How to Install NetBox on Rocky Linux 9

NetBox is an Infrastructure Resource Modelling (IRM) software designed for network automation and infrastructure engineering. Initially, it was created by the DigitalOcean team, and now became an open-source project released under the Apache 2 License. NetBox was created in the Python Django Web framework with PostgreSQL as the default database, and the installation of NetBox is quite similar to other Python Django web applications.

NetBox helps you to manage your infrastructure, which includes:

  • DCIM (Data Center Infrastructure Management)
  • IPAM (IP Address Management)
  • Data Circuits
  • Connections (Network, console, and power)
  • Equipment racks
  • Virtualization
  • Secrets

In this tutorial, you will install NetBox IRM (Infrastructure Resource Management) on a Rocky Linux 9 server. You'll set up NetBox with PostgreSQL as the database system and Apache/httpd as a reverse proxy on a Rocky Linux system. You'll also secure NetBox with SSL/TLS certificates via Certbot and Letsencrypt.

Prerequisites

Before you get started, ensure that you have the following requirements:

  • A Rocky Linux 9 server - This example uses a Rocky Linux server with the hostname 'netbox-rocky'.
  • A non-root user with sudo/root administrator privileges.
  • An SELinux running in permissive mode.
  • A domain name or sub-domain pointed to a server IP address - This example uses a sub-domain 'netbox.hwdomain.io' to run NetBox.

With these prerequisites in place, you're ready to install NetBox.

Installing and Configuring PostgreSQL

The NetBox IRM by default supports the PostgreSQL database server. At the time of this writing, it's required at least PostgreSQL v10 and above. By default, the Rocky Linux repository provides PostgreSQL server v13, which is suitable for the NetBox deployment.

In this step, you'll install the PostgreSQL database server, set up the password authentication, then create a new database and user that NetBox will use.

To start, run the below command to install the PostgreSQL server on the Rocky Linux server.

sudo dnf install postgresql-server

When prompted, input y to confirm and press ENTER to proceed.

install postgresql

After installing the PostgreSQL server, run the below command to initialize the PostgreSQL database and configuration.

sudo postgresql-setup --initdb

You should receive an output such as 'Initializing database in ...'.

initialize database

With the PostgreSQL server initialized, you'll next set up the password encryption and authentication for PostgreSQL users.

Open the PostgreSQL config file '/var/lib/pgsql/data/postgresql.conf' using the below nano editor command.

sudo nano /var/lib/pgsql/data/postgresql.conf

Uncomment the parameter 'password_encryption' and change the value to 'scram-sha-256'. This will set up the default password encryption for PostgreSQL users to 'scram-sha-256'.

password_encryption = scram-sha-256

Save the file and exit the editor.

Next, open another PostgreSQL config file '/var/lib/pgsql/data/pg_hba.conf' using the below command. This file is where you can define authentication methods for your PostgreSQL.

sudo nano /var/lib/pgsql/data/pg_hba.conf

Change the default authentication methods for the host '127.0.0.1/32' and '::1/128' to 'scram-sha-256'. With this, you'll set up the default authentication methods for PostgreSQL users to 'scram-sha-256'.

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     peer
# IPv4 local connections:
host    all             all             127.0.0.1/32            scram-sha-256
# IPv6 local connections:
host    all             all             ::1/128                 scram-sha-256

Save the file and exit the editor when finished.

setup authenitcation

Now run the below systemctl command utility to start and enable the PostgreSQL service.

sudo systemctl start postgresql
sudo systemctl enable postgresql

Then verify the PostgreSQL service using the below command.

sudo systemctl status postgresql

You should receive an output like this - The PostgreSQL service is running and it's enabled, which means the PostgreSQL will start automatically upon the bootup.

verify postgresql

Now that you've configured the password authentication for the PostgreSQL server, it's now up and running. Next, you'll set up a new password for the default 'postgres' user and create a new database and user that NetBox will use.

Log in to the PostgreSQL shell via the below command.

sudo -u postgres psql

Run the below query to set up a new password for the default PostgreSQL user 'postgres'. Be sure to change the password in the following query.

ALTER USER postgres WITH PASSWORD 'PostgreSQLPass';

change postgres password

Next, run the below query to create a new PostgreSQL database and user. Also, be sure to change the default password in the following query.

In this example, you'll create a new database 'netboxdb' with the user 'netbox' that will be used for NetBox installation.

CREATE DATABASE netboxdb;
CREATE USER netbox WITH ENCRYPTED PASSWORD 'NetBoxRocks';
GRANT ALL PRIVILEGES ON DATABASE netboxdb TO netbox;

Now press Ctrl+d or type quit to exit.

create database and user

Lastly, run the below command to log in to the PostgreSQL shell via the new user 'netbox' to the new database 'netboxdb'. When prompted for the password, input your password.

sudo -u postgres psql --username netbox --password --host localhost netboxdb

After logging in to the PostgreSQL shell, run the below query to verify your current connection.

\conninfo

You'll receive an output like this - You've connected to the PostgreSQL server via the 'netbox' user to the database 'netboxdb'.

verify connection

With the PostgreSQL installed, the database, and the user created, you'll next install Redis which will be used as cache management on the NetBox web application.

Installing and Configuring Redis

Redis is a free and open-source key-value database that NetBox will use for cache management and queue management. At the time of this writing, NetBox required at least the Redis server v4, and the default Rocky Linux repository provides Redis v6 and is suitable for your NetBox deployment.

Install Redis to your Rocky Linux server via the below dnf command.

sudo dnf install redis

Input y when prompted and press ENTER to proceed.

install redis

After Redis is installed, open the Redis configuration file '/etc/redis/redis.conf' using the below nano editor command.

sudo nano /etc/redis/redis.conf

Uncomment the parameter 'requirepass' and input the new password for your Redis server.

requirepass RedisPasswordNetBox

Save the file and exit the editor when finished.

Next, run the below systemctl command to start the Redis server and enable it.

sudo systemctl start redis
sudo systemctl enable redis

start enable redis

Then verify the Redis server via the below systemctl command utility.

sudo systemctl status redis

In the output, you should see the Redis server is enabled and will be run automatically upon the bootup. And the status of the Redis server is running.

verify redis

To verify your Redis installation, you will access Redis via the 'redis-cli' command below.

redis-cli

If you run the ping query, you should receive an output such as '(error) NOAUTH authentication required'. You need to be authenticated to run the 'ping' command.

ping

Execute the below Redis query to authenticate to the Redis server. Be sure to change the password. If authenticated, you should receive an output 'OK'.

AUTH RedisPasswordNetBox

Run the ping query again and you should get an output 'PONG", which means that the query executed successfully and you've authenticated to the Redis server.

ping

redis verify ping

At this point, you've installed the PostgreSQL database server and the Redis key-value database on Rocky Linux. You're now ready to start NetBox installation.

Installing Netbox IRM

NetBox is a web application written with Python Django Framework. The current version of NetBox required at least Python 3.8, 3.9, 3.10, or 3.11. And the default Python on Rocky Linux 9 is Python 3.9, which is suitable for NetBox deployment.

To start, run the below dnf command to install package dependencies for NetBox. Input y when prompted and press ENTER to proceed.

sudo dnf install gcc libxml2-devel libxslt-devel libffi-devel libpq-devel openssl-devel redhat-rpm-config git

install dependnecies

Next, run the below command to create a new system user 'netbox' with the default home directory '/opt/netbox'.

sudo useradd -r -d /opt/netbox -s /usr/sbin/nologin netbox

Create a new directory '/opt/netbox' and move your working directory into it. Then, download the NetBox source code via the git command. The directory '/opt/netbox'  will be used as the main installation directory of NetBox.

mkdir -p /opt/netbox; cd /opt/netbox
sudo git clone -b master --depth 1 https://github.com/netbox-community/netbox.git .

Change the ownership of the NetBox installation directory '/opt/netbox' to the user and group 'netbox'. Then, move your working directory to '/opt/netbox/netbox/netbox'.

sudo chown -R netbox:netbox /opt/netbox
cd /opt/netbox/netbox/netbox

Next, run the below command to copy the default NetBox configuration to 'configuration.py'. Then, generate the SECRET_KEY via the Python script '../generate_secret_key.py'.

sudo -u netbox cp configuration_example.py configuration.py
sudo -u netbox python3 ../generate_secret_key.py

Now copy the generated SECRET_KEY. This will be used to set up the NetBox installation.

configure netbox

Open the NetBox config file 'configuration.py' using the below nano editor command.

sudo -u netbox nano configuration.py

Be sure to add your domain name to the 'ALLOWED_HOSTS' parameter, input details of the PostgreSQL database and user for NetBox, input the Redis password that you've configured, and paste the generated SECRET_KEY to the 'SECRET_KEY' parameter.

# domain and IP address
ALLOWED_HOSTS = ['netbox.hwdomain.io', '192.168.5.59']

# database configuration
DATABASE = {
    'NAME': 'netboxdb',               # Database name
    'USER': 'netbox',               # PostgreSQL username
    'PASSWORD': 'NetBoxRocks', # PostgreSQL password
    'HOST': 'localhost',            # Database server
    'PORT': '',                     # Database port (leave blank for default)
    'CONN_MAX_AGE': 300,            # Max database connection age (seconds)
}

# Redis cache configuration
REDIS = {
    'tasks': {
        'HOST': 'localhost',      # Redis server
        'PORT': 6379,             # Redis port
        'PASSWORD': 'RedisPasswordNetBox',           # Redis password (optional)
        'DATABASE': 0,            # Database ID
        'SSL': False,             # Use SSL (optional)
    },
    'caching': {
        'HOST': 'localhost',
        'PORT': 6379,
        'PASSWORD': 'RedisPasswordNetBox',
        'DATABASE': 1,            # Unique ID for the second database
        'SSL': False,
    }
}

# Secret key
SECRET_KEY = '-K0AV#USk(!-6hAEF-8NMgweJh6ex&+j0Kb$N7bi=*jsF9TOg*'

Save and exit the file when finished.

Now run the below script '/opt/netbox/upgrade.sh' to start the NetBox IRM installation.

sudo -u netbox /opt/netbox/upgrade.sh

This will install create Python virtual environment for the NetBox web application, install required Python dependencies via the PyPI repository, run the database migration for NetBox, and lastly generate static files for the NetBox web application.

Below is an output when the upgrade.sh script executed.

install netbox irm

Below is the output message when the NetBox installation is finished.

install finished

At this point, you've installed the NetBox IRM in your system. But still, you need to set up your NetBox installation.

Configuring NetBox IRM

In this step, you'll set up NetBox IRM installation by creating an admin user for NetBox, setting up cron, and setting up systemd services for NetBox.

To start, run the below command to activate the Python virtual environment for your NetBox installation.

source /opt/netbox/venv/bin/activate

When activated, your prompt will become such as '(venv) [email protected].'.

Next, move the working directory to '/opt/netbox/netbox' and run the Django script 'manage.py' to create a new NetBox admin user.

cd /opt/netbox/netbox
python3 manage.py createsuperuser

Input the new admin user, email, and password for your NetBox. You should receive an output 'Superuser created successfully.', which means the NetBox admin user is created.

cretae admin user

Next, run the below command to set up cron that will be run on a daily basis. The script 'netbox-housekeeping.sh' is used to clean up your NetBox environment, this will remove expired tasks, old sessions, or any expired records.

sudo ln -s /opt/netbox/contrib/netbox-housekeeping.sh /etc/cron.daily/netbox-housekeeping

After configuring a cron for NetBox, you'll set up NetBox to run with Gunicorn.

Run the below command to copy the Guncorn configuration to '/opt/netbox/gunicorn.py'. Then, open the Gunicorn config file '/opt/netbox/gunicorn.py' using the below nano editor command.

sudo -u netbox cp /opt/netbox/contrib/gunicorn.py /opt/netbox/gunicorn.py
sudo -u netbox nano /opt/netbox/gunicorn.py

Change the 'bind' parameter with the following line. This will run the NetBox web application locally with port '8001'.

bind = '127.0.0.1:8001'

Save and xit the file when finished.

setup mand verify

Next, run the below command to copy the default systemd services for NetBox to the '/etc/systemd/system' directory. This will copy the service file 'netbox' and 'netbox-rq' that will be used to manage NetBox.

sudo cp -v /opt/netbox/contrib/*.service /etc/systemd/system/

Now run the below systemctl command utility to reload the systemd manager and apply new changes to your system.

sudo systemctl daemon-reload

Lastly, run the below systemctl command to start and enable the 'netbox-rq' service. This will also automatically start the main 'netbox' service.

sudo systemctl start netbox netbox-rq
sudo systemctl enable netbox netbox-rq

enable netbox

Now verify both 'netbox-rq' and 'netbox' services via the below systemcl command.

sudo systemctl status netbox
sudo systemctl status netbox-rq

The output of the 'netbox-rq' service status.

verify netbox-rq

The output of the 'netbox' service'.

verify netbox

At this point, the NetBox IRM is running as a systemd service and it's running as a WSGI application with Gunicorn. In the next step, you'll install and set up httpd as a reverse proxy for NetBox.

Setting up httpd as a Reverse Proxy

With the NetBox running as a WSGI application with Gunicorn, you'll now install and configure the httpd web server as a reverse proxy for NetBox. You'll install the httpd package, create a new httpd virtual host file, then start and enable the httpd service. Lastly, you'll also set up the firewalld to open HTTP and HTTPS ports.

Run the below dnf command to install the httpd web server. Input y when prompted for confirmation and press ENTER to proceed.

sudo dnf install httpd

install httpd

Next, create a new httpd virtual host file '/etc/httpd/conf.d/netbox.conf' using the below nano editor command.

sudo nano /etc/httpd/conf.d/netbox.conf

Add the following lines to the file and be sure to change the domain name 'netbox.hwdomain.io' with your domain. With this virtual host, you'll set up an httpd as a reverse proxy for the NetBox application that runs as a WSGI application on port '8001'.

<VirtualHost *:80>
    ProxyPreserveHost On

    # CHANGE THIS TO YOUR SERVER'S NAME
    ServerName netbox.hwdomain.io

    Alias /static /opt/netbox/netbox/static

    <Directory /opt/netbox/netbox/static>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Require all granted
    </Directory>

    <Location /static>
        ProxyPass !
    </Location>

    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
    ProxyPass / http://127.0.0.1:8001/
    ProxyPassReverse / http://127.0.0.1:8001/
</VirtualHost>

Save the file and exit the editor when finished.

Next, run the below apachectl command to verify httpd configurations. And if you've proper httpd configuration, you should receive an output such as 'Syntax OK'.

sudo apachectl configtest

verify virtual host

Now run the below systemctl command utility to start and enable the httpd web server.

sudo systemctl start httpd
sudo systemctl enable httpd

Then verify the httpd web server to ensure that the service is running. You should receive an output the httpd web server is running and it's enabled, which means the httpd web server will start automatically upon the bootup.

sudo systemctl status httpd

verify httpd

With this in mind, the NetBox application is running and accessible. But before that, you must open both HTTP and HTTPS ports in firewalld.

Run the below firewall-cmd command to open HTTP and HTTPS services. Then, reload the firewalld to apply the changes.

sudo firewall-cmd --add-servic={http,https} --permanent
sudo firewall-cmd --reload

Verify the firewalld status via the below command.

sudo firewall-cmd --list-all

An output like this show you that HTTP and HTTPS services added to the firewalld.

setup firewalld

With this, you've now NetBox web application that is running and accessible - You can access NetBox installation, but with an insecure HTTP protocol. In the next step, you'll secure your NetBox deployment with SSL/TLS certificates via Certbot and Letsencrypt.

Securing NetBox IRM with SSL Letsencrypt

In this step, you'll secure the NetBox installation with SSL/TLS certificates that can be generated via Certbot and Letsencrypt. Before you begin, ensure that the domain name is pointed to the server IP address. Also, ensure that you have an email address that will be used to register to Letsencrypt.

Install the Certbot tool and the httpd/Apache plugin via the dnf command below.

sudo dnf install certbot python3-certbot-apache

Input y when prompted and press ENTER to proceed.

install certbot

After Certbot is installed, run the below command to generate SSL/TLS certificates for your domain name. Also, be sure to change the domain name and the email address in the following command.

sudo certbot --apache2 --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d netbox.hwdomain.io

This command will generate the new SSL/TLS certificates for your domain name. Also, this will automatically set up HTTPS on your httpd virtual host configuration and set up auto-redirect from HTTP to HTTPS for your NetBox virtual host file. Certbot SSL/TLS certificates is generated to the directory '/etc/elstencrypt/live/netbox.hwdomain.io/'.

Logging in to NetBox

Open your web browser and visit the domain name of your NetBox installation (i.e: https://netbox.hwdomain.io/).

You'll see the default homepage of your NetBox installation - This is like a preview only of your NetBox installation.

netbox home

Click the 'Login' button at the top-right menu and you'll be redirected to the NetBox login screen.

Log in with your admin user and password, then click 'Sign In'.

login netbox

When you have the proper and correct user and password for NetBox, you should now be logged in to the NetBox administration dashboard.

netbox dashboard

With this, you've now finished the NetBox IRM installation with PostgreSQL, Redis, Gunciron, and the httpd web server.

Conclusion

In this tutorial, you have installed an Infrastructure Resource Modelling (IRM) software NetBox on a Rocky Linux 9 server. You've configured NetBox with a PostgreSQL database server, Redis as cache management, and httpd web server as reverse proxy on a Rocky Linux server.

Through the tutorial, you've also learned how to set up authentication on PostgreSQL, enable authentication on Redis, set up httpd as a reverse proxy, and secure NetBox with SSL/TLS certificates via Certbot and Letsencrypt.

With NeBox fully installed, you can now integrate NetBox into your data centers, add integration with REST API, or add third-party authentication via LDAP, Azure AD, and Okta as SSO (Single Sign-On) backend.

Share this page:

Suggested articles

0 Comment(s)

Add comment