NetBox is an open-source Infrastructure Resource Management tool designed to act as that single source of truth. It decouples your network state variables from both your configuration playbooks and your physical hardware.

In this guide, we will deploy NetBox locally on Ubuntu and model a very simple set of infrastructural data.

graph LR subgraph Truth [Data Layer] NB[(NetBox)] -- "Host Variables & State" --> API[REST API / GraphQL] end subgraph Logic [Execution Layer] API -- "Dynamic Inventory" --> Ans{Ansible Engine} end subgraph Infrastructure [Network Layer] Ans -- "SSH / Netconf" --> R1[Nokia 7750 SR-1] Ans -- "SSH / Netconf" --> R2[Multi-Vendor Edge] end style NB fill:#2d3748,stroke:#4a5568,stroke-width:2px,color:#fff style Ans fill:#1a202c,stroke:#e2e8f0,stroke-width:2px,color:#fff style R1 fill:#2b6cb0,stroke:#4299e1,stroke-width:2px,color:#fff style R2 fill:#2b6cb0,stroke:#4299e1,stroke-width:2px,color:#fff

1. System Architecture & Dependencies

Before provisioning, we must understand NetBox’s application layers. It is not a single monolith; it is an ecosystem of decoupled components that work together over defined boundaries:

  • The Application Layer (Django/Python): Handles the core business logic and provides a rich REST and GraphQL API.
  • The Storage Tier (PostgreSQL): A relational database that maintains strict data integrity for all physical and logical components.
  • The Caching Layer (Redis): Handles session caching, background tasks, and queuing mechanisms.
  • The Web Server (Nginx/Gunicorn): Manages inbound HTTP traffic and static asset delivery.

2. Low-Friction Provisioning via Docker Compose

To avoid dependencies wrestling with individual system packages, the best approach for an engineering sandbox is to use Docker Compose. This packages the entire multi-tier architecture into isolated containers.

Step 1: Clone the Official Docker Repository

Open your terminal and pull down the optimized container configuration layout: NetBox Docker Repository:

git clone -b release https://github.com/netbox-community/netbox-docker.git

Navigate into the project directory.

cd netbox-docker

Step 2: Enable Local Port Binding

By default, the netbox-docker layout keeps the web application ports unexposed to external host machine networks. We must inject a standard Docker Compose override profile to bind port 8000:

tee docker-compose.override.yml <<EOF
services:
  netbox:
    ports:
      - 8000:8080
EOF

Step 3: Fetch Images and Run Containers

Download the underlying image abstractions (PostgreSQL, Redis, Core Nginx instances) and spin up the multi-tier runtime stack in background detached mode:

docker compose pull
docker compose up -d

Step 4: Create an Administrative Access Control Entry

You cannot log into the web layer until you map a secure superuser account onto the database. Force an execution loop inside the active app container:

docker compose exec netbox /opt/netbox/netbox/manage.py createsuperuser

Follow the interactive terminal prompts to map your administrative username and access password.

Step 5: Access the Web Console

Open a browser window on your workspace machine and navigate to: http://localhost:8000

3. Explicit First-Time Configuration

NetBox enforces strict, relational data integrity rules. For example, you cannot provision a router object until you define the physical site location it occupies. Log into the web UI at port 8000 and build out your infrastructure parameters from the top down using this exact order:

graph TD Org[1. Create Site: Lab-Home] --> Mat[2. Create Manufacturer: Nokia] Mat --> Template subgraph Template [Hardware Template] DT[3. Create Device Type: 7750 SR-1] DT -.-> Int[Interfaces: 1/1/1] DT -.-> Bay[Module Bays: Slot 1] end Template --> Dev[4. Instantiate Device: PE1] Dev --> VRF[5. Provision VRF: VPRN-100] VRF --> IP[6. Allocate IP Address] style Org fill:#2d3748,stroke:#4a5568,color:#fff style Mat fill:#2d3748,stroke:#4a5568,color:#fff style DT fill:#2b6cb0,stroke:#4299e1,color:#fff style Dev fill:#c53030,stroke:#f56565,color:#fff style VRF fill:#2d3748,stroke:#4a5568,color:#fff style IP fill:#2d3748,stroke:#4a5568,color:#fff

1. Create a Site (Organization > Sites)

  • Name: Lab-Home
  • Status: Active

Note: This models the physical or logical boundary where your network topologies sit.

2. Create a Manufacturer (Devices > Device Types > Manufacturers)

  • Name: Nokia

Note: The hardware vendor identity wrapper.

3. Create a Device Type (Devices > Device Types > Device Types)

This functions as an object template defining hardware limits.

  • Manufacturer: Nokia
  • Model: 7750 SR-1
  • Component Initialization: Click into your newly created 7750 SR-1 template page and click the Add Components dropdown to populate the component definitions:
    • Interfaces: Add the Name (e.g 1/1/1) and the correct interface type (e.g 10GBASE-SR (10GE)).
    • Module Bays: Add Slot 1 (This models the input/output hardware slot).

4. Instantiate a Device (Devices > Devices)

Now, deploy a node instance based on that underlying schema layout:

  • Name: PE1
  • Site: Lab-Home
  • Device type: Nokia 7750 SR-1
  • Device role: Create a new operational role named Edge Router.
  • Status: Active

5. Provision a Virtual Routing Instance (IPAM > VRFs):

  • Name: VPRN-100
  • Route Distinguisher (RD): 65000:100

6. Allocate an IPv4 Entry (IPAM > IP Addresses):

  • Address: 10.1.1.1/32
  • Status: Active
  • VRF: VPRN-100
  • Interface Assignment: Map this IP explicit to target host PE1 on interface 1/1/1.

Conclusion & Next Steps

We now have an oversimplified Source of Truth running locally on our machine. Our data model is clean, isolated, and strictly relational.

In Part 2 of the NetDevOps Pipeline series, we will step into the execution layer and explore Ansible Integration. We will throw away static inventory files and use the official NetBox plugin to dynamically turn these database fields into live, programmable execution targets.