cdist-type__netbox(7)

NAME

cdist-type__netbox - Install and configure NetBox

DESCRIPTION

This (singleton) type installs and configures a NetBox instance, a web application to help manage and document computer networks.

It installs it with the user netbox at /opt/netbox with python-venv. It setup systemd unit files for the services netbox and netbox-rq. The netbox service only wrap all netbox related services, e.g. restarting and so one will be delegated to all related services.

The application is still not accessable because a WSGI server is required. To access the application through WSGI, uWSGI or Gunicorn can be used. The setup can be done via there own types __netbox_gunicorn and __netbox_uwsgi.

The Gunicorn setup is recommended from the NetBox documentation. Consult each manual page to decide. The types must be called after the __netbox type.

REQUIRED PARAMETERS

version

NetBox version to be installed. You can find the correct and newest version on GitHub at the NetBox project page under “Releases”.

database

PostgreSQL database name.

database-user

PostgreSQL database user.

database-password

PostgreSQL database password.

host

Hostname (domain or IP address) on which the application is served. Multiple hostnames are possible; given as multiple arguments.

OPTIONAL PARAMETERS

secret-key

Random secret key of at least 50 alphanumeric characters and symbols. This key must be unique to this installation and must not be shared outside the local system. If no secret key is given, the type generates an own 50 chars long key and saves it on the remote host to remember it for the next run.

The secret, random string is used to assist in the creation new cryptographic hashes for passwords and HTTP cookies. It is not directly used for hasing user passwords or for encrpted storage. It can be changed at any time, but will invalidate all existing sessions.

database-host

PostgreSQL database hostname. Defaults to localhost.

database-port

PostgreSQL database port. Defaults to empty (uses the default port).

ldap-server

LDAP server URI. Enables LDAP-backed authentication if specified.

ldap-bind-dn

DN for the NetBox service account. Required for LDAP authentication.

ldap-bind-password

Password for the NetBox service account. Required for LDAP authentication.

ldap-user-base

Base used for searching user entries. Required for LDAP authentication.

ldap-group-base

Base used for searching group entries.

ldap-require-group

Group required to login.

ldap-staff-group

Make members of this group to “staff”. This gives the users “Admin Access”, which means access to the “NetBox Administration” site.

ldap-superuser-group

Make members of this groups superusers.

redis-host

Redis database hostname. Defaults to localhost.

redis-port

Redis database port. Defaults to 6379.

redis-password

Redis password. Defaults to empty password.

redis-dbid-offset

Offset to set the redis database id’s. The tasks database id is offset + 0 and caching is offset + 1. The offset defaults to 0.

smtp-host

Host of the SMTP email server. Defaults to localhost.

smtp-port

Port of the SMTP email server. Defaults to 25.

smtp-user

Username to access the SMTP email server. Defaults to empty.

smtp-password

Password to access the SMTP email server. Defaults to empty.

smtp-from-email

Email from which NetBox will be sent of. Defaults to empty.

basepath

Base URL path if accessing netbox within a directory instead of directly the webroot /. For example, if installed at https://example.com/netbox/, set the value netbox/.

https-proxy

Proxy which will be used with any HTTP request like webhooks.

data-root

This parameter set’s the media, reports and scripts root to subdirectories of the given directory. Values can be overwritten by special parameters like –media-root for example. Use this option if you want to store persistant data of netbox on an other partition. A trailing slash is not needed.

The data directories have following predefined sub-directory names:

media root:

$data_root/media

reports root:

$data_root/reports

scripts root:

$data_root/scripts

To preserve all data from installation upgrades - which just replace the installation directory - the data will be kept in the netbox home directory rather than the installation directory by default (/opt/netbox/data/). This way, no data will be deleted after the installation directory replacement because it remains outside of the installation directory.

media-root

The file path to where media files (like image attachments) are stored. Change this path if you require to store data on an other partiotion. A trailing slash is not needed. Defaults to $data_root/media.

reports-root

The file path of where custom reports are kept. Change this path if you require to store data on an other partition. A trailing slash is not needed. Defaults to $data_root/reports.

scripts-root

The file path of where custom scripts are kept. Change this path if you require to store data on an other partition. A trailing slash is not needed. Defaults to $data_root/scripts.

BOOLEAN PARAMETERS

redis-ssl

Enables a secure TLS/SSL connection to the redis database. By default, ssl is disabled.

smtp-use-tls

Uses TLS to connect to the SMTP email server. See documentation for more information.

smtp-use-ssl

Uses implicit TLS with the SMTP email server. See documentation for more information.

login-required

Sets if a login is required to access all sites. By default, anonymous users can see most data (excluding secrets) but not make any changes.

update-notify

Enables the NetBox version check for new upstream updates. It checks every 24 hours for new releases and notify the admin users in the gui if any.

MESSAGES

installed $VERSION

Netbox was fresh installed or updated. The new version number is appended.

configured

Some configuration files got updated and therefore the service was restarted. This message will not be echoed if configuration got updated due a standard installation.

EXAMPLES

__netbox --version 2.8.7 --database netbox \
              --database-password "secretsecretsecret" \
              --secret-key "secretsecretsecret" \
              --host "${__target_host:?}" \
              --host "cool-netbox.xyz" \
              --ldap-server "ldaps://ldap.domain.tld" \
              --ldap-bind-dn "uid=netbox,ou=services,dc=domain,dc=tld" \
              --ldap-bind-password "secretsecretsecret" \
              --ldap-user-base "ou=users,dc=domain,dc=tld" \
              --ldap-group-base "ou=groups,dc=domain,dc=tld" \
              --ldap-require-group "cn=netbox-login,ou=groups,dc=domain,dc=tld" \
              --ldap-superuser-group "cn=netbox-admin,ou=groups,dc=domain,dc=tld"
# using recommended gunicorn setup
require="__netbox" __netbox_gunicorn

NOTES

The configuration of NetBox contains more optional settings than that what can be set with this type. If you think an important setting is missing or there is a more good way to inject python code for dynamic configuration variables, you are welcome to contribute!

If you not setup ldap authentification, you may be interested into how to setting up a super user directly on the machine to be able to access and use NetBox.

You may also be interested of writing a own type which handles the creation of the super user. To do this non-interactivly, see the ansible role as reference.

If you change the secret key while the netbox instance is running, there is a time frame where the access to the application corrupts the whole database. Then, you need to restore a backup or wipe the database.

Currently, the cause is not clear, but it should work if you do not touch netbox while the configuration is done (do not shut it down, too). It only applies for changes of the secret key, which not happen normally.

Maybe the –restart flag for the __systemd_unit types is not the best idea, but avoids that the changes will not be applied. It could be solved if the type would send messages from his actions.

SEE ALSO

NetBox documentation

cdist-type__netbox_gunicorn(7) cdist-type__netbox_uwsgi(7)

AUTHORS

Timothée Floure <t.floure@e-durable.ch> Matthias Stecher <matthiasstecher@gmx.de>

COPYING

Copyright (C) 2020 Timothée Floure. Copyright (C) 2020 Matthias Stecher. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.