Closed PHipnarowicz closed 1 year ago
UchihaItachiSama
commented
2 years ago Hi @PHipnarowicz I can see SSLV3_ALERT_HANDSHAKE_FAILURE error which is getting logged.
Are you possibly using python-3.10 or above ?
If so this might be related to Issue-1973
I will update the lab files, to generate a self signed cert and include the cipher-list in the ceos.cfg.tpl and AVD group_vars files.
PHipnarowicz
commented
2 years ago Hi, I'm using
Python 3.10.4
UchihaItachiSama
commented
1 year ago Thanks, yeah that would explain the error its related to the same issue reference above.
I'm working on a PR to update the labs with strong cipher-list on EOS baseline config, and with support to deploy these same labs on EVE-ng.
Hello Arista
I'm trying to deal with cEOS and AVD. During deploy task I've got following issues:
TASK [arista.avd.eos_config_deploy_eapi : replace configuration with intended configuration] *** fatal: [DC1_SPINE2]: FAILED! => changed=false module_stderr: 'Could not connect to https://172.100.100.3:443/command-api: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997)' module_stdout: '' msg: |- MODULE FAILURE See stdout/stderr for the exact error fatal: [DC1_SPINE1]: FAILED! => changed=false module_stderr: 'Could not connect to https://172.100.100.2:443/command-api: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997)' module_stdout: '' msg: |- MODULE FAILURE See stdout/stderr for the exact error fatal: [DC1_LEAF1A]: FAILED! => changed=false module_stderr: 'Could not connect to https://172.100.100.4:443/command-api: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997)' module_stdout: '' msg: |- MODULE FAILURE See stdout/stderr for the exact error fatal: [DC1_LEAF1B]: FAILED! => changed=false module_stderr: 'Could not connect to https://172.100.100.5:443/command-api: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997)' module_stdout: '' msg: |- MODULE FAILURE See stdout/stderr for the exact error fatal: [DC1_LEAF2A]: FAILED! => changed=false module_stderr: 'Could not connect to https://172.100.100.6:443/command-api: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997)' module_stdout: '' msg: |- MODULE FAILURE See stdout/stderr for the exact error fatal: [DC1_LEAF2B]: FAILED! => changed=false module_stderr: 'Could not connect to https://172.100.100.7:443/command-api: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997)' module_stdout: '' msg: |- MODULE FAILURE See stdout/stderr for the exact error
PLAY RECAP ***** DC1_LEAF1A : ok=4 changed=2 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0
DC1_LEAF1B : ok=4 changed=2 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0
DC1_LEAF2A : ok=4 changed=2 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0
DC1_LEAF2B : ok=4 changed=2 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0
DC1_SPINE1 : ok=26 changed=7 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0
DC1_SPINE2 : ok=4 changed=2 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0
Basic cEOS configuration is as follow:
management api http-commands protocol https no shutdown ! vrf MGMT no shutdown
Trying connect to specific URL got code 405:
$ wget https://172.100.100.2/command-api --2022-10-16 15:43:44-- https://172.100.100.2/command-api Connecting to 172.100.100.2:443... connected. ERROR: cannot verify 172.100.100.2's certificate, issued by ‘CN=self.signed’: Self-signed certificate encountered. ERROR: certificate common name ‘self.signed’ doesn't match requested host name ‘172.100.100.2’. To connect to 172.100.100.2 insecurely, use `--no-check-certificate'.
$ wget https://172.100.100.2/command-api --no-check-certificate --2022-10-16 15:44:02-- https://172.100.100.2/command-api Connecting to 172.100.100.2:443... connected. WARNING: cannot verify 172.100.100.2's certificate, issued by ‘CN=self.signed’: Self-signed certificate encountered. WARNING: certificate common name ‘self.signed’ doesn't match requested host name ‘172.100.100.2’. HTTP request sent, awaiting response... 405 Not Allowed 2022-10-16 15:44:02 ERROR 405: Not Allowed.
Any suggestions?
Regards