Add the Golden Config Plugin

ubajze · ubajze · commit f17a29604c4a · 2022-09-15T08:36:58.000+02:00
diff --git a/Dockerfile b/Dockerfile
@@ -2,3 +2,8 @@ ARG NAUTOBOT_VERSION=1.4.2
 ARG PYTHON_VERSION=3.9
 FROM ghcr.io/nautobot/nautobot:${NAUTOBOT_VERSION}-py${PYTHON_VERSION}
 
+COPY requirements.txt /tmp/
+
+RUN pip install -r /tmp/requirements.txt
+
+COPY ./configuration/nautobot_config.py /opt/nautobot/
diff --git a/configuration/nautobot_config.py b/configuration/nautobot_config.py
@@ -0,0 +1,302 @@
+import os
+import sys
+
+from nautobot.core.settings import *  # noqa F401,F403
+from nautobot.core.settings_funcs import is_truthy, parse_redis_connection
+
+#########################
+#                       #
+#   Required settings   #
+#                       #
+#########################
+
+# This is a list of valid fully-qualified domain names (FQDNs) for the Nautobot server. Nautobot will not permit write
+# access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.
+#
+# Example: ALLOWED_HOSTS = ['nautobot.example.com', 'nautobot.internal.local']
+ALLOWED_HOSTS = os.getenv("NAUTOBOT_ALLOWED_HOSTS", "").split(" ")
+
+# Database configuration. See the Django documentation for a complete list of available parameters:
+#   https://docs.djangoproject.com/en/stable/ref/settings/#databases
+DATABASES = {
+    "default": {
+        "NAME": os.getenv("NAUTOBOT_DB_NAME", "nautobot"),  # Database name
+        "USER": os.getenv("NAUTOBOT_DB_USER", ""),  # Database username
+        "PASSWORD": os.getenv("NAUTOBOT_DB_PASSWORD", ""),  # Database password
+        "HOST": os.getenv("NAUTOBOT_DB_HOST", "localhost"),  # Database server
+        "PORT": os.getenv("NAUTOBOT_DB_PORT", ""),  # Database port (leave blank for default)
+        "CONN_MAX_AGE": int(os.getenv("NAUTOBOT_DB_TIMEOUT", "300")),  # Database timeout
+        "ENGINE": os.getenv(
+            "NAUTOBOT_DB_ENGINE", "django.db.backends.postgresql"
+        ),  # Database driver ("mysql" or "postgresql")
+    }
+}
+
+# Ensure proper Unicode handling for MySQL
+if DATABASES["default"]["ENGINE"] == "django.db.backends.mysql":
+    DATABASES["default"]["OPTIONS"] = {"charset": "utf8mb4"}
+
+# Nautobot uses RQ for task scheduling. These are the following defaults.
+# For detailed configuration see: https://github.com/rq/django-rq#installation
+# These defaults utilize the Django `CACHES` setting defined above for django-redis.
+# See: https://github.com/rq/django-rq#support-for-django-redis-and-django-redis-cache
+RQ_QUEUES = {
+    "default": {
+        "USE_REDIS_CACHE": "default",
+    },
+    "check_releases": {
+        "USE_REDIS_CACHE": "default",
+    },
+    "custom_fields": {
+        "USE_REDIS_CACHE": "default",
+    },
+    "webhooks": {
+        "USE_REDIS_CACHE": "default",
+    },
+}
+
+# Nautobot uses Cacheops for database query caching. These are the following defaults.
+# For detailed configuration see: https://github.com/Suor/django-cacheops#setup
+CACHEOPS_REDIS = os.getenv("NAUTOBOT_CACHEOPS_REDIS", parse_redis_connection(redis_database=1))
+
+# The django-redis cache is used to establish concurrent locks using Redis. The
+# django-rq settings will use the same instance/database by default.
+CACHES = {
+    "default": {
+        "BACKEND": "django_redis.cache.RedisCache",
+        "LOCATION": parse_redis_connection(redis_database=0),
+        "TIMEOUT": 300,
+        "OPTIONS": {
+            "CLIENT_CLASS": "django_redis.client.DefaultClient",
+        },
+    }
+}
+
+# This key is used for secure generation of random numbers and strings. It must never be exposed outside of this file.
+# For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and
+# symbols. Nautobot will not run without this defined. For more information, see
+# https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY
+SECRET_KEY = os.getenv("NAUTOBOT_SECRET_KEY", "hs&r^dpbo&j$zy)s&bjylvo!r54-s*=v9(3nurue6zc2r)kwmb")
+
+
+#########################
+#                       #
+#   Optional settings   #
+#                       #
+#########################
+
+# Specify one or more name and email address tuples representing Nautobot administrators. These people will be notified of
+# application errors (assuming correct email settings are provided).
+ADMINS = [
+    # ['John Doe', 'jdoe@example.com'],
+]
+
+# URL schemes that are allowed within links in Nautobot
+ALLOWED_URL_SCHEMES = (
+    "file",
+    "ftp",
+    "ftps",
+    "http",
+    "https",
+    "irc",
+    "mailto",
+    "sftp",
+    "ssh",
+    "tel",
+    "telnet",
+    "tftp",
+    "vnc",
+    "xmpp",
+)
+
+# Cache timeout in seconds. Cannot be 0. Defaults to 900 (15 minutes). To disable caching, set CACHEOPS_ENABLED to False
+CACHEOPS_DEFAULTS = {"timeout": int(os.getenv("NAUTOBOT_CACHEOPS_TIMEOUT", "900"))}
+
+# Set to False to disable caching with cacheops. (Default: True)
+CACHEOPS_ENABLED = is_truthy(os.getenv("NAUTOBOT_CACHEOPS_ENABLED", "True"))
+
+# If True, all origins will be allowed. Other settings restricting allowed origins will be ignored.
+# Defaults to False. Setting this to True can be dangerous, as it allows any website to make
+# cross-origin requests to yours. Generally you'll want to restrict the list of allowed origins with
+# CORS_ALLOWED_ORIGINS or CORS_ALLOWED_ORIGIN_REGEXES.
+CORS_ALLOW_ALL_ORIGINS = is_truthy(os.getenv("NAUTOBOT_CORS_ALLOW_ALL_ORIGINS", "False"))
+
+# A list of origins that are authorized to make cross-site HTTP requests. Defaults to [].
+CORS_ALLOWED_ORIGINS = [
+    # 'https://hostname.example.com',
+]
+
+# A list of strings representing regexes that match Origins that are authorized to make cross-site
+# HTTP requests. Defaults to [].
+CORS_ALLOWED_ORIGIN_REGEXES = [
+    # r'^(https?://)?(\w+\.)?example\.com$',
+]
+
+# FQDNs that are considered trusted origins for secure, cross-domain, requests such as HTTPS POST.
+# If running Nautobot under a single domain, you may not need to set this variable;
+# if running on multiple domains, you *may* need to set this variable to more or less the same as ALLOWED_HOSTS above.
+# https://docs.djangoproject.com/en/stable/ref/settings/#csrf-trusted-origins
+CSRF_TRUSTED_ORIGINS = []
+
+# Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal
+# sensitive information about your installation. Only enable debugging while performing testing. Never enable debugging
+# on a production system.
+DEBUG = is_truthy(os.getenv("NAUTOBOT_DEBUG", "False"))
+
+# Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce unique IP space
+# within the global table (all prefixes and IP addresses not assigned to a VRF), set
+# ENFORCE_GLOBAL_UNIQUE to True.
+ENFORCE_GLOBAL_UNIQUE = is_truthy(os.getenv("NAUTOBOT_ENFORCE_GLOBAL_UNIQUE", "False"))
+
+# Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and
+# by anonymous users. List models in the form `<app>.<model>`. Add '*' to this list to exempt all models.
+EXEMPT_VIEW_PERMISSIONS = [
+    # 'dcim.site',
+    # 'dcim.region',
+    # 'ipam.prefix',
+]
+
+# Global 3rd-party authentication settings
+EXTERNAL_AUTH_DEFAULT_GROUPS = []
+EXTERNAL_AUTH_DEFAULT_PERMISSIONS = {}
+
+# If hosting Nautobot in a subdirectory, you must set this value to match the base URL prefix configured in your HTTP server (e.g. `/nautobot/`). When not set, URLs will default to being prefixed by `/`.
+FORCE_SCRIPT_NAME = None
+
+# HTTP proxies Nautobot should use when sending outbound HTTP requests (e.g. for webhooks).
+# HTTP_PROXIES = {
+#     'http': 'http://10.10.1.10:3128',
+#     'https': 'http://10.10.1.10:1080',
+# }
+
+# IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing
+# Nautobot from an internal IP.
+INTERNAL_IPS = ("127.0.0.1", "::1")
+
+# Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs:
+#   https://docs.djangoproject.com/en/stable/topics/logging/
+LOGGING = {}
+
+# Setting this to True will display a "maintenance mode" banner at the top of every page.
+MAINTENANCE_MODE = is_truthy(os.getenv("NAUTOBOT_MAINTENANCE_MODE", "False"))
+
+# The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. Note that
+# the default value of this setting is within the invoking user's home directory
+# MEDIA_ROOT = os.path.expanduser('~/.nautobot/media')
+
+# By default uploaded media is stored on the local filesystem. Using Django-storages is also supported. Provide the
+# class path of the storage driver in STORAGE_BACKEND and any configuration options in STORAGE_CONFIG. For example:
+# STORAGE_BACKEND = 'storages.backends.s3boto3.S3Boto3Storage'
+# STORAGE_CONFIG = {
+#     'AWS_ACCESS_KEY_ID': 'Key ID',
+#     'AWS_SECRET_ACCESS_KEY': 'Secret',
+#     'AWS_STORAGE_BUCKET_NAME': 'nautobot',
+#     'AWS_S3_REGION_NAME': 'eu-west-1',
+# }
+
+# Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics'
+METRICS_ENABLED = is_truthy(os.getenv("NAUTOBOT_METRICS_ENABLED", "False"))
+
+# Credentials that Nautobot will uses to authenticate to devices when connecting via NAPALM.
+NAPALM_USERNAME = os.getenv("NAUTOBOT_NAPALM_USERNAME", "")
+NAPALM_PASSWORD = os.getenv("NAUTOBOT_NAPALM_PASSWORD", "")
+
+# NAPALM timeout (in seconds). (Default: 30)
+NAPALM_TIMEOUT = int(os.getenv("NAUTOBOT_NAPALM_TIMEOUT", "30"))
+
+# NAPALM optional arguments (see https://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must
+# be provided as a dictionary.
+NAPALM_ARGS = {}
+
+# Enable installed plugins. Add the name of each plugin to the list.
+PLUGINS = ["nautobot_plugin_nornir", "nautobot_golden_config"]
+
+PLUGINS_CONFIG = {
+    "nautobot_plugin_nornir": {
+        "nornir_settings": {
+            "credentials": "nautobot_plugin_nornir.plugins.credentials.env_vars.CredentialsEnvVars",
+            "runner": {
+                "plugin": "threaded",
+                "options": {
+                    "num_workers": 20,
+                },
+            },
+        },
+    },
+    "nautobot_golden_config": {
+        "per_feature_bar_width": 0.15,
+        "per_feature_width": 13,
+        "per_feature_height": 4,
+        "enable_backup": True,
+        "enable_compliance": True,
+        "enable_intended": True,
+        "enable_sotagg": True,
+        "sot_agg_transposer": None,
+        "platform_slug_map": None,
+        # "get_custom_compliance": "my.custom_compliance.func"
+    },
+}
+
+# Remote auth backend settings
+REMOTE_AUTH_AUTO_CREATE_USER = False
+REMOTE_AUTH_HEADER = "HTTP_REMOTE_USER"
+
+# The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to
+# re-authenticate. (Default: 1209600 [14 days])
+SESSION_COOKIE_AGE = int(os.getenv("NAUTOBOT_SESSION_COOKIE_AGE", "1209600"))  # 2 weeks, in seconds
+
+# By default, Nautobot will store session data in the database. Alternatively, a file path can be specified here to use
+# local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only
+# database access.) Note that the user as which Nautobot runs must have read and write permissions to this path.
+SESSION_FILE_PATH = os.getenv("NAUTOBOT_SESSION_FILE_PATH", None)
+
+# Configure SSO, for more information see docs/configuration/authentication/sso.md
+SOCIAL_AUTH_POSTGRES_JSONFIELD = False
+
+# Reject invalid UI/API filter parameters, or discard them while logging a warning?
+STRICT_FILTERING = is_truthy(os.getenv("NAUTOBOT_STRICT_FILTERING", "True"))
+
+# Time zone (default: UTC)
+TIME_ZONE = os.getenv("NAUTOBOT_TIME_ZONE", "UTC")
+
+# Date/time formatting. See the following link for supported formats:
+# https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date
+DATE_FORMAT = os.getenv("NAUTOBOT_DATE_FORMAT", "N j, Y")
+SHORT_DATE_FORMAT = os.getenv("NAUTOBOT_SHORT_DATE_FORMAT", "Y-m-d")
+TIME_FORMAT = os.getenv("NAUTOBOT_TIME_FORMAT", "g:i a")
+SHORT_TIME_FORMAT = os.getenv("NAUTOBOT_SHORT_TIME_FORMAT", "H:i:s")
+DATETIME_FORMAT = os.getenv("NAUTOBOT_DATETIME_FORMAT", "N j, Y g:i a")
+SHORT_DATETIME_FORMAT = os.getenv("NAUTOBOT_SHORT_DATETIME_FORMAT", "Y-m-d H:i")
+
+# A list of strings designating all applications that are enabled in this Django installation. Each string should be a dotted Python path to an application configuration class (preferred), or a package containing an application.
+# https://nautobot.readthedocs.io/en/latest/configuration/optional-settings/#extra-applications
+EXTRA_INSTALLED_APPS = []
+LOG_LEVEL = "DEBUG" if DEBUG else "INFO"
+LOGGING = {
+    "version": 1,
+    "disable_existing_loggers": False,
+    "formatters": {
+        "normal": {
+            "format": "%(asctime)s.%(msecs)03d %(levelname)-7s %(name)s :\n  %(message)s",
+            "datefmt": "%H:%M:%S",
+        },
+        "verbose": {
+            "format": "%(asctime)s.%(msecs)03d %(levelname)-7s %(name)-20s %(filename)-15s %(funcName)30s() :\n  %(message)s",
+            "datefmt": "%H:%M:%S",
+        },
+    },
+    "handlers": {
+        "normal_console": {
+            "level": "DEBUG",
+            "class": "logging.StreamHandler",
+            "formatter": "normal",
+        },
+    },
+    "loggers": {
+        "django": {"handlers": ["normal_console"], "level": LOG_LEVEL},
+        "nautobot": {
+            "handlers": ["normal_console"],
+            "level": LOG_LEVEL,
+        },
+    },
+}
diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1,2 @@
+nautobot_plugin_nornir==1.0.0
+nautobot-golden-config==1.2.0

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+nautobot_plugin_nornir==1.0.0`
	`2`	`+nautobot-golden-config==1.2.0`