Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/jalmargyyk/netbox-ripe-updater/llms.txt

Use this file to discover all available pages before exploring further.

This page answers the questions that come up most often when deploying and operating Netbox RIPE Updater. If your question is not here, check the known limitations page for edge cases, or the API endpoints reference for details on webhook behavior.
Set RIPE_DB=TEST in your .env.updater file. The updater will send all requests to https://rest-test.db.ripe.net/test instead of the production database, so no real RIPE objects are created or modified.The example configuration file already defaults to TEST:
# .env.updater.example
RIPE_DB=TEST
Point TEMPLATES_DIR at the example templates directory to test with sample data before writing your own templates. When you are satisfied with the behavior, switch RIPE_DB to RIPE and restart the containers.
Keep a separate .env.updater.test file checked in alongside your production config so that switching back to test mode for debugging is a one-line change.
Add the ripe_netname custom field to NetBox prefixes:
  • Name: ripe_netname
  • Label: RIPE Netname
  • Assigned models: ipam → prefixes
  • Type: String
  • Required: no
When the field is populated on a prefix, the updater uses its value as the netname attribute in the RIPE object. When the field is empty or absent, the updater falls back to the value of ripe_template (converted to uppercase) as the NETNAME.This allows you to set a meaningful, human-readable name per prefix without creating a separate template for each one.
NetBox sends a webhook with event = "deleted". The updater always attempts a delete from RIPE DB in this case, regardless of ripe_report:
  • The updater calls the RIPE REST API to delete the INETNUM or INET6NUM object for the prefix.
  • A backup of the current RIPE object is saved to S3 before any destructive operation.
  • If the object does not exist in RIPE DB (e.g. ripe_report was never true), the RIPE API returns 404, which the updater treats as a successful no-op.
The /update endpoint returns 204 No Content on success. You can restore a deleted object from the /backups UI if needed.
Two environment variables in .env.updater control whether these attributes appear in the generated RIPE objects:
INCLUDE_ORG=yes    # include the org attribute (default: yes)
INCLUDE_DESCR=yes  # include the descr attribute (default: yes)
Set either to no to omit the attribute entirely from the INETNUM or INET6NUM object. This is useful when your LIR agreement does not require these fields, or when you want to manage them manually through RIPE’s web interface.Restart the containers after changing these values for the change to take effect.
Any S3-compatible endpoint works. The Docker Compose stack includes a Minio container by default, but you can replace it by pointing the updater at any S3-compatible service:
S3_ENDPOINT_URL=https://s3.eu-west-1.amazonaws.com
S3_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE
S3_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
S3_BUCKET=my-ripe-backups
If you remove the Minio service from docker-compose.yml, also remove or update the S3_ENDPOINT_URL default (which points to the internal minio:9000 host) so the updater can reach your chosen storage. Set S3_BACKUP=no if you want to disable backups entirely.
RIPE API keys have a maximum TTL of 12 months. When your credentials expire, every RIPE write will fail with a 500 response.Use the provided script to rotate credentials safely:
./update-ripe-key.sh
The script will:
  1. Create a timestamped backup of your current .env.updater
  2. Prompt you for the new RIPE_API_USER and RIPE_API_PASS
  3. Write the new values to .env.updater
  4. Restart the containers so the change takes effect immediately
Do not edit .env.updater and restart manually while the updater is processing webhooks — use the script to ensure an atomic update. Schedule the rotation before the key expires to avoid downtime.
NetBox 2.4 or later is required. The updater uses the pynetbox library to query prefixes, aggregates, regions, and sites, and relies on the custom field and webhook APIs that were stabilized in NetBox 2.4.If you are running an older version of NetBox, upgrade before deploying the updater.
The updater reads the ISO Alpha-2 country code from the region slug of the site assigned to the prefix in NetBox. For example, a region with the slug gb is resolved to GB (United Kingdom).The updater walks up the region hierarchy until it finds a slug that matches a valid ISO Alpha-2 code. If no match is found — for example because the prefix has no site assigned, or the region slugs do not follow the ISO format — it falls back to DEFAULT_COUNTRY:
DEFAULT_COUNTRY=GB
Ensure your top-level regions in NetBox use two-letter ISO Alpha-2 slugs (e.g. gb, de, nl). Nested sub-regions can use any slug; the updater will traverse upward until it finds a valid country code.

API endpoints

Full reference for all HTTP endpoints and response codes

Known limitations

Edge cases and workarounds for prefix conflicts and size limits

Build docs developers (and LLMs) love

Get started for freeTalk to us