Webfrontend with database in readonly mode #7381

New Issue

Closed

opened 2025-12-29 20:22:40 +01:00 by adam · 9 comments

adam commented 2025-12-29 20:22:40 +01:00

Owner

Copy Link

Originally created by @PieterL75 on GitHub (Dec 19, 2022).

Originally assigned to: @abhi1693 on GitHub.

NetBox version

v3.3.9

Feature type

Change to existing functionality

Proposed functionality

The current 'Maintenance mode' ensures that no writes are done to the database. It also displays a banner that the instance is in maintenance mode.

I would like to have a 'ReadOnly' mode that

• like maintenance mode, prevents updates by logins.
• don't display a banner (custom banner can be set with the BANNER_TOP)
• don't do any database updates with the upgrade.sh script
• optionally: provide a message to the user if he tries to do a write operation, with info to the read/write
• optionally: use a separate database for session logs

Use case

We use postgres WAL to create a almost-realtime readonly copy of our production database.
This can be used to poll data from with API calls and the GUI.

In order to maintain this node, we need to patch the upgrade.sh (remove database operation), but that breaks the git pull.
Also, that banner that is show is not relevant to the state of our instance. It is not in maintenance, it is in readonly.
The sessionpath is an option, but I would rather like to send that to a separate database (different postgresql server) to maintain the session state across webfrontends

Database changes

No response

External dependencies

No response

Originally created by @PieterL75 on GitHub (Dec 19, 2022). Originally assigned to: @abhi1693 on GitHub. ### NetBox version v3.3.9 ### Feature type Change to existing functionality ### Proposed functionality The current 'Maintenance mode' ensures that no writes are done to the database. It also displays a banner that the instance is in maintenance mode. I would like to have a 'ReadOnly' mode that - like maintenance mode, prevents updates by logins. - don't display a banner (custom banner can be set with the BANNER_TOP) - don't do any database updates with the upgrade.sh script - optionally: provide a message to the user if he tries to do a write operation, with info to the read/write - optionally: use a separate database for session logs ### Use case We use postgres WAL to create a almost-realtime readonly copy of our production database. This can be used to poll data from with API calls and the GUI. In order to maintain this node, we need to patch the upgrade.sh (remove database operation), but that breaks the git pull. Also, that banner that is show is not relevant to the state of our instance. It is not in maintenance, it is in readonly. The sessionpath is an option, but I would rather like to send that to a separate database (different postgresql server) to maintain the session state across webfrontends ### Database changes _No response_ ### External dependencies _No response_

adam added the status: acceptedtype: feature labels 2025-12-29 20:22:40 +01:00

adam closed this issue 2025-12-29 20:22:40 +01:00

adam commented 2025-12-29 20:22:40 +01:00

Author

Owner

Copy Link

@jeremystretch commented on GitHub (Jan 5, 2023):

I'd really like to see this as well, however I'm not sure if we can elegantly hook into the database connection to catch and prevent write operations cleanly. Anyone have any ideas?

@jeremystretch commented on GitHub (Jan 5, 2023): I'd really like to see this as well, however I'm not sure if we can elegantly hook into the database connection to catch and prevent write operations cleanly. Anyone have any ideas?

adam commented 2025-12-29 20:22:41 +01:00

Author

Owner

Copy Link

@talha700 commented on GitHub (Jan 10, 2023):

Same case here, we are using postgres streaming replication and setup up 2 instances of Netbox, It would be cool if user can login (we are using LDAP for remote auth) to replica instance of Netbox as read-only.

I'm still seeing logs after turning MAINTENANCE_MODE=True, is it not supposed to update the last login etc... ? v3.3.7

@talha700 commented on GitHub (Jan 10, 2023): Same case here, we are using postgres streaming replication and setup up 2 instances of Netbox, It would be cool if user can login (we are using LDAP for remote auth) to replica instance of Netbox as read-only. I'm still seeing logs after turning MAINTENANCE_MODE=True, is it not supposed to update the last login etc... ? v3.3.7 

adam commented 2025-12-29 20:22:41 +01:00

Author

Owner

Copy Link

@kkthxbye-code commented on GitHub (Jan 10, 2023):

@talha700 - https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-always-update-user

@kkthxbye-code commented on GitHub (Jan 10, 2023): @talha700 - https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-always-update-user

adam commented 2025-12-29 20:22:41 +01:00

Author

Owner

Copy Link

@abhi1693 commented on GitHub (Jan 14, 2023):

@jeremystretch Can I take a try at this? I have a solution which involves overriding CursorWrapper to raise exception in maintenance mode which in turn disallows write operations and gracefully informs the user via django message framework.

@abhi1693 commented on GitHub (Jan 14, 2023): @jeremystretch Can I take a try at this? I have a solution which involves overriding `CursorWrapper` to raise exception in maintenance mode which in turn disallows write operations and gracefully informs the user via django message framework.   

adam commented 2025-12-29 20:22:42 +01:00

Author

Owner

Copy Link

@jeremystretch commented on GitHub (Jan 16, 2023):

@abhi1693 sure! Put a PR in against the develop branch for now, although we may end up needing to defer this until the v3.5 release depending on how involved the implementation ends up being. Thanks!

@jeremystretch commented on GitHub (Jan 16, 2023): @abhi1693 sure! Put a PR in against the `develop` branch for now, although we may end up needing to defer this until the v3.5 release depending on how involved the implementation ends up being. Thanks!

adam commented 2025-12-29 20:22:42 +01:00

Author

Owner

Copy Link

@PieterL75 commented on GitHub (Jan 16, 2023):

There are also plugins (like ldap, okta saml) that write to the database when a user logs in
Is there a way to tackle that too?

@PieterL75 commented on GitHub (Jan 16, 2023): There are also plugins (like ldap, okta saml) that write to the database when a user logs in Is there a way to tackle that too?

adam commented 2025-12-29 20:22:42 +01:00

Author

Owner

Copy Link

@abhi1693 commented on GitHub (Jan 16, 2023):

I don't have a setup for that yet so I cannot say

@abhi1693 commented on GitHub (Jan 16, 2023): I don't have a setup for that yet so I cannot say

adam commented 2025-12-29 20:22:42 +01:00

Author

Owner

Copy Link

@pycolas commented on GitHub (Mar 5, 2023):

I am also interested with this feature.
A primary netbox instance where read/write operations are possible on sensitive network, and some read only instances reachable from less sensitive networks in the company (or in remote offices with huge latency with central).

Django as a database router functionnality. Maybe it can help in order to separate R/W operations for frontend user experience, and read operations for models storage ?
Or maybe in my usecase I can simply declare users with no write privileges at all.

@pycolas commented on GitHub (Mar 5, 2023): I am also interested with this feature. A primary netbox instance where read/write operations are possible on sensitive network, and some read only instances reachable from less sensitive networks in the company (or in remote offices with huge latency with central). Django as a database router functionnality. Maybe it can help in order to separate R/W operations for frontend user experience, and read operations for models storage ? Or maybe in my usecase I can simply declare users with no write privileges at all.

adam commented 2025-12-29 20:22:42 +01:00

Author

Owner

Copy Link

@jeremystretch commented on GitHub (May 12, 2023):

don't display a banner (custom banner can be set with the BANNER_TOP)

This has been spun out into a separate FR, #12554.

don't do any database updates with the upgrade.sh script

This is an administrative concern that will need to be controlled outside of NetBox.

provide a message to the user if he tries to do a write operation, with info to the read/write

This is achieved by PR #12490, which sets each transaction to be read-only and cleanly reports an error in the event of an attempted write operation.

@jeremystretch commented on GitHub (May 12, 2023): > don't display a banner (custom banner can be set with the BANNER_TOP) This has been spun out into a separate FR, #12554. > don't do any database updates with the upgrade.sh script This is an administrative concern that will need to be controlled outside of NetBox. > provide a message to the user if he tries to do a write operation, with info to the read/write This is achieved by PR #12490, which sets each transaction to be read-only and cleanly reports an error in the event of an attempted write operation.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

update-changelog-comments-docs

feature-removal-issue-type

20911-dropdown

20239-plugin-menu-classes-mutable-state

21097-graphql-id-lookups

feature

fix_module_substitution

20923-dcim-templates

20044-elevation-stuck-lightmode

feature-ip-prefix-link

v4.5-beta1-release

20068-import-moduletype-attrs

20766-fix-german-translation-code-literals

20378-del-script

7604-filter-modifiers-v3

circuit-swap

12318-case-insensitive-uniqueness

20637-improve-device-q-filter

20660-script-load

19724-graphql

20614-update-ruff

14884-script

02496-max-page

19720-macaddress-interface-generic-relation

19408-circuit-terminations-export-templates

20203-openapi-check

fix-19669-api-image-download

7604-filter-modifiers

19275-fixes-interface-bulk-edit

fix-17794-get_field_value_return_list

11507-show-aggregate-and-rir-on-api

9583-add_column_specific_search_field_to_tables

v4.5.0

v4.4.10

v4.4.9

v4.5.0-beta1

v4.4.8

v4.4.7

v4.4.6

v4.4.5

v4.4.4

v4.4.3

v4.4.2

v4.4.1

v4.4.0

v4.3.7

v4.4.0-beta1

v4.3.6

v4.3.5

v4.3.4

v4.3.3

v4.3.2

v4.3.1

v4.3.0

v4.2.9

v4.3.0-beta2

v4.2.8

v4.3.0-beta1

v4.2.7

v4.2.6

v4.2.5

v4.2.4

v4.2.3

v4.2.2

v4.2.1

v4.2.0

v4.1.11

v4.1.10

v4.1.9

v4.1.8

v4.2-beta1

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.11

v4.0.10

v4.0.9

v4.1-beta1

v4.0.8

v4.0.7

v4.0.6

v4.0.5

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.7.8

v3.7.7

v4.0-beta2

v3.7.6

v3.7.5

v4.0-beta1

v3.7.4

v3.7.3

v3.7.2

v3.7.1

v3.7.0

v3.6.9

v3.6.8

v3.6.7

v3.7-beta1

v3.6.6

v3.6.5

v3.6.4

v3.6.3

v3.6.2

v3.6.1

v3.6.0

v3.5.9

v3.6-beta2

v3.5.8

v3.6-beta1

v3.5.7

v3.5.6

v3.5.5

v3.5.4

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.10

v3.4.9

v3.5-beta2

v3.4.8

v3.5-beta1

v3.4.7

v3.4.6

v3.4.5

v3.4.4

v3.4.3

v3.4.2

v3.4.1

v3.4.0

v3.3.10

v3.3.9

v3.4-beta1

v3.3.8

v3.3.7

v3.3.6

v3.3.5

v3.3.4

v3.3.3

v3.3.2

v3.3.1

v3.3.0

v3.2.9

v3.2.8

v3.3-beta2

v3.2.7

v3.3-beta1

v3.2.6

v3.2.5

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.11

v3.1.10

v3.2-beta2

v3.1.9

v3.2-beta1

v3.1.8

v3.1.7

v3.1.6

v3.1.5

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.0.12

v3.0.11

v3.0.10

v3.1-beta1

v3.0.9

v3.0.8

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.11.12

v3.0-beta2

v2.11.11

v2.11.10

v3.0-beta1

v2.11.9

v2.11.8

v2.11.7

v2.11.6

v2.11.5

v2.11.4

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.10

v2.10.9

v2.11-beta1

v2.10.8

v2.10.7

v2.10.6

v2.10.5

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.11

v2.10-beta2

v2.9.10

v2.10-beta1

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.9-beta2

v2.8.9

v2.9-beta1

v2.8.8

v2.8.7

v2.8.6

v2.8.5

v2.8.4

v2.8.3

v2.8.2

v2.8.1

v2.8.0

v2.7.12

v2.7.11

v2.7.10

v2.7.9

v2.7.8

v2.7.7

v2.7.6

v2.7.5

v2.7.4

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.12

v2.6.11

v2.6.10

v2.6.9

v2.7-beta1

Solcon-2020-01-06

v2.6.8

v2.6.7

v2.6.6

v2.6.5

v2.6.4

v2.6.3

v2.6.2

v2.6.1

v2.6.0

v2.5.13

v2.5.12

v2.6-beta1

v2.5.11

v2.5.10

v2.5.9

v2.5.8

v2.5.7

v2.5.6

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.9

v2.5-beta2

v2.4.8

v2.5-beta1

v2.4.7

v2.4.6

v2.4.5

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.7

v2.4-beta1

v2.3.6

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.10

v2.3-beta2

v2.2.9

v2.3-beta1

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.6

v2.2-beta2

v2.1.5

v2.2-beta1

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.10

v2.1-beta1

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v2.0-beta3

v1.9.6

v1.9.5

v2.0-beta2

v1.9.4-r1

v1.9.3

v2.0-beta1

v1.9.2

v1.9.1

v1.9.0-r1

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.3

v1.7.2-r1

v1.7.1

v1.7.0

v1.6.3

v1.6.2-r1

v1.6.1-r1

1.6.1

v1.6.0

v1.5.2

v1.5.1

v1.5.0

v1.4.2

v1.4.1

v1.4.0

v1.3.2

v1.3.1

v1.3.0

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.7-r1

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3-r1

v1.0.3

1.0.0

Labels

Clear labels

beta

breaking change

complexity: high

complexity: low

complexity: medium

needs milestone

netbox

pending closure

plugin candidate

pull-request

Mirrored from GitHub Pull Request

severity: high

severity: low

severity: medium

status: accepted

status: backlog

status: blocked

status: duplicate

status: needs owner

status: needs triage

status: revisions needed

status: under review

topic: GraphQL

topic: Internationalization

topic: OpenAPI

topic: UI/UX

topic: cabling

topic: event rules

topic: htmx navigation

topic: industrialization

topic: migrations

topic: plugins

topic: scripts

topic: templating

topic: testing

type: bug

type: deprecation

type: documentation

type: feature

type: housekeeping

type: translation

No Label status: accepted type: feature

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/netbox#7381