IP地址管理工具Netbox 安装指南
参考资料:https://netbox.readthedocs.io/en/latest/installation/
服务器环境 CentOS 7.9版本
注:因本文格式所致,不要直接拷贝代码可能会提示错误
Netbox 安装指南
Netbox 安装指南
1.安装PostgreSQL 数据库软件包
export http_proxy="http://xxx:xxx@172.31.187.10:8080"
备份源
sudo mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
更改下载源
sudo wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
------------------------------------------------------------
旧方式(不用了)
yum update
yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
yum install -y postgresql96 postgresql96-server postgresql96-devel
/usr/pgsql-9.6/bin/postgresql96-setup initdb
-----------------------------------------------------------
新方式
yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
yum install -y postgresql10
yum install -y postgresql10-server
/usr/pgsql-10/bin/postgresql-10-setup initdb
systemctl enable postgresql-10
systemctl start postgresql-10
su - postgres
psql
更改认证方式为md5
vi /var/lib/pgsql/9.6/data/pg_hba.conf
vim /var/lib/pgsql/10/data/pg_hba.conf
# IPv4 local connections:
host all all 127.0.0.1/32 md5
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 md5
systemctl start postgresql-9.6
systemctl enable postgresql-9.6
systemctl restart postgresql-10.service
2.创建数据库
sudo -u postgres psql
postgres=# CREATE DATABASE netbox;
postgres=# CREATE USER netbox WITH PASSWORD '$chedu1e';
postgres=# GRANT ALL PRIVILEGES ON DATABASE netbox TO netbox;
postgres=# \q
测试数据库是否成功链接
psql -U netbox -W -h 127.0.0.1 netbox
键入密码即可进入
安装redis
yum install -y http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
yum --enablerepo=remi install redis -y
systemctl enable redis
systemctl start redis
测试redis服务状态是否正常
redis-cli ping
3.安装python3
yum install -y gcc libxml2-devel libxslt-devel libffi-devel libpq-devel openssl-devel redhat-rpm-config
yum install -y zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gcc make
yum install -y libffi-devel
wget https://www.python.org/ftp/python/3.8.12/Python-3.8.12.tgz
tar -zxvf Python-3.8.12.tgz -C /opt/
cd /opt/Python-3.8.12/
./configure
make&&make install
查看python位置
which python
which python3
mv /usr/bin/python /usr/bin/python.bak
ln -s /usr/local/bin/python3 /usr/bin/python
python -V
which pip3
ln -s /usr/local/bin/pip3 /usr/bin/pip
pip -V
which python2
vim /usr/libexec/urlgrabber-ext-down
第一行修改成/usr/bin/python2
vim /usr/bin/yum
第一行修改成/usr/bin/python2
修改完毕后默认用python3去更新
yum update
4.下载安装包并解压到指定路径
wget https://github.com/netbox-community/netbox/archive/vX.Y.Z.tar.gz(红字为版本号)
tar -zxvf vX.Y.Z.tar.gz -C /opt
5.进入解压路径并创建软链接
cd /opt/
ln -s netbox-X.Y.Z/ netbox
6.创建Netbox 组和Netbox用户
groupadd --system netbox
adduser --system --gid netbox netbox
chown --recursive netbox /opt/netbox/netbox/media/
进入路径并更新pip并安装Python依赖包
cd /opt/netbox
python3 -m venv /opt/netbox/venv
source venv/bin/activate
python -m pip install --upgrade pip -i https://pypi.douban.com/simple --trusted-host pypi.douban.com
pip3 install -r requirements.txt -i http://pypi.douban.com/simple --trusted-host pypi.douban.com
安装NAPALM(Network Automation and Programmability Abstraction Layer with Multivendor support)
pip3 install napalm -i http://pypi.douban.com/simple --trusted-host pypi.douban.com
echo napalm >> local_requirements.txt
安装redis-server以及django
pip3 install django-storages -i http://pypi.douban.com/simple --trusted-host pypi.douban.com
echo django-storages >> local_requirements.txt
更新完毕后退出
deactivate
7.更改配置文件
cd /opt/netbox/netbox/netbox/
cp configuration_example.py configuration.py
8.生成密钥并记录到configuration.py中
python3 /opt/netbox/netbox/generate_secret_key.py
9.更改配置如下所示
vi /opt/netbox/netbox/netbox/configuration.py
-------
ALLOWED_HOSTS = ['10.8.1.30']
# PostgreSQL database configuration.
DATABASE = {
'NAME': 'netbox', # Database name
'USER': 'netbox', # PostgreSQL username
'PASSWORD': '$chedu1e', # PostgreSQL password
'HOST': 'localhost', # Database server
'PORT': '', # Database port (leave blank for default)
}
REDIS = {
'tasks': {
'HOST': 'localhost',
'PORT': 6379,
'PASSWORD': '',
'DATABASE': 0,
'DEFAULT_TIMEOUT': 300,
'SSL': False,
},
'caching': {
'HOST': 'localhost',
'PORT': 6379,
'PASSWORD': '',
'DATABASE': 1,
'DEFAULT_TIMEOUT': 300,
'SSL': False,
}
SECRET_KEY = 'dQN(pfR4k1cmVb-aL9G*g7qojU2^vIrs5%ZeEPz=8D0TSKh$lt'
修改升级文件脚本配置
vim /opt/netbox/upgrade.sh
PYTHON="${PYTHON:-python}"
COMMAND="pip install wheel -i https://pypi.douban.com/simple --trusted-host pypi.douban.com"
COMMAND="pip install -r requirements.txt -i https://pypi.douban.com/simple --trusted-host pypi.douban.com"
10.试运行命令
source /opt/netbox/venv/bin/activate
cd /opt/netbox/netbox
数据库迁移
python3 manage.py migrate
创建超级用户
python3 manage.py createsuperuser
sudo ln -s /opt/netbox/contrib/netbox-housekeeping.sh /etc/cron.daily/netbox-housekeeping
python3 manage.py runserver 0.0.0.0:8000 --insecure
收集静态信息
python3 manage.py collectstatic --no-input
退出venv
deactivate
放行防火墙信息
sudo firewall-cmd --add-service=http
sudo firewall-cmd --add-service=https
sudo firewall-cmd --runtime-to-permanent
setsebool -P httpd_can_network_connect 1
11.创建SSL证书
mkdir /etc/ssl/private
chmod 700 /etc/ssl/private
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/netbox.key -out /etc/ssl/certs/netbox.crt
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:GuangDong
Locality Name (eg, city) []:Shenzhen
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Company
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:10.8.1.30
Email Address []:
建立Diffie-Hellman组
openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
11.安装web nginx服务器
yum install -y nginx
创建配置文件
cp /opt/netbox/contrib/nginx.conf /etc/nginx/conf.d/netbox.conf
server {
listen 443 ssl;
# CHANGE THIS TO YOUR SERVER'S NAME
server_name 10.8.1.30;
ssl_certificate /etc/ssl/certs/netbox.crt;
ssl_certificate_key /etc/ssl/private/netbox.key;
client_max_body_size 25m;
location /static/ {
alias /opt/netbox/netbox/static/;
}
location / {
proxy_pass http://127.0.0.1:8001;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
# Redirect HTTP traffic to HTTPS
listen 80;
server_name 10.8.1.30;
return 301 https://$host$request_uri;
}
启动nginx
systemctl restart nginx
12.安装高性能服务器网关接口Gunicorn
创建配置文件
cd /opt/netbox
cp contrib/gunicorn_config.py /opt/netbox/gunicorn.py
13.安装守护进程管理工具
cp contrib/*.service /etc/systemd/system
systemctl daemon-reload
systemctl start netbox netbox-rq
systemctl enable netbox netbox-rq
setsebool -P httpd_can_network_connect 1
Netbox 升级指南
1.下载最新版本的安装包
wget https://github.com/netbox-community/netbox/archive/vX.Y.Z.tar.gz
tar -zxvf vX.Y.Z.tar.gz -C /opt 粉字为新安装包的版本号
cd /opt/
ln -sfn netbox-x.y.z/ netbox
2.将原设备的相关配置移植到新安装包中 红字为现安装包的版本号
cp netbox-2.8.6/netbox/netbox/configuration.py netbox/netbox/netbox/configuration.py
cp netbox-2.8.6/gunicorn.py netbox/gunicorn.py
3.执行升级脚本
cd /opt /netbox
改写脚本命令,添加pip本地源加速
# Install necessary system packages
COMMAND="pip3 install wheel -i http://pypi.douban.com/simple --trusted-host pypi.douban.com"
echo "Installing Python system packages ($COMMAND)..."
eval $COMMAND || exit 1
# Install required Python packages
COMMAND="pip3 install -r requirements.txt -i http://pypi.douban.com/simple --trusted-host pypi.douban.com"
echo "Installing core dependencies ($COMMAND)..."
eval $COMMAND || exit 1
./upgrade.sh
4 重启WSGI服务
systemctl restart netbox netbox-rq
异常处理参考连接 Netbox Login failed after upgrade to version 2.9.0 | thierolf.org
实用命令
lldp与cdp兼容
https://support.huawei.com/enterprise/en/doc/EDOC1000088753?section=j007
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/46sg/configuration/guide/Wrapper-46SG/swlldp.html
SDL-FW查询 show int terse
MAC 关系查询 sh mac add add HH.HH.HH (cisco)
sh mac-add HH-HH-HH (huawei)
sh mac add add H.H.H.H.H.H (cisco SF220)