NetBox Backup Guide
Introduction
The NetBox backup process provides regular secure backups. In summary the Ansible playbook does the following:
- Manages retention based on your preferences, e.g. deletes local backups older than 14 days old.
- Backs up and encrypts the media directory.
- Backs up and encrypts the
netboxPostgreSQL database. - Captures the current state of NetBox from the
/api/statusendpoint and saves the output in a JSON file that will be compared agains the target state in a restore event. - Optionally SFTP's the three backup files to a secure remote SFTP server.
The NetBox process is stopped during the backup to ensure no changes are made to the database during the backup, and to ensure data integrity. This is typically for less than a minute, but take this into account if you anything connecting to the NetBox, e.g. automation tools. Netos Pod (Airflow) has a retry mechanism that handles broken connectivity to NetBox.
Cron Scheduling
The cron scheduler in Semaphore can be configured to backup the database at regular intervals, for example, at 02:30 every day.
Note that there is a bug in Ansible Semaphore UI that causes the same task to run many times. The solution is to toggle the "Show cron format' button and use UNIX formatting like here.
On the server, you can see the daily 02:00 encrypted backups in the red boxes. Below that, you can see an example of the JSON status that was captured when the backup was executed, so you know the exact version of NetBox and installed plugins for a restore.
Backup File Rotation
You can set the retention period for backup files stored in /netos/backups/netbox in the NetBox Backup Settings Semaphore environment.
Ensure you use the exact values of days or weeks, i.e. no capitals.
Remote SFTP
To enable remote SFTP, change the No value in the SFTP_ENABLED variable to Yes, and set the SFTP_HOST/USER/PASS values accordingly.
Restoring from Backup
The NetBox Restore Process is one way to restore. If you want to manually decrypt the enc files on your local workstation, use the following commands.
openssl enc -aes-256-cbc -d -in BACKUP_FILE.enc -out OUTPUT.sql.gz/.tar.gz
You will need the password set in the NetBox Backup Settings Semaphore environment variable ENCRYPTION_KEY. For example, by running this command and entering the password, we decrypt the NetBox media directory:
openssl enc -aes-256-cbc -d -in netbox_media_09_25_2024_02_00.tar.gz.enc -out netbox_media_09_25_2024_02_00.tar.gz
NetBox Development Snapshots
Use Backups for Labs
The Netos team use the tools outlined in these guides to deploy, restore, develop, and manage dozens of NetBox development environments, typically with many changes and deployments each day.
The original backup below used the standard timestamp format mm_dd_yyyy_HH_MM. However, we renamed it so we can snapshot different useful development environments pre-populated with data. We can then have many backups and images deployed to different NetBox instances on Semaphore to test and stage.
As long as you only replace the timestamp in the filename with some text, you can set this in the RESTORE_FILE_STAMP, variable in the NetBox Backup Settings Semaphore environment. Here are some examples:
| Before | After |
netbox_db_10_01_2024_15_24.sql.gz.enc |
netbox_db_01_Data_Feeds_and_Excel.sql.gz.enc |
netbox_media_10_01_2024_15_24.tar.gz.enc |
netbox_media_01_Data_Feeds_and_Excel.tar.gz.enc |
netbox_status_10_01_2024_15_24.json |
netbox_status_01_Data_Feeds_and_Excel.json |
Additionally, during the backup process the generated timestamp is displayed, for example; 10_01_2024_18_35. You could use this as per the screenshot above to quickly roll back.
