Netbox reports
185 views
Skip to first unread message
Samuel Mutel
Nov 29, 2019, 5:11:26 AM11/29/19
to NetBox
Hello,
I run a report using the netbox cli with root account.
Now when I would like to run this report manually in the web UI, the error message below is displayed:
A file permission error was detected while processing this request. Common causes include the following:
Insufficient write permission to the media root - The configured
media root is . Ensure that the user NetBox runs as has access to write
files to all locations within this path.
The complete exception is provided below:
<class 'PermissionError'>
[Errno 1] Operation not permitted
How can I clean this ?
Which user I should use to execute the report in CLI?
Regards,
Samuel.
Brian Candler
Nov 29, 2019, 10:17:01 AM11/29/19
to NetBox
> Insufficient write permission to the media root - The configured media root is
The directory /opt/netbox/netbox/media/ should be owned by whatever user you the netbox webserver runs as (e.g. "www-data")
If running reports from the CLI: then you can run them either as root, or as that user, or as some user which has group-write permissions to that directory.
Samuel Mutel
Nov 29, 2019, 12:41:50 PM11/29/19
to Brian Candler, NetBox
I changed the owner and group of folder /opt/netbox/netbox/media.
However the issue is still there ...
Just to repeat myself, the issue is on the web UI not on the command line.
When I start the report in cmd line with root account it's working fine.
--
You received this message because you are subscribed to a topic in the Google Groups "NetBox" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/netbox-discuss/xyT3kAcdw1A/unsubscribe.
To unsubscribe from this group and all its topics, send an email to netbox-discus...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/netbox-discuss/b6a0718b-a429-42f2-b98d-6f1dcd637c13%40googlegroups.com.
Brian Candler
Nov 29, 2019, 1:22:23 PM11/29/19
to NetBox
I found that this error is generic - it comes from netbox/templates/exceptions/permission_error.html - so the actual directory causing the problem may not be the media directory, it's just an example which is hard-coded in that page.
I suggest you set DEBUG=True in configuration.py, run Netbox in the foreground, and see if it tells you what file it was trying to access.
Make sure you run it as the same user that gunicorn normally runs netbox as. e.g.
sudo su - www-data -s /bin/bash
cd /opt/netbox/netbox
python3 manage.py runserver --insecure '0.0.0.0:8000'
=> point browser at http://x.x.x.x:8000/
Brian Candler
Nov 30, 2019, 4:25:12 AM11/30/19
to NetBox
It might just be that the report is not *readable* by the user that gunicorn is running at. Check the output of:
ls -l /opt/netbox/netbox/reports
ls -ld /opt/netbox/netbox/reports /opt/netbox/netbox /opt/netbox /opt
Fix if required:
chmod 644 /opt/netbox/netbox/reports/*.py
chmod 755 /opt/netbox/netbox/reports
Samuel Mutel
Dec 3, 2019, 9:02:00 AM12/3/19
to Brian Candler, NetBox
Here are the permission:
root@netbox:/opt/netbox# ls -l /opt/netbox/netbox/reports
total 4
-rw-rw-r-- 1 root www-data 0 Jan 31 2019 __init__.py
-rw-rw-r-- 1 root www-data 1758 Nov 25 16:47 Report_IP_Primary_Missing.py
total 4
-rw-rw-r-- 1 root www-data 0 Jan 31 2019 __init__.py
-rw-rw-r-- 1 root www-data 1758 Nov 25 16:47 Report_IP_Primary_Missing.py
root@netbox:/opt/netbox# ls -ld /opt/netbox/netbox/reports /opt/netbox/netbox /opt/netbox /opt
drwxr-xr-x 6 root root 111 Feb 7 2019 /opt
lrwxrwxrwx 1 root root 13 Feb 7 2019 /opt/netbox -> netbox-2.5.5/
drwxrwxr-x 17 root root 325 Dec 3 14:38 /opt/netbox/netbox
drwxrwxr-x 2 root root 61 Dec 3 12:15 /opt/netbox/netbox/reports
drwxr-xr-x 6 root root 111 Feb 7 2019 /opt
lrwxrwxrwx 1 root root 13 Feb 7 2019 /opt/netbox -> netbox-2.5.5/
drwxrwxr-x 17 root root 325 Dec 3 14:38 /opt/netbox/netbox
drwxrwxr-x 2 root root 61 Dec 3 12:15 /opt/netbox/netbox/reports
Here are the logs of debug mode:
[03/Dec/2019 13:55:37] "GET / HTTP/1.1" 200 78254
[03/Dec/2019 13:55:37] "GET /static/font-awesome-4.7.0/css/font-awesome.min.css HTTP/1.1" 200 31000
[03/Dec/2019 13:55:37] "GET /static/select2-bootstrap-0.1.0-beta.10/select2-bootstrap.min.css HTTP/1.1" 200 16792
[03/Dec/2019 13:55:37] "GET /static/css/base.css?v2.5.5 HTTP/1.1" 200 13473
[03/Dec/2019 13:55:37] "GET /static/select2-4.0.5/css/select2.min.css HTTP/1.1" 200 15196
[03/Dec/2019 13:55:37] "GET /static/jquery-ui-1.12.1/jquery-ui.css HTTP/1.1" 200 37326
[03/Dec/2019 13:55:37] "GET /static/bootstrap-3.3.7-dist/css/bootstrap.min.css HTTP/1.1" 200 121200
[03/Dec/2019 13:55:37] "GET /static/js/forms.js?v2.5.5 HTTP/1.1" 200 10469
[03/Dec/2019 13:55:37] "GET /static/bootstrap-3.3.7-dist/js/bootstrap.min.js HTTP/1.1" 200 37045
[03/Dec/2019 13:55:37] "GET /static/select2-4.0.5/js/select2.min.js HTTP/1.1" 200 66606
[03/Dec/2019 13:55:37] "GET /static/img/netbox_logo.png HTTP/1.1" 200 2257
[03/Dec/2019 13:55:37] "GET /static/js/jquery-3.3.1.min.js HTTP/1.1" 200 86927
[03/Dec/2019 13:55:37] "GET /static/jquery-ui-1.12.1/jquery-ui.min.js HTTP/1.1" 200 253669
[03/Dec/2019 13:55:37] "GET /static/font-awesome-4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1" 200 77160
[03/Dec/2019 13:55:37] "GET /static/img/netbox.ico HTTP/1.1" 200 1174
[03/Dec/2019 13:55:42] "GET /extras/reports/Report_IP_Primary_Missing.Report_IP_Primary_Missing/ HTTP/1.1" 200 79981
Internal Server Error: /extras/reports/Report_IP_Primary_Missing.Report_IP_Primary_Missing/run/
Traceback (most recent call last):
File "/usr/local/lib/python3.5/dist-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/usr/local/lib/python3.5/dist-packages/django/core/handlers/base.py", line 126, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/usr/local/lib/python3.5/dist-packages/django/core/handlers/base.py", line 124, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python3.5/dist-packages/django/views/generic/base.py", line 68, in view
return self.dispatch(request, *args, **kwargs)
File "/usr/local/lib/python3.5/dist-packages/django/contrib/auth/mixins.py", line 85, in dispatch
return super().dispatch(request, *args, **kwargs)
File "/usr/local/lib/python3.5/dist-packages/django/views/generic/base.py", line 88, in dispatch
return handler(request, *args, **kwargs)
File "/opt/netbox-2.5.5/netbox/extras/views.py", line 338, in post
report.run()
File "/opt/netbox-2.5.5/netbox/extras/reports.py", line 179, in run
test_method()
File "/opt/netbox-2.5.5/netbox/reports/Report_IP_Primary_Missing.py", line 35, in test_primary_ping
r = ping(str(device.primary_ip4.address).split('/')[0])
File "/usr/local/lib/python3.5/dist-packages/ping3.py", line 182, in ping
with socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP) as sock:
File "/usr/lib/python3.5/socket.py", line 134, in __init__
_socket.socket.__init__(self, family, type, proto, fileno)
[03/Dec/2019 13:55:37] "GET /static/font-awesome-4.7.0/css/font-awesome.min.css HTTP/1.1" 200 31000
[03/Dec/2019 13:55:37] "GET /static/select2-bootstrap-0.1.0-beta.10/select2-bootstrap.min.css HTTP/1.1" 200 16792
[03/Dec/2019 13:55:37] "GET /static/css/base.css?v2.5.5 HTTP/1.1" 200 13473
[03/Dec/2019 13:55:37] "GET /static/select2-4.0.5/css/select2.min.css HTTP/1.1" 200 15196
[03/Dec/2019 13:55:37] "GET /static/jquery-ui-1.12.1/jquery-ui.css HTTP/1.1" 200 37326
[03/Dec/2019 13:55:37] "GET /static/bootstrap-3.3.7-dist/css/bootstrap.min.css HTTP/1.1" 200 121200
[03/Dec/2019 13:55:37] "GET /static/js/forms.js?v2.5.5 HTTP/1.1" 200 10469
[03/Dec/2019 13:55:37] "GET /static/bootstrap-3.3.7-dist/js/bootstrap.min.js HTTP/1.1" 200 37045
[03/Dec/2019 13:55:37] "GET /static/select2-4.0.5/js/select2.min.js HTTP/1.1" 200 66606
[03/Dec/2019 13:55:37] "GET /static/img/netbox_logo.png HTTP/1.1" 200 2257
[03/Dec/2019 13:55:37] "GET /static/js/jquery-3.3.1.min.js HTTP/1.1" 200 86927
[03/Dec/2019 13:55:37] "GET /static/jquery-ui-1.12.1/jquery-ui.min.js HTTP/1.1" 200 253669
[03/Dec/2019 13:55:37] "GET /static/font-awesome-4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1" 200 77160
[03/Dec/2019 13:55:37] "GET /static/img/netbox.ico HTTP/1.1" 200 1174
[03/Dec/2019 13:55:42] "GET /extras/reports/Report_IP_Primary_Missing.Report_IP_Primary_Missing/ HTTP/1.1" 200 79981
Internal Server Error: /extras/reports/Report_IP_Primary_Missing.Report_IP_Primary_Missing/run/
Traceback (most recent call last):
File "/usr/local/lib/python3.5/dist-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/usr/local/lib/python3.5/dist-packages/django/core/handlers/base.py", line 126, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/usr/local/lib/python3.5/dist-packages/django/core/handlers/base.py", line 124, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python3.5/dist-packages/django/views/generic/base.py", line 68, in view
return self.dispatch(request, *args, **kwargs)
File "/usr/local/lib/python3.5/dist-packages/django/contrib/auth/mixins.py", line 85, in dispatch
return super().dispatch(request, *args, **kwargs)
File "/usr/local/lib/python3.5/dist-packages/django/views/generic/base.py", line 88, in dispatch
return handler(request, *args, **kwargs)
File "/opt/netbox-2.5.5/netbox/extras/views.py", line 338, in post
report.run()
File "/opt/netbox-2.5.5/netbox/extras/reports.py", line 179, in run
test_method()
File "/opt/netbox-2.5.5/netbox/reports/Report_IP_Primary_Missing.py", line 35, in test_primary_ping
r = ping(str(device.primary_ip4.address).split('/')[0])
File "/usr/local/lib/python3.5/dist-packages/ping3.py", line 182, in ping
with socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP) as sock:
File "/usr/lib/python3.5/socket.py", line 134, in __init__
_socket.socket.__init__(self, family, type, proto, fileno)
PermissionError: [Errno 1] Operation not permitted
[03/Dec/2019 13:55:45] "POST /extras/reports/Report_IP_Primary_Missing.Report_IP_Primary_Missing/run/ HTTP/1.1" 500 107117
Not Found: /favicon.ico
Not Found: /favicon.ico
--
You received this message because you are subscribed to a topic in the Google Groups "NetBox" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/netbox-discuss/xyT3kAcdw1A/unsubscribe.
To unsubscribe from this group and all its topics, send an email to netbox-discus...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/netbox-discuss/35390c64-9aff-4691-b0b4-f71e42ef7043%40googlegroups.com.
Brian Candler
Dec 3, 2019, 9:20:00 AM12/3/19
to NetBox
On Tuesday, 3 December 2019 14:02:00 UTC, Samuel Mutel wrote:
File "/opt/netbox-2.5.5/netbox/reports/Report_IP_Primary_Missing.py", line 35, in test_primary_ping
r = ping(str(device.primary_ip4.address).split('/')[0])
File "/usr/local/lib/python3.5/dist-packages/ping3.py", line 182, in ping
with socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP) as sock:
Excellent. Read the backtrace where shown and you'll see exactly where the problem is.
In summary: you've written a report which needs to be run with root privileges, because it makes use of raw sockets.
Solutions:
1. Run netbox with elevated privileges, specifically CAP_NET_RAW. If you are running gunicorn from systemd, then it should be sufficient to edit your netbox.service file to say:
[Service]
...
AmbientCapabilities=CAP_NET_RAW
(and then systemctl daemon-reload; systemctl restart netbox). If you are not using systemd then it may be trickier.
2. Rewrite your script to invoke the external 'ping' command, e.g. using subprocess.run(). This command generally is setuid root so it has sufficient privileges to be run as a non-root user:
# ls -l /bin/ping
-rwsr-xr-x 1 root root 44168 May 7 2014 /bin/ping
... or if not, it will have cap_net_raw.
HTH,
Brian.
Samuel Mutel
Dec 3, 2019, 10:07:50 AM12/3/19
to Brian Candler, NetBox
It works fine. Thanks.
--
You received this message because you are subscribed to a topic in the Google Groups "NetBox" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/netbox-discuss/xyT3kAcdw1A/unsubscribe.
To unsubscribe from this group and all its topics, send an email to netbox-discus...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/netbox-discuss/a5c9ea35-6e4b-4452-bd81-49167c60e66d%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages