Setting up NetBox on OpenBSD
The following documents the steps needed to setup NetBox on OpenBSD. I am running NetBox on a PC Engines APU which holds up fairly well and I have since migrated my own setup from RackTables to NetBox, primarily because of the API functionality NetBox offers which allows for integration with SaltStack. But more on that some other time.
I have ported a few dependencies but gave up after realising all of the Django applications/modules needed to be ported including their dependencies. I chose against importing two dozen new py ports and use a virtualenv with --system-site-packages instead.
In the end you’ll have:
- “installed” NetBox in
/var/www/netbox - run it with gunicorn with nginx in front
- have supervisord handle starting the service at boot
- a working NetBox installation reachable on netbox.office.lan
Requirements⌗
- OpenBSD-current as of early May 2018 (due to some newly imported packages)
- PostgreSQL server running $somewhere (local or remote); if that’s not the case:
pkg_add postgresql-server && cat /usr/local/share/doc/pkg-readmes/postgresql-*
Setting up the virtualenv⌗
Install all the packages we’re going to need, note that we’ll instruct
virtualenv to use as many system packages as it finds. This is partly to
ensure that pkg_add -u updates the packages which depend on other
shared libraries which may have gotten updated:
pkg_add py3-natsort py3-graphviz py3-pygfm py3-Pillow \
py3-cryptodomex py3-ncclient py3-django-lts py3-psycopg2 \
py3-paramiko py3-xmltodict py3-netaddr \
py3-virtualenv py3-gunicorn nginx supervisor git
I’ve chosen to install netbox in /var/www/netbox and run it from a virtualenv. Note the tag I checkout here may have moved so use the latest release of netbox you want if not v2.3.3:
cd /var/www/
git clone https://github.com/digitalocean/netbox
cd netbox
git checkout v2.3.3
virtualenv-3 --system-site-packages env
. env/bin/activate
pip3 install -r requirements.txt
Now follow the upstream documentation on configuring the database and setting up NetBox:
Note the manage.py commands should be run from /var/www/netbox/netbox.
Next up, verify that running the Django applications works before moving on:
python3 manage.py runserver 0.0.0.0:8000 --insecure
Make sure to navigate to one of the names configured as ALLOWED_HOSTS, i.e. netbox.office.lan, otherwise you’ll end up with HTTP 400 errors.
NGINX⌗
^C the above command and configure NGINX. You’ll want to adjust /etc/nginx/nginx.conf to define the following server block:
server {
listen 80;
listen [::]:80;
server_name netbox.office.lan;
client_max_body_size 25m;
location /static {
root /var/www/netbox/netbox/;
}
location / {
proxy_pass http://127.0.0.1:8001;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
}
}
And start nginx:
rcctl restart nginx
gunicorn⌗
Now, because we run NetBox from a virtualenv at boot we have to use a wrapper script that activates the environment before we can launch gunicorn. This allows us to run NetBox at boot with supervisord.
I created a small helper (/var/www/netbox/netbox_start.sh):
#!/bin/sh
APPDIR=/var/www/netbox/netbox
cd $APPDIR
. /var/www/netbox/env/bin/activate
export PYTHONPATH=/var/www/netbox/env/lib/python3.6/site-packages:$APPDIR:$PYTHONPATH
exec gunicorn-3 \
--name netbox \
--workers 3 \
--user=www \
--group=www \
--bind=127.0.0.1:8001 \
--log-level=info \
--log-file=- \
netbox.wsgi
Now run this script to make sure the connection between nginx and gunicorn works, you can visit NetBox on port 80 now.
Wrapping up⌗
The last part is to make sure NetBox starts at boot, I’ve chosen to use supervisord here.
cat << EOF > /etc/supervisord.d/netbox.ini
[program:netbox]
command = sh netbox_start.sh
directory = /var/www/netbox/netbox
user = www
EOF
Enable the needed services and start supervisord:
rcctl enable supervisord nginx
rcctl restart supervisord
That’s it, NetBox is now reachable on netbox.office.lan and starts like regular services do.