Netbox: New installation (2.8.5) and NAPALM plus LibreNMS API integration

The guys from netbox released version 2.8.5 a couple of days ago, so I decided to do a new setup of my netbox installation - which gives me also the chance to document my setup and go through the device configuration, new features like power feeds and power panels, cabling and scripts. The third part shows how to integrate NAPALM and Graphs on device Interfaces from the Monitoring system LibreNMS.

Integrating NAPALM

Netbox can make usage of NAPALM (Network Automation and Programmability Abstraction Layer with Multivendor support) to authenticate to devices. I am using RADIUS as AAA-Backend (Authentication, Authorization and Accounting), therefore I need to add a system user to the FreeRADIUS configuration.

This system user should have administrative privileges on Cisco devices, which means the so-called Cisco-AVPair need to be set to the value shell:priv-lvl=15.

    NAPALMUSER ClearText-Password := "PASSWORD"
        Service-Type = Administrative-User,
      Cisco-AVPair = "shell:priv-lvl=15"
Example of a NAPALM user in RADIUS /etc/freeradius/3.0/users file

This system user is then used in the Netbox file. If the devices are reachable over a slow WAN connection the parameter NAPALM_TIMEOUT should be increased.

If the NAPALM user has a lower privilege level than 15, then the famous enable command need to be executed by NAPALM. This can be accomplished by passing it in the additional NAPLAM_ARGS parameter as shown in the documentation.

    NAPALM_ARGS = {}
Example of a NAPALM configuration in /opt/netbox/netbox/netbox/ file

In Netbox device settings, the platform must be set before NAPALM can query the device. Therefore I’m setting as Platform IOS and as NAPALM driver ios for my Cisco switches. In addition, the Primary IPv4 for management must be set. Afterwards the tabs Status, LLDP Neighbors and Configuration are available:

Netbox: Device Information queried with NAPALM
Netbox: Device Information queried with NAPALM

Integrating Graphs from LibreNMS on device Interfaces

Netbox has the ability to include Graphs from an external monitoring system. As Monitoring system I am using LibreNMS, however Graphs cannot be displayed directly by accessing an URL from LibreNMS. This means, before displaying a Graph, Netbox has to communicate “somehow” with the LibreNMS API.

LibreNMS provides the function get_graph_by_port_hostname, which needs to be called with an API Token. An API Token in LibreNMS can be easily generated as illustrated in the screenshot below.

Netbox: Generate API Token in LibreNMS
Netbox: Generate API Token in LibreNMS

LibreNMS can be extended with plugins, so I can make use of it by putting a PHP file in the plugin directory. On Github at netbox-graph.php is a piece of code which can be used for that. This piece of PHP code works in the following way:

  1. Netbox Graph calls the netbox-graph.php script on LibreNMS server

  2. The script calls the LibreNMS API including the API Token in the header

  3. The script gets the output as PNG, which is then displayed in NetBox

The setup of the interface Graph can be accomplished by using the Netbox Administration panel as shown in the screenshot below:

Netbox: Setup DCIM/Interface Graph
Netbox: Setup DCIM/Interface Graph

The result is that on the device interfaces an additional Icon (“Show Graphs”) appears. By clicking on the Icon, the Graph with the Interface traffic (called via LibreNMS API) is then displayed:

Netbox: Interface Graph from LibreNMS displayed by API
Netbox: Interface Graph from LibreNMS displayed by API