===== Netbox =====
Netbox is a service to document server-infrastrucure

==== Installation ====
  - Install Postgresql <code>
# apt install postgresql libpq-dev
</code>
  - Create database and user to access it <code>
$ sudo -u posgres psql
psql (9.4.5)
Type "help" for help.

postgres=# CREATE DATABASE netbox;
CREATE DATABASE
postgres=# CREATE USER netbox WITH PASSWORD '<password>';
CREATE ROLE
postgres=# GRANT ALL PRIVILEGES ON DATABASE netbox TO netbox;
GRANT
postgres=# \q
</code>
  - Install requirements for netbox <code>
# apt install -y python3 python3-pip python3-dev build-essential libxml2-dev libxslt1-dev libffi-dev graphviz libpq-dev libs
</code>
  - download and extract the latest release <code>
$ wget https://github.com/digitalocean/netbox/archive/v2.5.10.tar.gz
$ sudo tar -xzf v2.5.10.tar.gz -C /opt
</code>
  - create a symlink to the new folder <code>
# ln -s /opt/netbox-2.5.10/ /opt/netbox
</code>
  - Install python dependencies <code>
$ cd /opt/netbox/
$ sudo pip3 install -r requirements.txt
</code>
  - copy the example configuration file <code>
# cp netbox/netbox/configuration.example.py netbox/netbox/configuration.py
</code>
  - generate a secret key <code>
# cd netbox
# python3 generate_secret_key.py
</code>
  - insert the key, aswell as your hostname, and posgres account into ''/opt/netbox/netbox/netbox/configuration.py'' <code>
ALLOWED_HOSTS = ['netbox.cm.in.tum.de', '172.24.25.68']

DATABASE = {
    'NAME': 'netbox',               # Database name
    'USER': 'netbox',               # PostgreSQL username
    'PASSWORD': '<psql password>',  # PostgreSQL password
    'HOST': 'localhost',            # Database server
    'PORT': '',                     # Database port (leave blank for default)
}

SECRET_KEY = '<secret key>'
</code>
  - Initialize the database <code>
# cd /opt/netbox/netbox
# python3 manage.py migrate
</code>
  - Create root user <code> # python3 manage.py creeatesuperuser </code>
  - Collect static files <code> # python3 manage.py collectstatic --no-input </code>
  - Install webserver <code>
# apt install nginx
</code>
  - create ''/etc/nginx/sites-available/netbox'' with the following content:<code>
server {
    listen 80;

    server_name netbox.cm.in.tum.de;

    client_max_body_size 25m;

    location /static/ {
        alias /opt/netbox/netbox/static/;
    }

    location / {
        proxy_pass http://127.0.0.1:8001;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
    }
}
</code>
  - Remove ''/etc/nginx/sites-enabled/default'' and create a symlink to the just created file <code>
# rm /etc/nginx/sites-enabled/default
# ln -s /etc/nginx/sites-available/netbox /etc/nginx/sites-available/
</code>
  - restart nginx <code># service nginx restart</code>
  - Install gunicorn and supervisor <code>
# pip3 install gunicorn
# apt install supervisor
</code>
  - create ''/opt/netbox/gunicorn_config.py'' with the following content: <code>
command = '/usr/local/bin/gunicorn'
pythonpath = '/opt/netbox/netbox'
bind = '127.0.0.1:8001'
workers = 3
user = 'www-data'
</code>
  - create ''/etc/supervisor/conf.d/netbox.conf'' with the following content: <code>
[program:netbox]
command = gunicorn -c /opt/netbox/gunicorn_config.py netbox.wsgi
directory = /opt/netbox/netbox/
user = www-data

[program:netbox-rqworker]
command = python3 /opt/netbox/netbox/manage.py rqworker
directory = /opt/netbox/netbox/
user = www-data
</code>
  - Restart supervisor <code>
# service supervisor restart
</code>
  - Netbox should now be available under the configured domain.

==== Configuration ====
=== LDAP Login ===
  - Additional dependecnies need to be installed <code>
# apt install libldap2-dev libsasl2-dev libssl-dev
# pip3 install django-auth-ldap
</code>
  - create ''/opt/netbox/netbox/netbox/ldap_config.py'' with the following content: <code>
import ldap

AUTH_LDAP_SERVER_URI = "ldaps://ldap.in.tum.de:636"

from django_auth_ldap.config import LDAPSearch

AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=Personen, ou=IN, o=TUM, c=de", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")

AUTH_LDAP_USER_ATTR_MAP = {
        "first_name": "givenName",
        "last_name": "sn",
        "email": "mail"
}

from django_auth_ldap.config import LDAPSearch, PosixGroupType

# This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group
# hierarchy.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=Gruppen, ou=IN, o=TUM, c=de", ldap.SCOPE_SUBTREE,
                                            "(objectClass=posixGroup)")
AUTH_LDAP_GROUP_TYPE = PosixGroupType()

# Define a group required to login.
AUTH_LDAP_REQUIRE_GROUP = "cn=il11admin, ou=Gruppen, ou=IN, o=TUM, c=de"

# Mirror LDAP group assignments.
AUTH_LDAP_MIRROR_GROUPS = True

# Define special user types using groups. Exercise great caution when assigning superuser status.
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
        "is_active": "cn=il11admin,ou=Gruppen,ou=IN,o=TUM,c=de",
        "is_staff": "cn=il11admin,ou=Gruppen,ou=IN,o=TUM,c=de",
        "is_superuser": "cn=il11admin,ou=Gruppen,ou=IN,o=TUM,c=de"
}

# For more granular permissions, we can map LDAP groups to Django groups.
AUTH_LDAP_FIND_GROUP_PERMS = True

# Cache groups for one hour to reduce LDAP traffic
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
</code>
  - restart netbox <code>
# supervisorctl restart netbox
</code>