Setting up NetBox on OpenBSD


The following documents the steps needed to setup NetBox on OpenBSD. I am running NetBox on a PC Engines APU which holds up fairly well and I have since migrated my own setup from RackTables to NetBox, primarily because of the API functionality NetBox offers which allows for integration with SaltStack. But more on that some other time.

I have ported a few dependencies but gave up after realising all of the Django applications/modules needed to be ported including their dependencies. I chose against importing two dozen new py ports and use a virtualenv with --system-site-packages instead.

In the end you'll have:

  • "installed" NetBox in /var/www/netbox
  • run it with gunicorn with nginx in front
  • have supervisord handle starting the service at boot
  • a working NetBox installation reachable on netbox.office.lan

Requirements

  • OpenBSD-current as of early May 2018 (due to some newly imported packages)
  • PostgreSQL server running $somewhere (local or remote); if that's not the case: pkg_add postgresql-server && cat /usr/local/share/doc/pkg-readmes/postgresql-*

Setting up the virtualenv

Install all the packages we're going to need, note that we'll instruct virtualenv to use as many system packages as it finds. This is partly to ensure that pkg_add -u updates the packages which depend on other shared libraries which may have gotten updated:

pkg_add py3-natsort py3-graphviz py3-pygfm py3-Pillow \
        py3-cryptodomex py3-ncclient py3-django-lts py3-psycopg2 \
        py3-paramiko py3-xmltodict py3-netaddr \
        py3-virtualenv py3-gunicorn nginx supervisor git

I've chosen to install netbox in /var/www/netbox and run it from a virtualenv. Note the tag I checkout here may have moved so use the latest release of netbox you want if not v2.3.3:

cd /var/www/
git clone https://github.com/digitalocean/netbox
cd netbox
git checkout v2.3.3
virtualenv-3 --system-site-packages env
. env/bin/activate
pip3 install -r requirements.txt

Now follow the upstream documentation on configuring the database and setting up NetBox:

Note the manage.py commands should be run from /var/www/netbox/netbox.

Next up, verify that running the Django applications works before moving on:

python3 manage.py runserver 0.0.0.0:8000 --insecure

Make sure to navigate to one of the names configured as ALLOWED_HOSTS, i.e. netbox.office.lan, otherwise you'll end up with HTTP 400 errors.

NGINX

^C the above command and configure NGINX. You'll want to adjust /etc/nginx/nginx.conf to define the following server block:

server {
        listen       80;
        listen       [::]:80;
        server_name  netbox.office.lan;
        client_max_body_size 25m;

        location /static {
                root /var/www/netbox/netbox/;
        }

        location / {
                proxy_pass http://127.0.0.1:8001;
                proxy_set_header X-Forwarded-Host $server_name;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-Proto $scheme;
                add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
        }
}

And start nginx:

rcctl restart nginx

gunicorn

Now, because we run NetBox from a virtualenv at boot we have to use a wrapper script that activates the environment before we can launch gunicorn. This allows us to run NetBox at boot with supervisord.

I created a small helper (/var/www/netbox/netbox_start.sh):

#!/bin/sh

APPDIR=/var/www/netbox/netbox

cd $APPDIR
. /var/www/netbox/env/bin/activate
export PYTHONPATH=/var/www/netbox/env/lib/python3.6/site-packages:$APPDIR:$PYTHONPATH

exec gunicorn-3 \
        --name netbox \
        --workers 3 \
        --user=www \
        --group=www \
        --bind=127.0.0.1:8001 \
        --log-level=info \
        --log-file=- \
        netbox.wsgi

Now run this script to make sure the connection between nginx and gunicorn works, you can visit NetBox on port 80 now.

Wrapping up

The last part is to make sure NetBox starts at boot, I've chosen to use supervisord here.

cat << EOF > /etc/supervisord.d/netbox.ini
[program:netbox]
command = sh netbox_start.sh
directory = /var/www/netbox/netbox
user = www
EOF

Enable the needed services and start supervisord:

rcctl enable supervisord nginx
rcctl restart supervisord

That's it, NetBox is now reachable on netbox.office.lan and starts like regular services do.