netbox
Version information
This version is compatible with:
- Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
- Puppet >= 4.10.0 < 7.0.0
- ,
Start using this module
Add this module to your Puppetfile:
mod 'ash-netbox', '0.1.0'
Learn more about managing modules with a PuppetfileDocumentation
netbox
Table of Contents
- Description
- Setup - The basics of getting started with netbox
- Usage - Configuration options and additional functionality
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Description
Puppet module for installing and configuring Netbox, an IPAM (IP Adress Management) tool initially conceived by the network engineering team at DigitalOcean. The documentation for Netbox can be found here
Setup
What netbox affects
This module installs and configures Netbox. Netbox needs PostgreSQL and Redis to work, and this module can optionally handle that too. Netbox is a Python web applications built on the Django framework and uses the Gunicorn webserver. Usually you place a webserver (like Nginx og Apache) in front of it. This is not part of this module, but a configuration using Apache is provided. Everything in this module is made according to the Netbox documentation. As such, if something is not properly explained here, you can probably find answers to your questions there.
Setup Requirements
You need to have epel configured. The easiest way to do that is by running:
yum install -y epel-release
This module has been tested with Apache HTTPD using the puppetlabs-apache
module. There are a couple of gotchas, see example with Apache on Centos/RHEL8.
Beginning with Netbox
Add dependency modules to your puppet environment:
- camptocamp/systemd
- puppet/archive
- puppetlabs/inifile
- puppetlabs/stdlib
If you are going to use this module to install PostgreSQL and Redis, then you need these as well:
- puppetlabs/postgresql
- puppetlabs/concat
- puppet/redis
If you are following along the Apache example you also need to handle Selinux
:
- puppet/selinux
Usage
In its simplest configuration, the module needs only one parameter set. This is the secret_key
. This is something Netbox will not run without, and is recomended to be an at least 50 character long string of letters, symbols and numbers. This is to be treated as a secret.
By default, PostgreSQL and Redis is set up as part of the installation. If you have your own PostgreSQL or Redis installation you want to use, you simply set $handle_database
and $handle_redis
to false
. Some configuration is offered, but if you need to tweek any of those two softwares, I would recommend handling them outside of this module.
The following code shows an example where you have a profile::netbox
(because of course you are using the "roles and profiles" design pattern) which takes in the secret key. This could for example be stored in Hiera eyaml.
class profile::netbox (
String $netbox_secret_key,
) {
class { 'netbox':
secret_key => $netbox_secret_key,
}
}
You also need to set up a django superuser manually after installing. This is the admin account to your Netbox application. To do this, use the virtual Python environment created by the installation and the manage.py
command:
# cd /opt/netbox
# source venv/bin/activate
(venv) # cd netbox
(venv) # python3 manage.py createsuperuser
Username: admin
Email address: admin@example.com
Password:
Password (again):
Superuser created successfully.
If you have installed Netbox in an non-default location, then you have adapt the above description accordingly.
A more interesting example
You probably want to adjust your parameters a little more than the minimal example. Here is a more realistic one:
class { 'netbox':
secret_key => $netbox_secret_key,
allowed_hosts => [$trusted[certname], 'localhost'],
banner_top => 'TOP BANNER TEXT',
banner_login => 'WELCOME TO THE NETBOX LOGIN',
banner_bottom => 'BOTTOM BANNER TEXT',
database_password => $netbox_database_password,
$email_from_email => "netbox@${trusted[domain]},
}
The $netbox_database_password
is expected to be defined in wherever you include the Netbox module from. Should probably be stored in Hiera Eyaml.
Example with Apache on Centos/RHEL8
Here is a full working example with a Netbox profile which includes Netbox module and Apache with settings as recommended in the Netbox documentation. Note that for this setup to work you need:
- The boolean
httpd_can_network_connect
set to true:- Done in the example, requires the
puppet/selinux
module
- Done in the example, requires the
- The
apache
user must be part of thenetbox
group:usermod apache -G netbox
# Netbox
#
# Profile for running Netbox through the ahs/netbox-module
#
class profile::netbox (
String $netbox_secret_key,
) {
selinux::boolean { 'httpd_can_network_connect': }
# usermod apache -G netbox
class { 'netbox':
secret_key => $netbox_secret_key,
allowed_hosts => [$trusted[certname]],
banner_top => 'TOP BANNER TEXT',
banner_bottom => 'BOTTOM BANNER TEXT',
}
class { 'apache':
default_vhost => false,
}
class { 'apache::mod::wsgi':
mod_path => '/usr/lib64/httpd/modules/mod_wsgi_python3.so',
package_name => 'python3-mod_wsgi',
}
apache::vhost { $trusted[certname]:
servername => $trusted[certname],
port => '80',
proxy_preserve_host => true,
docroot => '/opt/netbox/netbox/',
request_headers => [
'set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}',
],
proxy_pass => [
{ path => '/',
url => 'http://127.0.0.1:8001/',
reverse_url => 'http://127.0.0.1:8001/'
},
],
aliases => [
{ alias => '/static',
path => '/opt/netbox/netbox/static',
},
],
wsgi_pass_authorization => 'On',
directories => [
{ path => '/opt/netbox/netbox/static',
provider => 'directory',
custom_fragment => 'Options Indexes FollowSymLinks MultiViews'
},
{ path => '/static',
provider => 'location',
custom_fragment => 'ProxyPass !'
},
],
}
}
Limitations
This module is only tested on RHEL/Centos8 at the moment, and will not work for Ubuntu family or older versions of EL just yet.
There are several optional integrations and configuration options found in the Netbox documentation that is not supported by this module yet. Including but not limited to:
- Napalm
- Remote File Storage
- LDAP Authentication
Development
I would be more than happy if you wanted to improve this module. Use the Github issue tracker to submit issues og fork it and issue Pull Requests.
Reference
Table of Contents
Classes
netbox
: Manage Netboxnetbox::config
: Configures Netbox and gunicornnetbox::database
: Sets up the PostgreSQL database for netboxnetbox::install
: Installs Netboxnetbox::redis
: Class that handles the installation of Redisnetbox::service
: Manage the Netbox and Netvox-rq Systemd services
Classes
netbox
Install, configure and run Netbox
Examples
Defaults
class { 'netbox':
secret_key => $my_secret_variable
}
Downloading from a different repository
class { 'netbox':
version => 'x.y.z',
download_url => 'https://my.local.repo.example.com/netbox/netbox-x.y.z.tar.gz',
download_checksum => 'abcde...',
}
Parameters
The following parameters are available in the netbox
class.
version
Data type: String
The version of Netbox. This must match the version in the tarball. This is used for managing files, directories and paths in the service.
Default value: '2.7.10'
user
Data type: String
The user owning the Netbox installation files, and running the service.
Default value: 'netbox'
group
Data type: String
The group owning the Netbox installation files, and running the service.
Default value: 'netbox'
secret_key
Data type: String
A random string of letters, numbers and symbols that Netbox needs. This needs to be supplied, and should be treated as a secret. Should be at least 50 characters long.
download_url
Data type: String
Where to download the binary installation tarball from.
Default value: 'https://github.com/netbox-community/netbox/archive/v2.7.10.tar.gz'
download_checksum
Data type: String
The expected checksum of the downloaded tarball. This is used for verifying the integrity of the downloaded tarball.
Default value: '21743eda8f633761fd9a16c28658235e7ee9a79b15353770b4b1fe0d133a26e5'
download_checksum_type
Data type: String
The checksum type of the downloaded tarball. This is used for verifying the integrity of the downloaded tarball.
Default value: 'sha256'
download_tmp_dir
Data type: Stdlib::Absolutepath
Temporary directory for downloading the tarball.
Default value: '/var/tmp'
install_root
Data type: Stdlib::Absolutepath
The root directory of the netbox installation.
Default value: '/opt'
handle_database
Data type: Boolean
Should the PostgreSQL database be handled by this module. Defaults to true.
Default value: true
email_server
Data type: String
Host name or IP address of the email server (use localhost if running locally) https://netbox.readthedocs.io/en/stable/configuration/optional-settings/#email
Default value: 'localhost'
email_timeout
Data type: Integer
Amount of time to wait for a connection (seconds) https://netbox.readthedocs.io/en/stable/configuration/optional-settings/#email
Default value: 10
email_port
Data type: Stdlib::Port
TCP port to use for the connection (default: 25) https://netbox.readthedocs.io/en/stable/configuration/optional-settings/#email
Default value: 25
email_username
Data type: String
Username with which to authenticate https://netbox.readthedocs.io/en/stable/configuration/optional-settings/#email
Default value: ''
email_password
Data type: String
Password with which to authenticate https://netbox.readthedocs.io/en/stable/configuration/optional-settings/#email
Default value: ''
email_from_email
Data type: String
Sender address for emails sent by NetBox https://netbox.readthedocs.io/en/stable/configuration/optional-settings/#email
Default value: ''
handle_redis
Data type: Boolean
Should the Redis installation be handled by this module. Defaults to true.
Default value: true
database_name
Data type: String
Name of the PostgreSQL database. If handle_database is true, then this database gets created as well. If not, then it is only used by the application, and needs to exist. Defaults to 'netbox'
Default value: 'netbox'
database_user
Data type: String
Name of the PostgreSQL database user. If handle_database is true, then this database user gets created as well. If not, then it is only used by the application, and needs to exist. Defaults to 'netbox'
Default value: 'netbox'
database_password
Data type: String
Name of the PostgreSQL database password. If handle_database is true, then this database password gets created as well. If not, then it is only used by the application, and needs to exist. Defaults to 'netbox'
Default value: 'netbox'
database_host
Data type: Stdlib::Host
Name of the PostgreSQL database host. Defaults to 'localhost'
Default value: 'localhost'
database_port
Data type: Integer
PostgreSQL database port. NB! The PostgreSQL database that is made when using handle_database does not support configuring a non-standard port. So change this parameter only if using separate PostgreSQL DB with non-standard port. Defaults to 5432.
Default value: 5432
database_conn_max_age
Data type: Integer
Database max connection age in seconds. Defaults to 300.
Default value: 300
allowed_hosts
Data type: Array[Stdlib::Host]
Array of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.
Default value: ['netbox.exmple.com','localhost']
banner_top
Data type: String
Text for top banner on the Netbox webapp Defaults to the empty string
Default value: ''
banner_bottom
Data type: String
Text for bottom banner on the Netbox webapp Defaults to the empty string
Default value: ''
banner_login
Data type: String
Text for login banner on the Netbox webapp Defaults to the empty string
Default value: ''
base_path
Data type: String
Base URL path if accessing NetBox within a directory. For example, if installed at http://example.com/netbox/, set: BASE_PATH = 'netbox/'
Default value: ''
superuser_username
Data type: String
Username for the superuser. This user is created, but without a password. To set the password, you must run /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py changepassword
Default value: 'admin'
superuser_email
Data type: String
Email for the superuser
Default value: 'admin@example.com'
netbox::config
Configures Netbox and gunicorn, and load the database schema.
Examples
include netbox::config
Parameters
The following parameters are available in the netbox::config
class.
user
Data type: String
The user owning the Netbox installation files, and running the service.
group
Data type: String
The group owning the Netbox installation files, and running the service.
install_root
Data type: Stdlib::Absolutepath
The root directory of the netbox installation.
allowed_hosts
Data type: Array[Stdlib::Host]
Array of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.
database_name
Data type: String
Name of the PostgreSQL database. If handle_database is true, then this database gets created as well. If not, then it is only used by the application, and needs to exist.
database_user
Data type: String
Name of the PostgreSQL database user. If handle_database is true, then this database user gets created as well. If not, then it is only used by the application, and needs to exist.
database_password
Data type: String
Name of the PostgreSQL database password. If handle_database is true, then this database password gets created as well. If not, then it is only used by the application, and needs to exist.
database_host
Data type: Stdlib::Host
Hostname where the PostgreSQL database resides.
database_port
Data type: Integer
PostgreSQL database port. NB! The PostgreSQL database that is made when using handle_database does not support configuring a non-standard port. So change this parameter only if using separate PostgreSQL DB with non-standard port. Defaults to 5432.
database_conn_max_age
Data type: Integer
Database max connection age in seconds. Defaults to 300.
redis_options
Data type: Hash
Options used against redis. Customize to fit your redis installation. Use default values if using the redis bundled with this module.
email_options
Data type: Hash
Options used for sending email.
secret_key
Data type: String
A random string of letters, numbers and symbols that Netbox needs. This needs to be supplied, and should be treated as a secret. Should be at least 50 characters long.
banner_top
Data type: String
Text for top banner on the Netbox webapp
banner_bottom
Data type: String
Text for bottom banner on the Netbox webapp
banner_login
Data type: String
Text for login banner on the Netbox webapp
base_path
Data type: String
Base URL path if accessing NetBox within a directory. For example, if installed at http://example.com/netbox/, set: BASE_PATH = 'netbox/'
netbox::database
This class sets up PostgreSQL database. This is optional, you can choose to handle that yourself.
Examples
include netbox::database
Parameters
The following parameters are available in the netbox::database
class.
database_name
Data type: String
Name of the PostgreSQL database.
database_user
Data type: String
Name of the PostgreSQL database user.
database_password
Data type: String
Name of the PostgreSQL database password.
netbox::install
Installs Netbox
Examples
include netbox::install
Parameters
The following parameters are available in the netbox::install
class.
install_root
Data type: Stdlib::Absolutepath
The root directory of the netbox installation.
version
Data type: String
The version of Netbox. This must match the version in the tarball. This is used for managing files, directories and paths in the service.
download_url
Data type: String
Where to download the binary installation tarball from.
download_checksum
Data type: String
The expected checksum of the downloaded tarball. This is used for verifying the integrity of the downloaded tarball.
download_checksum_type
Data type: String
The checksum type of the downloaded tarball. This is used for verifying the integrity of the downloaded tarball.
download_tmp_dir
Data type: Stdlib::Absolutepath
Temporary directory for downloading the tarball.
user
Data type: String
The user owning the Netbox installation files, and running the service.
group
Data type: String
The group owning the Netbox installation files, and running the service.
install_method
Data type: Enum['tarball', 'git_clone']
Method for getting the Netbox software
Default value: 'tarball'
netbox::redis
Class that handles the installation of Redis
Examples
include netbox::redis
netbox::service
A class for running Netbox as a Systemd service
Parameters
The following parameters are available in the netbox::service
class.
user
Data type: String
The user running the service.
group
Data type: String
The group running the service.
install_root
Data type: Stdlib::Absolutepath
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
Release [0.1.0] 2020-03-25
- Initial release.
- Download, install and start Netbox, with optionally also handling PostgreSQL and redis.
- Most important settings can be configured, but plenty are missing.
- Supports EL8 and nothing else right now.