Merge pull request #4589 from netbox-community/develop

Release v2.8.2

.github/ISSUE_TEMPLATE/bug_report.md

@@ -15,22 +15,23 @@ about: Report a reproducible bug in the current release of NetBox
 
     Please describe the environment in which you are running NetBox. Be sure
     that you are running an unmodified instance of the latest stable release
-    before submitting a bug report.
+    before submitting a bug report, and that any plugins have been disabled.
 -->
 ### Environment
-* Python version:  <!-- Example: 3.6.9 -->
-* NetBox version:  <!-- Example: 2.7.3 -->
+* Python version: 
+* NetBox version: 
 
 <!--
     Describe in detail the exact steps that someone else can take to reproduce
-    this bug using the current stable release of NetBox (or the current beta
-    release where applicable). Begin with the creation of any necessary
-    database objects and call out every operation being performed explicitly.
-    If reporting a bug in the REST API, be sure to reconstruct the raw HTTP
-    request(s) being made: Don't rely on a wrapper like pynetbox.
+    this bug using the current stable release of NetBox. Begin with the
+    creation of any necessary database objects and call out every operation
+    being performed explicitly. If reporting a bug in the REST API, be sure to
+    reconstruct the raw HTTP request(s) being made: Don't rely on a client
+    library such as pynetbox.
 -->
 ### Steps to Reproduce
-1.
+1. Disable any installed plugins by commenting out the `PLUGINS` setting in
+   `configuration.py`.
 2.
 3.
 

.gitignore

@@ -1,4 +1,5 @@
 *.pyc
+*.swp
 /netbox/netbox/configuration.py
 /netbox/netbox/ldap_config.py
 /netbox/reports/*
@@ -6,15 +7,14 @@
 /netbox/scripts/*
 !/netbox/scripts/__init__.py
 /netbox/static
-.idea
+/venv/
 /*.sh
 !upgrade.sh
 fabfile.py
-*.swp
-gunicorn_config.py
 gunicorn.py
 netbox.log
 netbox.pid
 .DS_Store
-.vscode
+.idea
 .coverage
+.vscode

.travis.yml

@@ -3,10 +3,11 @@ services:
   - postgresql
   - redis-server
 addons:
-  postgresql: "9.4"
+  postgresql: "9.6"
 language: python
 python:
-  - "3.5"
+  - "3.6"
+  - "3.7"
 install:
   - pip install -r requirements.txt
   - pip install pycodestyle

README.md

@@ -22,7 +22,7 @@ or join us in the #netbox Slack channel on [NetworkToCode](https://networktocode
 | **master** | [![Build Status](https://travis-ci.org/netbox-community/netbox.svg?branch=master)](https://travis-ci.com/netbox-community/netbox/) |
 | **develop** | [![Build Status](https://travis-ci.org/netbox-community/netbox.svg?branch=develop)](https://travis-ci.com/netbox-community/netbox/) |
 
-## Screenshots
+### Screenshots
 
 ![Screenshot of main page](docs/media/screenshot1.png "Main page")
 
@@ -34,13 +34,13 @@ or join us in the #netbox Slack channel on [NetworkToCode](https://networktocode
 
 ![Screenshot of prefix hierarchy](docs/media/screenshot3.png "Prefix hierarchy")
 
-# Installation
+## Installation
 
 Please see [the documentation](http://netbox.readthedocs.io/en/stable/) for
 instructions on installing NetBox. To upgrade NetBox, please download the [latest release](https://github.com/netbox-community/netbox/releases)
 and run `upgrade.sh`.
 
-# Providing Feedback
+## Providing Feedback
 
 Feature requests and bug reports must be submitted as GiHub issues. (Please be
 sure to use the [appropriate template](https://github.com/netbox-community/netbox/issues/new/choose).)
@@ -49,6 +49,6 @@ For general discussion, please consider joining our [mailing list](https://group
 If you are interested in contributing to the development of NetBox, please read
 our [contributing guide](CONTRIBUTING.md) prior to beginning any work.
 
-# Related projects
+## Related projects
 
 Please see [our wiki](https://github.com/netbox-community/netbox/wiki/Community-Contributions) for a list of relevant community projects.

base_requirements.txt

@@ -58,14 +58,17 @@ djangorestframework
 # https://github.com/axnsan12/drf-yasg
 drf-yasg[validation]
 
+# WSGI HTTP server
+# https://gunicorn.org/
+gunicorn
+
 # Platform-agnostic template rendering engine
 # https://github.com/pallets/jinja
 Jinja2
 
 # Simple markup language for rendering HTML
 # https://github.com/Python-Markdown/markdown
-# py-gfm requires Markdown<3.0
-Markdown<3.0
+Markdown
 
 # Library for manipulating IP prefixes and addresses
 # https://github.com/drkjam/netaddr
@@ -79,10 +82,6 @@ Pillow
 # https://github.com/psycopg/psycopg2
 psycopg2-binary
 
-# GitHub-flavored Markdown extensions
-# https://github.com/zopieux/py-gfm
-py-gfm
-
 # Extensive cryptographic library (fork of pycrypto)
 # https://github.com/Legrandin/pycryptodome
 pycryptodome

contrib/apache.conf

@@ -0,0 +1,26 @@
+<VirtualHost *:443>
+    ProxyPreserveHost On
+
+    # CHANGE THIS TO YOUR SERVER'S NAME
+    ServerName netbox.example.com
+
+    SSLEngine on
+    SSLCertificateFile /etc/ssl/certs/netbox.crt
+    SSLCertificateKeyFile /etc/ssl/private/netbox.key
+
+    Alias /static /opt/netbox/netbox/static
+
+    <Directory /opt/netbox/netbox/static>
+        Options Indexes FollowSymLinks MultiViews
+        AllowOverride None
+        Require all granted
+    </Directory>
+
+    <Location /static>
+        ProxyPass !
+    </Location>
+
+    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
+    ProxyPass / http://127.0.0.1:8001/
+    ProxyPassReverse / http://127.0.0.1:8001/
+</VirtualHost>

contrib/netbox-rq.service

@@ -7,12 +7,11 @@ Wants=network-online.target
 [Service]
 Type=simple
 
-User=www-data
-Group=www-data
-
+User=netbox
+Group=netbox
 WorkingDirectory=/opt/netbox
 
-ExecStart=/usr/bin/python3 /opt/netbox/netbox/manage.py rqworker
+ExecStart=/opt/netbox/venv/bin/python3 /opt/netbox/netbox/manage.py rqworker
 
 Restart=on-failure
 RestartSec=30

contrib/netbox.service

@@ -7,12 +7,12 @@ Wants=network-online.target
 [Service]
 Type=simple
 
-User=www-data
-Group=www-data
+User=netbox
+Group=netbox
 PIDFile=/var/tmp/netbox.pid
 WorkingDirectory=/opt/netbox
 
-ExecStart=/usr/local/bin/gunicorn --pid /var/tmp/netbox.pid --pythonpath /opt/netbox/netbox --config /opt/netbox/gunicorn.py netbox.wsgi
+ExecStart=/opt/netbox/venv/bin/gunicorn --pid /var/tmp/netbox.pid --pythonpath /opt/netbox/netbox --config /opt/netbox/gunicorn.py netbox.wsgi
 
 Restart=on-failure
 RestartSec=30

contrib/nginx.conf

@@ -0,0 +1,29 @@
+server {
+    listen 443 ssl;
+
+    # CHANGE THIS TO YOUR SERVER'S NAME
+    server_name netbox.example.com;
+
+    ssl_certificate /etc/ssl/certs/netbox.crt;
+    ssl_certificate_key /etc/ssl/private/netbox.key;
+
+    client_max_body_size 25m;
+
+    location /static/ {
+        alias /opt/netbox/netbox/static/;
+    }
+
+    location / {
+        proxy_pass http://127.0.0.1:8001;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+
+server {
+    # Redirect HTTP traffic to HTTPS
+    listen 80;
+    server_name _;
+    return 301 https://$host$request_uri;
+}

docs/additional-features/caching.md

@@ -3,7 +3,7 @@
 To improve performance, NetBox supports caching for most object and list views. Caching is implemented using Redis,
 and [django-cacheops](https://github.com/Suor/django-cacheops)
 
-Several management commands are avaliable for administrators to manaully invalidate cache entries in extenuating circumstances.
+Several management commands are avaliable for administrators to manually invalidate cache entries in extenuating circumstances.
 
 To invalidate a specifc model instance (for example a Device with ID 34):
 ```

docs/additional-features/context-data.md

@@ -1,5 +1,3 @@
-# Contextual Configuration Data
+# Context Data
 
-Sometimes it is desirable to associate arbitrary data with a group of devices to aid in their configuration. For example, you might want to associate a set of syslog servers for all devices at a particular site. Context data enables the association of arbitrary data to devices and virtual machines grouped by region, site, role, platform, and/or tenant. Context data is arranged hierarchically, so that data with a higher weight can be entered to override more general lower-weight data. Multiple instances of data are automatically merged by NetBox to present a single dictionary for each object.
-
-Devices and Virtual Machines may also have a local config context defined. This local context will always overwrite the rendered config context objects for the Device/VM. This is useful in situations were the device requires a one-off value different from the rest of the environment.
+{!docs/models/extras/configcontext.md!}

docs/additional-features/custom-scripts.md

@@ -63,7 +63,7 @@ A human-friendly description of what your script does.
 
 ### `field_order`
 
-A list of field names indicating the order in which the form fields should appear. This is optional, however on Python 3.5 and earlier the fields will appear in random order. (Declarative ordering is preserved on Python 3.6 and above.) For example:
+A list of field names indicating the order in which the form fields should appear. This is optional, and should not be required on Python 3.6 and above. For example:
 
 ```
 field_order = ['var1', 'var2', 'var3']

docs/additional-features/napalm.md

@@ -3,7 +3,7 @@
 NetBox supports integration with the [NAPALM automation](https://napalm-automation.net/) library. NAPALM allows NetBox to fetch live data from devices and return it to a requester via its REST API.
 
 !!! info
-    To enable the integration, the NAPALM library must be installed. See [installation steps](../../installation/2-netbox/#napalm-automation-optional) for more information.
+    To enable the integration, the NAPALM library must be installed. See [installation steps](../../installation/3-netbox/#napalm-automation-optional) for more information.
 
 ```
 GET /api/dcim/devices/1/napalm/?method=get_environment

docs/additional-features/tags.md

@@ -1,24 +1,3 @@
-# Tags
+# Tagging
 
-Tags are free-form text labels which can be applied to a variety of objects within NetBox. Tags are created on-demand as they are assigned to objects. Use commas to separate tags when adding multiple tags to an object (for example: `Inventoried, Monitored`). Use double quotes around a multi-word tag when adding only one tag, e.g. `"Core Switch"`.
-
-Each tag has a label and a URL-friendly slug. For example, the slug for a tag named "Dunder Mifflin, Inc." would be `dunder-mifflin-inc`. The slug is generated automatically and makes tags easier to work with as URL parameters.
-
-Objects can be filtered by the tags they have applied. For example, the following API request will retrieve all devices tagged as "monitored":
-
-```
-GET /api/dcim/devices/?tag=monitored
-```
-
-Tags are included in the API representation of an object as a list of plain strings:
-
-```
-{
-    ...
-    "tags": [
-        "Core Switch",
-        "Monitored"
-    ],
-    ...
-}
-```
+{!docs/models/extras/tag.md!}

docs/additional-features/webhooks.md

@@ -71,3 +71,36 @@ If no body template is specified, the request body will be populated with a JSON
 When a change is detected, any resulting webhooks are placed into a Redis queue for processing. This allows the user's request to complete without needing to wait for the outgoing webhook(s) to be processed. The webhooks are then extracted from the queue by the `rqworker` process and HTTP requests are sent to their respective destinations. The current webhook queue and any failed webhooks can be inspected in the admin UI under Django RQ > Queues.
 
 A request is considered successful if the response has a 2XX status code; otherwise, the request is marked as having failed. Failed requests may be retried manually via the admin UI.
+
+## Troubleshooting
+
+To assist with verifying that the content of outgoing webhooks is rendered correctly, NetBox provides a simple HTTP listener that can be run locally to receive and display webhook requests. First, modify the target URL of the desired webhook to `http://localhost:9000/`. This will instruct NetBox to send the request to the local server on TCP port 9000. Then, start the webhook receiver service from the NetBox root directory:
+
+```no-highlight
+$ python netbox/manage.py webhook_receiver
+Listening on port http://localhost:9000. Stop with CONTROL-C.
+```
+
+You can test the receiver itself by sending any HTTP request to it. For example:
+
+```no-highlight
+$ curl -X POST http://localhost:9000 --data '{"foo": "bar"}'
+```
+
+The server will print output similar to the following:
+
+```no-highlight
+[1] Tue, 07 Apr 2020 17:44:02 GMT 127.0.0.1 "POST / HTTP/1.1" 200 -
+Host: localhost:9000
+User-Agent: curl/7.58.0
+Accept: */*
+Content-Length: 14
+Content-Type: application/x-www-form-urlencoded
+
+{"foo": "bar"}
+------------
+```
+
+Note that `webhook_receiver` does not actually _do_ anything with the information received: It merely prints the request headers and body for inspection.
+
+Now, when the NetBox webhook is triggered and processed, you should see its headers and content appear in the terminal where the webhook receiver is listening. If you don't, check that the `rqworker` process is running and that webhook events are being placed into the queue (visible under the NetBox admin UI).

docs/administration/netbox-shell.md

@@ -1,3 +1,5 @@
+# The NetBox Python Shell
+
 NetBox includes a Python shell within which objects can be directly queried, created, modified, and deleted. To enter the shell, run the following command:
 
 ```
@@ -8,8 +10,8 @@ This will launch a customized version of [the built-in Django shell](https://doc
 
 ```
 $ ./manage.py nbshell
-### NetBox interactive shell (jstretch-laptop)
-### Python 3.5.2 | Django 2.0.8 | NetBox 2.4.3
+### NetBox interactive shell (localhost)
+### Python 3.6.9 | Django 2.2.11 | NetBox 2.7.10
 ### lsmodels() will show available models. Use help(<model>) for more info.
 ```
 

docs/administration/replicating-netbox.md

@@ -1,11 +1,13 @@
-# Replicating the Database
+# Replicating NetBox
+
+## Replicating the Database
 
 NetBox uses [PostgreSQL](https://www.postgresql.org/) for its database, so general PostgreSQL best practices will apply to NetBox. You can dump and restore the database using the `pg_dump` and `psql` utilities, respectively.
 
 !!! note
     The examples below assume that your database is named `netbox`.
 
-## Export the Database
+### Export the Database
 
 Use the `pg_dump` utility to export the entire database to a file:
 
@@ -19,7 +21,7 @@ When replicating a production database for development purposes, you may find it
 pg_dump --exclude-table-data=extras_objectchange netbox > netbox.sql
 ```
 
-## Load an Exported Database
+### Load an Exported Database
 
 !!! warning
     This will destroy and replace any existing instance of the database.
@@ -32,7 +34,7 @@ psql netbox < netbox.sql
 
 Keep in mind that PostgreSQL user accounts and permissions are not included with the dump: You will need to create those manually if you want to fully replicate the original database (see the [installation docs](../installation/1-postgresql.md)). When setting up a development instance of NetBox, it's strongly recommended to use different credentials anyway.
 
-## Export the Database Schema
+### Export the Database Schema
 
 If you want to export only the database schema, and not the data itself (e.g. for development reference), do the following:
 
@@ -47,11 +49,11 @@ python3 manage.py invalidate all
 
 ---
 
-# Replicating Media
+## Replicating Media
 
 NetBox stored uploaded files (such as image attachments) in its media directory. To fully replicate an instance of NetBox, you'll need to copy both the database and the media files.
 
-## Archive the Media Directory
+### Archive the Media Directory
 
 Execute the following command from the root of the NetBox installation path (typically `/opt/netbox`):
 
@@ -59,7 +61,7 @@ Execute the following command from the root of the NetBox installation path (typ
 tar -czf netbox_media.tar.gz netbox/media/
 ```
 
-## Restore the Media Directory
+### Restore the Media Directory
 
 To extract the saved archive into a new installation, run the following from the installation root:
 

docs/api/authentication.md

@@ -1,6 +1,8 @@
+# REST API Authentication
+
 The NetBox API employs token-based authentication. For convenience, cookie authentication can also be used when navigating the browsable API.
 
-# Tokens
+## Tokens
 
 A token is a unique identifier that identifies a user to the API. Each user in NetBox may have one or more tokens which he or she can use to authenticate to the API. To create a token, navigate to the API tokens page at `/user/api-tokens/`.
 
@@ -13,7 +15,7 @@ By default, a token can be used for all operations available via the API. Desele
 
 Additionally, a token can be set to expire at a specific time. This can be useful if an external client needs to be granted temporary access to NetBox.
 
-# Authenticating to the API
+## Authenticating to the API
 
 By default, read operations will be available without authentication. In this case, a token may be included in the request, but is not necessary.
 

docs/api/examples.md

@@ -14,7 +14,7 @@ To authenticate a request, attach your token in an `Authorization` header:
 curl -H "Authorization: Token d2f763479f703d80de0ec15254237bc651f9cdc0"
 ```
 
-### Retrieving a list of sites
+## Retrieving a list of sites
 
 Send a `GET` request to the object list endpoint. The response contains a paginated list of JSON objects.
 
@@ -51,7 +51,7 @@ $ curl -H "Accept: application/json; indent=4" http://localhost/api/dcim/sites/
 }
 ```
 
-### Retrieving a single site by ID
+## Retrieving a single site by ID
 
 Send a `GET` request to the object detail endpoint. The response contains a single JSON object.
 
@@ -80,7 +80,7 @@ $ curl -H "Accept: application/json; indent=4" http://localhost/api/dcim/sites/6
 }
 ```
 
-### Creating a new site
+## Creating a new site
 
 Send a `POST` request to the site list endpoint with token authentication and JSON-formatted data. Only mandatory fields are required. This example includes one non required field, "region."
 
@@ -104,7 +104,7 @@ $ curl -X POST -H "Authorization: Token d2f763479f703d80de0ec15254237bc651f9cdc0
 ```
 Note that in this example we are creating a site bound to a region with the ID of 5. For write API actions (`POST`, `PUT`, and `PATCH`) the integer ID value is used for `ForeignKey` (related model) relationships, instead of the nested representation that is used in the `GET` (list) action.
 
-### Modify an existing site
+## Modify an existing site
 
 Make an authenticated `PUT` request to the site detail endpoint. As with a create (`POST`) request, all mandatory fields must be included.
 
@@ -112,14 +112,14 @@ Make an authenticated `PUT` request to the site detail endpoint. As with a creat
 $ curl -X PUT -H "Authorization: Token d2f763479f703d80de0ec15254237bc651f9cdc0" -H "Content-Type: application/json" -H "Accept: application/json; indent=4" http://localhost:8000/api/dcim/sites/16/ --data '{"name": "Renamed Site", "slug": "renamed-site"}'
 ```
 
-### Modify an object by changing a field
+## Modify an object by changing a field
 
 Make an authenticated `PATCH` request to the device endpoint. With `PATCH`, unlike `POST` and `PUT`, we only specify the field that is being changed. In this example, we add a serial number to a device.
 ```
 $ curl -X PATCH -H "Authorization: Token d2f763479f703d80de0ec15254237bc651f9cdc0" -H "Content-Type: application/json" -H "Accept: application/json; indent=4" http://localhost:8000/api/dcim/devices/2549/ --data '{"serial": "FTX1123A090"}'
 ```
 
-### Delete an existing site
+## Delete an existing site
 
 Send an authenticated `DELETE` request to the site detail endpoint.
 

docs/api/filtering.md

@@ -0,0 +1,71 @@
+# API Filtering
+
+The NetBox API supports robust filtering of results based on the fields of each model.
+Generally speaking you are able to filter based on the attributes (fields) present in
+the response body. Please note however that certain read-only or metadata fields are not
+filterable.
+
+Filtering is achieved by passing HTTP query parameters and the parameter name is the
+name of the field you wish to filter on and the value is the field value.
+
+E.g. filtering based on a device's name:
+```
+/api/dcim/devices/?name=DC-SPINE-1
+```
+
+## Multi Value Logic
+
+While you are able to filter based on an arbitrary number of fields, you are also able to
+pass multiple values for the same field. In most cases filtering on multiple values is
+implemented as a logical OR operation. A notable exception is the `tag` filter which
+is a logical AND. Passing multiple values for one field, can be combined with other fields.
+
+For example, filtering for devices with either the name of DC-SPINE-1 _or_ DC-LEAF-4:
+```
+/api/dcim/devices/?name=DC-SPINE-1&name=DC-LEAF-4
+```
+
+Filtering for devices with tag `router` and `customer-a` will return only devices with
+_both_ of those tags applied:
+```
+/api/dcim/devices/?tag=router&tag=customer-a
+```
+
+## Lookup Expressions
+
+Certain model fields also support filtering using additional lookup expressions. This allows
+for negation and other context specific filtering.
+
+These lookup expressions can be applied by adding a suffix to the desired field's name.
+E.g. `mac_address__n`. In this case, the filter expression is for negation and it is separated
+by two underscores. Below are the lookup expressions that are supported across different field
+types.
+
+### Numeric Fields
+
+Numeric based fields (ASN, VLAN ID, etc) support these lookup expressions:
+
+- `n` - not equal (negation)
+- `lt` - less than
+- `lte` - less than or equal
+- `gt` - greater than
+- `gte` - greater than or equal
+
+### String Fields
+
+String based (char) fields (Name, Address, etc) support these lookup expressions:
+
+- `n` - not equal (negation)
+- `ic` - case insensitive contains
+- `nic` - negated case insensitive contains
+- `isw` - case insensitive starts with
+- `nisw` - negated case insensitive starts with
+- `iew` - case insensitive ends with
+- `niew` - negated case insensitive ends with
+- `ie` - case sensitive exact match
+- `nie` - negated case sensitive exact match
+
+### Foreign Keys & Other Fields
+
+Certain other fields, namely foreign key relationships support just the negation
+expression: `n`.

docs/api/overview.md

@@ -1,4 +1,6 @@
-# What is a REST API?
+# The NetBox REST API
+
+## What is a REST API?
 
 REST stands for [representational state transfer](https://en.wikipedia.org/wiki/Representational_state_transfer). It's a particular type of API which employs HTTP to create, retrieve, update, and delete objects from a database. (This set of operations is commonly referred to as CRUD.) Each type of operation is associated with a particular HTTP verb:
 
@@ -32,11 +34,11 @@ $ curl -s http://localhost:8000/api/ipam/ip-addresses/2954/ | jq '.'
 
 Each attribute of the NetBox object is expressed as a field in the dictionary. Fields may include their own nested objects, as in the case of the `status` field above. Every object includes a primary key named `id` which uniquely identifies it in the database.
 
-# Interactive Documentation
+## Interactive Documentation
 
 Comprehensive, interactive documentation of all API endpoints is available on a running NetBox instance at `/api/docs/`. This interface provides a convenient sandbox for researching and experimenting with NetBox's various API endpoints and different request types.
 
-# URL Hierarchy
+## URL Hierarchy
 
 NetBox's entire API is housed under the API root at `https://<hostname>/api/`. The URL structure is divided at the root level by application: circuits, DCIM, extras, IPAM, secrets, and tenancy. Within each application, each model has its own path. For example, the provider and circuit objects are located under the "circuits" application:
 
@@ -62,7 +64,9 @@ Lists of objects can be filtered using a set of query parameters. For example, t
 GET /api/dcim/interfaces/?device_id=123
 ```
 
-# Serialization
+See [filtering](filtering.md) for more details.
+
+## Serialization
 
 The NetBox API employs three types of serializers to represent model data:
 
@@ -106,7 +110,7 @@ The base serializer is used to represent the default view of a model. This inclu
 }
 ```
 
-## Related Objects
+### Related Objects
 
 Related objects (e.g. `ForeignKey` fields) are represented using a nested serializer. A nested serializer provides a minimal representation of an object, including only its URL and enough information to display the object to a user. When performing write API actions (`POST`, `PUT`, and `PATCH`), related objects may be specified by either numeric ID (primary key), or by a set of attributes sufficiently unique to return the desired object.
 
@@ -137,7 +141,7 @@ Or by a set of nested attributes used to identify the rack:
 
 Note that if the provided parameters do not return exactly one object, a validation error is raised.
 
-## Brief Format
+### Brief Format
 
 Most API endpoints support an optional "brief" format, which returns only a minimal representation of each object in the response. This is useful when you need only a list of the objects themselves without any related data, such as when populating a drop-down list in a form.
 
@@ -183,38 +187,7 @@ GET /api/ipam/prefixes/13980/?brief=1
 
 The brief format is supported for both lists and individual objects.
 
-## Static Choice Fields
-
-Some model fields, such as the `status` field in the above example, utilize static integers corresponding to static choices. The available choices can be retrieved from the read-only `_choices` endpoint within each app. A specific `model:field` tuple may optionally be specified in the URL.
-
-Each choice includes a human-friendly label and its corresponding numeric value. For example, `GET /api/ipam/_choices/prefix:status/` will return:
-
-```
-[
-    {
-        "value": 0,
-        "label": "Container"
-    },
-    {
-        "value": 1,
-        "label": "Active"
-    },
-    {
-        "value": 2,
-        "label": "Reserved"
-    },
-    {
-        "value": 3,
-        "label": "Deprecated"
-    }
-]
-```
-
-Thus, to set a prefix's status to "Reserved," it would be assigned the integer `2`.
-
-A request for `GET /api/ipam/_choices/` will return choices for _all_ fields belonging to models within the IPAM app.
-
-# Pagination
+## Pagination
 
 API responses which contain a list of objects (for example, a request to `/api/dcim/devices/`) will be paginated to avoid unnecessary overhead. The root JSON object will contain the following attributes:
 
@@ -268,40 +241,45 @@ The maximum number of objects that can be returned is limited by the [`MAX_PAGE_
 !!! warning
     Disabling the page size limit introduces a potential for very resource-intensive requests, since one API request can effectively retrieve an entire table from the database.
 
-# Filtering
+## Filtering
 
-A list of objects retrieved via the API can be filtered by passing one or more query parameters. The same parameters used by the web UI work for the API as well. For example, to return only prefixes with a status of "Active" (`1`):
+A list of objects retrieved via the API can be filtered by passing one or more query parameters. The same parameters used by the web UI work for the API as well. For example, to return only prefixes with a status of "Active" (identified by the slug `active`):
 
 ```
-GET /api/ipam/prefixes/?status=1
+GET /api/ipam/prefixes/?status=active
 ```
 
-The choices available for fixed choice fields such as `status` are exposed in the API under a special `_choices` endpoint for each NetBox app. For example, the available choices for `Prefix.status` are listed at `/api/ipam/_choices/` under the key `prefix:status`:
+The choices available for fixed choice fields such as `status` can be retrieved by sending an `OPTIONS` API request for the desired endpoint:
 
-```
-"prefix:status": [
-    {
-        "label": "Container",
-        "value": 0
-    },
-    {
-        "label": "Active",
-        "value": 1
-    },
-    {
-        "label": "Reserved",
-        "value": 2
-    },
-    {
-        "label": "Deprecated",
-        "value": 3
-    }
-],
+```no-highlight
+$ curl -s -X OPTIONS \
+-H "Authorization: Token $TOKEN" \
+-H "Content-Type: application/json" \
+-H "Accept: application/json; indent=4" \
+http://localhost:8000/api/ipam/prefixes/ | jq ".actions.POST.status.choices"
+[
+  {
+    "value": "container",
+    "display_name": "Container"
+  },
+  {
+    "value": "active",
+    "display_name": "Active"
+  },
+  {
+    "value": "reserved",
+    "display_name": "Reserved"
+  },
+  {
+    "value": "deprecated",
+    "display_name": "Deprecated"
+  }
+]
 ```
 
 For most fields, when a filter is passed multiple times, objects matching _any_ of the provided values will be returned. For example, `GET /api/dcim/sites/?name=Foo&name=Bar` will return all sites named "Foo" _or_ "Bar". The exception to this rule is ManyToManyFields which may have multiple values assigned. Tags are the most common example of a ManyToManyField. For example, `GET /api/dcim/sites/?tag=foo&tag=bar` will return only sites tagged with both "foo" _and_ "bar".
 
-## Custom Fields
+### Custom Fields
 
 To filter on a custom field, prepend `cf_` to the field name. For example, the following query will return only sites where a custom field named `foo` is equal to 123:
 

docs/api/working-with-secrets.md

@@ -1,6 +1,8 @@
+# Working with Secrets
+
 As with most other objects, the NetBox API can be used to create, modify, and delete secrets. However, additional steps are needed to encrypt or decrypt secret data.
 
-# Generating a Session Key
+## Generating a Session Key
 
 In order to encrypt or decrypt secret data, a session key must be attached to the API request. To generate a session key, send an authenticated request to the `/api/secrets/get-session-key/` endpoint with the private RSA key which matches your [UserKey](../../core-functionality/secrets/#user-keys). The private key must be POSTed with the name `private_key`.
 
@@ -19,7 +21,7 @@ $ curl -X POST http://localhost:8000/api/secrets/get-session-key/ \
 
 The request uses your private key to unlock your stored copy of the master key and generate a session key which can be attached in the `X-Session-Key` header of future API requests.
 
-# Retrieving Secrets
+## Retrieving Secrets
 
 A session key is not needed to retrieve unencrypted secrets: The secret is returned like any normal object with its `plaintext` field set to null.
 
@@ -112,7 +114,7 @@ $ curl http://localhost:8000/api/secrets/secrets/?limit=3 \
 }
 ```
 
-# Creating Secrets
+## Creating Secrets
 
 Session keys are also used to decrypt new or modified secrets. This is done by setting the `plaintext` field of the submitted object:
 

docs/configuration/index.md

@@ -4,6 +4,8 @@ NetBox's local configuration is stored in `netbox/netbox/configuration.py`. An e
 
 While NetBox has many configuration settings, only a few of them must be defined at the time of installation.
 
+## Configuration Parameters
+
 * [Required settings](required-settings.md)
 * [Optional settings](optional-settings.md)
 

docs/configuration/optional-settings.md

@@ -98,6 +98,14 @@ This parameter serves as a safeguard to prevent some potentially dangerous behav
 
 ---
 
+## DOCS_ROOT
+
+Default: `$INSTALL_DIR/docs/`
+
+The file path to NetBox's documentation. This is used when presenting context-sensitive documentation in the web UI. by default, this will be the `docs/` directory within the root NetBox installation path. (Set this to `None` to disable the embedded documentation.)
+
+---
+
 ## EMAIL
 
 In order to send email, NetBox needs an email server configured. The following items can be defined within the `EMAIL` setting:
@@ -157,6 +165,21 @@ Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce uni
 
 ---
 
+## HTTP_PROXIES
+
+Default: None
+
+A dictionary of HTTP proxies to use for outbound requests originating from NetBox (e.g. when sending webhooks). Proxies should be specified by schema as per the [Python requests library documentation](https://2.python-requests.org/en/master/user/advanced/). For example:
+
+```python
+HTTP_PROXIES = {
+    'http': 'http://10.10.1.10:3128',
+    'https': 'http://10.10.1.10:1080',
+}
+```
+
+---
+
 ## LOGGING
 
 By default, all messages of INFO severity or higher will be logged to the console. Additionally, if `DEBUG` is False and email access has been configured, ERROR and CRITICAL messages will be emailed to the users defined in `ADMINS`.
@@ -183,6 +206,14 @@ LOGGING = {
 }
 ```
 
+### Available Loggers
+
+* `netbox.auth.*` - Authentication events
+* `netbox.api.views.*` - Views which handle business logic for the REST API
+* `netbox.reports.*` - Report execution (`module.name`)
+* `netbox.scripts.*` - Custom script execution (`module.name`)
+* `netbox.views.*` - Views which handle business logic for the web UI
+
 ---
 
 ## LOGIN_REQUIRED
@@ -283,6 +314,39 @@ Determine how many objects to display per page within each list of objects.
 
 ---
 
+## PLUGINS
+
+Default: Empty
+
+A list of installed [NetBox plugins](../../plugins/) to enable. Plugins will not take effect unless they are listed here.
+
+!!! warning
+    Plugins extend NetBox by allowing external code to run with the same access and privileges as NetBox itself. Only install plugins from trusted sources. The NetBox maintainers make absolutely no guarantees about the integrity or security of your installation with plugins enabled.
+
+---
+
+## PLUGINS_CONFIG
+
+Default: Empty
+
+This parameter holds configuration settings for individual NetBox plugins. It is defined as a dictionary, with each key using the name of an installed plugin. The specific parameters supported are unique to each plugin: Reference the plugin's documentation to determine the supported parameters. An example configuration is shown below:
+
+```python
+PLUGINS_CONFIG = {
+    'plugin1': {
+        'foo': 123,
+        'bar': True
+    },
+    'plugin2': {
+        'foo': 456,
+    },
+}
+```
+
+Note that a plugin must be listed in `PLUGINS` for its configuration to take effect.
+
+---
+
 ## PREFER_IPV4
 
 Default: False
@@ -291,6 +355,72 @@ When determining the primary IP address for a device, IPv6 is preferred over IPv
 
 ---
 
+## REMOTE_AUTH_ENABLED
+
+Default: `False`
+
+NetBox can be configured to support remote user authentication by inferring user authentication from an HTTP header set by the HTTP reverse proxy (e.g. nginx or Apache). Set this to `True` to enable this functionality. (Local authentication will still take effect as a fallback.)
+
+---
+
+## REMOTE_AUTH_BACKEND
+
+Default: `'utilities.auth_backends.RemoteUserBackend'`
+
+Python path to the custom [Django authentication backend](https://docs.djangoproject.com/en/stable/topics/auth/customizing/) to use for external user authentication, if not using NetBox's built-in backend. (Requires `REMOTE_AUTH_ENABLED`.)
+
+---
+
+## REMOTE_AUTH_HEADER
+
+Default: `'HTTP_REMOTE_USER'`
+
+When remote user authentication is in use, this is the name of the HTTP header which informs NetBox of the currently authenticated user. (Requires `REMOTE_AUTH_ENABLED`.)
+
+---
+
+## REMOTE_AUTH_AUTO_CREATE_USER
+
+Default: `True`
+
+If true, NetBox will automatically create local accounts for users authenticated via a remote service. (Requires `REMOTE_AUTH_ENABLED`.)
+
+---
+
+## REMOTE_AUTH_DEFAULT_GROUPS
+
+Default: `[]` (Empty list)
+
+The list of groups to assign a new user account when created using remote authentication. (Requires `REMOTE_AUTH_ENABLED`.)
+
+---
+
+## REMOTE_AUTH_DEFAULT_PERMISSIONS
+
+Default: `[]` (Empty list)
+
+The list of permissions to assign a new user account when created using remote authentication. (Requires `REMOTE_AUTH_ENABLED`.)
+
+---
+
+## RELEASE_CHECK_TIMEOUT
+
+Default: 86,400 (24 hours)
+
+The number of seconds to retain the latest version that is fetched from the GitHub API before automatically invalidating it and fetching it from the API again. This must be set to at least one hour (3600 seconds).
+
+---
+
+## RELEASE_CHECK_URL
+
+Default: None
+
+The releases of this repository are checked to detect new releases, which are shown on the home page of the web interface. You can change this to your own fork of the NetBox repository, or set it to `None` to disable the check. The URL provided **must** be compatible with the GitHub API.
+
+Use `'https://api.github.com/repos/netbox-community/netbox/releases'` to check for release in the official NetBox repository.
+
+---
+
 ## REPORTS_ROOT
 
 Default: $BASE_DIR/netbox/reports/

docs/configuration/required-settings.md

@@ -46,9 +46,9 @@ DATABASE = {
 [Redis](https://redis.io/) is an in-memory data store similar to memcached. While Redis has been an optional component of
 NetBox since the introduction of webhooks in version 2.4, it is required starting in 2.6 to support NetBox's caching
 functionality (as well as other planned features). In 2.7, the connection settings were broken down into two sections for
-webhooks and caching, allowing the user to connect to different Redis instances/databases per feature.
+task queuing and caching, allowing the user to connect to different Redis instances/databases per feature.
 
-Redis is configured using a configuration setting similar to `DATABASE` and these settings are the same for both of the `webhooks` and `caching` subsections:
+Redis is configured using a configuration setting similar to `DATABASE` and these settings are the same for both of the `tasks` and `caching` subsections:
 
 * `HOST` - Name or IP address of the Redis server (use `localhost` if running locally)
 * `PORT` - TCP port of the Redis service; leave blank for default port (6379)
@@ -61,7 +61,7 @@ Example:
 
 ```python
 REDIS = {
-    'webhooks': {
+    'tasks': {
         'HOST': 'redis.example.com',
         'PORT': 1234,
         'PASSWORD': 'foobar',
@@ -84,9 +84,9 @@ REDIS = {
     If you are upgrading from a version prior to v2.7, please note that the Redis connection configuration settings have
     changed. Manual modification to bring the `REDIS` section inline with the above specification is necessary
 
-!!! note
-    It is highly recommended to keep the webhook and cache databases separate. Using the same database number on the
-    same Redis instance for both may result in webhook processing data being lost during cache flushing events.
+!!! warning
+    It is highly recommended to keep the task and cache databases separate. Using the same database number on the
+    same Redis instance for both may result in queued background tasks being lost during cache flushing events.
 
 ### Using Redis Sentinel
 
@@ -102,7 +102,7 @@ Example:
 
 ```python
 REDIS = {
-    'webhooks': {
+    'tasks': {
         'SENTINELS': [('mysentinel.redis.example.com', 6379)],
         'SENTINEL_SERVICE': 'netbox',
         'PASSWORD': '',
@@ -126,7 +126,7 @@ REDIS = {
 
 !!! note
     It is possible to have only one or the other Redis configurations to use Sentinel functionality. It is possible
-    for example to have the webhook use sentinel via `HOST`/`PORT` and for caching to use Sentinel via 
+    for example to have the tasks database use sentinel via `HOST`/`PORT` and for caching to use Sentinel via
     `SENTINELS`/`SENTINEL_SERVICE`.
 
 

docs/core-functionality/circuits.md

@@ -1,34 +1,9 @@
-# Providers
+# Circuits
 
-A provider is any entity which provides some form of connectivity. While this obviously includes carriers which offer Internet and private transit service, it might also include Internet exchange (IX) points and even organizations with whom you peer directly.
-
-Each provider may be assigned an autonomous system number (ASN), an account number, and relevant contact information.
+{!docs/models/circuits/provider.md!}
 
 ---
 
-# Circuits
-
-A circuit represents a single _physical_ link connecting exactly two endpoints. (A circuit with more than two endpoints is a virtual circuit, which is not currently supported by NetBox.) Each circuit belongs to a provider and must be assigned a circuit ID which is unique to that provider.
-
-## Circuit Types
-
-Circuits are classified by type. For example, you might define circuit types for:
-
-* Internet transit
-* Out-of-band connectivity
-* Peering
-* Private backhaul
-
-Circuit types are fully customizable.
-
-## Circuit Terminations
-
-A circuit may have one or two terminations, annotated as the "A" and "Z" sides of the circuit. A single-termination circuit can be used when you don't know (or care) about the far end of a circuit (for example, an Internet access circuit which connects to a transit provider). A dual-termination circuit is useful for tracking circuits which connect two sites.
-
-Each circuit termination is tied to a site, and may optionally be connected via a cable to a specific device interface or pass-through port. Each termination can be assigned a separate downstream and upstream speed independent from one another. Fields are also available to track cross-connect and patch panel details.
-
-!!! note
-    A circuit represents a physical link, and cannot have more than two endpoints. When modeling a multi-point topology, each leg of the topology must be defined as a discrete circuit.
-
-!!! note
-    A circuit may terminate only to a physical interface. Circuits may not terminate to LAG interfaces, which are virtual interfaces: You must define each physical circuit within a service bundle separately and terminate it to its actual physical interface.
+{!docs/models/circuits/circuit.md!}
+{!docs/models/circuits/circuittype.md!}
+{!docs/models/circuits/circuittermination.md!}

docs/core-functionality/device-types.md

@@ -0,0 +1,40 @@
+# Device Types
+
+{!docs/models/dcim/devicetype.md!}
+{!docs/models/dcim/manufacturer.md!}
+
+---
+
+## Device Component Templates
+
+Each device type is assigned a number of component templates which define the physical components within a device. These are:
+
+* Console ports
+* Console server ports
+* Power ports
+* Power outlets
+* Network interfaces
+* Front ports
+* Rear ports
+* Device bays (which house child devices)
+
+Whenever a new device is created, its components are automatically created per the templates assigned to its device type. For example, a Juniper EX4300-48T device type might have the following component templates defined:
+
+* One template for a console port ("Console")
+* Two templates for power ports ("PSU0" and "PSU1")
+* 48 templates for 1GE interfaces ("ge-0/0/0" through "ge-0/0/47")
+* Four templates for 10GE interfaces ("xe-0/2/0" through "xe-0/2/3")
+
+Once component templates have been created, every new device that you create as an instance of this type will automatically be assigned each of the components listed above.
+
+!!! note
+    Assignment of components from templates occurs only at the time of device creation. If you modify the templates of a device type, it will not affect devices which have already been created. However, you always have the option of adding, modifying, or deleting components on existing devices.
+
+{!docs/models/dcim/consoleporttemplate.md!}
+{!docs/models/dcim/consoleserverporttemplate.md!}
+{!docs/models/dcim/powerporttemplate.md!}
+{!docs/models/dcim/poweroutlettemplate.md!}
+{!docs/models/dcim/interfacetemplate.md!}
+{!docs/models/dcim/frontporttemplate.md!}
+{!docs/models/dcim/rearporttemplate.md!}
+{!docs/models/dcim/devicebaytemplate.md!}

docs/core-functionality/devices.md

@@ -1,152 +1,27 @@
-# Device Types
+# Devices and Cabling
 
-A device type represents a particular make and model of hardware that exists in the real world. Device types define the physical attributes of a device (rack height and depth) and its individual components (console, power, and network interfaces).
-
-Device types are instantiated as devices installed within racks. For example, you might define a device type to represent a Juniper EX4300-48T network switch with 48 Ethernet interfaces. You can then create multiple devices of this type named "switch1," "switch2," and so on. Each device will inherit the components (such as interfaces) of its device type at the time of creation. (However, changes made to a device type will **not** apply to instances of that device type retroactively.)
-
-Some devices house child devices which share physical resources, like space and power, but which functional independently from one another. A common example of this is blade server chassis. Each device type is designated as one of the following:
-
-* A parent device (which has device bays)
-* A child device (which must be installed in a device bay)
-* Neither
-
-!!! note
-    This parent/child relationship is **not** suitable for modeling chassis-based devices, wherein child members share a common control plane.
-
-    For that application you should create a single Device for the chassis, and add Interfaces directly to it.  Interfaces can be created in bulk using range patterns, e.g. "Gi1/[1-24]".
-
-    Add Inventory Items if you want to record the line cards themselves as separate entities.  There is no explicit relationship between each interface and its line card, but it may be implied by the naming (e.g. interfaces "Gi1/x" are on line card 1)
-
-## Manufacturers
-
-Each device type must be assigned to a manufacturer. The model number of a device type must be unique to its manufacturer.
-
-## Component Templates
-
-Each device type is assigned a number of component templates which define the physical components within a device. These are:
-
-* Console ports
-* Console server ports
-* Power ports
-* Power outlets
-* Network interfaces
-* Front ports
-* Rear ports
-* Device bays (which house child devices)
-
-Whenever a new device is created, its components are automatically created per the templates assigned to its device type. For example, a Juniper EX4300-48T device type might have the following component templates defined:
-
-* One template for a console port ("Console")
-* Two templates for power ports ("PSU0" and "PSU1")
-* 48 templates for 1GE interfaces ("ge-0/0/0" through "ge-0/0/47")
-* Four templates for 10GE interfaces ("xe-0/2/0" through "xe-0/2/3")
-
-Once component templates have been created, every new device that you create as an instance of this type will automatically be assigned each of the components listed above.
-
-!!! note
-    Assignment of components from templates occurs only at the time of device creation. If you modify the templates of a device type, it will not affect devices which have already been created. However, you always have the option of adding, modifying, or deleting components on existing devices.
+{!docs/models/dcim/device.md!}
+{!docs/models/dcim/devicerole.md!}
+{!docs/models/dcim/platform.md!}
 
 ---
 
-# Devices
-
-Every piece of hardware which is installed within a rack exists in NetBox as a device. Devices are measured in rack units (U) and can be half depth or full depth. A device may have a height of 0U: These devices do not consume vertical rack space and cannot be assigned to a particular rack unit. A common example of a 0U device is a vertically-mounted PDU.
-
-When assigning a multi-U device to a rack, it is considered to be mounted in the lowest-numbered rack unit which it occupies. For example, a 3U device which occupies U8 through U10 is said to be mounted in U8. This logic applies to racks with both ascending and descending unit numbering.
-
-A device is said to be full depth if its installation on one rack face prevents the installation of any other device on the opposite face within the same rack unit(s). This could be either because the device is physically too deep to allow a device behind it, or because the installation of an opposing device would impede airflow.
-
 ## Device Components
 
-There are eight types of device components which comprise all of the interconnection logic with NetBox:
-
-* Console ports
-* Console server ports
-* Power ports
-* Power outlets
-* Network interfaces
-* Front ports
-* Rear ports
-* Device bays
-
-### Console
-
-Console ports connect only to console server ports. Console connections can be marked as either *planned* or *connected*.
-
-### Power
-
-Power ports connect only to power outlets. Power connections can be marked as either *planned* or *connected*.
-
-### Interfaces
-
-Interfaces connect to one another in a symmetric manner: If interface A connects to interface B, interface B therefore connects to interface A. Each type of connection can be classified as either *planned* or *connected*.
-
-Each interface is a assigned a type denoting its physical properties. Two special types exist: the "virtual" type can be used to designate logical interfaces (such as SVIs), and the "LAG" type can be used to desinate link aggregation groups to which physical interfaces can be assigned.
-
-Each interface can also be enabled or disabled, and optionally designated as management-only (for out-of-band management). Fields are also provided to store an interface's MTU and MAC address.
-
-VLANs can be assigned to each interface as either tagged or untagged. (An interface may have only one untagged VLAN.)
-
-### Pass-through Ports
-
-Pass-through ports are used to model physical terminations which comprise part of a longer path, such as a cable terminated to a patch panel. Each front port maps to a position on a rear port. A 24-port UTP patch panel, for instance, would have 24 front ports and 24 rear ports. Although this relationship is typically one-to-one, a rear port may have multiple front ports mapped to it. This can be useful for modeling instances where multiple paths share a common cable (for example, six different fiber connections sharing a 12-strand MPO cable).
-
-Pass-through ports can also be used to model "bump in the wire" devices, such as a media convertor or passive tap.
-
-### Device Bays
-
-Device bays represent the ability of a device to house child devices. For example, you might install four blade servers into a 2U chassis. The chassis would appear in the rack elevation as a 2U device with four device bays. Each server within it would be defined as a 0U device installed in one of the device bays. Child devices do not appear within rack elevations or the "Non-Racked Devices" list within the rack view.
-
-Child devices are first-class Devices in their own right: that is, fully independent managed entities which don't share any control plane with the parent.  Just like normal devices, child devices have their own platform (OS), role, tags, and interfaces.  You cannot create a LAG between interfaces in different child devices.
-
-Therefore, Device bays are **not** suitable for modeling chassis-based switches and routers.  These should instead be modeled as a single Device, with the line cards as Inventory Items.
-
-## Device Roles
-
-Devices can be organized by functional roles. These roles are fully customizable. For example, you might create roles for core switches, distribution switches, and access switches.
+{!docs/models/dcim/consoleport.md!}
+{!docs/models/dcim/consoleserverport.md!}
+{!docs/models/dcim/powerport.md!}
+{!docs/models/dcim/poweroutlet.md!}
+{!docs/models/dcim/interface.md!}
+{!docs/models/dcim/frontport.md!}
+{!docs/models/dcim/rearport.md!}
+{!docs/models/dcim/devicebay.md!}
+{!docs/models/dcim/inventoryitem.md!}
 
 ---
 
-# Platforms
-
-A platform defines the type of software running on a device or virtual machine. This can be helpful when it is necessary to distinguish between, for instance, different feature sets. Note that two devices of the same type may be assigned different platforms: for example, one Juniper MX240 running Junos 14 and another running Junos 15.
-
-The platform model is also used to indicate which [NAPALM](https://napalm-automation.net/) driver NetBox should use when connecting to a remote device. The name of the driver along with optional parameters are stored with the platform.
-
-The assignment of platforms to devices is an optional feature, and may be disregarded if not desired.
+{!docs/models/dcim/virtualchassis.md!}
 
 ---
 
-# Inventory Items
-
-Inventory items represent hardware components installed within a device, such as a power supply or CPU or line card. Currently, these are used merely for inventory tracking, although future development might see their functionality expand. Like device types, each item can optionally be assigned a manufacturer.
-
----
-
-# Virtual Chassis
-
-A virtual chassis represents a set of devices which share a single control plane: a stack of switches which are managed as a single device, for example. Each device in the virtual chassis is assigned a position and (optionally) a priority. Exactly one device is designated the virtual chassis master: This device will typically be assigned a name, secrets, services, and other attributes related to its management.
-
-It's important to recognize the distinction between a virtual chassis and a chassis-based device. For instance, a virtual chassis is not used to model a chassis switch with removable line cards such as the Juniper EX9208, as its line cards are _not_ physically separate devices capable of operating independently.
-
----
-
-# Cables
-
-A cable represents a physical connection between two termination points, such as between a console port and a patch panel port, or between two network interfaces. Cables can be traced through pass-through ports to form a complete path between two endpoints. In the example below, three individual cables comprise a path between the two connected endpoints.
-
-```
-|<------------------------------------------ Cable Path ------------------------------------------->|
-
-  Device A                   Patch Panel A                 Patch Panel B                  Device B
-+-----------+               +-------------+               +-------------+               +-----------+
-| Interface | --- Cable --- | Front Port  |               | Front Port  | --- Cable --- | Interface |
-+-----------+               +-------------+               +-------------+               +-----------+
-                            +-------------+               +-------------+
-                            |  Rear Port  | --- Cable --- |  Rear Port  |
-                            +-------------+               +-------------+
-```
-
-All connections between device components in NetBox are represented using cables. However, defining the actual cable plant is optional: Components can be be directly connected using cables with no type or other attributes assigned.
-
-Cables are also used to associated ports and interfaces with circuit terminations. To do this, first create the circuit termination, then navigate the desired component and connect a cable between the two.
+{!docs/models/dcim/cable.md!}

docs/core-functionality/ipam.md

@@ -1,93 +1,16 @@
-# Aggregates
+# IP Address Management
 
-The first step to documenting your IP space is to define its scope by creating aggregates. Aggregates establish the root of your IP address hierarchy by defining the top-level allocations that you're interested in managing. Most organizations will want to track some commonly-used private IP spaces, such as:
-
-* 10.0.0.0/8 (RFC 1918)
-* 100.64.0.0/10 (RFC 6598)
-* 172.16.0.0/12 (RFC 1918)
-* 192.168.0.0/16 (RFC 1918)
-* One or more /48s within fd00::/8 (IPv6 unique local addressing)
-
-In addition to one or more of these, you'll want to create an aggregate for each globally-routable space your organization has been allocated. These aggregates should match the allocations recorded in public WHOIS databases.
-
-Each IP prefix will be automatically arranged under its parent aggregate if one exists. Note that it's advised to create aggregates only for IP ranges actually allocated to your organization (or marked for private use): There is no need to define aggregates for provider-assigned space which is only used on Internet circuits, for example.
-
-Aggregates cannot overlap with one another: They can only exist side-by-side. For instance, you cannot define both 10.0.0.0/8 and 10.16.0.0/16 as aggregates, because they overlap. 10.16.0.0/16 in this example would be created as a prefix and automatically grouped under 10.0.0.0/8. Remember, the purpose of aggregates is to establish the root of your IP addressing hierarchy.
-
-## Regional Internet Registries (RIRs)
-
-[Regional Internet registries](https://en.wikipedia.org/wiki/Regional_Internet_registry) are responsible for the allocation of globally-routable address space. The five RIRs are ARIN, RIPE, APNIC, LACNIC, and AFRINIC. However, some address space has been set aside for internal use, such as defined in RFCs 1918 and 6598. NetBox considers these RFCs as a sort of RIR as well; that is, an authority which "owns" certain address space. There also exist lower-tier registries which serve a particular geographic area.
-
-Each aggregate must be assigned to one RIR. You are free to define whichever RIRs you choose (or create your own). The RIR model includes a boolean flag which indicates whether the RIR allocates only private IP space.
-
-For example, suppose your organization has been allocated 104.131.0.0/16 by ARIN. It also makes use of RFC 1918 addressing internally. You would first create RIRs named ARIN and RFC 1918, then create an aggregate for each of these top-level prefixes, assigning it to its respective RIR.
+{!docs/models/ipam/aggregate.md!}
+{!docs/models/ipam/rir.md!}
 
 ---
 
-# Prefixes
-
-A prefix is an IPv4 or IPv6 network and mask expressed in CIDR notation (e.g. 192.0.2.0/24). A prefix entails only the "network portion" of an IP address: All bits in the address not covered by the mask must be zero. (In other words, a prefix cannot be a specific IP address.)
-
-Prefixes are automatically arranged by their parent aggregates. Additionally, each prefix can be assigned to a particular site and VRF (routing table). All prefixes not assigned to a VRF will appear in the "global" table.
-
-Each prefix can be assigned a status and a role. These terms are often used interchangeably so it's important to recognize the difference between them. The **status** defines a prefix's operational state. Statuses are hard-coded in NetBox and can be one of the following:
-
-* Container - A summary of child prefixes
-* Active - Provisioned and in use
-* Reserved - Designated for future use
-* Deprecated - No longer in use
-
-On the other hand, a prefix's **role** defines its function. Role assignment is optional and roles are fully customizable. For example, you might create roles to differentiate between production and development infrastructure.
-
-A prefix may also be assigned to a VLAN. This association is helpful for identifying which prefixes are included when reviewing a list of VLANs.
-
-The prefix model include a "pool" flag. If enabled, NetBox will treat this prefix as a range (such as a NAT pool) wherein every IP address is valid and assignable. This logic is used for identifying available IP addresses within a prefix. If this flag is disabled, NetBox will assume that the first and last (broadcast) address within the prefix are unusable.
+{!docs/models/ipam/prefix.md!}
 
 ---
 
-# IP Addresses
-
-An IP address comprises a single host address (either IPv4 or IPv6) and its subnet mask. Its mask should match exactly how the IP address is configured on an interface in the real world.
-
-Like prefixes, an IP address can optionally be assigned to a VRF (otherwise, it will appear in the "global" table). IP addresses are automatically organized under parent prefixes within their respective VRFs.
-
-Also like prefixes, each IP address can be assigned a status and a role. Statuses are hard-coded in NetBox and include the following:
-
-* Active
-* Reserved
-* Deprecated
-* DHCP
-
-Each IP address can optionally be assigned a special role. Roles are used to indicate some special attribute of an IP address: for example, it is used as a loopback, or is a virtual IP maintained using VRRP. (Note that this differs in purpose from a _functional_ role, and thus cannot be customized.) Available roles include:
-
-* Loopback
-* Secondary
-* Anycast
-* VIP
-* VRRP
-* HSRP
-* GLBP
-
-An IP address can be assigned to a device or virtual machine interface, and an interface may have multiple IP addresses assigned to it. Further, each device and virtual machine may have one of its interface IPs designated as its primary IP address (one for IPv4 and one for IPv6).
-
-## Network Address Translation (NAT)
-
-An IP address can be designated as the network address translation (NAT) inside IP address for exactly one other IP address. This is useful primarily to denote a translation between public and private IP addresses. This relationship is followed in both directions: For example, if 10.0.0.1 is assigned as the inside IP for 192.0.2.1, 192.0.2.1 will be displayed as the outside IP for 10.0.0.1.
-
-!!! note
-    NetBox does not support tracking one-to-many NAT relationships (also called port address translation). This type of policy requires additional logic to model and cannot be fully represented by IP address alone.
+{!docs/models/ipam/ipaddress.md!}
 
 ---
 
-# Virtual Routing and Forwarding (VRF)
-
-A VRF object in NetBox represents a virtual routing and forwarding (VRF) domain. Each VRF is essentially a separate routing table. VRFs are commonly used to isolate customers or organizations from one another within a network, or to route overlapping address space (e.g. multiple instances of the 10.0.0.0/8 space).
-
-Each VRF is assigned a unique name and an optional route distinguisher (RD). The RD is expected to take one of the forms prescribed in [RFC 4364](https://tools.ietf.org/html/rfc4364#section-4.2), however its formatting is not strictly enforced.
-
-Each prefix and IP address may be assigned to one (and only one) VRF. If you have a prefix or IP address which exists in multiple VRFs, you will need to create a separate instance of it in NetBox for each VRF. Any IP prefix or address not assigned to a VRF is said to belong to the "global" table.
-
-By default, NetBox will allow duplicate prefixes to be assigned to a VRF. This behavior can be disabled by setting the "enforce unique" flag on the VRF model.
-
-!!! note
-    Enforcement of unique IP space can be toggled for global table (non-VRF prefixes) using the `ENFORCE_GLOBAL_UNIQUE` configuration setting.
+{!docs/models/ipam/vrf.md!}

docs/core-functionality/power.md

@@ -1,31 +1,11 @@
-# Power Panel
+# Power Tracking
 
-A power panel represents the distribution board where power circuits – and their circuit breakers – terminate on. If you have multiple power panels in your data center, you should model them as such in NetBox to assist you in determining the redundancy of your power allocation.
+{!docs/models/dcim/powerpanel.md!}
+{!docs/models/dcim/powerfeed.md!}
 
-# Power Feed
+# Example Power Topology
 
-A power feed identifies the power outlet/drop that goes to a rack and is terminated to a power panel. Power feeds have a supply type (AC/DC), voltage, amperage, and phase type (single/three).
-
-Power feeds are optionally assigned to a rack. In addition, a power port – and only one – can connect to a power feed; in the context of a PDU, the power feed is analogous to the power outlet that a PDU's power port/inlet connects to.
-
-!!! info
-    The power usage of a rack is calculated when a power feed (or multiple) is assigned to that rack and connected to a power port.
-
-# Power Outlet
-
-Power outlets represent the ports on a PDU that supply power to other devices. Power outlets are downstream-facing towards power ports. A power outlet can be associated with a power port on the same device and a feed leg (i.e. in a case of a three-phase supply). This indicates which power port supplies power to a power outlet.
-
-# Power Port
-
-A power port is the inlet of a device where it draws its power. Power ports are upstream-facing towards power outlets. Alternatively, a power port can connect to a power feed – as mentioned in the power feed section – to indicate the power source of a PDU's inlet.
-
-!!! info
-    If the draw of a power port is left empty, it will be dynamically calculated based on the power outlets associated with that power port. This is usually the case on the power ports of devices that supply power, like a PDU.
-
-
-# Example
-
-Below is a simple diagram demonstrating how power is modelled in NetBox.
+Below is a simple diagram demonstrating how power is modeled in NetBox.
 
 !!! note
     The power feeds are connected to the same power panel for illustrative purposes; usually, you would have such feeds diversely connected to panels to avoid the single point of failure.

docs/core-functionality/secrets.md

@@ -1,55 +1,8 @@
 # Secrets
 
-A secret represents a single credential or other sensitive string of characters which must be stored securely. Each secret is assigned to a device within NetBox. The plaintext value of a secret is encrypted to a ciphertext immediately prior to storage within the database using a 256-bit AES master key. A SHA256 hash of the plaintext is also stored along with each ciphertext to validate the decrypted plaintext.
-
-Each secret can also store an optional name parameter, which is not encrypted. This may be useful for storing user names.
-
-## Roles
-
-Each secret is assigned a functional role which indicates what it is used for. Secret roles are customizable. Typical roles might include:
-
-* Login credentials
-* SNMP community strings
-* RADIUS/TACACS+ keys
-* IKE key strings
-* Routing protocol shared secrets
-
-Roles are also used to control access to secrets. Each role is assigned an arbitrary number of groups and/or users. Only the users associated with a role have permission to decrypt the secrets assigned to that role. (A superuser has permission to decrypt all secrets, provided they have an active user key.)
+{!docs/models/secrets/secret.md!}
+{!docs/models/secrets/secretrole.md!}
 
 ---
 
-# User Keys
-
-Each user within NetBox can associate his or her account with an RSA public key. If activated by an administrator, this user key will contain a unique, encrypted copy of the AES master key needed to retrieve secret data.
-
-User keys may be created by users individually, however they are of no use until they have been activated by a user who already possesses an active user key.
-
-## Supported Key Format
-
-Public key formats supported
-
-- PKCS#1 RSAPublicKey* (PEM header: BEGIN RSA PUBLIC KEY)
-- X.509 SubjectPublicKeyInfo** (PEM header: BEGIN PUBLIC KEY)
-- **OpenSSH line format is not supported.**
-
-Private key formats supported (unencrypted)
-
-- PKCS#1 RSAPrivateKey** (PEM header: BEGIN RSA PRIVATE KEY)
-- PKCS#8 PrivateKeyInfo* (PEM header: BEGIN PRIVATE KEY)
-
-
-## Creating the First User Key
-
-When NetBox is first installed, it contains no encryption keys. Before it can store secrets, a user (typically the superuser) must create a user key. This can be done by navigating to Profile > User Key.
-
-To create a user key, you can either generate a new RSA key pair, or upload the public key belonging to a pair you already have. If generating a new key pair, **you must save the private key** locally before saving your new user key. Once your user key has been created, its public key will be displayed under your profile.
-
-When the first user key is created in NetBox, a random master encryption key is generated automatically. This key is then encrypted using the public key provided and stored as part of your user key. **The master key cannot be recovered** without your private key.
-
-Once a user key has been assigned an encrypted copy of the master key, it is considered activated and can now be used to encrypt and decrypt secrets.
-
-## Creating Additional User Keys
-
-Any user can create his or her user key by generating or uploading a public RSA key. However, a user key cannot be used to encrypt or decrypt secrets until it has been activated with an encrypted copy of the master key.
-
-Only an administrator with an active user key can activate other user keys. To do so, access the NetBox admin UI and navigate to Secrets > User Keys. Select the user key(s) to be activated, and select "activate selected user keys" from the actions dropdown. You will need to provide your private key in order to decrypt the master key. A copy of the master key is then encrypted using the public key associated with the user key being activated.
+{!docs/models/secrets/userkey.md!}

docs/core-functionality/services.md

@@ -1,5 +1,3 @@
-# Services
+# Service Mapping
 
-A service represents a layer four TCP or UDP service available on a device or virtual machine. For example, you might want to document that an HTTP service is running on a device. Each service includes a name, protocol, and port number; for example, "SSH (TCP/22)" or "DNS (UDP/53)."
-
-A service may optionally be bound to one or more specific IP addresses belonging to its parent device or VM. (If no IP addresses are bound, the service is assumed to be reachable via any assigned IP address.)
+{!docs/models/ipam/service.md!}

docs/core-functionality/sites-and-racks.md

@@ -1,51 +1,11 @@
-# Sites
+# Sites and Racks
 
-How you choose to use sites will depend on the nature of your organization, but typically a site will equate to a building or campus. For example, a chain of banks might create a site to represent each of its branches, a site for its corporate headquarters, and two additional sites for its presence in two colocation facilities.
-
-Each site must be assigned one of the following operational statuses:
-
-* Active
-* Planned
-* Retired
-
-The site model provides a facility ID field which can be used to annotate a facility ID (such as a datacenter name) associated with the site. Each site may also have an autonomous system (AS) number and time zone associated with it. (Time zones are provided by the [pytz](https://pypi.org/project/pytz/) package.)
-
-The site model also includes several fields for storing contact and address information.
-
-## Regions
-
-Sites can be arranged geographically using regions. A region might represent a continent, country, city, campus, or other area depending on your use case. Regions can be nested recursively to construct a hierarchy. For example, you might define several country regions, and within each of those several state or city regions to which sites are assigned.
+{!docs/models/dcim/site.md!}
+{!docs/models/dcim/region.md!}
 
 ---
 
-# Racks
-
-The rack model represents a physical two- or four-post equipment rack in which equipment is mounted. Each rack must be assigned to a site. Rack height is measured in *rack units* (U); racks are commonly between 42U and 48U tall, but NetBox allows you to define racks of arbitrary height. A toggle is provided to indicate whether rack units are in ascending or descending order.
-
-Each rack is assigned a name and (optionally) a separate facility ID. This is helpful when leasing space in a data center your organization does not own: The facility will often assign a seemingly arbitrary ID to a rack (for example, "M204.313") whereas internally you refer to is simply as "R113." A unique serial number may also be associated with each rack.
-
-A rack must be designated as one of the following types:
-
-* 2-post frame
-* 4-post frame
-* 4-post cabinet
-* Wall-mounted frame
-* Wall-mounted cabinet
-
-Each rack has two faces (front and rear) on which devices can be mounted. Rail-to-rail width may be 19 or 23 inches.
-
-## Rack Groups
-
-Racks can be arranged into groups. As with sites, how you choose to designate rack groups will depend on the nature of your organization. For example, if each site represents a campus, each group might represent a building within a campus. If each site represents a building, each rack group might equate to a floor or room.
-
-Each rack group must be assigned to a parent site. Hierarchical recursion of rack groups is not currently supported.
-
-The name and facility ID of each rack within a group must be unique. (Racks not assigned to the same rack group may have identical names and/or facility IDs.)
-
-## Rack Roles
-
-Each rack can optionally be assigned a functional role. For example, you might designate a rack for compute or storage resources, or to house colocated customer devices. Rack roles are fully customizable.
-
-## Rack Space Reservations
-
-Users can reserve units within a rack for future use. Multiple non-contiguous rack units can be associated with a single reservation (but reservations cannot span multiple racks). A rack reservation may optionally designate a specific tenant.
+{!docs/models/dcim/rack.md!}
+{!docs/models/dcim/rackgroup.md!}
+{!docs/models/dcim/rackrole.md!}
+{!docs/models/dcim/rackreservation.md!}

docs/core-functionality/tenancy.md

@@ -1,20 +1,4 @@
-# Tenants
+# Tenancy Assignment
 
-A tenant represents a discrete entity for administrative purposes. Typically, tenants are used to represent individual customers or internal departments within an organization. The following objects can be assigned to tenants:
-
-* Sites
-* Racks
-* Rack reservations
-* Devices
-* VRFs
-* Prefixes
-* IP addresses
-* VLANs
-* Circuits
-* Virtual machines
-
-Tenant assignment is used to signify ownership of an object in NetBox. As such, each object may only be owned by a single tenant. For example, if you have a firewall dedicated to a particular customer, you would assign it to the tenant which represents that customer. However, if the firewall serves multiple customers, it doesn't *belong* to any particular customer, so tenant assignment would not be appropriate.
-
-### Tenant Groups
-
-Tenants can be organized by custom groups. For instance, you might create one group called "Customers" and one called "Acquisitions." The assignment of tenants to groups is optional.
+{!docs/models/tenancy/tenant.md!}
+{!docs/models/tenancy/tenantgroup.md!}

docs/core-functionality/virtual-machines.md

@@ -1,27 +0,0 @@
-# Clusters
-
-A cluster is a logical grouping of physical resources within which virtual machines run. A cluster must be assigned a type, and may optionally be assigned to a group and/or site.
-
-Physical devices may be associated with clusters as hosts. This allows users to track on which host(s) a particular VM may reside. However, NetBox does not support pinning a specific VM within a cluster to a particular host device.
-
-## Cluster Types
-
-A cluster type represents a technology or mechanism by which a cluster is formed. For example, you might create a cluster type named "VMware vSphere" for a locally hosted cluster or "DigitalOcean NYC3" for one hosted by a cloud provider.
-
-## Cluster Groups
-
-Cluster groups may be created for the purpose of organizing clusters. The assignment of clusters to groups is optional.
-
----
-
-# Virtual Machines
-
-A virtual machine represents a virtual compute instance hosted within a cluster. Each VM must be associated with exactly one cluster.
-
-Like devices, each VM can be assigned a platform and have interfaces created on it. VM interfaces behave similarly to device interfaces, and can be assigned IP addresses, VLANs, and services. However, given their virtual nature, they cannot be connected to other interfaces. Unlike physical devices, VMs cannot be assigned console or power ports, device bays, or inventory items.
-
-The following resources can be defined for each VM:
-
-* vCPU count
-* Memory (MB)
-* Disk space (GB)

docs/core-functionality/virtualization.md

@@ -0,0 +1,9 @@
+# Virtual Machines and Clusters
+
+{!docs/models/virtualization/cluster.md!}
+{!docs/models/virtualization/clustertype.md!}
+{!docs/models/virtualization/clustergroup.md!}
+
+---
+
+{!docs/models/virtualization/virtualmachine.md!}

docs/core-functionality/vlans.md

@@ -1,15 +1,4 @@
-# VLANs
+# VLAN Management
 
-A VLAN represents an isolated layer two domain, identified by a name and a numeric ID (1-4094) as defined in [IEEE 802.1Q](https://en.wikipedia.org/wiki/IEEE_802.1Q). Each VLAN may be assigned to a site and/or VLAN group.
-
-Each VLAN must be assigned one of the following operational statuses:
-
-* Active
-* Reserved
-* Deprecated
-
-Each VLAN may also be assigned a functional role. Prefixes and VLANs share the same set of customizable roles.
-
-## VLAN Groups
-
-VLAN groups can be used to organize VLANs within NetBox. Groups can also be used to enforce uniqueness: Each VLAN within a group must have a unique ID and name. VLANs which are not assigned to a group may have overlapping names and IDs (including VLANs which belong to a common site). For example, you can create two VLANs with ID 123, but they cannot both be assigned to the same group.
+{!docs/models/ipam/vlan.md!}
+{!docs/models/ipam/vlangroup.md!}

docs/development/application-registry.md

@@ -0,0 +1,55 @@
+# Application Registry
+
+The registry is an in-memory data structure which houses various miscellaneous application-wide parameters, such as installed plugins. It is not exposed to the user and is not intended to be modified by any code outside of NetBox core.
+
+The registry behaves essentially like a Python dictionary, with the notable exception that once a store (key) has been declared, it cannot be deleted or overwritten. The value of a store can, however, me modified; e.g. by appending a value to a list. Store values generally do not change once the application has been initialized.
+
+## Stores
+
+### `model_features`
+
+A dictionary of particular features (e.g. custom fields) mapped to the NetBox models which support them, arranged by app. For example:
+
+```python
+{
+    'custom_fields': {
+        'circuits': ['provider', 'circuit'],
+        'dcim': ['site', 'rack', 'devicetype', ...],
+        ...
+    },
+    'webhooks': {
+        ...
+    },
+    ...
+}
+```
+
+### `plugin_menu_items`
+
+Navigation menu items provided by NetBox plugins. Each plugin is registered as a key with the list of menu items it provides. An example:
+
+```python
+{
+    'Plugin A': (
+        <MenuItem>, <MenuItem>, <MenuItem>,
+    ),
+    'Plugin B': (
+        <MenuItem>, <MenuItem>, <MenuItem>,
+    ),
+}
+```
+
+### `plugin_template_extensions`
+
+Plugin content that gets embedded into core NetBox templates. The store comprises NetBox models registered as dictionary keys, each pointing to a list of applicable template extension classes that exist. An example:
+
+```python
+{
+    'dcim.site': [
+        <TemplateExtension>, <TemplateExtension>, <TemplateExtension>,
+    ],
+    'dcim.rack': [
+        <TemplateExtension>, <TemplateExtension>,
+    ],
+}
+```

docs/development/extending-models.md

@@ -2,7 +2,7 @@
 
 Below is a list of items to consider when adding a new field to a model:
 
-### 1. Generate and run database migration
+## 1. Generate and run database migration
 
 Django migrations are used to express changes to the database schema. In most cases, Django can generate these automatically, however very complex changes may require manual intervention. Always remember to specify a short but descriptive name when generating a new migration.
 
@@ -16,7 +16,7 @@ Where possible, try to merge related changes into a single migration. For exampl
 !!! note
     Migrations can only be merged within a release. Once a new release has been published, its migrations cannot be altered.
 
-### 2. Add validation logic to `clean()`
+## 2. Add validation logic to `clean()`
 
 If the new field introduces additional validation requirements (beyond what's included with the field itself), implement them in the model's `clean()` method. Remember to call the model's original method using `super()` before or agter your custom validation as appropriate:
 
@@ -32,23 +32,23 @@ class Foo(models.Model):
             raise ValidationError()
 ```
 
-### 3. Add CSV helpers
+## 3. Add CSV helpers
 
 Add the name of the new field to `csv_headers` and included a CSV-friendly representation of its data in the model's `to_csv()` method. These will be used when exporting objects in CSV format.
 
-### 4. Update relevant querysets
+## 4. Update relevant querysets
 
 If you're adding a relational field (e.g. `ForeignKey`) and intend to include the data when retreiving a list of objects, be sure to include the field using `prefetch_related()` as appropriate. This will optimize the view and avoid excessive database lookups.
 
-### 5. Update API serializer
+## 5. Update API serializer
 
 Extend the model's API serializer in `<app>.api.serializers` to include the new field. In most cases, it will not be necessary to also extend the nested serializer, which produces a minimal represenation of the model.
 
-### 6. Add choices to API view
+## 6. Add choices to API view
 
 If the new field has static choices, add it to the `FieldChoicesViewSet` for the app.
 
-### 7. Add field to forms
+## 7. Add field to forms
 
 Extend any forms to include the new field as appropriate. Common forms include:
 
@@ -57,19 +57,19 @@ Extend any forms to include the new field as appropriate. Common forms include:
 * **CSV import** - The form used when bulk importing objects in CSV format
 * **Filter** - Displays the options available for filtering a list of objects (both UI and API)
 
-### 8. Extend object filter set
+## 8. Extend object filter set
 
 If the new field should be filterable, add it to the `FilterSet` for the model. If the field should be searchable, remember to reference it in the FilterSet's `search()` method.
 
-### 9. Add column to object table
+## 9. Add column to object table
 
 If the new field will be included in the object list view, add a column to the model's table. For simple fields, adding the field name to `Meta.fields` will be sufficient. More complex fields may require explicitly declaring a new column.
 
-### 10. Update the UI templates
+## 10. Update the UI templates
 
 Edit the object's view template to display the new field. There may also be a custom add/edit form template that needs to be updated.
 
-### 11. Create/extend test cases
+## 11. Create/extend test cases
 
 Create or extend the relevant test cases to verify that the new field and any accompanying validation logic perform as expected. This is especially important for relational fields. NetBox incorporates various test suites, including:
 

docs/development/release-checklist.md

@@ -1,6 +1,8 @@
-# Minor Version Bumps
+# Release Checklist
 
-## Update Requirements
+## Minor Version Bumps
+
+### Update Requirements
 
 Required Python packages are maintained in two files. `base_requirements.txt` contains a list of all the packages required by NetBox. Some of them may be pinned to a specific version of the package due to a known issue. For example:
 
@@ -23,7 +25,7 @@ pip install -U -r base_requirements.txt
 3. Run all tests and check that the UI and API function as expected.
 4. Update the package versions in `requirements.txt` as appropriate.
 
-## Update Static Libraries
+### Update Static Libraries
 
 Update the following static libraries to their most recent stable release:
 
@@ -33,41 +35,37 @@ Update the following static libraries to their most recent stable release:
 * jQuery
 * jQuery UI
 
-## Squash Schema Migrations
+### Create a new Release Notes Page
 
-Database schema migrations should be squashed for each new minor release. See the [squashing guide](squashing-migrations.md) for the detailed process.
+Create a file at `/docs/release-notes/X.Y.md` to establish the release notes for the new release. Add the file to the table of contents within `mkdocs.yml`, and point `index.md` to the new file.
 
-## Create a new Release Notes Page
-
-Create a file at `/docs/release-notes/X.Y.md` to establish the release notes for the new release. Add the file to the table of contents within `mkdocs.yml`.
-
-## Manually Perform a New Install
+### Manually Perform a New Install
 
 Create a new installation of NetBox by following [the current documentation](http://netbox.readthedocs.io/en/latest/). This should be a manual process, so that issues with the documentation can be identified and corrected.
 
-## Close the Release Milestone
+### Close the Release Milestone
 
 Close the release milestone on GitHub. Ensure that there are no remaining open issues associated with it.
 
 ---
 
-# All Releases
+## All Releases
 
-## Verify CI Build Status
+### Verify CI Build Status
 
 Ensure that continuous integration testing on the `develop` branch is completing successfully.
 
-## Update Version and Changelog
+### Update Version and Changelog
 
 Update the `VERSION` constant in `settings.py` to the new release version and annotate the current data in the release notes for the new version.
 
-## Submit a Pull Request
+### Submit a Pull Request
 
-Submit a pull request title **"Release vX.Y.X"** to merge the `develop` branch into `master`. Include a brief change log listing the features, improvements, and/or bugs addressed in the release.
+Submit a pull request title **"Release vX.Y.Z"** to merge the `develop` branch into `master`. Include a brief change log listing the features, improvements, and/or bugs addressed in the release.
 
 Once CI has completed on the PR, merge it.
 
-## Create a New Release
+### Create a New Release
 
 Draft a [new release](https://github.com/netbox-community/netbox/releases/new) with the following parameters.
 
@@ -77,7 +75,7 @@ Draft a [new release](https://github.com/netbox-community/netbox/releases/new) w
 
 Copy the description from the pull request into the release notes.
 
-## Update the Development Version
+### Update the Development Version
 
 On the `develop` branch, update `VERSION` in `settings.py` to point to the next release. For example, if you just released v2.3.4, set:
 
@@ -85,6 +83,6 @@ On the `develop` branch, update `VERSION` in `settings.py` to point to the next
 VERSION = 'v2.3.5-dev'
 ```
 
-## Announce the Release
+### Announce the Release
 
 Announce the release on the [mailing list](https://groups.google.com/forum/#!forum/netbox-discuss). Include a link to the release and the (HTML-formatted) release notes.

docs/development/squashing-migrations.md

@@ -1,168 +0,0 @@
-# Squashing Database Schema Migrations
-
-## What are Squashed Migrations?
-
-The Django framework on which NetBox is built utilizes [migration files](https://docs.djangoproject.com/en/stable/topics/migrations/) to keep track of changes to the PostgreSQL database schema. Each time a model is altered, the resulting schema change is captured in a migration file, which can then be applied to effect the new schema.
-
-As changes are made over time, more and more migration files are created. Although not necessarily problematic, it can be beneficial to merge and compress these files occasionally to reduce the total number of migrations that need to be applied upon installation of NetBox. This merging process is called _squashing_ in Django vernacular, and results in two parallel migration paths: individual and squashed.
-
-Below is an example showing both individual and squashed migration files within an app:
-
-| Individual | Squashed |
-|------------|----------|
-| 0001_initial       | 0001_initial_squashed_0004_add_field |
-| 0002_alter_field   |                   .                  |
-| 0003_remove_field  |                   .                  |
-| 0004_add_field     |                   .                  |
-| 0005_another_field | 0005_another_field                   |
-
-In the example above, a new installation can leverage the squashed migrations to apply only two migrations:
-
-* `0001_initial_squashed_0004_add_field`
-* `0005_another_field`
-
-This is because the squash file contains all of the operations performed by files `0001` through `0004`.
-
-However, an existing installation that has already applied some of the individual migrations contained within the squash file must continue applying individual migrations. For instance, an installation which currently has up to `0002_alter_field` applied must apply the following migrations to become current:
-
-* `0003_remove_field`
-* `0004_add_field`
-* `0005_another_field`
-
-Squashed migrations are opportunistic: They are used only if applicable to the current environment. Django will fall back to using individual migrations if the squashed migrations do not agree with the current database schema at any point.
-
-## Squashing Migrations
-
-During every minor (i.e. 2.x) release, migrations should be squashed to help simplify the migration process for new installations. The process below describes how to squash migrations efficiently and with minimal room for error.
-
-### 1. Create a New Branch
-
-Create a new branch off of the `develop-2.x` branch. (Migrations should be squashed _only_ in preparation for a new minor release.)
-
-```
-git checkout -B squash-migrations
-```
-
-### 2. Delete Existing Squash Files
-
-Delete the most recent squash file within each NetBox app. This allows us to extend squash files where the opportunity exists. For example, we might be able to replace `0005_to_0008` with `0005_to_0011`.
-
-### 3. Generate the Current Migration Plan
-
-Use Django's `showmigrations` utility to display the order in which all migrations would be applied for a new installation.
-
-```
-manage.py showmigrations --plan
-```
-
-From the resulting output, delete all lines which reference an external migration. Any migrations imposed by Django itself on an external package are not relevant.
-
-### 4. Create Squash Files
-
-Begin iterating through the migration plan, looking for successive sets of migrations within an app. These are candidates for squashing. For example:
-
-```
-[X]  extras.0014_configcontexts
-[X]  extras.0015_remove_useraction
-[X]  extras.0016_exporttemplate_add_cable
-[X]  extras.0017_exporttemplate_mime_type_length
-[ ]  extras.0018_exporttemplate_add_jinja2
-[ ]  extras.0019_tag_taggeditem
-[X]  dcim.0062_interface_mtu
-[X]  dcim.0063_device_local_context_data
-[X]  dcim.0064_remove_platform_rpc_client
-[ ]  dcim.0065_front_rear_ports
-[X]  circuits.0001_initial_squashed_0010_circuit_status
-[ ]  dcim.0066_cables
-...
-```
-
-Migrations `0014` through `0019` in `extras` can be squashed, as can migrations `0062` through `0065` in `dcim`. Migration `0066` cannot be included in the same squash file, because the `circuits` migration must be applied before it. (Note that whether or not each migration is currently applied to the database does not matter.)
-
-Squash files are created using Django's `squashmigrations` utility:
-
-```
-manage.py squashmigrations <app> <start> <end>
-```
-
-For example, our first step in the example would be to run `manage.py squashmigrations extras 0014 0019`.
-
-!!! note
-    Specifying a migration file's numeric index is enough to uniquely identify it within an app. There is no need to specify the full filename.
-
-This will create a new squash file within the app's `migrations` directory, named as a concatenation of its beginning and ending migration. Some manual editing is necessary for each new squash file for housekeeping purposes:
-
-* Remove the "automatically generated" comment at top (to indicate that a human has reviewed the file).
-* Reorder `import` statements as necessary per PEP8.
-* It may be necessary to copy over custom functions from the original migration files (this will be indicated by a comment near the top of the squash file). It is safe to remove any functions that exist solely to accomodate reverse migrations (which we no longer support).
-
-Repeat this process for each candidate set of migrations until you reach the end of the migration plan.
-
-### 5. Check for Missing Migrations
-
-If everything went well, at this point we should have a completed squashed path. Perform a dry run to check for any missing migrations:
-
-```
-manage.py migrate --dry-run
-```
-
-### 5. Run Migrations
-
-Next, we'll apply the entire migration path to an empty database. Begin by dropping and creating your development database.
-
-!!! warning
-    Obviously, first back up any data you don't want to lose.
-
-```
-sudo -u postgres psql -c 'drop database netbox'
-sudo -u postgres psql -c 'create database netbox'
-```
-
-Apply the migrations with the `migrate` management command. It is not necessary to specify a particular migration path; Django will detect and use the squashed migrations automatically. You can verify the exact migrations being applied by enabling verboes output with `-v 2`.
-
-```
-manage.py migrate -v 2
-```
-
-### 6. Commit the New Migrations
-
-If everything is successful to this point, commit your changes to the `squash-migrations` branch.
-
-### 7. Validate Resulting Schema
-
-To ensure our new squashed migrations do not result in a deviation from the original schema, we'll compare the two. With the new migration file safely commit, check out the `develop-2.x` branch, which still contains only the individual migrations.
-
-```
-git checkout develop-2.x
-```
-
-Temporarily install the [django-extensions](https://django-extensions.readthedocs.io/) package, which provides the `sqldiff utility`:
-
-```
-pip install django-extensions
-```
-
-Also add `django_extensions` to `INSTALLED_APPS` in `netbox/netbox/settings.py`.
-
-At this point, our database schema has been defined by using the squashed migrations. We can run `sqldiff` to see if it differs any from what the current (non-squashed) migrations would generate. `sqldiff` accepts a list of apps against which to run:
-
-```
-manage.py sqldiff circuits dcim extras ipam secrets tenancy users virtualization
-```
-
-It is safe to ignore errors indicating an "unknown database type" for the following fields:
-
-* `dcim_interface.mac_address`
-* `ipam_aggregate.prefix`
-* `ipam_prefix.prefix`
-
-It is also safe to ignore the message "Table missing: extras_script".
-
-Resolve any differences by correcting migration files in the `squash-migrations` branch.
-
-!!! warning
-    Don't forget to remove `django_extension` from `INSTALLED_APPS` before committing your changes.
-
-### 8. Merge the Squashed Migrations
-
-Once all squashed migrations have been validated and all tests run successfully, merge the `squash-migrations` branch into `develop-2.x`. This completes the squashing process.

docs/development/user-preferences.md

@@ -0,0 +1,11 @@
+# User Preferences
+
+The `users.UserConfig` model holds individual preferences for each user in the form of JSON data. This page serves as a manifest of all recognized user preferences in NetBox.
+
+## Available Preferences
+
+| Name | Description |
+| ---- | ----------- |
+| extras.configcontext.format | Preferred format when rendering config context data (JSON or YAML) |
+| pagination.per_page | The number of items to display per page of a paginated table |
+| tables.${table_name}.columns | The ordered list of columns to display when viewing the table |

docs/extra.css

@@ -0,0 +1,19 @@
+/* Images */
+img {
+    display: block;
+    margin-left: auto;
+    margin-right: auto;
+}
+
+/* Tables */
+table {
+    margin-bottom: 24px;
+    width: 100%;
+}
+th {
+    background-color: #f0f0f0;
+    padding: 6px;
+}
+td {
+    padding: 6px;
+}

docs/index.md

@@ -12,7 +12,7 @@ NetBox is an open source web application designed to help manage and document co
 * **Data circuits** - Long-haul communications circuits and providers
 * **Secrets** - Encrypted storage of sensitive credentials
 
-# What NetBox Is Not
+## What NetBox Is Not
 
 While NetBox strives to cover many areas of network management, the scope of its feature set is necessarily limited. This ensures that development focuses on core functionality and that scope creep is reasonably contained. To that end, it might help to provide some examples of functionality that NetBox **does not** provide:
 
@@ -24,23 +24,23 @@ While NetBox strives to cover many areas of network management, the scope of its
 
 That said, NetBox _can_ be used to great effect in populating external tools with the data they need to perform these functions.
 
-# Design Philosophy
+## Design Philosophy
 
 NetBox was designed with the following tenets foremost in mind.
 
-## Replicate the Real World
+### Replicate the Real World
 
 Careful consideration has been given to the data model to ensure that it can accurately reflect a real-world network. For instance, IP addresses are assigned not to devices, but to specific interfaces attached to a device, and an interface may have multiple IP addresses assigned to it.
 
-## Serve as a "Source of Truth"
+### Serve as a "Source of Truth"
 
 NetBox intends to represent the _desired_ state of a network versus its _operational_ state. As such, automated import of live network state is strongly discouraged. All data created in NetBox should first be vetted by a human to ensure its integrity. NetBox can then be used to populate monitoring and provisioning systems with a high degree of confidence.
 
-## Keep it Simple
+### Keep it Simple
 
 When given a choice between a relatively simple [80% solution](https://en.wikipedia.org/wiki/Pareto_principle) and a much more complex complete solution, the former will typically be favored. This ensures a lean codebase with a low learning curve.
 
-# Application Stack
+## Application Stack
 
 NetBox is built on the [Django](https://djangoproject.com/) Python framework and utilizes a [PostgreSQL](https://www.postgresql.org/) database. It runs as a WSGI service behind your choice of HTTP server.
 
@@ -53,6 +53,10 @@ NetBox is built on the [Django](https://djangoproject.com/) Python framework and
 | Task queuing       | Redis/django-rq   |
 | Live device access | NAPALM            |
 
-# Getting Started
+## Supported Python Versions
+
+NetBox supports Python 3.6 and 3.7 environments currently. (Support for Python 3.5 was removed in NetBox v2.8.)
+
+## Getting Started
 
 See the [installation guide](installation/index.md) for help getting NetBox up and running quickly.

docs/installation/1-postgresql.md

@@ -1,14 +1,15 @@
-NetBox requires a PostgreSQL database to store data. This can be hosted locally or on a remote server. (Please note that MySQL is not supported, as NetBox leverages PostgreSQL's built-in [network address types](https://www.postgresql.org/docs/current/static/datatype-net-types.html).)
+# PostgreSQL Database Installation
 
-!!! note
-    The installation instructions provided here have been tested to work on Ubuntu 18.04 and CentOS 7.5. The particular commands needed to install dependencies on other distributions may vary significantly. Unfortunately, this is outside the control of the NetBox maintainers. Please consult your distribution's documentation for assistance with any errors.
+This section entails the installation and configuration of a local PostgreSQL database. If you already have a PostgreSQL database service in place, skip to [the next section](2-redis.md).
 
 !!! warning
-    NetBox requires PostgreSQL 9.4 or higher.
+    NetBox requires PostgreSQL 9.4 or higher. Please note that MySQL and other relational databases are **not** supported.
 
-# Installation
+The installation instructions provided here have been tested to work on Ubuntu 18.04 and CentOS 7.5. The particular commands needed to install dependencies on other distributions may vary significantly. Unfortunately, this is outside the control of the NetBox maintainers. Please consult your distribution's documentation for assistance with any errors.
 
-**Ubuntu**
+## Installation
+
+#### Ubuntu
 
 If a recent enough version of PostgreSQL is not available through your distribution's package manager, you'll need to install it from an official [PostgreSQL repository](https://wiki.postgresql.org/wiki/Apt).
 
@@ -17,13 +18,13 @@ If a recent enough version of PostgreSQL is not available through your distribut
 # apt-get install -y postgresql libpq-dev
 ```
 
-**CentOS**
+#### CentOS
 
-CentOS 7.5 does not ship with a recent enough version of PostgreSQL, so it will need to be installed from an external repository. The instructions below show the installation of PostgreSQL 9.6.
+CentOS 7.5 does not ship with a recent enough version of PostgreSQL, so it will need to be installed from an external repository. The instructions below show the installation of PostgreSQL 9.6, however you may opt to install a more recent version.
 
 ```no-highlight
-# yum install https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm
-# yum install postgresql96 postgresql96-server postgresql96-devel
+# yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
+# yum install -y postgresql96 postgresql96-server postgresql96-devel
 # /usr/pgsql-9.6/bin/postgresql96-setup initdb
 ```
 
@@ -41,7 +42,7 @@ Then, start the service and enable it to run at boot:
 # systemctl enable postgresql-9.6
 ```
 
-# Database Creation
+## Database Creation
 
 At a minimum, we need to create a database for NetBox and assign it a username and password for authentication. This is done with the following commands.
 
@@ -62,6 +63,8 @@ GRANT
 postgres=# \q
 ```
 
+## Verify Service Status
+
 You can verify that authentication works issuing the following command and providing the configured password. (Replace `localhost` with your database server if using a remote database.)
 
 ```no-highlight

docs/installation/2-redis.md

@@ -0,0 +1,31 @@
+# Redis Installation
+
+## Install Redis
+
+[Redis](https://redis.io/) is an in-memory key-value store which NetBox employs for caching and queuing. This section entails the installation and configuration of a local Redis instance. If you already have a Redis service in place, skip to [the next section](3-netbox.md).
+
+### Ubuntu
+
+```no-highlight
+# apt-get install -y redis-server
+```
+
+### CentOS
+
+```no-highlight
+# yum install -y epel-release
+# yum install -y redis
+# systemctl start redis
+# systemctl enable redis
+```
+
+You may wish to modify the Redis configuration at `/etc/redis.conf` or `/etc/redis/redis.conf`, however in most cases the default configuration is sufficient.
+
+## Verify Service Status
+
+Use the `redis-cli` utility to ensure the Redis service is functional:
+
+```no-highlight
+$ redis-cli ping
+PONG
+```

docs/installation/3-netbox.md

@@ -1,25 +1,29 @@
-# Installation
+# NetBox Installation
 
-This section of the documentation discusses installing and configuring the NetBox application. Begin by installing all system packages required by NetBox and its dependencies:
+This section of the documentation discusses installing and configuring the NetBox application itself.
 
-**Ubuntu**
+## Install System Packages
+
+Begin by installing all system packages required by NetBox and its dependencies. Note that beginning with NetBox v2.8, Python 3.6 or later is required.
+
+### Ubuntu
 
 ```no-highlight
-# apt-get install -y python3 python3-pip python3-dev build-essential libxml2-dev libxslt1-dev libffi-dev libpq-dev libssl-dev redis-server zlib1g-dev
+# apt-get install -y python3.6 python3-pip python3-venv python3-dev build-essential libxml2-dev libxslt1-dev libffi-dev libpq-dev libssl-dev zlib1g-dev
 ```
 
-**CentOS**
+### CentOS
 
 ```no-highlight
-# yum install -y epel-release
-# yum install -y gcc python36 python36-devel python36-setuptools libxml2-devel libxslt-devel libffi-devel openssl-devel redhat-rpm-config redis
+# yum install -y gcc python36 python36-devel python36-setuptools libxml2-devel libxslt-devel libffi-devel openssl-devel redhat-rpm-config
 # easy_install-3.6 pip
-# ln -s /usr/bin/python3.6 /usr/bin/python3
 ```
 
+## Download NetBox
+
 You may opt to install NetBox either from a numbered release or by cloning the master branch of its repository on GitHub.
 
-## Option A: Download a Release
+### Option A: Download a Release
 
 Download the [latest stable release](https://github.com/netbox-community/netbox/releases) from GitHub as a tarball or ZIP archive and extract it to your desired path. In this example, we'll use `/opt/netbox`.
 
@@ -31,7 +35,7 @@ Download the [latest stable release](https://github.com/netbox-community/netbox/
 # cd /opt/netbox/
 ```
 
-## Option B: Clone the Git Repository
+### Option B: Clone the Git Repository
 
 Create the base directory for the NetBox installation. For this guide, we'll use `/opt/netbox`.
 
@@ -41,13 +45,13 @@ Create the base directory for the NetBox installation. For this guide, we'll use
 
 If `git` is not already installed, install it:
 
-**Ubuntu**
+#### Ubuntu
 
 ```no-highlight
 # apt-get install -y git
 ```
 
-**CentOS**
+#### CentOS
 
 ```no-highlight
 # yum install -y git
@@ -66,45 +70,68 @@ Resolving deltas: 100% (1495/1495), done.
 Checking connectivity... done.
 ```
 
-!!! warning
-    Ensure that the media directory (`/opt/netbox/netbox/media/` in this example) and all its subdirectories are writable by the user account as which NetBox runs. If the NetBox process does not have permission to write to this directory, attempts to upload files (e.g. image attachments) will fail. (The appropriate user account will vary by platform.)
+## Create the NetBox User
 
-    `# chown -R netbox:netbox /opt/netbox/netbox/media/`
-
-# Install Python Packages
-
-Install the required Python packages using pip. (If you encounter any compilation errors during this step, ensure that you've installed all of the system dependencies listed above.)
-
-```no-highlight
-# pip3 install -r requirements.txt
-```
+Create a system user account named `netbox`. We'll configure the WSGI and HTTP services to run under this account. We'll also assign this user ownership of the media directory. This ensures that NetBox will be able to save local files.
 
 !!! note
-    If you encounter errors while installing the required packages, check that you're running a recent version of pip (v9.0.1 or higher) with the command `pip3 -V`.
+    CentOS users may need to create the `netbox` group first.
 
-## NAPALM Automation (Optional)
-
-NetBox supports integration with the [NAPALM automation](https://napalm-automation.net/) library. NAPALM allows NetBox to fetch live data from devices and return it to a requester via its REST API. Installation of NAPALM is optional. To enable it, install the `napalm` package using pip or pip3:
-
-```no-highlight
-# pip3 install napalm
+```
+# adduser --system --group netbox
+# chown --recursive netbox /opt/netbox/netbox/media/
 ```
 
-## Remote File Storage (Optional)
+## Set Up Python Environment
+
+We'll use a Python [virtual environment](https://docs.python.org/3.6/tutorial/venv.html) to ensure NetBox's required packages don't conflict with anything in the base system. This will create a directory named `venv` in our NetBox root.
+
+```no-highlight
+# python3 -m venv /opt/netbox/venv
+```
+
+Next, activate the virtual environment and install the required Python packages. You should see your console prompt change to indicate the active environment. (Activating the virtual environment updates your command shell to use the local copy of Python that we just installed for NetBox instead of the system's Python interpreter.)
+
+```no-highlight
+# source venv/bin/activate
+(venv) # pip3 install -r requirements.txt
+```
+
+### NAPALM Automation (Optional)
+
+NetBox supports integration with the [NAPALM automation](https://napalm-automation.net/) library. NAPALM allows NetBox to fetch live data from devices and return it to a requester via its REST API. Installation of NAPALM is optional. To enable it, install the `napalm` package:
+
+```no-highlight
+(venv) # pip3 install napalm
+```
+
+To ensure NAPALM is automatically re-installed during future upgrades, create a file named `local_requirements.txt` in the NetBox root directory (alongside `requirements.txt`) and list the `napalm` package:
+
+```no-highlight
+# echo napalm >> local_requirements.txt
+```
+
+### Remote File Storage (Optional)
 
 By default, NetBox will use the local filesystem to storage uploaded files. To use a remote filesystem, install the [`django-storages`](https://django-storages.readthedocs.io/en/stable/) library and configure your [desired backend](../../configuration/optional-settings/#storage_backend) in `configuration.py`.
 
 ```no-highlight
-# pip3 install django-storages
+(venv) # pip3 install django-storages
 ```
 
-# Configuration
+Don't forget to add the `django-storages` package to `local_requirements.txt` to ensure it gets re-installed during future upgrades:
+
+```no-highlight
+# echo django-storages >> local_requirements.txt
+```
+
+## Configuration
 
 Move into the NetBox configuration directory and make a copy of `configuration.example.py` named `configuration.py`.
 
 ```no-highlight
-# cd netbox/netbox/
-# cp configuration.example.py configuration.py
+(venv) # cd netbox/netbox/
+(venv) # cp configuration.example.py configuration.py
 ```
 
 Open `configuration.py` with your preferred editor and set the following variables:
@@ -114,7 +141,7 @@ Open `configuration.py` with your preferred editor and set the following variabl
 * `REDIS`
 * `SECRET_KEY`
 
-## ALLOWED_HOSTS
+### ALLOWED_HOSTS
 
 This is a list of the valid hostnames by which this server can be reached. You must specify at least one name or IP address.
 
@@ -124,7 +151,7 @@ Example:
 ALLOWED_HOSTS = ['netbox.example.com', '192.0.2.123']
 ```
 
-## DATABASE
+### DATABASE
 
 This parameter holds the database configuration details. You must define the username and password used when you configured PostgreSQL. If the service is running on a remote host, replace `localhost` with its address. See the [configuration documentation](../../configuration/required-settings/#database) for more detail on individual parameters.
 
@@ -141,13 +168,13 @@ DATABASE = {
 }
 ```
 
-## REDIS
+### REDIS
 
 Redis is a in-memory key-value store required as part of the NetBox installation. It is used for features such as webhooks and caching. Redis typically requires minimal configuration; the values below should suffice for most installations. See the [configuration documentation](../../configuration/required-settings/#redis) for more detail on individual parameters.
 
 ```python
 REDIS = {
-    'webhooks': {
+    'tasks': {
         'HOST': 'redis.example.com',
         'PORT': 1234,
         'PASSWORD': 'foobar',
@@ -166,7 +193,7 @@ REDIS = {
 }
 ```
 
-## SECRET_KEY
+### SECRET_KEY
 
 Generate a random secret key of at least 50 alphanumeric characters. This key must be unique to this installation and must not be shared outside the local system.
 
@@ -175,13 +202,13 @@ You may use the script located at `netbox/generate_secret_key.py` to generate a
 !!! note
     In the case of a highly available installation with multiple web servers, `SECRET_KEY` must be identical among all servers in order to maintain a persistent user session state.
 
-# Run Database Migrations
+## Run Database Migrations
 
 Before NetBox can run, we need to install the database schema. This is done by running `python3 manage.py migrate` from the `netbox` directory (`/opt/netbox/netbox/` in our example):
 
 ```no-highlight
-# cd /opt/netbox/netbox/
-# python3 manage.py migrate
+(venv) # cd /opt/netbox/netbox/
+(venv) # python3 manage.py migrate
 Operations to perform:
   Apply all migrations: dcim, sessions, admin, ipam, utilities, auth, circuits, contenttypes, extras, secrets, users
 Running migrations:
@@ -194,12 +221,12 @@ Running migrations:
 
 If this step results in a PostgreSQL authentication error, ensure that the username and password created in the database match what has been specified in `configuration.py`
 
-# Create a Super User
+## Create a Super User
 
 NetBox does not come with any predefined user accounts. You'll need to create a super user to be able to log into NetBox:
 
 ```no-highlight
-# python3 manage.py createsuperuser
+(venv) # python3 manage.py createsuperuser
 Username: admin
 Email address: admin@example.com
 Password:
@@ -207,20 +234,20 @@ Password (again):
 Superuser created successfully.
 ```
 
-# Collect Static Files
+## Collect Static Files
 
 ```no-highlight
-# python3 manage.py collectstatic --no-input
+(venv) # python3 manage.py collectstatic --no-input
 
 959 static files copied to '/opt/netbox/netbox/static'.
 ```
 
-# Test the Application
+## Test the Application
 
 At this point, NetBox should be able to run. We can verify this by starting a development instance:
 
 ```no-highlight
-# python3 manage.py runserver 0.0.0.0:8000 --insecure
+(venv) # python3 manage.py runserver 0.0.0.0:8000 --insecure
 Performing system checks...
 
 System check identified no issues (0 silenced).

docs/installation/4-http-daemon.md

@@ -1,11 +1,25 @@
+# HTTP Server Setup
+
 We'll set up a simple WSGI front end using [gunicorn](http://gunicorn.org/) for the purposes of this guide. For web servers, we provide example configurations for both [nginx](https://www.nginx.com/resources/wiki/) and [Apache](http://httpd.apache.org/docs/2.4). (You are of course free to use whichever combination of HTTP and WSGI services you'd like.) We'll use systemd to enable service persistence.
 
 !!! info
     For the sake of brevity, only Ubuntu 18.04 instructions are provided here, but this sort of web server and WSGI configuration is not unique to NetBox. Please consult your distribution's documentation for assistance if needed.
 
-# Web Server Installation
+## Obtain an SSL Certificate
 
-## Option A: nginx
+To enable HTTPS access to NetBox, you'll need a valid SSL certificate. You can purchase one from a trusted commercial provider, obtain one for free from [Let's Encrypt](https://letsencrypt.org/getting-started/), or generate your own (although self-signed certificates are generally untrusted). Both the public certificate and private key files need to be installed on your NetBox server in a location that is readable by the `netbox` user.
+
+The command below can be used to generate a self-signed certificate for testing purposes, however it is strongly recommended to use a certificate from a trusted authority in production. Two files will be created: the public certificate (`netbox.crt`) and the private key (`netbox.key`). The certificate is published to the world, whereas the private key must be kept secret at all times.
+
+```no-highlight
+# openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+-keyout /etc/ssl/private/netbox.key \
+-out /etc/ssl/certs/netbox.crt
+```
+
+## HTTP Daemon Installation
+
+### Option A: nginx
 
 The following will serve as a minimal nginx configuration. Be sure to modify your server name and installation path appropriately.
 
@@ -13,27 +27,10 @@ The following will serve as a minimal nginx configuration. Be sure to modify you
 # apt-get install -y nginx
 ```
 
-Once nginx is installed, save the following configuration to `/etc/nginx/sites-available/netbox`. Be sure to replace `netbox.example.com` with the domain name or IP address of your installation. (This should match the value configured for `ALLOWED_HOSTS` in `configuration.py`.)
+Once nginx is installed, copy the default nginx configuration file to `/etc/nginx/sites-available/netbox`. Be sure to replace `netbox.example.com` with the domain name or IP address of your installation. (This should match the value configured for `ALLOWED_HOSTS` in `configuration.py`.)
 
-```nginx
-server {
-    listen 80;
-
-    server_name netbox.example.com;
-
-    client_max_body_size 25m;
-
-    location /static/ {
-        alias /opt/netbox/netbox/static/;
-    }
-
-    location / {
-        proxy_pass http://127.0.0.1:8001;
-        proxy_set_header X-Forwarded-Host $http_host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
-}
+```no-highlight
+# cp /opt/netbox/contrib/nginx.conf /etc/nginx/sites-available/netbox
 ```
 
 Then, delete `/etc/nginx/sites-enabled/default` and create a symlink in the `sites-enabled` directory to the configuration file you just created.
@@ -44,82 +41,49 @@ Then, delete `/etc/nginx/sites-enabled/default` and create a symlink in the `sit
 # ln -s /etc/nginx/sites-available/netbox
 ```
 
-Restart the nginx service to use the new configuration.
+Finally, restart the `nginx` service to use the new configuration.
 
 ```no-highlight
 # service nginx restart
 ```
 
-To enable SSL, consider this guide on [securing nginx with Let's Encrypt](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04).
+### Option B: Apache
 
-## Option B: Apache
+Begin by installing Apache:
 
 ```no-highlight
-# apt-get install -y apache2 libapache2-mod-wsgi-py3
+# apt-get install -y apache2
 ```
 
-Once Apache is installed, proceed with the following configuration (Be sure to modify the `ServerName` appropriately):
-
-```apache
-<VirtualHost *:80>
-    ProxyPreserveHost On
-
-    ServerName netbox.example.com
-
-    Alias /static /opt/netbox/netbox/static
-
-    # Needed to allow token-based API authentication
-    WSGIPassAuthorization on
-
-    <Directory /opt/netbox/netbox/static>
-        Options Indexes FollowSymLinks MultiViews
-        AllowOverride None
-        Require all granted
-    </Directory>
-
-    <Location /static>
-        ProxyPass !
-    </Location>
-
-    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
-    ProxyPass / http://127.0.0.1:8001/
-    ProxyPassReverse / http://127.0.0.1:8001/
-</VirtualHost>
-```
-
-Save the contents of the above example in `/etc/apache2/sites-available/netbox.conf`, enable the `proxy` and `proxy_http` modules, and reload Apache:
+Next, copy the default configuration file to `/etc/apache2/sites-available/`. Be sure to modify the `ServerName` parameter appropriately.
 
 ```no-highlight
-# a2enmod proxy
-# a2enmod proxy_http
-# a2enmod headers
+# cp /opt/netbox/contrib/apache.conf /etc/apache2/sites-available/netbox.conf
+```
+
+Finally, ensure that the required Apache modules are enabled, enable the `netbox` site, and reload Apache:
+
+```no-highlight
+# a2enmod ssl proxy proxy_http headers
 # a2ensite netbox
 # service apache2 restart
 ```
 
-To enable SSL, consider this guide on [securing Apache with Let's Encrypt](https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04).
-
 !!! note
     Certain components of NetBox (such as the display of rack elevation diagrams) rely on the use of embedded objects. Ensure that your HTTP server configuration does not override the `X-Frame-Options` response header set by NetBox.
 
-# gunicorn Installation
+## Gunicorn Configuration
 
-Install gunicorn:
-
-```no-highlight
-# pip3 install gunicorn
-```
-
-Copy `/opt/netbox/contrib/gunicorn.py` to `/opt/netbox/gunicorn.py`. We make a copy of this file to ensure that any changes to it do not get overwritten by a future upgrade.
+Copy `/opt/netbox/contrib/gunicorn.py` to `/opt/netbox/gunicorn.py`. (We make a copy of this file to ensure that any changes to it do not get overwritten by a future upgrade.)
 
 ```no-highlight
 # cd /opt/netbox
 # cp contrib/gunicorn.py /opt/netbox/gunicorn.py
 ```
 
-You may wish to edit this file to change the bound IP address or port number, or to make performance-related adjustments.
+You may wish to edit this file to change the bound IP address or port number, or to make performance-related adjustments. See [the Gunicorn documentation](https://docs.gunicorn.org/en/stable/configure.html) for the available configuration parameters.
 
-# systemd configuration
+## systemd Configuration
 
 We'll use systemd to control the daemonization of NetBox services. First, copy `contrib/netbox.service` and `contrib/netbox-rq.service` to the `/etc/systemd/system/` directory:
 
@@ -127,22 +91,17 @@ We'll use systemd to control the daemonization of NetBox services. First, copy `
 # cp contrib/*.service /etc/systemd/system/
 ```
 
-!!! note
-    These service files assume that gunicorn is installed at `/usr/local/bin/gunicorn`. If the output of `which gunicorn` indicates a different path, you'll need to correct the `ExecStart` path in both files.
-
 Then, start the `netbox` and `netbox-rq` services and enable them to initiate at boot time:
 
 ```no-highlight
 # systemctl daemon-reload
-# systemctl start netbox.service
-# systemctl start netbox-rq.service
-# systemctl enable netbox.service
-# systemctl enable netbox-rq.service
+# systemctl start netbox netbox-rq
+# systemctl enable netbox netbox-rq
 ```
 
 You can use the command `systemctl status netbox` to verify that the WSGI service is running:
 
-```
+```no-highlight
 # systemctl status netbox.service
 ● netbox.service - NetBox WSGI Service
    Loaded: loaded (/etc/systemd/system/netbox.service; enabled; vendor preset: enabled)
@@ -157,7 +116,20 @@ You can use the command `systemctl status netbox` to verify that the WSGI servic
 ...
 ```
 
-At this point, you should be able to connect to the HTTP service at the server name or IP address you provided. If you are unable to connect, check that the nginx service is running and properly configured. If you receive a 502 (bad gateway) error, this indicates that gunicorn is misconfigured or not running.
+At this point, you should be able to connect to the HTTP service at the server name or IP address you provided.
 
 !!! info
     Please keep in mind that the configurations provided here are bare minimums required to get NetBox up and running. You may want to make adjustments to better suit your production environment.
+
+## Troubleshooting
+
+If you are unable to connect to the HTTP server, check that:
+
+* Nginx/Apache is running and configured to listen on the correct port.
+* Access is not being blocked by a firewall. (Try connecting locally from the server itself.)
+
+If you are able to connect but receive a 502 (bad gateway) error, check the following:
+
+* The NetBox system process (gunicorn) is running: `systemctl status netbox`
+* nginx/Apache is configured to connect to the port on which gunicorn is listening (default is 8001).
+* SELinux is not preventing the reverse proxy connection. You may need to allow HTTP network connections with the command `setsebool -P httpd_can_network_connect 1`

docs/installation/5-ldap.md

@@ -1,32 +1,44 @@
+# LDAP Configuration
+
 This guide explains how to implement LDAP authentication using an external server. User authentication will fall back to built-in Django users in the event of a failure.
 
-# Requirements
+## Install Requirements
 
-## Install openldap-devel
+### Install System Packages
 
 On Ubuntu:
 
 ```no-highlight
-sudo apt-get install -y libldap2-dev libsasl2-dev libssl-dev
+# apt-get install -y libldap2-dev libsasl2-dev libssl-dev
 ```
 
 On CentOS:
 
 ```no-highlight
-sudo yum install -y openldap-devel
+# yum install -y openldap-devel
 ```
 
-## Install django-auth-ldap
+### Install django-auth-ldap
+
+Activate the Python virtual environment and install the `django-auth-ldap` package using pip:
 
 ```no-highlight
-pip3 install django-auth-ldap
+# cd /opt/netbox/
+# source venv/bin/activate
+(venv) # pip3 install django-auth-ldap
 ```
 
-# Configuration
+Once installed, add the package to `local_requirements.txt` to ensure it is re-installed during future rebuilds of the virtual environment:
+
+```no-highlight
+(venv) # echo django-auth-ldap >> local_requirements.txt
+```
+
+## Configuration
 
 Create a file in the same directory as `configuration.py` (typically `netbox/netbox/`) named `ldap_config.py`. Define all of the parameters required below in `ldap_config.py`. Complete documentation of all `django-auth-ldap` configuration options is included in the project's [official documentation](http://django-auth-ldap.readthedocs.io/).
 
-## General Server Configuration
+### General Server Configuration
 
 !!! info
     When using Windows Server 2012 you may need to specify a port on `AUTH_LDAP_SERVER_URI`. Use `3269` for secure, or `3268` for non-secure.
@@ -54,7 +66,7 @@ LDAP_IGNORE_CERT_ERRORS = True
 
 STARTTLS can be configured by setting `AUTH_LDAP_START_TLS = True` and using the `ldap://` URI scheme.
 
-## User Authentication
+### User Authentication
 
 !!! info
     When using Windows Server 2012, `AUTH_LDAP_USER_DN_TEMPLATE` should be set to None.
@@ -79,7 +91,7 @@ AUTH_LDAP_USER_ATTR_MAP = {
 }
 ```
 
-# User Groups for Permissions
+### User Groups for Permissions
 
 !!! info
     When using Microsoft Active Directory, support for nested groups can be activated by using `NestedGroupOfNamesType()` instead of `GroupOfNamesType()` for `AUTH_LDAP_GROUP_TYPE`. You will also need to modify the import line to use `NestedGroupOfNamesType` instead of `GroupOfNamesType` .
@@ -121,9 +133,9 @@ AUTH_LDAP_CACHE_TIMEOUT = 3600
 !!! warning
     Authentication will fail if the groups (the distinguished names) do not exist in the LDAP directory.
 
-# Troubleshooting LDAP
+## Troubleshooting LDAP
 
-`supervisorctl restart netbox` restarts the Netbox service, and initiates any changes made to `ldap_config.py`. If there are syntax errors present, the NetBox process will not spawn an instance, and errors should be logged to `/var/log/supervisor/`.
+`systemctl restart netbox` restarts the Netbox service, and initiates any changes made to `ldap_config.py`. If there are syntax errors present, the NetBox process will not spawn an instance, and errors should be logged to `/var/log/messages`.
 
 For troubleshooting LDAP user/group queries, add the following lines to the start of `ldap_config.py` after `import ldap`.
 

docs/installation/index.md

@@ -3,14 +3,17 @@
 The following sections detail how to set up a new instance of NetBox:
 
 1. [PostgreSQL database](1-postgresql.md)
-2. [NetBox components](2-netbox.md)
-3. [HTTP daemon](3-http-daemon.md)
-4. [LDAP authentication](4-ldap.md) (optional)
+1. [Redis](2-redis.md)
+3. [NetBox components](3-netbox.md)
+4. [HTTP daemon](4-http-daemon.md)
+5. [LDAP authentication](5-ldap.md) (optional)
 
-# Upgrading
+Below is a simplified overview of the NetBox application stack for reference:
+
+![NetBox UI as seen by a non-authenticated user](../media/installation/netbox_application_stack.png)
+
+## Upgrading
 
 If you are upgrading from an existing installation, please consult the [upgrading guide](upgrading.md).
 
-NetBox v2.5 and later requires Python 3.5 or higher. Please see the instructions for [migrating to Python 3](migrating-to-python3.md) if you are still using Python 2.
-
 Netbox v2.5.9 and later moved to using systemd instead of supervisord.  Please see the instructions for [migrating to systemd](migrating-to-systemd.md) if you are still using supervisord.

docs/installation/migrating-to-python3.md

@@ -1,38 +0,0 @@
-# Migration
-
-!!! warning
-    As of version 2.5, NetBox no longer supports Python 2. Python 3 is required to run any 2.5 release or later.
-
-## Ubuntu
-
-Remove the Python2 version of gunicorn:
-
-```no-highlight
-# pip uninstall -y gunicorn
-```
-
-Install Python3 and pip3, Python's package management tool:
-
-```no-highlight
-# apt-get update
-# apt-get install -y python3 python3-dev python3-setuptools
-# easy_install3 pip
-```
-
-Install the Python3 packages required by NetBox:
-
-```no-highlight
-# pip3 install -r requirements.txt
-```
-
-Replace gunicorn with the Python3 version:
-
-```no-highlight
-# pip3 install gunicorn
-```
-
-If using LDAP authentication, install the `django-auth-ldap` package:
-
-```no-highlight
-# pip3 install django-auth-ldap
-```

docs/installation/migrating-to-systemd.md

@@ -1,16 +1,19 @@
-# Migration
+# Migrating to systemd
 
-Migration is not required, as supervisord will still continue to function.
+This document contains instructions for migrating from a legacy NetBox deployment using [supervisor](http://supervisord.org/) to a systemd-based approach.
 
 ## Ubuntu
 
-### Remove supervisord:
+### Uninstall supervisord
 
 ```no-highlight
-# apt-get remove -y supervisord
+# apt-get remove -y supervisor
 ```
 
-### systemd configuration:
+### Configure systemd
+
+!!! note
+    These instructions assume the presence of a Python virtual environment at `/opt/netbox/venv`. If you have not created this environment, please refer to the [installation instructions](3-netbox.md#set-up-python-environment) for direction.
 
 We'll use systemd to control the daemonization of NetBox services. First, copy `contrib/netbox.service` and `contrib/netbox-rq.service` to the `/etc/systemd/system/` directory:
 
@@ -19,19 +22,14 @@ We'll use systemd to control the daemonization of NetBox services. First, copy `
 ```
 
 !!! note
-    These service files assume that gunicorn is installed at `/usr/local/bin/gunicorn`. If the output of `which gunicorn` indicates a different path, you'll need to correct the `ExecStart` path in both files.
-
-!!! note
-    You may need to modify the user that the systemd service runs as.  Please verify the user for httpd on your specific release and edit both files to match your httpd service under user and group.  The username could be "nobody", "nginx", "apache", "www-data" or any number of other usernames.
+    You may need to modify the user that the systemd service runs as.  Please verify the user for httpd on your specific release and edit both files to match your httpd service under user and group.  The username could be "nobody", "nginx", "apache", "www-data", or something else.
 
 Then, start the `netbox` and `netbox-rq` services and enable them to initiate at boot time:
 
 ```no-highlight
 # systemctl daemon-reload
-# systemctl start netbox.service
-# systemctl start netbox-rq.service
-# systemctl enable netbox.service
-# systemctl enable netbox-rq.service
+# systemctl start netbox netbox-rq
+# systemctl enable netbox netbox-rq
 ```
 
 You can use the command `systemctl status netbox` to verify that the WSGI service is running:
@@ -51,7 +49,7 @@ You can use the command `systemctl status netbox` to verify that the WSGI servic
 ...
 ```
 
-At this point, you should be able to connect to the HTTP service at the server name or IP address you provided. If you are unable to connect, check that the nginx service is running and properly configured. If you receive a 502 (bad gateway) error, this indicates that gunicorn is misconfigured or not running.
+At this point, you should be able to connect to the HTTP service at the server name or IP address you provided. If you are unable to connect, check that the nginx service is running and properly configured. If you receive a 502 (bad gateway) error, this indicates that gunicorn is misconfigured or not running. Issue the command `journalctl -xe` to see why the services were unable to start.
 
 !!! info
     Please keep in mind that the configurations provided here are bare minimums required to get NetBox up and running. You may want to make adjustments to better suit your production environment.

docs/installation/upgrading.md

@@ -1,12 +1,17 @@
-# Review the Release Notes
+# Upgrading to a New NetBox Release
+
+## Review the Release Notes
 
 Prior to upgrading your NetBox instance, be sure to carefully review all [release notes](../../release-notes/) that have been published since your current version was released. Although the upgrade process typically does not involve additional work, certain releases may introduce breaking or backward-incompatible changes. These are called out in the release notes under the version in which the change went into effect.
 
-# Install the Latest Code
+!!! note
+    Beginning with version 2.8, NetBox requires Python 3.6 or later.
+
+## Install the Latest Code
 
 As with the initial installation, you can upgrade NetBox by either downloading the latest release package or by cloning the `master` branch of the git repository. 
 
-## Option A: Download a Release
+### Option A: Download a Release
 
 Download the [latest stable release](https://github.com/netbox-community/netbox/releases) from GitHub as a tarball or ZIP archive. Extract it to your desired path. In this example, we'll use `/opt/netbox`.
 
@@ -25,31 +30,32 @@ Copy the 'configuration.py' you created when first installing to the new version
 # cp netbox-X.Y.Z/netbox/netbox/configuration.py netbox/netbox/netbox/configuration.py
 ```
 
+Also copy the LDAP configuration if using LDAP:
+
+```no-highlight
+# cp netbox-X.Y.Z/netbox/netbox/ldap_config.py netbox/netbox/netbox/ldap_config.py
+```
+
 Be sure to replicate your uploaded media as well. (The exact action necessary will depend on where you choose to store your media, but in general moving or copying the media directory will suffice.)
 
 ```no-highlight
 # cp -pr netbox-X.Y.Z/netbox/media/ netbox/netbox/
 ```
 
-Also make sure to copy over any reports that you've made. Note that if you made them in a separate directory (`/opt/netbox-reports` for example), then you will not need to copy them - the config file that you copied earlier will point to the correct location.
+Also make sure to copy over any custom scripts and reports that you've made. Note that if these are stored outside the project root, you will not need to copy them. (Check the `SCRIPTS_ROOT` and `REPORTS_ROOT` parameters in the configuration file above if you're unsure.)
 
 ```no-highlight
-# cp -r /opt/netbox-X.Y.X/netbox/reports /opt/netbox/netbox/reports/
+# cp -r /opt/netbox-X.Y.Z/netbox/scripts /opt/netbox/netbox/scripts/
+# cp -r /opt/netbox-X.Y.Z/netbox/reports /opt/netbox/netbox/reports/
 ```
 
 If you followed the original installation guide to set up gunicorn, be sure to copy its configuration as well:
 
 ```no-highlight
-# cp netbox-X.Y.Z/gunicorn_config.py netbox/gunicorn_config.py
+# cp netbox-X.Y.Z/gunicorn.py netbox/gunicorn.py
 ```
 
-Copy the LDAP configuration if using LDAP:
-
-```no-highlight
-# cp netbox-X.Y.Z/netbox/netbox/ldap_config.py netbox/netbox/netbox/ldap_config.py
-```
-
-## Option B: Clone the Git Repository (latest master release)
+### Option B: Clone the Git Repository
 
 This guide assumes that NetBox is installed at `/opt/netbox`. Pull down the most recent iteration of the master branch:
 
@@ -60,9 +66,9 @@ This guide assumes that NetBox is installed at `/opt/netbox`. Pull down the most
 # git status
 ```
 
-# Run the Upgrade Script
+## Run the Upgrade Script
 
-Once the new code is in place, run the upgrade script (which may need to be run as root depending on how your environment is configured).
+Once the new code is in place, verify that any optional Python packages required by your deployment (e.g. `napalm` or `django-auth-ldap`) are listed in `local_requirements.txt`. Then, run the upgrade script:
 
 ```no-highlight
 # ./upgrade.sh
@@ -70,9 +76,14 @@ Once the new code is in place, run the upgrade script (which may need to be run
 
 This script:
 
-* Installs or upgrades any new required Python packages
+* Destroys and rebuilds the Python virtual environment
+* Installs all required Python packages (listed in `requirements.txt`)
+* Installs any additional packages from `local_requirements.txt`
 * Applies any database migrations that were included in the release
 * Collects all static files to be served by the HTTP service
+* Deletes stale content types from the database
+* Deletes all expired user sessions from the database
+* Clears all cached data to prevent conflicts with the new release
 
 !!! note
     It's possible that the upgrade script will display a notice warning of unreflected database migrations:
@@ -82,14 +93,16 @@ This script:
 
     This may occur due to semantic differences in environment, and can be safely ignored. Never attempt to create new migrations unless you are intentionally modifying the database schema.
 
-# Restart the WSGI Service
+## Restart the NetBox Services
 
-Finally, restart the WSGI services to run the new code. If you followed this guide for the initial installation, this is done using `systemctl:
+!!! warning
+    If you are upgrading from an installation that does not use a Python virtual environment, you'll need to update the systemd service files to reference the new Python and gunicorn executables before restarting the services. These are located in `/opt/netbox/venv/bin/`. See the example service files in `/opt/netbox/contrib/` for reference.
+
+Finally, restart the gunicorn and RQ services:
 
 ```no-highlight
-# sudo systemctl restart netbox
-# sudo systemctl restart netbox-rq
+# sudo systemctl restart netbox netbox-rq
 ```
 
 !!! note
-    It's possible you are still using supervisord instead of the linux native systemd.  If you are still using supervisord you can restart the services by either restarting supervisord or by using supervisorctl to restart netbox.
+    It's possible you are still using supervisord instead of systemd.  If so, please see the instructions for [migrating to systemd](migrating-to-systemd.md).

docs/models/circuits/circuit.md

@@ -0,0 +1,3 @@
+# Circuits
+
+A circuit represents a single _physical_ link connecting exactly two endpoints. (A circuit with more than two endpoints is a virtual circuit, which is not currently supported by NetBox.) Each circuit belongs to a provider and must be assigned a circuit ID which is unique to that provider.

docs/models/circuits/circuittermination.md

@@ -0,0 +1,11 @@
+# Circuit Terminations
+
+A circuit may have one or two terminations, annotated as the "A" and "Z" sides of the circuit. A single-termination circuit can be used when you don't know (or care) about the far end of a circuit (for example, an Internet access circuit which connects to a transit provider). A dual-termination circuit is useful for tracking circuits which connect two sites.
+
+Each circuit termination is tied to a site, and may optionally be connected via a cable to a specific device interface or pass-through port. Each termination can be assigned a separate downstream and upstream speed independent from one another. Fields are also available to track cross-connect and patch panel details.
+
+!!! note
+    A circuit represents a physical link, and cannot have more than two endpoints. When modeling a multi-point topology, each leg of the topology must be defined as a discrete circuit.
+
+!!! note
+    A circuit may terminate only to a physical interface. Circuits may not terminate to LAG interfaces, which are virtual interfaces: You must define each physical circuit within a service bundle separately and terminate it to its actual physical interface.

docs/models/circuits/circuittype.md

@@ -0,0 +1,10 @@
+# Circuit Types
+
+Circuits are classified by type. For example, you might define circuit types for:
+
+* Internet transit
+* Out-of-band connectivity
+* Peering
+* Private backhaul
+
+Circuit types are fully customizable.

docs/models/circuits/provider.md

@@ -0,0 +1,5 @@
+# Providers
+
+A provider is any entity which provides some form of connectivity. While this obviously includes carriers which offer Internet and private transit service, it might also include Internet exchange (IX) points and even organizations with whom you peer directly.
+
+Each provider may be assigned an autonomous system number (ASN), an account number, and relevant contact information.

docs/models/dcim/cable.md

@@ -0,0 +1,19 @@
+# Cables
+
+A cable represents a physical connection between two termination points, such as between a console port and a patch panel port, or between two network interfaces. Cables can be traced through pass-through ports to form a complete path between two endpoints. In the example below, three individual cables comprise a path between the two connected endpoints.
+
+```
+|<------------------------------------------ Cable Path ------------------------------------------->|
+
+  Device A                   Patch Panel A                 Patch Panel B                  Device B
++-----------+               +-------------+               +-------------+               +-----------+
+| Interface | --- Cable --- | Front Port  |               | Front Port  | --- Cable --- | Interface |
++-----------+               +-------------+               +-------------+               +-----------+
+                            +-------------+               +-------------+
+                            |  Rear Port  | --- Cable --- |  Rear Port  |
+                            +-------------+               +-------------+
+```
+
+All connections between device components in NetBox are represented using cables. However, defining the actual cable plant is optional: Components can be be directly connected using cables with no type or other attributes assigned.
+
+Cables are also used to associated ports and interfaces with circuit terminations. To do this, first create the circuit termination, then navigate the desired component and connect a cable between the two.

docs/models/dcim/consoleport.md

@@ -0,0 +1,5 @@
+## Console Ports
+
+A console port provides connectivity to the physical console of a device. Console ports are typically used for temporary access by someone who is physically near the device, or for remote out-of-band access via a console server.
+
+Console ports can be connected to console server ports.

docs/models/dcim/consoleporttemplate.md

@@ -0,0 +1,3 @@
+## Console Port Templates
+
+A template for a console port that will be created on all instantiations of the parent device type.

docs/models/dcim/consoleserverport.md

@@ -0,0 +1,5 @@
+## Console Server Ports
+
+A console server is a device which provides remote access to the local consoles of connected devices. This is typically done to provide remote out-of-band access to network devices.
+
+Console server ports can be connected to console ports.

docs/models/dcim/consoleserverporttemplate.md

@@ -0,0 +1,3 @@
+## Console Server Port Templates
+
+A template for a console server port that will be created on all instantiations of the parent device type.

docs/models/dcim/device.md

@@ -0,0 +1,7 @@
+# Devices
+
+Every piece of hardware which is installed within a rack exists in NetBox as a device. Devices are measured in rack units (U) and can be half depth or full depth. A device may have a height of 0U: These devices do not consume vertical rack space and cannot be assigned to a particular rack unit. A common example of a 0U device is a vertically-mounted PDU.
+
+When assigning a multi-U device to a rack, it is considered to be mounted in the lowest-numbered rack unit which it occupies. For example, a 3U device which occupies U8 through U10 is said to be mounted in U8. This logic applies to racks with both ascending and descending unit numbering.
+
+A device is said to be full depth if its installation on one rack face prevents the installation of any other device on the opposite face within the same rack unit(s). This could be either because the device is physically too deep to allow a device behind it, or because the installation of an opposing device would impede airflow.

docs/models/dcim/devicebay.md

@@ -0,0 +1,7 @@
+## Device Bays
+
+Device bays represent the ability of a device to house child devices. For example, you might install four blade servers into a 2U chassis. The chassis would appear in the rack elevation as a 2U device with four device bays. Each server within it would be defined as a 0U device installed in one of the device bays. Child devices do not appear within rack elevations or the "Non-Racked Devices" list within the rack view.
+
+Child devices are first-class Devices in their own right: that is, fully independent managed entities which don't share any control plane with the parent.  Just like normal devices, child devices have their own platform (OS), role, tags, and interfaces.  You cannot create a LAG between interfaces in different child devices.
+
+Therefore, Device bays are **not** suitable for modeling chassis-based switches and routers.  These should instead be modeled as a single Device, with the line cards as Inventory Items.

docs/models/dcim/devicebaytemplate.md

@@ -0,0 +1,3 @@
+## Device Bay Templates
+
+A template for a device bay that will be created on all instantiations of the parent device type.

docs/models/dcim/devicerole.md

@@ -0,0 +1,3 @@
+# Device Roles
+
+Devices can be organized by functional roles. These roles are fully customizable. For example, you might create roles for core switches, distribution switches, and access switches.

docs/models/dcim/devicetype.md

@@ -0,0 +1,18 @@
+# Device Types
+
+A device type represents a particular make and model of hardware that exists in the real world. Device types define the physical attributes of a device (rack height and depth) and its individual components (console, power, and network interfaces).
+
+Device types are instantiated as devices installed within racks. For example, you might define a device type to represent a Juniper EX4300-48T network switch with 48 Ethernet interfaces. You can then create multiple devices of this type named "switch1," "switch2," and so on. Each device will inherit the components (such as interfaces) of its device type at the time of creation. (However, changes made to a device type will **not** apply to instances of that device type retroactively.)
+
+Some devices house child devices which share physical resources, like space and power, but which functional independently from one another. A common example of this is blade server chassis. Each device type is designated as one of the following:
+
+* A parent device (which has device bays)
+* A child device (which must be installed in a device bay)
+* Neither
+
+!!! note
+    This parent/child relationship is **not** suitable for modeling chassis-based devices, wherein child members share a common control plane.
+
+    For that application you should create a single Device for the chassis, and add Interfaces directly to it.  Interfaces can be created in bulk using range patterns, e.g. "Gi1/[1-24]".
+
+    Add Inventory Items if you want to record the line cards themselves as separate entities.  There is no explicit relationship between each interface and its line card, but it may be implied by the naming (e.g. interfaces "Gi1/x" are on line card 1)

docs/models/dcim/frontport.md

@@ -0,0 +1,5 @@
+## Front Ports
+
+Front ports are pass-through ports used to represent physical cable connections that comprise part of a longer path. For example, the ports on the front face of a UTP patch panel would be modeled in NetBox as front ports.
+
+Each front port is mapped to a specific rear port on the same device. A single rear port may be mapped to multiple rear ports.

docs/models/dcim/frontporttemplate.md

@@ -0,0 +1,3 @@
+## Front Port Templates
+
+A template for a front-facing pass-through port that will be created on all instantiations of the parent device type.

docs/models/dcim/interface.md

@@ -0,0 +1,9 @@
+## Interfaces
+
+Interfaces connect to one another in a symmetric manner: If interface A connects to interface B, interface B therefore connects to interface A. Each type of connection can be classified as either *planned* or *connected*.
+
+Each interface is a assigned a type denoting its physical properties. Two special types exist: the "virtual" type can be used to designate logical interfaces (such as SVIs), and the "LAG" type can be used to desinate link aggregation groups to which physical interfaces can be assigned.
+
+Each interface can also be enabled or disabled, and optionally designated as management-only (for out-of-band management). Fields are also provided to store an interface's MTU and MAC address.
+
+VLANs can be assigned to each interface as either tagged or untagged. (An interface may have only one untagged VLAN.)

docs/models/dcim/interfacetemplate.md

@@ -0,0 +1,3 @@
+## Interface Templates
+
+A template for an interface that will be created on all instantiations of the parent device type.

docs/models/dcim/inventoryitem.md

@@ -0,0 +1,3 @@
+# Inventory Items
+
+Inventory items represent hardware components installed within a device, such as a power supply or CPU or line card. Currently, these are used merely for inventory tracking, although future development might see their functionality expand. Like device types, each item can optionally be assigned a manufacturer.

docs/models/dcim/manufacturer.md

@@ -0,0 +1,3 @@
+# Manufacturers
+
+Each device type must be assigned to a manufacturer. The model number of a device type must be unique to its manufacturer.

docs/models/dcim/platform.md

@@ -0,0 +1,7 @@
+# Platforms
+
+A platform defines the type of software running on a device or virtual machine. This can be helpful when it is necessary to distinguish between, for instance, different feature sets. Note that two devices of the same type may be assigned different platforms: for example, one Juniper MX240 running Junos 14 and another running Junos 15.
+
+The platform model is also used to indicate which [NAPALM](https://napalm-automation.net/) driver NetBox should use when connecting to a remote device. The name of the driver along with optional parameters are stored with the platform.
+
+The assignment of platforms to devices is an optional feature, and may be disregarded if not desired.

docs/models/dcim/powerfeed.md

@@ -0,0 +1,8 @@
+# Power Feed
+
+A power feed identifies the power outlet/drop that goes to a rack and is terminated to a power panel. Power feeds have a supply type (AC/DC), voltage, amperage, and phase type (single/three).
+
+Power feeds are optionally assigned to a rack. In addition, a power port – and only one – can connect to a power feed; in the context of a PDU, the power feed is analogous to the power outlet that a PDU's power port/inlet connects to.
+
+!!! info
+    The power usage of a rack is calculated when a power feed (or multiple) is assigned to that rack and connected to a power port.

docs/models/dcim/poweroutlet.md

@@ -0,0 +1,3 @@
+## Power Outlets
+
+Power outlets represent the ports on a PDU that supply power to other devices. Power outlets are downstream-facing towards power ports. A power outlet can be associated with a power port on the same device and a feed leg (i.e. in a case of a three-phase supply). This indicates which power port supplies power to a power outlet.

docs/models/dcim/poweroutlettemplate.md

@@ -0,0 +1,3 @@
+## Power Outlet Templates
+
+A template for a power outlet that will be created on all instantiations of the parent device type.

docs/models/dcim/powerpanel.md

@@ -0,0 +1,3 @@
+# Power Panel
+
+A power panel represents the distribution board where power circuits – and their circuit breakers – terminate on. If you have multiple power panels in your data center, you should model them as such in NetBox to assist you in determining the redundancy of your power allocation.

docs/models/dcim/powerport.md

@@ -0,0 +1,6 @@
+## Power Ports
+
+A power port is the inlet of a device where it draws its power. Power ports are upstream-facing towards power outlets. Alternatively, a power port can connect to a power feed – as mentioned in the power feed section – to indicate the power source of a PDU's inlet.
+
+!!! info
+    If the draw of a power port is left empty, it will be dynamically calculated based on the power outlets associated with that power port. This is usually the case on the power ports of devices that supply power, like a PDU.

docs/models/dcim/powerporttemplate.md

@@ -0,0 +1,3 @@
+## Power Port Templates
+
+A template for a power port that will be created on all instantiations of the parent device type.

docs/models/dcim/rack.md

@@ -0,0 +1,15 @@
+# Racks
+
+The rack model represents a physical two- or four-post equipment rack in which equipment is mounted. Each rack must be assigned to a site. Rack height is measured in *rack units* (U); racks are commonly between 42U and 48U tall, but NetBox allows you to define racks of arbitrary height. A toggle is provided to indicate whether rack units are in ascending or descending order.
+
+Each rack is assigned a name and (optionally) a separate facility ID. This is helpful when leasing space in a data center your organization does not own: The facility will often assign a seemingly arbitrary ID to a rack (for example, "M204.313") whereas internally you refer to is simply as "R113." A unique serial number may also be associated with each rack.
+
+A rack must be designated as one of the following types:
+
+* 2-post frame
+* 4-post frame
+* 4-post cabinet
+* Wall-mounted frame
+* Wall-mounted cabinet
+
+Each rack has two faces (front and rear) on which devices can be mounted. Rail-to-rail width may be 19 or 23 inches.

docs/models/dcim/rackgroup.md

@@ -0,0 +1,7 @@
+# Rack Groups
+
+Racks can be arranged into groups. As with sites, how you choose to designate rack groups will depend on the nature of your organization. For example, if each site represents a campus, each group might represent a building within a campus. If each site represents a building, each rack group might equate to a floor or room.
+
+Each rack group must be assigned to a parent site, and rack groups may optionally be nested to achieve a multi-level hierarchy.
+
+The name and facility ID of each rack within a group must be unique. (Racks not assigned to the same rack group may have identical names and/or facility IDs.)

docs/models/dcim/rackreservation.md

@@ -0,0 +1,3 @@
+# Rack Reservations
+
+Users can reserve units within a rack for future use. Multiple non-contiguous rack units can be associated with a single reservation (but reservations cannot span multiple racks). A rack reservation may optionally designate a specific tenant.

docs/models/dcim/rackrole.md

@@ -0,0 +1,3 @@
+# Rack Roles
+
+Each rack can optionally be assigned a functional role. For example, you might designate a rack for compute or storage resources, or to house colocated customer devices. Rack roles are fully customizable.

docs/models/dcim/rearport.md

@@ -0,0 +1,5 @@
+## Rear Ports
+
+Like front ports, rear ports are pass-through ports which represent the end of a particular cable segment in a path. Each rear port is defined with a number of positions: rear ports with more than one position can be mapped to multiple front ports. This can be useful for modeling instances where multiple paths share a common cable (for example, six different fiber connections sharing a 12-strand MPO cable).
+
+Note that front and rear ports need not necessarily reside on the actual front or rear device face. This terminology is used primarily to distinguish between the two components in a pass-through port pairing.

docs/models/dcim/rearporttemplate.md

@@ -0,0 +1,3 @@
+## Rear Port Templates
+
+A template for a rear-facing pass-through port that will be created on all instantiations of the parent device type.

docs/models/dcim/region.md

@@ -0,0 +1,3 @@
+# Regions
+
+Sites can be arranged geographically using regions. A region might represent a continent, country, city, campus, or other area depending on your use case. Regions can be nested recursively to construct a hierarchy. For example, you might define several country regions, and within each of those several state or city regions to which sites are assigned.

docs/models/dcim/site.md

@@ -0,0 +1,13 @@
+# Sites
+
+How you choose to use sites will depend on the nature of your organization, but typically a site will equate to a building or campus. For example, a chain of banks might create a site to represent each of its branches, a site for its corporate headquarters, and two additional sites for its presence in two colocation facilities.
+
+Each site must be assigned one of the following operational statuses:
+
+* Active
+* Planned
+* Retired
+
+The site model provides a facility ID field which can be used to annotate a facility ID (such as a datacenter name) associated with the site. Each site may also have an autonomous system (AS) number and time zone associated with it. (Time zones are provided by the [pytz](https://pypi.org/project/pytz/) package.)
+
+The site model also includes several fields for storing contact and address information.

docs/models/dcim/virtualchassis.md

@@ -0,0 +1,5 @@
+# Virtual Chassis
+
+A virtual chassis represents a set of devices which share a single control plane: a stack of switches which are managed as a single device, for example. Each device in the virtual chassis is assigned a position and (optionally) a priority. Exactly one device is designated the virtual chassis master: This device will typically be assigned a name, secrets, services, and other attributes related to its management.
+
+It's important to recognize the distinction between a virtual chassis and a chassis-based device. For instance, a virtual chassis is not used to model a chassis switch with removable line cards such as the Juniper EX9208, as its line cards are _not_ physically separate devices capable of operating independently.

docs/models/extras/configcontext.md

@@ -0,0 +1,5 @@
+# Configuration Contexts
+
+Sometimes it is desirable to associate arbitrary data with a group of devices to aid in their configuration. For example, you might want to associate a set of syslog servers for all devices at a particular site. Context data enables the association of arbitrary data to devices and virtual machines grouped by region, site, role, platform, and/or tenant. Context data is arranged hierarchically, so that data with a higher weight can be entered to override more general lower-weight data. Multiple instances of data are automatically merged by NetBox to present a single dictionary for each object.
+
+Devices and Virtual Machines may also have a local config context defined. This local context will always overwrite the rendered config context objects for the Device/VM. This is useful in situations were the device requires a one-off value different from the rest of the environment.

docs/models/extras/tag.md

@@ -0,0 +1,24 @@
+# Tags
+
+Tags are free-form text labels which can be applied to a variety of objects within NetBox. Tags are created on-demand as they are assigned to objects. Use commas to separate tags when adding multiple tags to an object (for example: `Inventoried, Monitored`). Use double quotes around a multi-word tag when adding only one tag, e.g. `"Core Switch"`.
+
+Each tag has a label and a URL-friendly slug. For example, the slug for a tag named "Dunder Mifflin, Inc." would be `dunder-mifflin-inc`. The slug is generated automatically and makes tags easier to work with as URL parameters.
+
+Objects can be filtered by the tags they have applied. For example, the following API request will retrieve all devices tagged as "monitored":
+
+```
+GET /api/dcim/devices/?tag=monitored
+```
+
+Tags are included in the API representation of an object as a list of plain strings:
+
+```
+{
+    ...
+    "tags": [
+        "Core Switch",
+        "Monitored"
+    ],
+    ...
+}
+```

docs/models/ipam/aggregate.md

@@ -0,0 +1,15 @@
+# Aggregates
+
+The first step to documenting your IP space is to define its scope by creating aggregates. Aggregates establish the root of your IP address hierarchy by defining the top-level allocations that you're interested in managing. Most organizations will want to track some commonly-used private IP spaces, such as:
+
+* 10.0.0.0/8 (RFC 1918)
+* 100.64.0.0/10 (RFC 6598)
+* 172.16.0.0/12 (RFC 1918)
+* 192.168.0.0/16 (RFC 1918)
+* One or more /48s within fd00::/8 (IPv6 unique local addressing)
+
+In addition to one or more of these, you'll want to create an aggregate for each globally-routable space your organization has been allocated. These aggregates should match the allocations recorded in public WHOIS databases.
+
+Each IP prefix will be automatically arranged under its parent aggregate if one exists. Note that it's advised to create aggregates only for IP ranges actually allocated to your organization (or marked for private use): There is no need to define aggregates for provider-assigned space which is only used on Internet circuits, for example.
+
+Aggregates cannot overlap with one another: They can only exist side-by-side. For instance, you cannot define both 10.0.0.0/8 and 10.16.0.0/16 as aggregates, because they overlap. 10.16.0.0/16 in this example would be created as a prefix and automatically grouped under 10.0.0.0/8. Remember, the purpose of aggregates is to establish the root of your IP addressing hierarchy.

docs/models/ipam/ipaddress.md

@@ -0,0 +1,31 @@
+# IP Addresses
+
+An IP address comprises a single host address (either IPv4 or IPv6) and its subnet mask. Its mask should match exactly how the IP address is configured on an interface in the real world.
+
+Like prefixes, an IP address can optionally be assigned to a VRF (otherwise, it will appear in the "global" table). IP addresses are automatically organized under parent prefixes within their respective VRFs.
+
+Also like prefixes, each IP address can be assigned a status and a role. Statuses are hard-coded in NetBox and include the following:
+
+* Active
+* Reserved
+* Deprecated
+* DHCP
+
+Each IP address can optionally be assigned a special role. Roles are used to indicate some special attribute of an IP address: for example, it is used as a loopback, or is a virtual IP maintained using VRRP. (Note that this differs in purpose from a _functional_ role, and thus cannot be customized.) Available roles include:
+
+* Loopback
+* Secondary
+* Anycast
+* VIP
+* VRRP
+* HSRP
+* GLBP
+
+An IP address can be assigned to a device or virtual machine interface, and an interface may have multiple IP addresses assigned to it. Further, each device and virtual machine may have one of its interface IPs designated as its primary IP address (one for IPv4 and one for IPv6).
+
+## Network Address Translation (NAT)
+
+An IP address can be designated as the network address translation (NAT) inside IP address for exactly one other IP address. This is useful primarily to denote a translation between public and private IP addresses. This relationship is followed in both directions: For example, if 10.0.0.1 is assigned as the inside IP for 192.0.2.1, 192.0.2.1 will be displayed as the outside IP for 10.0.0.1.
+
+!!! note
+    NetBox does not support tracking one-to-many NAT relationships (also called port address translation). This type of policy requires additional logic to model and cannot be fully represented by IP address alone.

docs/models/ipam/prefix.md

@@ -0,0 +1,18 @@
+# Prefixes
+
+A prefix is an IPv4 or IPv6 network and mask expressed in CIDR notation (e.g. 192.0.2.0/24). A prefix entails only the "network portion" of an IP address: All bits in the address not covered by the mask must be zero. (In other words, a prefix cannot be a specific IP address.)
+
+Prefixes are automatically arranged by their parent aggregates. Additionally, each prefix can be assigned to a particular site and VRF (routing table). All prefixes not assigned to a VRF will appear in the "global" table.
+
+Each prefix can be assigned a status and a role. These terms are often used interchangeably so it's important to recognize the difference between them. The **status** defines a prefix's operational state. Statuses are hard-coded in NetBox and can be one of the following:
+
+* Container - A summary of child prefixes
+* Active - Provisioned and in use
+* Reserved - Designated for future use
+* Deprecated - No longer in use
+
+On the other hand, a prefix's **role** defines its function. Role assignment is optional and roles are fully customizable. For example, you might create roles to differentiate between production and development infrastructure.
+
+A prefix may also be assigned to a VLAN. This association is helpful for identifying which prefixes are included when reviewing a list of VLANs.
+
+The prefix model include a "pool" flag. If enabled, NetBox will treat this prefix as a range (such as a NAT pool) wherein every IP address is valid and assignable. This logic is used for identifying available IP addresses within a prefix. If this flag is disabled, NetBox will assume that the first and last (broadcast) address within the prefix are unusable.

docs/models/ipam/rir.md

@@ -0,0 +1,7 @@
+# Regional Internet Registries (RIRs)
+
+[Regional Internet registries](https://en.wikipedia.org/wiki/Regional_Internet_registry) are responsible for the allocation of globally-routable address space. The five RIRs are ARIN, RIPE, APNIC, LACNIC, and AFRINIC. However, some address space has been set aside for internal use, such as defined in RFCs 1918 and 6598. NetBox considers these RFCs as a sort of RIR as well; that is, an authority which "owns" certain address space. There also exist lower-tier registries which serve a particular geographic area.
+
+Each aggregate must be assigned to one RIR. You are free to define whichever RIRs you choose (or create your own). The RIR model includes a boolean flag which indicates whether the RIR allocates only private IP space.
+
+For example, suppose your organization has been allocated 104.131.0.0/16 by ARIN. It also makes use of RFC 1918 addressing internally. You would first create RIRs named ARIN and RFC 1918, then create an aggregate for each of these top-level prefixes, assigning it to its respective RIR.

docs/models/ipam/role.md

@@ -0,0 +1,3 @@
+# Prefix/VLAN Roles
+
+A role indicates the function of a prefix or VLAN. For example, you might define Data, Voice, and Security roles. Generally, a prefix will be assigned the same functional role as the VLAN to which it is assigned (if any).

docs/models/ipam/service.md

@@ -0,0 +1,5 @@
+# Services
+
+A service represents a layer four TCP or UDP service available on a device or virtual machine. For example, you might want to document that an HTTP service is running on a device. Each service includes a name, protocol, and port number; for example, "SSH (TCP/22)" or "DNS (UDP/53)."
+
+A service may optionally be bound to one or more specific IP addresses belonging to its parent device or VM. (If no IP addresses are bound, the service is assumed to be reachable via any assigned IP address.)