/s, done.
Resolving deltas: 100% (90/90), completed with 15 local objects.
From https://github.com/netbox-community/netbox-docker
 * branch            release    -> FETCH_HEAD
   f1ca9ab..6d25a54  release    -> origin/release
Updating f1ca9ab..6d25a54
Fast-forward
 .github/workflows/push.yml          | 30 +++++++++++++++++++-----------
 Dockerfile                          | 10 ++++------
 README.md                           |  1 -
 VERSION                             |  2 +-
 build.sh                            |  4 ++--
 configuration/configuration.py      | 37 +++++++++++++++++++++++++++++--------
 docker-compose.override.yml.example |  1 -
 docker-compose.test.override.yml    |  1 -
 docker-compose.test.yml             |  1 -
 docker-compose.yml                  |  3 +--
 docker/docker-entrypoint.sh         |  7 +++----
 requirements-container.txt          | 10 +++++-----
 12 files changed, 64 insertions(+), 43 deletions(-)

After removing LOGIN_REQUIRED from docker-compose.override.yml, Netbox container is healthy.

Expected Behavior

Netbox 4.0.0 shoud be up and running.

Docker Compose Version

Docker Compose version v2.27.0

Docker Version

Client: Docker Engine - Community
 Version:           26.1.1
 API version:       1.45
 Go version:        go1.21.9
 Git commit:        4cf5afa
 Built:             Tue Apr 30 11:49:35 2024
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          26.1.1
  API version:      1.45 (minimum version 1.24)
  Go version:       go1.21.9
  Git commit:       ac2de55
  Built:            Tue Apr 30 11:47:50 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.31
  GitCommit:        e377cd56a71523140ca6ae87e30244719194a521
 runc:
  Version:          1.1.12
  GitCommit:        v1.1.12-0-g51d5e94
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

The git Revision

6d25a54

The git Status

On branch release
Your branch is up to date with 'origin/release'.

Untracked files:
  (use "git add <file>..." to include in what will be committed)
        .env
        my-extra-config.py
        my-extra-ldap-config.py
        netbox.log

nothing added to commit but untracked files present (use "git add" to track)

Startup Command

docker compose up -d

NetBox Logs

netbox  | ↩️ Skip creating the superuser
netbox  | 🧬 loaded config '/etc/netbox/config/configuration.py'
netbox  | 🧬 loaded config '/etc/netbox/config/extra.py'
netbox  | 🧬 loaded config '/etc/netbox/config/logging.py'
netbox  | 🧬 loaded config '/etc/netbox/config/plugins.py'
netbox  | ✅ Initialisation is done.
netbox  | ⏳ Waiting for control socket to be created... (1/10)
netbox  | 2024/05/07 06:55:09 [warn] 7#7 Unit is running unprivileged, then it cannot use arbitrary user and group.
netbox  | 2024/05/07 06:55:09 [info] 7#7 unit 1.32.0 started
netbox  | 2024/05/07 06:55:09 [info] 94#94 discovery started
netbox  | 2024/05/07 06:55:09 [notice] 94#94 module: python 3.11.6 "/usr/lib/unit/modules/python3.11.unit.so"
netbox  | 2024/05/07 06:55:09 [info] 7#7 controller started
netbox  | 2024/05/07 06:55:09 [notice] 7#7 process 94 exited with code 0
netbox  | 2024/05/07 06:55:09 [info] 96#96 router started
netbox  | 2024/05/07 06:55:09 [info] 96#96 OpenSSL 3.0.10 1 Aug 2023, 300000a0
netbox  | ⚙️ Applying configuration from /etc/unit/nginx-unit.json
netbox  | 2024/05/07 06:55:10 [info] 99#99 "netbox" prototype started
netbox  | 2024/05/07 06:55:10 [info] 100#100 "netbox" application started
netbox  | ✅ Unit configuration loaded successfully
netbox  | 2024/05/07 06:55:13 [notice] 7#7 process 92 exited with code 0
netbox  | 2024/05/07 06:55:18 [info] 134#134 "netbox" application started
netbox  | ::1 - - [07/May/2024:06:55:32 +0200] "GET /api/ HTTP/1.1" 403 58 "-" "curl/8.2.1"
netbox  | ::1 - - [07/May/2024:06:55:36 +0200] "GET /api/ HTTP/1.1" 403 58 "-" "curl/8.2.1"
netbox  | ::1 - - [07/May/2024:06:55:51 +0200] "GET /api/ HTTP/1.1" 403 58 "-" "curl/8.2.1"

Content of docker-compose.override.yml

services:
  netbox:
    container_name: netbox
    image: netboxcommunity/netbox:v4.0.0
    networks:
      - netbox
      - traefik
    restart: always
    volumes:
      - ./my-extra-config.py:/etc/netbox/config/extra.py:z,ro
      - ./my-extra-ldap-config.py:/etc/netbox/config/ldap/extra.py
      - ./scripts:/etc/netbox/reports:z,ro
    labels:
      traefik.enable: "true"
      traefik.http.routers.netbox.rule: "Host(`netbox.demo.corp`)"
      traefik.http.routers.netbox.service: "netbox"
      traefik.http.routers.netbox.entrypoints: "websecure"
      traefik.http.services.netbox.loadbalancer.server.port: "8080"
      traefik.http.routers.netbox.middlewares: "my-securedheaders@file"
      traefik.http.routers.netbox.tls: "true"
    environment:
      TZ: Europe/Paris
      BANNER_LOGIN: '<p><span style="color: #1BB23B;">Please use your Active Directory credentials to  login.</span></p>'
      PREFER_IPV4: "True"
      TIME_ZONE: "UTC"
      CHANGELOG_RETENTION: "365"
      POWERFEED_DEFAULT_VOLTAGE: "220"
      LOGIN_REQUIRED: "True"
      METRICS_ENABLED: "True"
      MAINTENANCE_MODE: "False"
      PAGINATE_COUNT: "100"
      ENFORCE_GLOBAL_UNIQUE: "False"
      ALLOW_TOKEN_RETRIEVAL: "True"
      HTTP_PROXY: 192.168.3.254:3128
      HTTPS_PROXY: 192.168.3.254:3128
      NO_PROXY: .demo.corp
      REMOTE_AUTH_ENABLED: "True"
      REMOTE_AUTH_BACKEND: "netbox.authentication.LDAPBackend"
      AUTH_LDAP_SERVER_URI: "ldap://dc01.demo.corp"
      AUTH_LDAP_BIND_DN: "CN=Bind,CN=Users,DC=demo,DC=corp"
      AUTH_LDAP_BIND_PASSWORD: ${LDAP_BIND_PASSWORD}
      AUTH_LDAP_USER_SEARCH_BASEDN: "DC=demo,DC=corp"
      AUTH_LDAP_GROUP_SEARCH_BASEDN: "DC=demo,DC=corp"
      AUTH_LDAP_REQUIRE_GROUP_DN: "CN=Netbox,CN=Users,DC=demo,DC=corp"
      AUTH_LDAP_GROUP_TYPE: "NestedActiveDirectoryGroupType"
      AUTH_LDAP_IS_ADMIN_DN: "CN=Netbox_Admins,CN=Users,DC=demo,DC=corp"
      AUTH_LDAP_IS_SUPERUSER_DN: "CN=Netbox_Superusers,CN=Users,DC=demo,DC=corp"
      LDAP_IGNORE_CERT_ERRORS: "True"
  netbox-worker:
    container_name: netbox-worker
    image: netboxcommunity/netbox:v4.0.0
    networks:
      - netbox
    restart: always
    volumes:
      - /indus/pki/ca.crt:/etc/ssl/certs/ca.crt:ro
    environment:
      TZ: Europe/Paris
      SSL_CERT_FILE: /etc/ssl/certs/ca.crt
  netbox-housekeeping:
    container_name: netbox-housekeeping
    image: netboxcommunity/netbox:v4.0.0
    networks:
      - netbox
    restart: always
    environment:
      TZ: Europe/Paris
  postgres:
    container_name: netbox-db
    networks:
      - netbox
    restart: always
    environment:
      TZ: Europe/Paris
  redis:
    container_name: netbox-redis
    image: redis:7-alpine
    networks:
      - netbox
    restart: always
    environment:
      TZ: Europe/Paris
  redis-cache:
    container_name: netbox-redis-cache
    image: redis:7-alpine
    networks:
      - netbox
    restart: always
    environment:
      TZ: Europe/Paris

networks:
  netbox:
    external: true
  traefik:
    external: true

The text was updated successfully, but these errors were encountered:

Fredouye · 2024-05-07T05:25:17Z

Thanks for the quick fix, @tobiasge !

Netbox container is healthy with this in docker-compose.override.yml :

services:
  netbox:
    healthcheck:
      start_period: 60s
      timeout: 3s
      interval: 15s
      test: "curl -f http://localhost:8080/login/ || exit 1"
    environment:
      LOGIN_REQUIRED: "True"

Fix #1222: Use /login/ as health check URL

* Update dependency psycopg to v3.1.17 * Add env var for CENSUS_REPORTING_ENABLED See netbox-community#999 * Add Redis Sentinel config as environment vars * Update dependency psycopg to v3.1.18 * fix segfault * docker-entrypoint.sh: clarify default token message When a default admin API token is found, a warning is displayed. As it is only called "token", some users might not know what token is referred to. Also the message should give a hint or link to a documentation on how to remove it. * Update Ubuntu and Nginx Unit * Use ARM64 self-hosted runner * Update dependency django-auth-ldap to v4.7.0 * Avoid duplicate checks for Renovate PRs * Fix netbox-community#1127: Added sentry-sdk to requirements * Update dependency sentry-sdk to v1.44.0 * Removed version line from the yaml file as it is obsolete * Update dependency sentry-sdk to v1.44.1 * Update dependency django-auth-ldap to v4.8.0 * Update dependency sentry-sdk to v1.45.0 * Prepare for Netbox 4.0 * Cancel workflow runs for in progress PRs * Update dependency dulwich to v0.22.0 * Update dependency dulwich to v0.22.1 * Adds SECURE_* parameters introduced in 3.7.6 See netbox-community/netbox#15644 * Update github/super-linter action to v6 * Update dependency sentry-sdk to v2 * Disabled new tests * Update dependency django-storages to v1.14.3 * Fixed regex for social-auth-core replacement * Update dependency sentry-sdk to v2.1.1 * Preparation for 2.9.0 * Fix netbox-community#1222: Use /login/ as health check URL * Install Sentry Django integration correctly * Preparation for 2.9.1 * Github -> GitHub Trying to assuage textlint * Temporarily comment out the netbox_dns plugin addition Looks like this is causing the upstream netbox CI tests to fail. * Partially revert upstream CI changes We don't have a self-hosted linux/arm64 platform to use, so reinstate the use of QEMU. Yes, it's slow, but slow and working always beats broken at any speed. --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Tobias Genannt <tobias.genannt@qbeyond.de> Co-authored-by: kindlich <kindlich@gmx.net> Co-authored-by: NdFeB <32781483+NeodymiumFerBore@users.noreply.github.com> Co-authored-by: tbotnz <tonynealon1989@gmail.com> Co-authored-by: Florian Knodt <git@adlerweb.info> Co-authored-by: Tobias Genannt <tobias.genannt@gmail.com> Co-authored-by: Chandan Kumar <chandank@becloudready.com> Co-authored-by: Christian Mäder <mail@cimnine.ch> Co-authored-by: Christian Mäder <cimnine@users.noreply.github.com>

tobiasge added a commit to tobiasge/netbox-docker that referenced this issue May 7, 2024

Fix netbox-community#1222: Use /login/ as health check URL

b6492b2

tobiasge mentioned this issue May 7, 2024

Fix #1222: Use /login/ as health check URL #1223

Merged

3 tasks

tobiasge added a commit that referenced this issue May 7, 2024

Merge pull request #1223 from tobiasge/1222-fix-health-check

53ac2ff

Fix #1222: Use /login/ as health check URL

tobiasge mentioned this issue May 7, 2024

Version 2.9.1 #1225

Merged

tobiasge closed this as completed in #1225 May 7, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Netbox 4.0.0 container unhealthy with LOGIN_REQUIRED set to true #1222

Netbox 4.0.0 container unhealthy with LOGIN_REQUIRED set to true #1222

Fredouye commented May 7, 2024 •

edited

Loading

Fredouye commented May 7, 2024

Netbox 4.0.0 container unhealthy with LOGIN_REQUIRED set to true #1222

Netbox 4.0.0 container unhealthy with LOGIN_REQUIRED set to true #1222

Comments

Fredouye commented May 7, 2024 • edited Loading

Current Behavior

Expected Behavior

Docker Compose Version

Docker Version

The git Revision

The git Status

Startup Command

NetBox Logs

Content of docker-compose.override.yml

Fredouye commented May 7, 2024

Fredouye commented May 7, 2024 •

edited

Loading