NetBox is a very cool network inventory program that you can find HERE. The original installation guide is for installing on Ubuntu. This guide has been adapted for installation on a SUSE 15 server. As usual for an application written in Python, this procedure is considered to be working for a certain period of time. I'm pretty sure it won't work in a couple of months or more.
A minimal installation of SUSE SLE 15 SP4 was performed on a virtual machine with 2 processors and 8G memory. I am planning to host all NetBox components on the same server. NetBox is installed in the /opt directory and the postgres database is in /var/lib. Make sure you have enough space there.
Install some programs for comfortable work:
root:~ # zypper in vim bash-completion rsync
Bold font indicates the command that you are typing, the rest is the output of the command.
NetBox requires any postgres database version above 10. Looking for available packages:
root:~ # zypper se postgresql*server Loading repository data... Reading installed packages... S | Name | Summary | Type --+---------------------+-----------------------------------------------------------+-------- | postgresql-server | The Programs Needed to Create and Run a PostgreSQL Server | package | postgresql13-server | The Programs Needed to Create and Run a PostgreSQL Server | package | postgresql14-server | The Programs Needed to Create and Run a PostgreSQL Server | package
The latest available version is 14, let's use it:
root:~ # zypper in postgresql14-server
Start the service and enable it:
root:~ # systemctl enable --now postgresql Created symlink /etc/systemd/system/multi-user.target.wants/postgresql.service → /usr/lib/systemd/system/postgresql.service. root:~ # su - postgres postgres:~ $ psql -V psql (PostgreSQL) 14.5
The default configuration makes postgres to only listen on the loopback interface, which is perfect for our all-in-one server. The only thing you should tune is to allow login with a password. Edit the file /var/lib/pgsql/data/pg_hba.conf and replace "ident" with "md5" for all local connections.
postgres:~ $ grep md5 /var/lib/pgsql/data/pg_hba.conf host all all 127.0.0.1/32 md5 host all all ::1/128 md5
A service restart is required to apply the changes:
postgres:~ $ exit root:~ # systemctl restart postgresql
Generate any password:
root:~ # su - postgres
postgres:~ $ PASS=$(tr -dc 'A-Za-z0-9!@#$%&*()?/\\\[\]\{\}\-+_=<>.,' < /dev/urandom | head -c12)
Save the generated password to a file to reuse it later in the netbox configuration.
postgres:~ $ echo $PASS > keep.it
Create a database, a user with a generated password and grant him access to this database.
postgres:~ $ cat << EOFcat | psql CREATE DATABASE netbox; CREATE USER netbox WITH PASSWORD '$PASS'; GRANT ALL PRIVILEGES ON DATABASE netbox TO netbox; EOFcat CREATE DATABASE CREATE ROLE GRANT
Again, bold font indicates the command that you are typing, the rest is the output of the command.
Check if the connection is working:
postgres:~ $ psql "user=netbox password='"$PASS"' host=localhost" netbox psql (14.5) Type "help" for help. netbox=> \conninfo You are connected to database "netbox" as user "netbox" on host "localhost" (address "::1") at port "5432". netbox=> \q
Installation is simple:
root:~ # zypper in redis
The default settings are suitable for installing NetBox. Create a configuration file, enable and start the service. Test the functionality of the service using the Redis CLI.
root:~ # cp /etc/redis/default.conf.example /etc/redis/redis.conf root:~ # chmod +r /etc/redis/redis.conf root:~ # systemctl enable --now redis@redis Created symlink /etc/systemd/system/multi-user.target.wants/redis@redis.service → /usr/lib/systemd/system/redis@.service. Created symlink /etc/systemd/system/redis.target.wants/redis@redis.service → /usr/lib/systemd/system/redis@.service. root:~ # redis-cli ping PONG
According to the original instructions, there are several installation options. I chose to install by cloning the original repository. This requires the "git" tool.
root:~ # zypper in git
Clone source repository into /opt:
root:~ # cd /opt root:/opt # git clone -b master --depth 1 https://github.com/netbox-community/netbox.git
Create a "netbox" service user for fine-grained access:
root:~ # groupadd --system netbox root:~ # useradd --system -g netbox netbox root:~ # chown --recursive netbox /opt/netbox/netbox/media/
Create a NetBox configuration file by copying the example file and editing some important values:
root:~ # cd /opt/netbox/netbox/netbox/ root:/opt/netbox/netbox/netbox # cp configuration_example.py configuration.py root:/opt/netbox/netbox/netbox # vi configuration.py
The most important variables to fix are ALLOWED_HOSTS (it can be '*' to match any host), DATABASE connection string (put the username and saved password in there). Another variable that needs to be set is SECRET_KEY, which should be 50 random characters long. The LOGIN_TIMEOUT variable can be set to a reasonable value, such as 36000, otherwise the user will be logged in forever.
SUSE ships with Python v3.6 installed by default. NetBox requires a Python version greater than v3.8. Let's install it. You will probably need to activate the corresponding module for this:
root:~ # SUSEConnect -p sle-module-python3/15.4/x86_64 .. root:~ # zypper se python3*pip .. S | Name | Summary | Type --+---------------+------------------------------------+----------- i | python3-pip | A Python package management system | package | python310-pip | A Python package management system | package | python310-pip | A Python package management system | srcpackage
Looks like python v3.10 is available for installation. We have to install python and its pip:
root:~ # zypper in python310 python310-pip
Once installed, make it active for the current session:
root:~ # type python3.10 python3.10 is /usr/bin/python3.10 root:~ # export PYTHON=/usr/bin/python3.10
Now you can finish the installation. The installer will download from the internet and install the necessary Python packages, so allow internet access at this point.
root:~ # export PYTHON=/usr/bin/python3.10 root:~ # /opt/netbox/upgrade.sh .. Finished.
The next step is to create a superuser account for the initial login. Use it to create other administrators.
root:~ # source /opt/netbox/venv/bin/activate (venv) root:~ # cd /opt/netbox/netbox (venv) root:/opt/netbox/netbox # python3 manage.py createsuperuser Username (leave blank to use 'root'): netboxadmin Email address: netboxadmin@company.com Password: Password (again): Superuser created successfully.
Don't leave the Python virtual environment, run the server in development mode to test it out:
(venv) root:/opt/netbox/netbox # python3 manage.py runserver 0.0.0.0:8000 --insecure Performing system checks... System check identified no issues (0 silenced). December 20, 2022 - 19:42:01 Django version 4.1.4, using settings 'netbox.settings' Starting development server at http://0.0.0.0:8000/ Quit the server with CONTROL-C.
Connect to the server on port 8000 to make sure it's working.
No customization needed for this step.
root:~ # cp /opt/netbox/contrib/gunicorn.py /opt/netbox/gunicorn.py root:~ # cp -v /opt/netbox/contrib/*.service /etc/systemd/system/ '/opt/netbox/contrib/netbox-rq.service' -> '/etc/systemd/system/netbox-rq.service' '/opt/netbox/contrib/netbox.service' -> '/etc/systemd/system/netbox.service' root:~ # systemctl daemon-reload root:~ # systemctl enable --now netbox netbox-rq Created symlink /etc/systemd/system/multi-user.target.wants/netbox.service → /etc/systemd/system/netbox.service. Created symlink /etc/systemd/system/multi-user.target.wants/netbox-rq.service → /etc/systemd/system/netbox-rq.service. root:~ # systemctl status netbox netbox-rq
Install the software:
root:~ # zypper in apache2
Enable required modules:
root:~ # for module in ssl proxy proxy_http headers ; do a2enmod $module ; done
Alternatively, you can edit the /etc/sysconfig/apache2 file directly. Modify the file so that the APACHE_MODULES= variable includes the above modules. This change alone is not enough, and to enable the SSL service you need to put APACHE_SERVER_FLAGS="SSL" in the same file.
Create a self-signed certificate for testing purposes:
root:~ # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/netbox.key -out /etc/ssl/certs/netbox.crt
You can later replace the self-signed certificate with the proper certificate.
Copy the provided apache example file to the appropriate location:
root:~ # cp -v /opt/netbox/contrib/apache.conf /etc/apache2/vhosts.d/ '/opt/netbox/contrib/apache.conf' -> '/etc/apache2/vhosts.d/apache.conf' root:~ # systemctl enable --now apache2 Created symlink /etc/systemd/system/httpd.service → /usr/lib/systemd/system/apache2.service. Created symlink /etc/systemd/system/apache.service → /usr/lib/systemd/system/apache2.service. Created symlink /etc/systemd/system/multi-user.target.wants/apache2.service → /usr/lib/systemd/system/apache2.service.
From this point on, the system should be operational.
Backing up open database files usually doesn't work. You must dump the contents of the database somewhere outside. A little crontab job does the trick:
root:~ # su - postgres postgres:~ $ crontab -l 6 6 * * * pg_dump netbox | gzip > netbox.sql.gz
Review an official documentation for supported upgrade path, then:
Stop services:
root:~ # systemctl stop apache2 netbox netbox-rq
Use git to get the date of last update of a shallow repository. Then pull only the latest updates. Here is an example:
root:~ # cd /opt/netbox
root:/opt/netbox # git log | head
commit 85c60670dc717c7ef1b57e2974b4cc563ce1f663 (grafted, HEAD -> master, tag: v3.3.9, origin/master)
Author: Jeremy Stretch <jstretch@ns1.com>
Date: Wed Nov 30 16:14:00 2022 -0500
Merge pull request #11059 from netbox-community/develop
Release v3.3.9
root:/opt/netbox # git pull --shallow-since="Wed Nov 30 16:14:00 2022 -0500"
Again, both steps, updating the git repository and the upgrade procedure that refresh the python packages, require Internet access. Please grant it.
root:~ # export PYTHON=/usr/bin/python3.10 root:~ # /opt/netbox/upgrade.sh root:~ # systemctl start apache2 netbox netbox-rq
Strat services again.