NETBOX

Материал из megapuper
Перейти к: навигация, поиск

The following sections detail how to set up a new instance of NetBox:

PostgreSQL database

Ставим PostgreSQL в данном случае версия 17 

apt install -y postgresql
sudo -u postgres psql

Создаём базу и пользователя 

CREATE DATABASE netbox;
CREATE USER netbox WITH PASSWORD 'пароль';
ALTER DATABASE netbox OWNER TO netbox;
-- the next two commands are needed on PostgreSQL 15 and later
\connect netbox;
GRANT CREATE ON SCHEMA public TO netbox;

Проверяем подключение 

root@netbox ~ # psql --username netbox --password --host localhost netbox
Password: 
psql (17.8 (Debian 17.8-1.pgdg13+1))
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, compression: off, ALPN: postgresql)
Type "help" for help.

netbox=> \conninfo
You are connected to database "netbox" as user "netbox" on host "localhost" (address "127.0.0.1") at port "5432".
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, compression: off, ALPN: postgresql)


Redis

Устанавливаем редис сервер 

apt install -y redis-server

Проверяем 

# redis-server -v
Redis server v=8.0.2 sha=00000000:0 malloc=jemalloc-5.3.0 bits=64 build=3951f4e1c0288395
# redis-cli ping
PONG


NetBox components

Переходим к установке Netbox. Устанавливаемая версия 4.5 поддерживает Python 3.12 и выше


Устанавливаем зависимости 

apt install -y python3 python3-pip python3-venv python3-dev build-essential libxml2-dev libxslt1-dev libffi-dev libpq-dev libssl-dev zlib1g-dev


Проверяем версию Python после установки 

python3 -V
Python 3.13.5


Определяемся с версией Netbox https://github.com/netbox-community/netbox/releases и скачиваем 

wget https://github.com/netbox-community/netbox/archive/refs/tags/vX.Y.Z.tar.gz
tar -xzf vX.Y.Z.tar.gz -C /opt
ln -s /opt/netbox-X.Y.Z/ /opt/netbox

Рекомендуется устанавливать NetBox в каталог, названный в соответствии с номером его версии. Например, NetBox v4.5.0 следует установить в /opt/netbox-4.5.0, а симлинк из /opt/netbox/ будет указывать на это местоположение. Это позволяет устанавливать будущие версии параллельно, не прерывая текущую установку. При переходе на новую версию необходимо обновить только симлинк.

Создаём пользователя и даём ему права 

adduser --system --group netbox
chown --recursive netbox /opt/netbox/netbox/media/
chown --recursive netbox /opt/netbox/netbox/reports/
chown --recursive netbox /opt/netbox/netbox/scripts/


Переходим к конфигурационному файлу 

cd /opt/netbox/netbox/netbox/
cp configuration_example.py configuration.py


Готовим конфиг
<config>

  2. #
  3. Required settings #
  4. #
  1. This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write
  2. access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.
  4. Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']

ALLOWED_HOSTS = ['netboxold.iwad.ru', '172.16.37.26', '172.16.37.10']

  1. PostgreSQL database configuration. See the Django documentation for a complete list of available parameters:
  2. https://docs.djangoproject.com/en/stable/ref/settings/#databases

DATABASES = { 

   'default': {
       'ENGINE': 'django.db.backends.postgresql',  # Database engine
       'NAME': 'netbox',         # Database name
       'USER': 'netbox',               # PostgreSQL username
       'PASSWORD': 'PvqMVVdLDb1Nz6gxZrwG',           # PostgreSQL password
       'HOST': 'localhost',      # Database server
       'PORT': ,               # Database port (leave blank for default)
       'CONN_MAX_AGE': 300,      # Max database connection age
   }

}

  1. Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate
  2. configuration exists for each. Full connection details are required in both sections, and it is strongly recommended
  3. to use two separate database IDs.

REDIS = { 

   'tasks': {
       'HOST': 'localhost',
       'PORT': 6379,
       # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
       # 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
       # 'SENTINEL_SERVICE': 'netbox',
       'USERNAME': ,
       'PASSWORD': ,
       'DATABASE': 0,
       'SSL': False,
       # Set this to True to skip TLS certificate verification
       # This can expose the connection to attacks, be careful
       # 'INSECURE_SKIP_TLS_VERIFY': False,
       # Set a path to a certificate authority, typically used with a self signed certificate.
       # 'CA_CERT_PATH': '/etc/ssl/certs/ca.crt',
   },
   'caching': {
       'HOST': 'localhost',
       'PORT': 6379,
       # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
       # 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
       # 'SENTINEL_SERVICE': 'netbox',
       'USERNAME': ,
       'PASSWORD': ,
       'DATABASE': 1,
       'SSL': False,
       # Set this to True to skip TLS certificate verification
       # This can expose the connection to attacks, be careful
       # 'INSECURE_SKIP_TLS_VERIFY': False,
       # Set a path to a certificate authority, typically used with a self signed certificate.
       # 'CA_CERT_PATH': '/etc/ssl/certs/ca.crt',
   }

}

  1. This key is used for secure generation of random numbers and strings. It must never be exposed outside of this file.
  2. For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and
  3. symbols. NetBox will not run without this defined. For more information, see
  4. https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY

SECRET_KEY = 'N9-)X8OWr^aLQ-BL+dpNnR2r!uqV0bs%P8bHzEYUw2xrg73Ja4'


  2. #
  3. Optional settings #
  4. #
  1. Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of
  2. application errors (assuming correct email settings are provided).

ADMINS = [ 

   # ('John Doe', 'jdoe@example.com'),

]

  1. Permit the retrieval of API tokens after their creation.

ALLOW_TOKEN_RETRIEVAL = False

  1. Enable any desired validators for local account passwords below. For a list of included validators, please see the
  2. Django documentation at https://docs.djangoproject.com/en/stable/topics/auth/passwords/#password-validation.

AUTH_PASSWORD_VALIDATORS = [ 

   # {
   #     'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
   #     'OPTIONS': {
   #         'min_length': 10,
   #     }
   # },

]

  1. Base URL path if accessing NetBox within a directory. For example, if installed at https://example.com/netbox/, set:
  2. BASE_PATH = 'netbox/'

BASE_PATH =

  1. API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be
  2. allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or
  3. CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers

CORS_ORIGIN_ALLOW_ALL = False CORS_ORIGIN_WHITELIST = [

  1. 'https://netbox.iwad.ru',

] CORS_ORIGIN_REGEX_WHITELIST = [ 

   # r'^(https?://)?(\w+\.)?example\.com$',

]

  1. The name to use for the CSRF token cookie.
  2. CSRF_COOKIE_NAME = 'csrftoken'

CSRF_TRUSTED_ORIGINS = ['https://netboxold.iwad.ru']

  1. Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal
  2. sensitive information about your installation. Only enable debugging while performing testing. Never enable debugging
  3. on a production system.

DEBUG = False

  1. Set the default preferred language/locale

DEFAULT_LANGUAGE = 'en-us'

  1. Email settings

EMAIL = { 

   'SERVER': 'localhost',
   'PORT': 25,
   'USERNAME': ,
   'PASSWORD': ,
   'USE_SSL': False,
   'USE_TLS': False,
   'TIMEOUT': 10,  # seconds
   'FROM_EMAIL': ,

}

  1. Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and
  2. by anonymous users. List models in the form `<app>.<model>`. Add '*' to this list to exempt all models.

EXEMPT_VIEW_PERMISSIONS = [ 

   # 'dcim.site',
   # 'dcim.region',
   # 'ipam.prefix',

]

  1. HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks).
  2. HTTP_PROXIES = {
  3. 'http': 'http://10.10.1.10:3128',
  4. 'https': 'http://10.10.1.10:1080',
  5. }
  1. IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing
  2. NetBox from an internal IP.

INTERNAL_IPS = ('127.0.0.1', '::1')

  1. Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs:
  2. https://docs.djangoproject.com/en/stable/topics/logging/

LOGGING = {}

  1. Automatically reset the lifetime of a valid session upon each authenticated request. Enables users to remain
  2. authenticated to NetBox indefinitely.

LOGIN_PERSISTENCE = False

  1. Setting this to False will permit unauthenticated users to access most areas of NetBox (but not make any changes).

LOGIN_REQUIRED = True

  1. The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to
  2. re-authenticate. (Default: 1209600 [14 days])

LOGIN_TIMEOUT = None

  1. Hide the login form. Useful when only allowing SSO authentication.

LOGIN_FORM_HIDDEN = False

  1. The view name or URL to which users are redirected after logging out.

LOGOUT_REDIRECT_URL = 'home'

  1. The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. Note that
  2. the default value of this setting is derived from the installed location.
  3. MEDIA_ROOT = '/opt/netbox/netbox/media'
  1. Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics'

METRICS_ENABLED = False

  1. Enable installed plugins. Add the name of each plugin to the list.

PLUGINS = [

  1. "netbox_ipcalculator",

]

  1. Plugins configuration settings. These settings are used by various plugins that the user may have installed.
  2. Each key in the dictionary is the name of an installed plugin and its value is a dictionary of settings.
  3. PLUGINS_CONFIG = {
  4. 'my_plugin': {
  5. 'foo': 'bar',
  6. 'buzz': 'bazz'
  7. }
  8. }
  1. Remote authentication support

REMOTE_AUTH_ENABLED = True REMOTE_AUTH_BACKEND = 'netbox.authentication.LDAPBackend' REMOTE_AUTH_HEADER = 'HTTP_REMOTE_USER' REMOTE_AUTH_USER_FIRST_NAME = 'HTTP_REMOTE_USER_FIRST_NAME' REMOTE_AUTH_USER_LAST_NAME = 'HTTP_REMOTE_USER_LAST_NAME' REMOTE_AUTH_USER_EMAIL = 'HTTP_REMOTE_USER_EMAIL' REMOTE_AUTH_AUTO_CREATE_USER = True REMOTE_AUTH_DEFAULT_GROUPS = [] REMOTE_AUTH_DEFAULT_PERMISSIONS = {}

  1. This repository is used to check whether there is a new release of NetBox available. Set to None to disable the
  2. version check or use the URL below to check for release in the official NetBox repository.

RELEASE_CHECK_URL = None

  1. RELEASE_CHECK_URL = 'https://api.github.com/repos/netbox-community/netbox/releases'
  1. The file path where custom reports will be stored. A trailing slash is not needed. Note that the default value of
  2. this setting is derived from the installed location.
  3. REPORTS_ROOT = '/opt/netbox/netbox/reports'
  1. Maximum execution time for background tasks, in seconds.

RQ_DEFAULT_TIMEOUT = 300

  1. The file path where custom scripts will be stored. A trailing slash is not needed. Note that the default value of
  2. this setting is derived from the installed location.
  3. SCRIPTS_ROOT = '/opt/netbox/netbox/scripts'
  1. The name to use for the session cookie.

SESSION_COOKIE_NAME = 'sessionid'

  1. By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use
  2. local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only
  3. database access.) Note that the user as which NetBox runs must have read and write permissions to this path.

SESSION_FILE_PATH = None

  1. By default the memory and disk sizes are displayed using base 10 (e.g. 1000 MB = 1 GB).
  2. If you would like to use base 2 (e.g. 1024 MB = 1 GB) set this to 1024.
  3. DISK_BASE_UNIT = 1024
  4. RAM_BASE_UNIT = 1024
  1. Within the STORAGES dictionary, "default" is used for image uploads, "staticfiles" is for static files and "scripts"
  2. is used for custom scripts. See django-storages and django-storage-swift libraries for more details. By default the
  3. following configuration is used:
  4. STORAGES = {
  5. "default": {
  6. "BACKEND": "django.core.files.storage.FileSystemStorage",
  7. },
  8. "staticfiles": {
  9. "BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage",
  10. },
  11. "scripts": {
  12. "BACKEND": "extras.storage.ScriptFileSystemStorage",
  13. },
  14. }
  1. Time zone (default: UTC)

TIME_ZONE = 'UTC'

</config>









uWSGI
HTTP server
LDAP authentication (optional)










https://nixhub.ru/posts/netbox-install/
https://netboxlabs.com/docs/netbox/installation/

Источник — «http://megapuper.ru/index.php?title=NETBOX&oldid=160247»