Deploying NetBox and NetBox-Scanner

Print Friendly, PDF & Email

I suppose that many of you today have documented your infrastructures in a correct and orderly way, well, for the rest, is this post. Where we'll see NetBox, which for those who do not know it is an open source solution used for the management of network infrastructure and data centers. As well as automating the IPAM part with NetBox Scanner.

What I said, In this post we will see how to deploy in a quick way, On-premise or Self-Hosted, as you like to put it, 😉 NetBox's solution. A VERY complete solution that will allow you to document from a cable, What it's for, Where it goes to… to the functions that your machines may have; A complete inventory of the physical part of your infrastructure…

Deploying NetBox

We start and then we get a little bit into mud, for rapid deployment, as usual, we will rely on Docker containers that we will deploy in a jiffy, we will therefore need to have Docker and Docker Compose previously installed. We download from the NetBox Community repository:

Git Clone -B Release https://github.com/netbox-community/netbox-docker.git cd netbox-docker

We create the file 'docker-compose.override.yml’

Services:
  Netbox:
    ports:
      - 8080:8080
    container_name: Netbox Restart: unless-stopped networks:
      netbox_default:
  netbox-worker:
    container_name: netbox-worker restart: unless-stopped networks:
      netbox_default:
  netbox-housekeeping:
    container_name: netbox-housekeeping restart: unless-stopped networks:
      netbox_default:
  Postgres:
    container_name: netbox-postgres restart: unless-stopped networks:
      netbox_default:
  Redis:
    container_name: netbox-redis restart: unless-stopped networks:
      netbox_default:
  redis-cache:
    container_name: netbox-redis-cache restart: unless-stopped networks:
      netbox_default:
Networks:
  netbox_default:
    driver: Bridge

And we deploy the containers, will download and start automatically, We execute then:

sudo docker compose up -d

We will create a new user to manage NetBox, You will ask us to register a username and password, as well as your email address, Run:

Sudo Docker Compose Exec Netbox /opt/netbox/netbox/manage.py createsuperuser

We access with a browser, via HTTP and to the port we indicate, which by default is 8080tcp. We log in with the newly created user.

And here we have the NetBox monster, , you see that it is VERY VERY complete, you will be able to feed it based on your needs, You don't have to define everything, but it gives you the possibility to define your racks or rack cabinets, Devices (Servers, Switches, Routers, models, Manufacturers…), Cable Management, Connections… Network Documentation, VLAN, VRF, IP address management with your IPAM, VPNs, Circuits.. And a lot of other things!

One thing I recommend, is to take a look at this video of Eduardo Taboada and Eduardo Collado, They are cracks (and very nice) in Technocratic, It is a video where they review the tool in great detail, explaining its functionalities. Since it will be necessary to configure it minimally, how to have an organization and, so you can start working with the part that interests you the most.

Deploying NetBox-Scanner

If we want to automate the IPAM part, that is, that the inventory of our IP addresses can be updated automatically, new IPs that are discovered are registered… and therefore avoiding having to manually register each IP address of our organization… Well, for this we can use NetBox-Scanner!

First things, in NetBox we have to create a tag (o Label) Called 'NMAP', for this, We're going to “Personalization” > “Tags” and create a new one.

The second, we need to create an API Token to allow NetBox-Scanner access to NetBox, for this, We're going to “Admin” > “Tokens de API” and click to create a new API Token, We select the user, copy the Token and we can indicate in the description that it is the access token for NetBox Scanner.

GOOD, now it's time to deploy NetBox-Scanner, With another Docker container!

git clone https://github.com/casperklein/docker-netbox-scanner.git cd docker-netbox-scanner/

We edit the file 'netbox-scanner.conf' indicating the NetBox address and the token:

[NETBOX]
address = http://DIRECCION_IP_NETBOX:8080
token = xxxxxxxxxxxxxxxx

We create the file 'networks.txt’ with the content of the IP address ranges to be scanned, We want him to ping:

192.168.1.0/24
192.168.2.0/24
...

And we will be able to start the container as usual, with:

sudo docker compose up -d

Once the container boots, if we want, We will be able to scan immediately, for this, we will only have to run a script that brings, indicating as an argument the DNS server against which we want to resolve the IP addresses, example:

sudo ./scan.sh --DNS 192.168.5.100
  Starting Netbox-Scanner..
Unable to find image 'casperklein/netbox-scanner:latest' locally
latest: Pulling from casperklein/netbox-scanner 1aca2419c7eb: Pull complete 4f4fb700ef54: Pull complete Digest: sha256:8b4cbd577af9d96b7cd5057d871000e1619b8cc51058e2ea7e42a991292856fc Status: Downloaded newer image for casperklein/netbox-scanner:latest Scan network 192.168.5.0/24
Starting Nmap 7.93 ( https://nmap.org ) At 2024-11-25 22:59 UTC Nmap scan report for FORTIGATE.lab.local (192.168.5.1)
Host is up (0.00034s latency).
Nmap scan report for 192.168.5.6
Host is up (0.00054s latency).
Nmap scan report for OS-LAB-01.Local Lab (192.168.5.41)
Host is up (0.00036s latency).
Nmap scan report for remarkable2.lab.local (192.168.5.47)
Host is up (0.15s latency).
Nmap scan report for sonoff04.lab.local (192.168.5.74)
Host is up (0.17s latency).
Nmap scan report for telefono-rojo.lab.local (192.168.5.91)
Host is up (0.00079s latency).
Nmap scan report for OS-ESXi-002.Local Lab (192.168.5.92)
Host is up (0.0075s latency).
Nmap scan report for OS-ESXi-004.Local Lab (192.168.5.94)
Host is up (0.00018s latency).
...

And if we go to NetBox to the IPAM zone > “IP Addresses” we'll see that we have added the IP addresses of the newly scanned ranges, as well as with its correct DNS resolution.

To schedule address updates on the IPAM, We can schedule in cron to automatically execute the script every half hour, 1 hour, 1 Time a day…

# m h dom mon dow command
0 * * * * /Home/Lab/Docker-Netbox-Scanner/scan.sh --DNS 192.168.5.100

So…. Pim Pam takes laccasitos! Well, that's it for today, This is it 🥸, I hope you found it interesting and that you can apply it in your organizations to improve daily management, especially with these issues, have these processes minimally documented and automated. We will continue with some more interesting things in other posts of this magnificent solution. As usual, you take care of yourselves and behave well, rest, Let it be destiny, I'm sending you a hug!

Recommended Posts

Nagios - Monitoring our Business Service (2/3)
Read
Assembling BookStack, the best Wiki in the world
Read
Nagios - Monitoring our Business Service (3/3)
Read
Veeam Backup 9.5 - Adding Infrastructure Servers
Read

Author

by Héctor Herrero 
nheobug@bujarra.com
Autor del blog Bujarra.com Cualquier necesidad que tengas, Do not hesitate to contact me, I will try to help you whenever I can, Sharing is living ;) . Enjoy documents!!!

FortiGate metrics with Prometheus and Grafana

13 of March of 2025

Rules and alerts with ElastAlert 2

25 of March of 2025