search

TheNetworkGuy / netbox-zabbix-sync

Python script to synchronise Netbox devices to Zabbix.
MIT License
120 stars 28 forks source link

Read timeout error #74

Open mariano-daniel opened 1 month ago

mariano-daniel commented 1 month ago

Hello, I'm getting the following error when running python3 netbox_zabbix_sync.py

raceback (most recent call last):
  File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/urllib3/connection.py", line 196, in _new_conn
    sock = connection.create_connection(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/urllib3/util/connection.py", line 60, in create_connection
    for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/socket.py", line 962, in getaddrinfo
    for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
socket.gaierror: [Errno -2] Name or service not known

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 789, in urlopen
    response = self._make_request(
               ^^^^^^^^^^^^^^^^^^^
  File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 490, in _make_request
    raise new_e
  File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 466, in _make_request
    self._validate_conn(conn)
  File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 1095, in _validate_conn
    conn.connect()
  File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/urllib3/connection.py", line 615, in connect
    self.sock = sock = self._new_conn()
                       ^^^^^^^^^^^^^^^^
  File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/urllib3/connection.py", line 203, in _new_conn
    raise NameResolutionError(self.host, self, e) from e
urllib3.exceptions.NameResolutionError: <urllib3.connection.HTTPSConnection object at 0x7ff7b45e8950>: Failed to resolve 'http' ([Errno -2] Name or service not known)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/requests/adapters.py", line 667, in send
    resp = conn.urlopen(
           ^^^^^^^^^^^^^
  File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 843, in urlopen
    retries = retries.increment(
              ^^^^^^^^^^^^^^^^^^
  File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/urllib3/util/retry.py", line 519, in increment
    raise MaxRetryError(_pool, url, reason) from reason  # type: ignore[arg-type]
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='http', port=443): Max retries exceeded with url: /192.168.0.91/api/extras/custom-fields/?type=text&content_type_id=23&limit=0 (Caused by NameResolutionError("<urllib3.connection.HTTPSConnection object at 0x7ff7b45e8950>: Failed to resolve 'http' ([Errno -2] Name or service not known)"))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/netbox-zabbix-sync/netbox_zabbix_sync.py", line 197, in <module>
    main(args)
  File "/opt/netbox-zabbix-sync/netbox_zabbix_sync.py", line 83, in main
    for cf in device_cfs:
  File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/pynetbox/core/response.py", line 128, in __next__
    next(self.response), self.endpoint.api, self.endpoint
    ^^^^^^^^^^^^^^^^^^^
  File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/pynetbox/core/query.py", line 292, in get
    req = self._make_call(add_params=add_params)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/pynetbox/core/query.py", line 242, in _make_call
    req = getattr(self.http_session, verb)(
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/requests/sessions.py", line 602, in get
    return self.request("GET", url, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/requests/sessions.py", line 589, in request
    resp = self.send(prep, **send_kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/requests/sessions.py", line 703, in send
    r = adapter.send(request, **kwargs)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/requests/adapters.py", line 700, in send
    raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='http', port=443): Max retries exceeded with url: /192.168.0.91/api/extras/custom-fields/?type=text&content_type_id=23&limit=0 (Caused by NameResolutionError("<urllib3.connection.HTTPSConnection object at 0x7ff7b45e8950>: Failed to resolve 'http' ([Errno -2] Name or service not known)"))

I'm assuming there's an issue with the ZABBIX_HOST env variable? Although it's: 

echo $ZABBIX_HOST
https://192.168.0.95

Any pointers would be greatly appreciated!

Kage1 commented 1 month ago

Both Zabbix and Netbox must have valid SSL certs for the script to connect. If not then both will need to be set up to support http connections. I have my Dev setup so netbox and zabbix listen to http requests on a nonstandard port so the script will connect.

q1x commented 1 month ago

urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='http', port=443): Max retries exceeded with url: /192.168.0.91/api/extras/custom-fields/?type=text&content_type_id=23&limit=0 (Caused by NameResolutionError("<urllib3.connection.HTTPSConnection object at 0x7ff7b45e8950>: Failed to resolve 'http' ([Errno -2] Name or service not known)"))

This lines seems to indicate urllib is trying to resolve a host called http with the path /192.168.0.91/api/extras/custom-fields/?type=text&content_type_id=23&limit=0 which seems off.

Can you share all of the relevant variables in your env?

mariano-daniel commented 1 month ago

@Kage1 hey! thanks for the input, I believe that seems to be the case, since now I am getting this error:

requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.0.91', port=443): Max retries exceeded with url: /api/extras/custom-fields/?type=text&content_type_id=23&limit=0 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:992)')))

Which adds up to the comment made by @q1x 🫡

Here's my env variables sir! :

echo $ZABBIX_HOST $NETBOX_HOST $ZABBIX_TOKEN $NETBOX_TOKEN
https://192.168.0.95 https://192.168.0.91 431bf9c1213aebaXXXXXXXXXXX0abad5311c2e38fa9fa101c00744 55dc2b5505dXXXXXXXXX53c60a6e5c1

Is there any way to overcome this certificate verification? 🤔

q1x commented 1 month ago

I'm using the REQUESTS_CA_BUNDLE environment variable to work around our private certificates. Perhaps have a look into that.

I still find it weird how that original error manifested... Was your ZABBIX_HOST set to https and NETBOX_HOST to https?

mariano-daniel commented 1 month ago

@q1x Thanks! I've added REQUESTS_CA_BUNDLE to point to ca-certificates.crt on 192.168.0.91 (the netbox server where I'm running netbox-zabbix-sync) and I still get [SSL: CERTIFICATE_VERIFY_FAILED] error.

I'm sorry I forgot to mention that previous ZABBIX Host was set to http, I guess that was the cause for the initial error.

Thanks for the help!

Kage1 commented 1 month ago

When utilizing SSL the cert needs to match the machine/domain name that the cert applies to. Also based on the self signed error the script is wanting an SSL cert issued by a real signing authority, e.g. LetsEncrypt, not a self generated one.

So at a bare min you need to ensure DNS is working and change your Netbox and Zabbix access URLs to the names of the servers not the IPs.

mariano-daniel commented 1 month ago

Thanks a lot for the help @Kage1 ! I will get DNS working on my network and then try again and report back. Thanks again!

mariano-daniel commented 1 month ago

Both Zabbix and Netbox must have valid SSL certs for the script to connect. If not then both will need to be set up to support http connections. I have my Dev setup so netbox and zabbix listen to http requests on a nonstandard port so the script will connect.

Hello again! @Kage1 Going back to this reply. Since using SSL connections on VMs is not very practical at the moment, let me know if I understood correctly: If I spin up two VMs with Netbox and Zabbix from scratch, non SSL, the script should work?

I just need to test this scenario working before I get approval from my manager to roll this into production (most likely with internet facing domains with SSL or servers not exposed to the internet (accessible vía VPN, but the problem would be the CA verification, since most of our non exposed servers are SSL encrypted but self-signed)).

Kage1 commented 1 month ago

It is not recommended to use it without SSL in prod. The non-ssl setup we are using is in our lab only. Our prod system has a set of valid certs for both Netbox & Zabbix.

For our lab yes we are running it with http only abet on custom ports instead of 80.

mariano-daniel commented 1 month ago

@Kage1 thanks for the confirmation! Yes indeed, I'm in the same situation, I will be using non-SSL only on VMs for testing purposes and then on prod it will be only with SSL but self signed, that is my only worry, because it seems that the script does not like self-signed certs.