Open mariano-daniel opened 1 month ago
Both Zabbix and Netbox must have valid SSL certs for the script to connect. If not then both will need to be set up to support http connections. I have my Dev setup so netbox and zabbix listen to http requests on a nonstandard port so the script will connect.
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='http', port=443): Max retries exceeded with url: /192.168.0.91/api/extras/custom-fields/?type=text&content_type_id=23&limit=0 (Caused by NameResolutionError("<urllib3.connection.HTTPSConnection object at 0x7ff7b45e8950>: Failed to resolve 'http' ([Errno -2] Name or service not known)"))
This lines seems to indicate urllib is trying to resolve a host called http
with the path /192.168.0.91/api/extras/custom-fields/?type=text&content_type_id=23&limit=0
which seems off.
Can you share all of the relevant variables in your env?
@Kage1 hey! thanks for the input, I believe that seems to be the case, since now I am getting this error:
requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.0.91', port=443): Max retries exceeded with url: /api/extras/custom-fields/?type=text&content_type_id=23&limit=0 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:992)')))
Which adds up to the comment made by @q1x 🫡
Here's my env variables sir! :
echo $ZABBIX_HOST $NETBOX_HOST $ZABBIX_TOKEN $NETBOX_TOKEN
https://192.168.0.95 https://192.168.0.91 431bf9c1213aebaXXXXXXXXXXX0abad5311c2e38fa9fa101c00744 55dc2b5505dXXXXXXXXX53c60a6e5c1
Is there any way to overcome this certificate verification? 🤔
I'm using the REQUESTS_CA_BUNDLE environment variable to work around our private certificates. Perhaps have a look into that.
I still find it weird how that original error manifested... Was your ZABBIX_HOST set to https and NETBOX_HOST to https?
@q1x Thanks! I've added REQUESTS_CA_BUNDLE to point to ca-certificates.crt
on 192.168.0.91 (the netbox server where I'm running netbox-zabbix-sync) and I still get [SSL: CERTIFICATE_VERIFY_FAILED]
error.
I'm sorry I forgot to mention that previous ZABBIX Host was set to http, I guess that was the cause for the initial error.
Thanks for the help!
When utilizing SSL the cert needs to match the machine/domain name that the cert applies to. Also based on the self signed error the script is wanting an SSL cert issued by a real signing authority, e.g. LetsEncrypt, not a self generated one.
So at a bare min you need to ensure DNS is working and change your Netbox and Zabbix access URLs to the names of the servers not the IPs.
Thanks a lot for the help @Kage1 ! I will get DNS working on my network and then try again and report back. Thanks again!
Both Zabbix and Netbox must have valid SSL certs for the script to connect. If not then both will need to be set up to support http connections. I have my Dev setup so netbox and zabbix listen to http requests on a nonstandard port so the script will connect.
Hello again! @Kage1 Going back to this reply. Since using SSL connections on VMs is not very practical at the moment, let me know if I understood correctly: If I spin up two VMs with Netbox and Zabbix from scratch, non SSL, the script should work?
I just need to test this scenario working before I get approval from my manager to roll this into production (most likely with internet facing domains with SSL or servers not exposed to the internet (accessible vía VPN, but the problem would be the CA verification, since most of our non exposed servers are SSL encrypted but self-signed)).
It is not recommended to use it without SSL in prod. The non-ssl setup we are using is in our lab only. Our prod system has a set of valid certs for both Netbox & Zabbix.
For our lab yes we are running it with http only abet on custom ports instead of 80.
@Kage1 thanks for the confirmation! Yes indeed, I'm in the same situation, I will be using non-SSL only on VMs for testing purposes and then on prod it will be only with SSL but self signed, that is my only worry, because it seems that the script does not like self-signed certs.
Hello, I'm getting the following error when running
python3 netbox_zabbix_sync.py
I'm assuming there's an issue with the ZABBIX_HOST env variable? Although it's:
Any pointers would be greatly appreciated!