Network Operations Automation Platform — Full Lifecycle Management for Retail Networks
NetDevOps-Backend is a backend API platform for network operations automation, serving the daily management of Decathlon's retail network. Centered on Cisco Meraki cloud-managed devices, providing full lifecycle management for store networks.
New store network auto-setup
Dify-powered network analysis
Mass config & port management
Change management & audit
| Web | Django 5.1.2 + DRF 3.15.2 |
| Server | Daphne (ASGI) / uWSGI (WSGI) |
| Database | MySQL (Read/Write Splitting) |
| Process | Supervisord |
| Scheduler | Supercronic + APScheduler |
| External | Meraki API v1, Dify AI |
| Auth | JWT + OAuth2 + HMAC |
| Encryption | AES-ECB, PyJWT, SHA256 |
| Deploy | Docker + Jenkins CI/CD |
| pdfkit + wkhtmltopdf |
User management & auth
Role & permission control
Network device management
New store opening
Approval workflows
AI inspection & alerts
AOA FQDN management
SOPO external interface
OpenAPI external interface
Default connection → MySQL port 3308
Read connection → MySQL port 3308 (separate)
Implemented via DbReadWriteRouter — reserves space for scaling read replicas
All processes managed by Supervisord (PID 1) inside Docker container
Master-slave election via BackendProcesses table. Heartbeat timeout: 2 min. Auto-failover to standby.
Supervisord auto-restart on failure. Stdout logging to container logs.
User ↔ Role ↔ PagePower ↔ PowerApi
User role set; admin role has full permissions
Frontend menu/page-level control (2 levels: menu + submenu)
Backend API path-level permission control
Passwords: AES-ECB | Tokens: JWT (HS256, 24h) | API signing: SHA256
Core module — directly interacts with Cisco Meraki Dashboard API v1 via meraki_utils/requestBase.py
• List all Meraki Networks
• VLAN info & configuration
• Single / Batch update
• Get devices per Network
• List all switches
• Port list & batch update
• Update by Network tags
• Device type & tag options
• List all APs
• Batch update APs
• Add new APs
• List network clients
• Client policy management
• Batch policy updates
• Configuration templates
• Switch access policies
• Wireless SSID config
• DHCP fixed IP assignments
• Meraki config change logs
• Administrator list
Core business process — automated network provisioning for new stores with checkpoint-resume execution
Each step has independent success/failure flags. Failed steps return to corresponding Step for user correction. Completed steps auto-skip on retry.
External SOPO system can also create opening work orders via HMAC-authenticated endpoints, enabling automated CI/CD pipeline integration.
User triggers network operation requiring approval (batch port modification, DHCP config, etc.)
Email notification → Approver approves with scheduled time OR rejects with comments
execapprovals process executes at scheduled time using dynamic importlib loader
DhcpOnOff, DhcpDns, DhcpBootOption, FixedIp, ReservedIp
RebootDevices, VPN Hubs, Access Policy, Rollback Alert Tags
ChangePort, ChangePortByNetworkTags, RollbackChangePort
AddAP, DeleteAP, MoveAP, SwitchAccessPolicy, ChangeClientGroupPolicy
Integrated with Dify AI Workflow for intelligent network inspection and alert analysis
• Cron-based auto-scheduling
• Associate with multiple Network IDs
• Enable/disable toggle
• Execution logs in InspectionPlanLog
Bucketed by All / Retail / Office / Warehouse
(Total - Uninspected) / Total × 100%
Meraki Assurance Alerts + Dify AI analysis workflow
Markdown → HTML → PDF (with Twemoji images)
• 30+ wrapped API calls
• Auto rate-limit retry (3x)
• Link Header pagination
• Action Batch (20 actions/batch)
• Network/Device/Switch/AP/Client/VPN/Template/Alert management
• 2 Workflow integrations
• Inspection Analysis (DIFY_API_KEY)
• Alert Analysis (DIFY_API_KEY_ALERT_ANALYZER)
• SSE workflow_finished event
• Markdown report generation
• Authorization endpoint
• Token endpoint
• User info (OpenID)
• Auto-create local accounts
• First-login admin notification
Dual DNS servers: 114.114.114.114 / 8.8.8.8
Library: dnspython
Full & incremental FQDN updates via aoa-crond worker. Dynamic cron rescheduling. Failure email notifications.
Differentiated by type field (mail/hubs/s-p-r-e), JSON content storage
IP subnet pool → auto-allocate during store opening
Network type templates (Retail/Office/Warehouse)
Port device type configuration
Email sending queue
Background process registry & heartbeat
| Component | Description |
|---|---|
| BaseLoginUtils | User login/logout, JWT generation, info assembly |
| PaiopsAes | AES encryption/decryption, SHA256 hashing |
| BasicModelList | Generic paginated list (ORM + raw SQL) |
| BasicModelCreate | Generic model creation |
| BasicModelUpdate | Generic model update with callback |
| BasicManyToMany | Generic M2M relationship operations |
| BasicRunSql | Raw SQL execution utility |
| Component | Description |
|---|---|
| requestBase | Meraki API wrapper (30+ methods) |
| call_dify_workflow | Dify AI SSE invocation |
| DktMailTools | Email notifications (SMTP + starttls) |
| BackendProcessBasicTools | Process election, heartbeat, logging |
| ModelSerializers | Model serialization utilities |
| PaiopsJsonResponse | Unified JSON response format |
| httpresult | Unified error codes (4001~4043) |
NetDevOps-Backend — Powering Decathlon's retail network automation with intelligent operations and AI-driven insights.