netbox

Table of Contents

1. Description
2. Setup - The basics of getting started with netbox
   • What netbox affects
   • Setup requirements
   • Beginning with netbox
3. Usage - Configuration options and additional functionality
   • A more interesting example
   • Example with Apache on Centos/RHEL8
4. Limitations - OS compatibility, etc.
5. Development - Guide for contributing to the module

Description

Puppet module for installing and configuring Netbox, an IPAM (IP Adress Management) tool initially conceived by the network engineering team at DigitalOcean. The documentation for Netbox can be found here

Setup

What netbox affects

This module installs and configures Netbox. Netbox needs PostgreSQL and Redis to work, and this module can optionally handle that too. Netbox is a Python web applications built on the Django framework and uses the Gunicorn webserver. Usually you place a webserver (like Nginx og Apache) in front of it. This is not part of this module, but a configuration using Apache is provided. Everything in this module is made according to the Netbox documentation. As such, if something is not properly explained here, you can probably find answers to your questions there.

Setup Requirements

You need to have epel configured. The easiest way to do that is by running:

yum install -y epel-release

This module has been tested with Apache HTTPD using the puppetlabs-apache module. There are a couple of gotchas, see example with Apache on Centos/RHEL8.

Beginning with Netbox

Add dependency modules to your puppet environment:

• camptocamp/systemd
• puppet/archive
• puppetlabs/inifile
• puppetlabs/stdlib

If you are going to use this module to install PostgreSQL and Redis, then you need these as well:

• puppetlabs/postgresql
• puppetlabs/concat
• puppet/redis

If you are following along the Apache example you also need to handle Selinux:

• puppet/selinux

Usage

In its simplest configuration, the module needs only one parameter set. This is the secret_key. This is something Netbox will not run without, and is recomended to be an at least 50 character long string of letters, symbols and numbers. This is to be treated as a secret.

By default, PostgreSQL and Redis is set up as part of the installation. If you have your own PostgreSQL or Redis installation you want to use, you simply set $handle_database and $handle_redis to false. Some configuration is offered, but if you need to tweek any of those two softwares, I would recommend handling them outside of this module.

The following code shows an example where you have a profile::netbox (because of course you are using the "roles and profiles" design pattern) which takes in the secret key. This could for example be stored in Hiera eyaml.

class profile::netbox (
  String $netbox_secret_key,
) {

  class { 'netbox':
    secret_key    => $netbox_secret_key,
  }
}

You also need to set up a django superuser manually after installing. This is the admin account to your Netbox application. To do this, use the virtual Python environment created by the installation and the manage.py command:

# cd /opt/netbox
# source venv/bin/activate
(venv) # cd netbox
(venv) # python3 manage.py createsuperuser
Username: admin
Email address: admin@example.com
Password:
Password (again):
Superuser created successfully.

If you have installed Netbox in an non-default location, then you have adapt the above description accordingly.

A more interesting example

You probably want to adjust your parameters a little more than the minimal example. Here is a more realistic one:

  class { 'netbox':
    secret_key        => $netbox_secret_key,
    allowed_hosts     => [$trusted[certname], 'localhost'],
    banner_top        => 'TOP BANNER TEXT',
    banner_login      => 'WELCOME TO THE NETBOX LOGIN',
    banner_bottom     => 'BOTTOM BANNER TEXT',
    database_password => $netbox_database_password,
    $email_from_email => "netbox@${trusted[domain]},
  }

The $netbox_database_password is expected to be defined in wherever you include the Netbox module from. Should probably be stored in Hiera Eyaml.

Example with Apache on Centos/RHEL8

Here is a full working example with a Netbox profile which includes Netbox module and Apache with settings as recommended in the Netbox documentation. Note that for this setup to work you need:

• The boolean httpd_can_network_connect set to true:
  • Done in the example, requires the puppet/selinux module
• The apache user must be part of the netboxgroup:
  • usermod apache -G netbox

# Netbox
#
# Profile for running Netbox through the ahs/netbox-module
#
class profile::netbox (
  String $netbox_secret_key,
) {

selinux::boolean { 'httpd_can_network_connect': }
# usermod apache -G netbox

  class { 'netbox':
    secret_key    => $netbox_secret_key,
    allowed_hosts => [$trusted[certname]],
    banner_top    =>  'TOP BANNER TEXT',
    banner_bottom =>  'BOTTOM BANNER TEXT',
  }
  class { 'apache':
    default_vhost => false,
  }

  class { 'apache::mod::wsgi':
    mod_path     => '/usr/lib64/httpd/modules/mod_wsgi_python3.so',
    package_name => 'python3-mod_wsgi',
  }

  apache::vhost { $trusted[certname]:
    servername              => $trusted[certname],
    port                    => '80',
    proxy_preserve_host     => true,
    docroot                 => '/opt/netbox/netbox/',
    request_headers         => [
      'set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}',
    ],
    proxy_pass              => [
      { path        => '/',
        url         => 'http://127.0.0.1:8001/',
        reverse_url => 'http://127.0.0.1:8001/'
      },
    ],
    aliases                 => [
      { alias => '/static',
        path  => '/opt/netbox/netbox/static',
      },
    ],
    wsgi_pass_authorization => 'On',
    directories             => [
    { path            => '/opt/netbox/netbox/static',
      provider        => 'directory',
      custom_fragment => 'Options Indexes FollowSymLinks MultiViews'
    },
    { path            => '/static',
      provider        => 'location',
      custom_fragment => 'ProxyPass !'
    },
  ],
  }
}

Limitations

This module is only tested on RHEL/Centos8 at the moment, and will not work for Ubuntu family or older versions of EL just yet.

There are several optional integrations and configuration options found in the Netbox documentation that is not supported by this module yet. Including but not limited to:

• Napalm
• Remote File Storage
• LDAP Authentication

Development

I would be more than happy if you wanted to improve this module. Use the Github issue tracker to submit issues og fork it and issue Pull Requests.

Reference

Table of Contents

Classes

• netbox: Manage Netbox
• netbox::config: Configures Netbox and gunicorn
• netbox::database: Sets up the PostgreSQL database for netbox
• netbox::install: Installs Netbox
• netbox::redis: Class that handles the installation of Redis
• netbox::service: Manage the Netbox and Netvox-rq Systemd services

Classes

netbox

Install, configure and run Netbox

Examples

Defaults

class { 'netbox':
  secret_key => $my_secret_variable
}

Downloading from a different repository

class { 'netbox':
  version           => 'x.y.z',
  download_url      => 'https://my.local.repo.example.com/netbox/netbox-x.y.z.tar.gz',
  download_checksum => 'abcde...',
}

Parameters

The following parameters are available in the netbox class.

version

Data type: String

The version of Netbox. This must match the version in the tarball. This is used for managing files, directories and paths in the service.

Default value: '2.7.10'

user

Data type: String

The user owning the Netbox installation files, and running the service.

Default value: 'netbox'

group

Data type: String

The group owning the Netbox installation files, and running the service.

Default value: 'netbox'

secret_key

Data type: String

A random string of letters, numbers and symbols that Netbox needs. This needs to be supplied, and should be treated as a secret. Should be at least 50 characters long.

download_url

Data type: String

Where to download the binary installation tarball from.

Default value: 'https://github.com/netbox-community/netbox/archive/v2.7.10.tar.gz'

download_checksum

Data type: String

The expected checksum of the downloaded tarball. This is used for verifying the integrity of the downloaded tarball.

Default value: '21743eda8f633761fd9a16c28658235e7ee9a79b15353770b4b1fe0d133a26e5'

download_checksum_type

Data type: String

The checksum type of the downloaded tarball. This is used for verifying the integrity of the downloaded tarball.

Default value: 'sha256'

download_tmp_dir

Data type: Stdlib::Absolutepath

Temporary directory for downloading the tarball.

Default value: '/var/tmp'

install_root

Data type: Stdlib::Absolutepath

The root directory of the netbox installation.

Default value: '/opt'

handle_database

Data type: Boolean

Should the PostgreSQL database be handled by this module. Defaults to true.

Default value: true

email_server

Data type: String

Host name or IP address of the email server (use localhost if running locally) https://netbox.readthedocs.io/en/stable/configuration/optional-settings/#email

Default value: 'localhost'

email_timeout

Data type: Integer

Amount of time to wait for a connection (seconds) https://netbox.readthedocs.io/en/stable/configuration/optional-settings/#email

Default value: 10

email_port

Data type: Stdlib::Port

TCP port to use for the connection (default: 25) https://netbox.readthedocs.io/en/stable/configuration/optional-settings/#email

Default value: 25

email_username

Data type: String

Username with which to authenticate https://netbox.readthedocs.io/en/stable/configuration/optional-settings/#email

Default value: ''

email_password

Data type: String

Password with which to authenticate https://netbox.readthedocs.io/en/stable/configuration/optional-settings/#email

Default value: ''

email_from_email

Data type: String

Sender address for emails sent by NetBox https://netbox.readthedocs.io/en/stable/configuration/optional-settings/#email

Default value: ''

handle_redis

Data type: Boolean

Should the Redis installation be handled by this module. Defaults to true.

Default value: true

database_name

Data type: String

Name of the PostgreSQL database. If handle_database is true, then this database gets created as well. If not, then it is only used by the application, and needs to exist. Defaults to 'netbox'

Default value: 'netbox'

database_user

Data type: String

Name of the PostgreSQL database user. If handle_database is true, then this database user gets created as well. If not, then it is only used by the application, and needs to exist. Defaults to 'netbox'

Default value: 'netbox'

database_password

Data type: String

Name of the PostgreSQL database password. If handle_database is true, then this database password gets created as well. If not, then it is only used by the application, and needs to exist. Defaults to 'netbox'

Default value: 'netbox'

database_host

Data type: Stdlib::Host

Name of the PostgreSQL database host. Defaults to 'localhost'

Default value: 'localhost'

database_port

Data type: Integer

PostgreSQL database port. NB! The PostgreSQL database that is made when using handle_database does not support configuring a non-standard port. So change this parameter only if using separate PostgreSQL DB with non-standard port. Defaults to 5432.

Default value: 5432

database_conn_max_age

Data type: Integer

Database max connection age in seconds. Defaults to 300.

Default value: 300

allowed_hosts

Data type: Array[Stdlib::Host]

Array of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.

Default value: ['netbox.exmple.com','localhost']

banner_top

Data type: String

Text for top banner on the Netbox webapp Defaults to the empty string

Default value: ''

banner_bottom

Data type: String

Text for bottom banner on the Netbox webapp Defaults to the empty string

Default value: ''

banner_login

Data type: String

Text for login banner on the Netbox webapp Defaults to the empty string

Default value: ''

base_path

Data type: String

Base URL path if accessing NetBox within a directory. For example, if installed at http://example.com/netbox/, set: BASE_PATH = 'netbox/'

Default value: ''

superuser_username

Data type: String

Username for the superuser. This user is created, but without a password. To set the password, you must run /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py changepassword

Default value: 'admin'

superuser_email

Data type: String

Email for the superuser

Default value: 'admin@example.com'

netbox::config

Configures Netbox and gunicorn, and load the database schema.

Examples

include netbox::config

Parameters

The following parameters are available in the netbox::config class.

user

Data type: String

The user owning the Netbox installation files, and running the service.

group

Data type: String

The group owning the Netbox installation files, and running the service.

install_root

Data type: Stdlib::Absolutepath

The root directory of the netbox installation.

allowed_hosts

Data type: Array[Stdlib::Host]

Array of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.

database_name

Data type: String

Name of the PostgreSQL database. If handle_database is true, then this database gets created as well. If not, then it is only used by the application, and needs to exist.

database_user

Data type: String

Name of the PostgreSQL database user. If handle_database is true, then this database user gets created as well. If not, then it is only used by the application, and needs to exist.

database_password

Data type: String

Name of the PostgreSQL database password. If handle_database is true, then this database password gets created as well. If not, then it is only used by the application, and needs to exist.

database_host

Data type: Stdlib::Host

Hostname where the PostgreSQL database resides.

database_port

Data type: Integer

PostgreSQL database port. NB! The PostgreSQL database that is made when using handle_database does not support configuring a non-standard port. So change this parameter only if using separate PostgreSQL DB with non-standard port. Defaults to 5432.

database_conn_max_age

Data type: Integer

Database max connection age in seconds. Defaults to 300.

redis_options

Data type: Hash

Options used against redis. Customize to fit your redis installation. Use default values if using the redis bundled with this module.

email_options

Data type: Hash

Options used for sending email.

secret_key

Data type: String

A random string of letters, numbers and symbols that Netbox needs. This needs to be supplied, and should be treated as a secret. Should be at least 50 characters long.

banner_top

Data type: String

Text for top banner on the Netbox webapp

banner_bottom

Data type: String

Text for bottom banner on the Netbox webapp

banner_login

Data type: String

Text for login banner on the Netbox webapp

base_path

Data type: String

Base URL path if accessing NetBox within a directory. For example, if installed at http://example.com/netbox/, set: BASE_PATH = 'netbox/'

netbox::database

This class sets up PostgreSQL database. This is optional, you can choose to handle that yourself.

Examples

include netbox::database

Parameters

The following parameters are available in the netbox::database class.

database_name

Data type: String

Name of the PostgreSQL database.

database_user

Data type: String

Name of the PostgreSQL database user.

database_password

Data type: String

Name of the PostgreSQL database password.

netbox::install

Installs Netbox

Examples

include netbox::install

Parameters

The following parameters are available in the netbox::install class.

install_root

Data type: Stdlib::Absolutepath

The root directory of the netbox installation.

version

Data type: String

The version of Netbox. This must match the version in the tarball. This is used for managing files, directories and paths in the service.

download_url

Data type: String

Where to download the binary installation tarball from.

download_checksum

Data type: String

The expected checksum of the downloaded tarball. This is used for verifying the integrity of the downloaded tarball.

download_checksum_type

Data type: String

The checksum type of the downloaded tarball. This is used for verifying the integrity of the downloaded tarball.

download_tmp_dir

Data type: Stdlib::Absolutepath

Temporary directory for downloading the tarball.

user

Data type: String

The user owning the Netbox installation files, and running the service.

group

Data type: String

The group owning the Netbox installation files, and running the service.

install_method

Data type: Enum['tarball', 'git_clone']

Method for getting the Netbox software

Default value: 'tarball'

netbox::redis

Class that handles the installation of Redis

Examples

include netbox::redis

netbox::service

A class for running Netbox as a Systemd service

Parameters

The following parameters are available in the netbox::service class.

user

Data type: String

The user running the service.

group

Data type: String

The group running the service.

install_root

Data type: Stdlib::Absolutepath

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Release [0.1.0] 2020-03-25

• Initial release.
• Download, install and start Netbox, with optionally also handling PostgreSQL and redis.
• Most important settings can be configured, but plenty are missing.
• Supports EL8 and nothing else right now.