search

BSpendlove / pykeadhcp

A python module used to interact the the Kea DHCP API daemons (dhcp4, dhcp6, ctrl-agent and ddns)
Apache License 2.0
19 stars 4 forks source link

SSL Support? #16

Closed bitcollector1 closed 1 year ago

bitcollector1 commented 1 year ago

Python version

3.11

How to reproduce this locally

I'm not able to connect via SSL and was wondering if the wrapper has support for it? I'm thinking no since I can connect fine with the requests library but I can't seem to connect with this wrapper

What should happen?

I should be able to connect to the server via SSL

What happened?

SSLError: HTTPSConnectionPool(host='kea.vip.hwe.com', port=1443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))
BSpendlove commented 1 year ago

Hey @bitcollector1, is it ok to provide an example of the code you used when trying with requests please?

I've just tested and run into issues using a self-signed cert for testing purposes because of cert validation, which I'll push out a new update to fix shortly but can't produce the unable to get local issuer certificate error message. Just wondering if you are maybe using cert-required in your ctrlagent config as that's the only option I haven't tried on my end yet to reproduce the issue.

bitcollector1 commented 1 year ago

Here is the code I was using to make the requests work with the SSL 

import requests

s = requests.Session()
s.verify = '/etc/ssl/certs'

headers = {
    'Content-Type': 'application/json',
}

json_data = {
    'command': 'config-get',
    'service': [
        'dhcp4',
    ],
}

response = s.post('https://kea.vip.hwe.com:1443/', headers=headers, json=json_data, auth=('user', 'password'))
bitcollector1 commented 1 year ago

I'm brand new to KEA and did not set it up so I'm not sure exactly how it's all configured. I'm a big NetBox user so I'm really interested in the integration and also this wrapper looks super helpful but I have to use the SSL in our enviornment.

BSpendlove commented 1 year ago

Thanks, I didn't realize you could pass in a string for the verify, I've not been able to still reproduce the exact same error but near enough...

Are you able to try the prerelease and see if that's any better?

pip install pykeadhcp==0.4.0a0

Then you should be able to initialize the Kea class like below:

from pykeadhcp import Kea

server = Kea(host="https://kea.vip.hwe.com", port=1443, verify="/etc/ssl/certs")
config = server.dhcp4.config_get()

If that works then I'll release v0.4.0 which has some more functionality around dhcp6, if it doesn't then let me know and I'll try my best to recreate the problem again!

bitcollector1 commented 1 year ago

SSL is working great now on the newest version 0.4.0a0.

Thanks for the quick support, looking forward to using the wrapper as I learn KEA :)

BSpendlove commented 1 year ago

No problem, good to hear all is working as expected, I'll release it as v0.4.0 (but it'll be no change from 0.4.0a0). Thanks!