This post captures details on how to install NetBox and configure it on a server running CentOS 7. NetBox is an IP address management (IPAM) and data center infrastructure management (DCIM) tool. As part of the install process, we shall be installing and configuring, the following:

  1. PostgreSQL – Database used by NetBox
  2. Apache – NetBox can be made accessible either using Apache or nginx. This post covers Apache and setting it up as reverse proxy.
  3. NetBox – the application itself
  4. gunicorn – Python WSGI server
  5. supervisord – a process control system used to control gunicorn.
  6. firewalld – used to configure firewall on CentOS 7

Install and Start PostgreSQL

NetBox uses PostgreSQL as the database to store all information. Follow the instructions below to install, configure and start PostgreSQL.

yum install -y postgresql postgresql-server postgresql-devel python-psycopg2

Initialize PostgreSQL database

postgresql-setup initdb

Modify the PostgreSQL configuration to accept password-based authentication by replacing ident with md5 for all host entries within /var/lib/pgsql/data/pg_hba.conf.

host    all             all             127.0.0.1/32            md5
host    all             all             ::1/128                 md5

Then, start the service:

systemctl enable postgresql
systemctl start postgresql
Create Database for NetBox

Use the commands below to create the database that will be used by NetBox and a user for the database.

Run the psql command as user postgres and create the netbox database.

sudo -u postgres psql

CREATE DATABASE netbox;
CREATE USER netbox WITH PASSWORD 'Ent90zaM';
GRANT ALL PRIVILEGES ON DATABASE netbox TO netbox;
\q
NetBox Install and Configuration

NetBox requires a few programs to be installed, before it can be installed. Using the commands below will enable Extra Packages for Enterprise Linux (epel) repository and install the programs required.

yum install -y epel-release
yum install -y gcc python2 python-devel python-pip libxml2-devel libxslt-devel libffi-devel graphviz openssl-devel git

Create netbox directory and clone netbox repository from github.

mkdir /home/netbox
cd /home/netbox
git clone -b master https://github.com/digitalocean/netbox.git .

Install all Python dependancies, using the commands below.

pip install --upgrade pip
pip install -r requirements.txt

Configure NetBox

cd netbox/netbox/
cp configuration.example.py configuration.py

Edit configuration.py and change the following:

ALLOWED_HOSTS
DATABASE configuration
SECRET_KEY - Run ‘python /home/netbox/netbox/generate_secret_key.py’ to generate a random key

Run the commands below to create the database schema.

cd /home/netbox/netbox/
./manage.py migrate

Run the command below to create admin account

./manage.py createsuperuser

Follow the prompts to create an admin account.

Run the command below to collect static files.

./manage.py collectstatic

This will give a head start by creating some of the definitions in the database.

./manage.py loaddata initial_data
Apache Installation and Configuration

This section captures the details on installation of Apache and configuring it to act as a reverse proxy to serve content from gunicorn.

Install Apache and configure it to start automatically on boot.

yum -y install httpd
systemctl enable httpd

Configure a new Virtual Host in Apache to listen on port 8000. The snippet below, will create a file called netbox.conf in /etc/httpd/conf.d directory.

echo "
Listen 8000

    ProxyPreserveHost On
    ServerName $DROPLETNAME
    Alias /static /home/netbox/netbox/static
    
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Require all granted
    
    
        ProxyPass !
    
    ProxyPass / http://127.0.0.1:8001/
    ProxyPassReverse / http://127.0.0.1:8001/

" > /etc/httpd/conf.d/netbox.conf

Start Apache service

systemctl restart httpd
Install and Configure gunicorn

Use pip to install gunicorn.

pip install gunicorn

Use the snippet below to create the gunicorn configuration file called gunicorn_config.py under /home/netbox/ directory.

echo  "
command = '/usr/bin/gunicorn'
pythonpath = '/home/netbox/netbox'
bind = '127.0.0.1:8001'
workers = 3
user = 'apache'
" > /home/netbox/gunicorn_config.py

The formula for calculating the number of workers to configure is

workers = 2n + 1

where n is the number of CPU cores.

Install and Configure supervisord

Install supervisor using yum and create a configuration file for netbox.

yum -y install supervisor
echo "
[program:netbox]
command = gunicorn -c /home/netbox/gunicorn_config.py netbox.wsgi
directory = /home/netbox/netbox/
user = apache
" > /etc/supervisord.d/netbox.ini

Configure supervisord to automatically start on boot and start the service.

systemctl enable supervisord
systemctl start supervisord
Configure firewalld

Note: Ignore this part of the post if you are not using firewalld. You can verify whether firewalld is running on your CentOS 7 server or not by executing the command:

firewall-cmd status

If the output is “running”, then your system is configured for firewalld.

Earlier in the post, Apache was configured as a reverse proxy to allow client browsers to connect to port 8000. The requests are proxied to gunicorn WSGI listening on port 8001. I order to allow clients to successfully connect to NetBox, port 8000 must be open in the firewall.

To verify the firewall rule set, run the command

firewall-cmd --list-all

You should see an output similar to one below, which shows that ssh is the only service allowed on this server.

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens160
  sources:
  services: ssh
  ports: 
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules: 

To allow inbound connections to port 800, run the command below and reload the firewall rule set.

firewall-cmd --permanent --zone=public --add-port=8000/tcp
firewall-cmd --reload

You should be able to access NetBox by accessing it using http://hostname.of.server:8000/

print