Netbox

From UVOO Tech Wiki
Revision as of 16:04, 18 April 2021 by Busk (talk | contribs) (Created page with "# Migrating -https://netbox.readthedocs.io/en/stable/administration/replicating-netbox/ # Kubernetetes Options - Try and Use this - https://github.com/netbox-community/netbox...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Migrating

-https://netbox.readthedocs.io/en/stable/administration/replicating-netbox/

Kubernetetes Options - Try and Use this

Using Docker with LDAP

create space

git clone https://github.com/netbox-community/netbox-docker
cd netbox-docker
mkdir netbox-media-files && chmod -R 0777 netbox-media-files   # Usually you would use volume and let that manage perms. You will want to lock this down from 0777

docker-compose.override.yml - change as needed

version: '3.4'
services:
  netbox:
    image: &NetboxImage netboxcommunity/netbox:${VERSION-latest-ldap}
    # ports:
    # - 8000:8080
    environment:
      REMOTE_AUTH_ENABLED: "true"
      REMOTE_AUTH_BACKEND: 'netbox.authentication.LDAPBackend'
      AUTH_LDAP_SERVER_URI: "ldap://ldap.example.com"
      AUTH_LDAP_BIND_DN: "CN=svc-ldap-r,OU=service,DC=example,DC=com"
      AUTH_LDAP_BIND_PASSWORD: "<my password>"
      AUTH_LDAP_USER_SEARCH_BASEDN: "ou=Employee Accounts,dc=example,dc=com"
      AUTH_LDAP_GROUP_SEARCH_BASEDN: "OU=Domain Users,DC=example,dc=com"
      AUTH_LDAP_IS_ADMIN_DN: "CN=netbox-admin,OU=security,DC=example,DC=com"
      AUTH_LDAP_IS_SUPERUSER_DN: "CN=netbox-superuser,OU=security,DC=example,DC=com"
      AUTH_LDAP_REQUIRE_GROUP_DN: "CN=netbox-require-group,OU=security,DC=example,DC=com"
      LDAP_IGNORE_CERT_ERRORS: "false"
      AUTH_LDAP_MIRROR_GROUPS: "false"
      # AUTH_LDAP_FIND_GROUP_PERMS: "true"
      AUTH_LDAP_CACHE_GROUPS: "True"
      AUTH_LDAP_GROUP_CACHE_TIMEOUT: 600
      LOGIN_REQUIRED: "true"
      # AUTH_LDAP_GROUP_TYPE: "NestedGroupOfNamesType"  # This does not work in newer versions for software
      DB_NAME: netbox2  # netbox is default
    volumes:
    - ./startup_scripts:/opt/netbox/startup_scripts:z,ro
    - ./initializers:/opt/netbox/initializers:z,ro
    - ./configuration:/etc/netbox/config:z,ro
    - ./reports:/etc/netbox/reports:z,ro
    - ./scripts:/etc/netbox/scripts:z,ro
      # - netbox-media-files:/opt/netbox/netbox/media:z
    - ./netbox-media-files:/opt/netbox/netbox/media:z
  netbox-worker:
    image: *NetboxImage

Wipe netbox database or just create a new and and change name in docker-compose.overide.yml

docker exec -it cfb61805xxxx  psql -U netbox -c "CREATE DATABASE netbox2"
cat new-netbox.sql | docker exec -i cfb61805xxxx  psql -U netbox -d netbox2

Updating

docker-compose stop
docker-compose pull
docker-compose up -d

Reverse Proxy Example

sudo openssl req -x509 -nodes -days 700 -newkey rsa:4096 -keyout /etc/ssl/private/netbox.example.com.key -out /etc/ssl/certs/netbox.example.com.crt -subj "/C=US/ST=Utah/L=SLC/O=Example Corp/OU=Testing/CN=netbox.example.com"

/etc/nginx/conf.d/netbox.conf

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    }

    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    ssl_certificate /etc/ssl/certs/netbox.example.com.crt;
    ssl_certificate_key /etc/ssl/private/netbox.example.com.key;

    # server_name example.com www.example.com;
    server_name _;
    # server_name netbox.extendhealth.com;
    # root /var/www/html;
    root /dev/null;

    location / {
        client_max_body_size 10m;
        proxy_pass http://192.168.x.x:8080/;  # This would be container ip or name
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        # proxy_set_header X-NginX-Proxy true;
    }
}