Unable to connect to Arista EOS using napalm_get_facts

napalm-automation / napalm-ansible

Apache License 2.0

245 stars 103 forks source link

Unable to connect to Arista EOS using napalm_get_facts #152

Closed rainierpineda2 closed 4 years ago

rainierpineda2 commented 5 years ago

I get the following error when connecting via napal_get_facts with dev_os set to eos. TASK [validate_device_facts : Get device facts via NAPALM] *********************************************************************************** fatal: [netbox]: FAILED! => {"changed": false, "msg": "cannot connect to device: Socket error during eAPI connection: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)"}

I am able to connect when I use a python script with a code that tries to ignore the SSL cert verification. How do I turn that on in napalm_get_facts? Seems like validate_certs: no is not an option

The Arista device is running 4.19.1F-2GB. It is an Arista DCS-7150S-52-CL-F

rainierpineda2 commented 5 years ago

$ ansible --version ansible 2.7.0b1 config file = /home/u1163139/ansible.cfg configured module search path = [u'/usr/lib/python2.7/site-packages/napalm_ansible'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /bin/ansible python version = 2.7.5 (default, May 31 2018, 09:41:32) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)] $ python -V Python 2.7.5 $ pip freeze | grep napalm napalm==2.3.3 napalm-ansible==0.10.0 napalm-aos==0.1.1 napalm-asa==0.1.1 napalm-base==1.0.0 napalm-brocade==0.2.2 napalm-ce==0.1.1 napalm-dellos10==1.0.6 napalm-eos==0.6.1 napalm-exaros==0.1.0 napalm-exos==0.1.0 napalm-fortios==0.4.1 napalm-ibm==0.1.7 napalm-ios==0.8.1 napalm-iosxr==0.5.6 napalm-junos==0.12.1 napalm-logs==0.7.0 napalm-mos==2.0.4 napalm-nxos==0.7.1 napalm-panos==0.5.2 napalm-pluribus==0.5.1 napalm-ros==0.3.5 napalm-ruckus-fastiron==1.0.26 napalm-salt==0.0.2 napalm-vyos==0.1.5 napalm-yang==0.1.0

ktbyers commented 5 years ago

Hmmmm, that looks like this:

https://github.com/arista-eosplus/pyeapi/issues/149

And the fix being:

You can disable the default certificate verification by editing the cert-verification.cfg
file in RedHat or by setting the PYTHONHTTPSVERIFY environment variable to 0.

Let me know if that works.

Obviously there are security implications so the more secure solution is to verify the SSL certificate of the remote device.