Unified out-of-band management for NetBox: Redfish & IPMI inventory sync, power control, console access
Project description
netbox-bmc
Unified out-of-band management plugin for NetBox.
Inventory sync and power control via Redfish & IPMI.
Supported Protocols / Vendors
| Protocol | Vendors |
|---|---|
| Redfish | Dell iDRAC, HPE iLO, Lenovo XCC, Supermicro, AMI, Generic |
| WS-MAN | Intel AMT (vPro) |
| IPMI | Fallback for any IPMI-capable BMC |
Protocol is auto-detected: probes /redfish/v1 first, then WS-MAN port 16993 (Intel AMT), falls back to IPMI.
Tested Hardware
| Manufacturer | Model Series | BMC | Protocol | Status |
|---|---|---|---|---|
| Dell | PowerEdge | iDRAC 9 | Redfish | Expected to work |
| HPE | ProLiant | iLO 5 | Redfish | Expected to work |
| HPE | ProLiant | iLO 6 | Redfish | Expected to work |
| Lenovo | ThinkSystem | XCC2 / XCC3 | Redfish | Expected to work |
| Supermicro | X12 / X13 | BMC | Redfish | Expected to work |
| AMI | ASMB-based servers | AMI Redfish Server | Redfish | Expected to work |
| Intel | vPro-enabled desktops/workstations | AMT 6.0+ | WS-MAN | Expected to work |
| Generic | — | Any IPMI-capable BMC | IPMI | Expected to work (fallback) |
Features
- Module Builder: Sync BMC hardware inventory to NetBox Modules
- Scan via Redfish → preview detected components with diff badges (new / updated / unchanged / removed)
- Select individual components before applying
- Auto-create ModuleBays when missing (warned in preview)
- Detect serial number changes after FRU replacement and apply diff updates
- Only manages
bmc-synced-tagged Modules; never touches manually created Modules
- Collected components: CPU, Memory, Drive, PSU, Fan, Firmware, PCI devices
- PSU and Fan collected via Chassis link; PCIe via PCIeDevices collection
- Vendor auto-detection: Dispatches to Dell / HPE / Lenovo subclass drivers based on ServiceRoot
Vendor/Oemkeys - Power control: on / off / soft / cycle / reset (both protocols)
Install
Standard (non-Docker)
pip install netbox-bmc
python manage.py migrate
Add to configuration.py:
PLUGINS = ["netbox_bmc"]
PLUGINS_CONFIG = {
"netbox_bmc": {
"sync_interval_minutes": 0,
"default_verify_ssl": False,
},
}
Docker (netbox-docker)
Follow the official plugin installation guide.
plugin_requirements.txt
netbox-bmc
Dockerfile-Plugins
FROM netboxcommunity/netbox:latest
COPY ./plugin_requirements.txt /opt/netbox/
RUN /usr/local/bin/uv pip install -r /opt/netbox/plugin_requirements.txt
docker-compose.override.yml
services:
netbox:
image: netbox:latest-plugins
pull_policy: never
build:
context: .
dockerfile: Dockerfile-Plugins
netbox-worker:
image: netbox:latest-plugins
pull_policy: never
configuration/plugins.py
PLUGINS = ["netbox_bmc"]
PLUGINS_CONFIG = {
"netbox_bmc": {
"sync_interval_minutes": 0,
"default_verify_ssl": False,
},
}
Build and start:
docker compose build --no-cache
docker compose up -d
Configure
Edit PLUGINS_CONFIG["netbox_bmc"] in configuration.py:
| Key | Default | Description |
|---|---|---|
sync_interval_minutes |
0 |
Scheduled bulk sync interval in minutes. 0 disables. |
default_verify_ssl |
False |
Default SSL verification for new BMC Endpoints. |
service_account |
— | Service account name for background jobs (netbox-secrets). |
service_private_key_path |
— | Path to private key for service account (netbox-secrets). |
Use
Inventory Sync
- Open a Device in NetBox and click BMC Endpoints → Add
- Enter the BMC address and credentials, then save
- On the Endpoint detail page, click [Build Modules]
- Review the component preview (new / updated / unchanged / removed)
- Check the components to sync and click [Apply Selected]
ModuleBays, ModuleTypes, and Modules are created or updated automatically.
Power Control
From the Endpoint detail page, use the power button group:
| Button | Action |
|---|---|
| On | Power on |
| Off | Hard power off (confirm dialog) |
| Soft | ACPI graceful shutdown |
| Cycle | Power cycle — off then on (confirm dialog) |
| Reset | Hard reset (confirm dialog) |
Module Naming
Vendor-specific names are normalized to a consistent format:
| Raw name (Redfish) | Normalized |
|---|---|
CPU.Socket.1 / Processor 0 |
CPU 0 |
DIMM.A1 / Memory 0 |
Memory 0 |
Disk.Bay.0 |
Drive 0 |
NIC.Slot.1 (PCIe) |
PCI 0 |
Custom Fields
The following custom fields are set automatically on each Module:
| Field | Content |
|---|---|
bmc_redfish_path |
Source Redfish URI |
bmc_firmware_version |
Firmware version string |
Versions
| netbox-bmc | NetBox |
|---|---|
| 0.4.x | 4.5, 4.6 |
Vendor Notes
Dell iDRAC
iDRAC 9 (Redfish 1.x) is the primary target. URI traversal starts from ServiceRoot links — no hardcoded paths — so firmware variations should be absorbed automatically.
HPE iLO
iLO 5 and iLO 6 are supported via the HPE subclass driver. iLO 4 (Redfish 1.0 partial compliance) is not tested and may not work correctly.
Lenovo XCC
XCC2 and XCC3 are supported. Some older XCC firmware versions expose non-standard collection URIs; the link-traversal approach handles most variations.
Supermicro
Generic Redfish driver is used. Supermicro BMC firmware varies significantly; behaviour may differ across firmware versions.
AMI (American Megatrends)
AMI Redfish Server (detected via Vendor: "AMI" in ServiceRoot). PCIe devices are exposed under Chassis/PCIeDevices rather than Systems/PCIeDevices; the AMI subclass driver handles this automatically. Hardware inventory (CPU, Memory) populates only when the host is powered on.
Intel AMT (Active Management Technology)
Intel AMT is built into vPro-enabled CPUs (6th gen+). Accessed via WS-MAN (SOAP/XML over HTTPS on port 16993) with HTTP Digest authentication.
Auto-detection: if Redfish is unavailable, detect_and_build() probes port 16993 with a WS-MAN Identify request. If AMT responds, IntelAmtDriver is selected; otherwise falls back to IPMI.
To force AMT: set protocol = "wsman" on the BMCEndpoint.
Collected: CPU (CIM_Processor), Memory (CIM_PhysicalMemory), AMT firmware version (WS-MAN Identity). Storage and PCIe are not available via AMT WS-MAN.
AMT must be provisioned and the management port must be reachable (not firewalled). AMT 5.x and below are not tested.
Development
# Install dev dependencies
uv sync --extra dev
# Run tests
uv run pytest
Adding a New Vendor
- Add a subclass in
netbox_bmc/drivers/redfish.pyextendingRedfishDriver - Register it in
detect_and_build()innetbox_bmc/drivers/base.pyby matchingServiceRootvendor keys - Add unit tests in
tests/test_redfish_extensions.py
Adding a New Protocol
Implement BaseDriver (netbox_bmc/drivers/base.py) and return InventoryResult from get_inventory().
Credentials
netbox-bmc resolves BMC credentials in the following order:
- netbox-secrets (preferred) —
Secretwith rolebmc-credentialsassigned to the Device.
Secret.name= BMC username,Secret.plaintext= BMC password (RSA-encrypted). - Plaintext fallback —
username/passwordfields onBMCEndpoint, used when netbox-secrets is not installed or no matching secret is found.
For background jobs (scheduled sync), set service_account and service_private_key_path in PLUGINS_CONFIG so the job can decrypt secrets without an HTTP session.
Known Limitations
- REST API (serializers / viewsets) not yet implemented
- Multi-node chassis (multiple
Systems) not supported - Scheduled bulk sync (
ScheduledInventorySyncJob) not yet implemented - KVM / SOL console not yet ported from the predecessor plugin
- Old BMCs with low Redfish compliance (e.g. HPE iLO 4) not validated
License
Apache License 2.0 — see LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file netbox_bmc-0.4.16.tar.gz.
File metadata
- Download URL: netbox_bmc-0.4.16.tar.gz
- Upload date:
- Size: 55.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c18bcaabd212701094f29da3d3d83004b84e01db74b2f79633e93a7d22bfb6d7
|
|
| MD5 |
ea2af997c34d3cd1ed69789930985ee7
|
|
| BLAKE2b-256 |
e04c44e0aabab0c1df0b9e4c03fd22bbece3b2abc551fe0d7cc3e689fd11e30a
|
Provenance
The following attestation bundles were made for netbox_bmc-0.4.16.tar.gz:
Publisher:
publish-pypi.yaml on tak-labo/netbox-bmc
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
netbox_bmc-0.4.16.tar.gz -
Subject digest:
c18bcaabd212701094f29da3d3d83004b84e01db74b2f79633e93a7d22bfb6d7 - Sigstore transparency entry: 1978416876
- Sigstore integration time:
-
Permalink:
tak-labo/netbox-bmc@cf6a7b889e4dfa18a98caa7bccef34b9df38901c -
Branch / Tag:
refs/tags/v0.4.16 - Owner: https://github.com/tak-labo
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yaml@cf6a7b889e4dfa18a98caa7bccef34b9df38901c -
Trigger Event:
push
-
Statement type:
File details
Details for the file netbox_bmc-0.4.16-py3-none-any.whl.
File metadata
- Download URL: netbox_bmc-0.4.16-py3-none-any.whl
- Upload date:
- Size: 53.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
98e102408f22cc1198cea14ba95865c42d142c6f5c9418832743e212a8649032
|
|
| MD5 |
47aa921a23f180fc5e1adc7d78635e30
|
|
| BLAKE2b-256 |
6722873375a7e5fdd85b8b7530f45fea484518085403fae6b84e6ded5c756011
|
Provenance
The following attestation bundles were made for netbox_bmc-0.4.16-py3-none-any.whl:
Publisher:
publish-pypi.yaml on tak-labo/netbox-bmc
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
netbox_bmc-0.4.16-py3-none-any.whl -
Subject digest:
98e102408f22cc1198cea14ba95865c42d142c6f5c9418832743e212a8649032 - Sigstore transparency entry: 1978417386
- Sigstore integration time:
-
Permalink:
tak-labo/netbox-bmc@cf6a7b889e4dfa18a98caa7bccef34b9df38901c -
Branch / Tag:
refs/tags/v0.4.16 - Owner: https://github.com/tak-labo
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yaml@cf6a7b889e4dfa18a98caa7bccef34b9df38901c -
Trigger Event:
push
-
Statement type: