This post captures details on how to install NetBox and configure it on a server running CentOS 7. NetBox is an IP address management (IPAM) and data center infrastructure management (DCIM) tool. As part of the install process, we shall be installing and configuring, the following:
- PostgreSQL – Database used by NetBox
- Apache – NetBox can be made accessible either using Apache or nginx. This post covers Apache and setting it up as reverse proxy.
- NetBox – the application itself
- gunicorn – Python WSGI server
- supervisord – a process control system used to control gunicorn.
- firewalld – used to configure firewall on CentOS 7
Install and Start PostgreSQL
NetBox uses PostgreSQL as the database to store all information. Follow the instructions below to install, configure and start PostgreSQL.
yum install -y postgresql postgresql-server postgresql-devel python-psycopg2
Initialize PostgreSQL database
Modify the PostgreSQL configuration to accept password-based authentication by replacing ident with md5 for all host entries within /var/lib/pgsql/data/pg_hba.conf.
host all all 127.0.0.1/32 md5 host all all ::1/128 md5
Then, start the service:
systemctl enable postgresql systemctl start postgresql
Create Database for NetBox
Use the commands below to create the database that will be used by NetBox and a user for the database.
Run the psql command as user postgres and create the netbox database.
sudo -u postgres psql CREATE DATABASE netbox; CREATE USER netbox WITH PASSWORD 'Ent90zaM'; GRANT ALL PRIVILEGES ON DATABASE netbox TO netbox; \q
NetBox Install and Configuration
NetBox requires a few programs to be installed, before it can be installed. Using the commands below will enable Extra Packages for Enterprise Linux (epel) repository and install the programs required.
yum install -y epel-release yum install -y gcc python2 python-devel python-pip libxml2-devel libxslt-devel libffi-devel graphviz openssl-devel git
Create netbox directory and clone netbox repository from github.
mkdir /home/netbox cd /home/netbox git clone -b master https://github.com/digitalocean/netbox.git .
Install all Python dependancies, using the commands below.
pip install --upgrade pip pip install -r requirements.txt
cd netbox/netbox/ cp configuration.example.py configuration.py
Edit configuration.py and change the following:
ALLOWED_HOSTS DATABASE configuration SECRET_KEY - Run ‘python /home/netbox/netbox/generate_secret_key.py’ to generate a random key
Run the commands below to create the database schema.
cd /home/netbox/netbox/ ./manage.py migrate
Run the command below to create admin account
Follow the prompts to create an admin account.
Run the command below to collect static files.
This will give a head start by creating some of the definitions in the database.
./manage.py loaddata initial_data
Apache Installation and Configuration
This section captures the details on installation of Apache and configuring it to act as a reverse proxy to serve content from gunicorn.
Install Apache and configure it to start automatically on boot.
yum -y install httpd systemctl enable httpd
Configure a new Virtual Host in Apache to listen on port 8000. The snippet below, will create a file called netbox.conf in /etc/httpd/conf.d directory.
echo " Listen 8000 ProxyPreserveHost On ServerName $DROPLETNAME Alias /static /home/netbox/netbox/static Options Indexes FollowSymLinks MultiViews AllowOverride None Require all granted ProxyPass ! ProxyPass / http://127.0.0.1:8001/ ProxyPassReverse / http://127.0.0.1:8001/ " > /etc/httpd/conf.d/netbox.conf
Start Apache service
systemctl restart httpd
Install and Configure gunicorn
Use pip to install gunicorn.
pip install gunicorn
Use the snippet below to create the gunicorn configuration file called gunicorn_config.py under /home/netbox/ directory.
echo " command = '/usr/bin/gunicorn' pythonpath = '/home/netbox/netbox' bind = '127.0.0.1:8001' workers = 3 user = 'apache' " > /home/netbox/gunicorn_config.py
The formula for calculating the number of workers to configure is
workers = 2n + 1
where n is the number of CPU cores.
Install and Configure supervisord
Install supervisor using yum and create a configuration file for netbox.
yum -y install supervisor echo " [program:netbox] command = gunicorn -c /home/netbox/gunicorn_config.py netbox.wsgi directory = /home/netbox/netbox/ user = apache " > /etc/supervisord.d/netbox.ini
Configure supervisord to automatically start on boot and start the service.
systemctl enable supervisord systemctl start supervisord
Note: Ignore this part of the post if you are not using firewalld. You can verify whether firewalld is running on your CentOS 7 server or not by executing the command:
If the output is “running”, then your system is configured for firewalld.
Earlier in the post, Apache was configured as a reverse proxy to allow client browsers to connect to port 8000. The requests are proxied to gunicorn WSGI listening on port 8001. I order to allow clients to successfully connect to NetBox, port 8000 must be open in the firewall.
To verify the firewall rule set, run the command
You should see an output similar to one below, which shows that ssh is the only service allowed on this server.
public (active) target: default icmp-block-inversion: no interfaces: ens160 sources: services: ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
To allow inbound connections to port 800, run the command below and reload the firewall rule set.
firewall-cmd --permanent --zone=public --add-port=8000/tcp firewall-cmd --reload
You should be able to access NetBox by accessing it using http://hostname.of.server:8000/