Building a Source of Truth for Network Automation

Building a Source of Truth for Network Automation: Netbox, CMDB, and Inventory Strategies¶

This post is part of our ongoing series on network automation best practices, grounded in the PRIME Framework and PRIME Philosophy.

Why This Blog Exists¶

Automation is only as good as its data. A reliable "source of truth" is the foundation for scalable, error-free network automation. This post explains what a source of truth is, why it matters, and how to build one using Netbox, CMDBs, or simple inventories.

🚦 PRIME Philosophy: Transparency and Ownership¶

Transparency: Know exactly what devices, interfaces, and attributes exist
Ownership: Your team controls the inventory, not a vendor
Measurability: Track changes and prove accuracy
Safety: Prevents automation mistakes from bad data
Empowerment: Enables self-service and rapid troubleshooting

Tool Ecosystem Integration (Expert) — Integrate Netbox and other tools for inventory management.
Advanced Nornir Patterns — Learn about custom inventory plugins and Netbox integration.
Deep Dive: CDP Network Audit — See inventory-driven automation in practice.
The authoritative inventory for your network
Can be Netbox, a CMDB, YAML/CSV files, or a database
Used by automation tools to drive changes and validation

Options for Building a Source of Truth¶

1. Netbox¶

Open-source, API-driven, network-focused
Integrates with Nornir, Ansible, custom scripts
Supports devices, IPs, racks, circuits, and more
Enables custom fields, tags, and relationships for advanced modeling
REST API and webhooks for automation triggers
Role-based access control and audit logging

2. CMDB (ServiceNow, custom)¶

Enterprise-wide, not just network
Often integrates with ITSM and change management
Can be extended with network-specific attributes and relationships
Supports workflow automation, approvals, and compliance gates

3. YAML/CSV Inventories¶

Simple, portable, easy to version control
Great for small/medium environments
Enables GitOps-style change control and peer review
Can be validated with schema tools (pykwalify, cerberus)

Integrating Inventory with Automation¶

Nornir: Netbox inventory plugin, YAML/CSV support, dynamic inventory refresh
Ansible: Dynamic inventory scripts, Netbox modules, inventory plugins
PyATS: Testbed YAML files, dynamic testbed generation
Use inventory as the single source for device targeting, variable resolution, and secrets management

PRIME in Action: Inventory Change Tracking¶

Use version control (Git) for YAML/CSV
Audit Netbox/CMDB changes
Automate inventory validation and drift detection
Schedule regular syncs between source of truth and network state
Alert on drift, missing devices, or attribute mismatches

Example: Using Netbox with Nornir¶

from nornir import InitNornir
from nornir_netbox.plugins.inventory.netbox import NetBoxInventory
nr = InitNornir(
    inventory={
        'plugin': 'NetBoxInventory',
        'options': {
            'nb_url': 'https://netbox.example.com',
            'nb_token': 'YOUR_TOKEN',
        }
    }
)
# Advanced: Validate inventory matches network state
def validate_inventory(task):
    # Compare NetBox data to live device facts
    ...
results = nr.run(task=validate_inventory)

Drift Detection Pattern:

def detect_drift(device, netbox_data, live_data):
    drift = {}
    for key in netbox_data:
        if netbox_data[key] != live_data.get(key):
            drift[key] = {'expected': netbox_data[key], 'actual': live_data.get(key)}
    return drift

Summary: Blog Takeaways¶

A source of truth is essential for reliable, scalable automation
Netbox, CMDB, and YAML/CSV all have their place
PRIME principles ensure your inventory is transparent, owned, and safe
Use advanced modeling, validation, and drift detection for production-grade reliability
Integrate inventory with automation, CI/CD, and compliance workflows