search

napalm-automation / napalm

Network Automation and Programmability Abstraction Layer with Multivendor support
Apache License 2.0
2.26k stars 554 forks source link

ssl issues with api function in python3.10 and above. #1914

Open ryanmerolle opened 1 year ago

ryanmerolle commented 1 year ago

Description of Issue/Question

Similar issue to #1731 with regards to connecting to NOS APIs (IE not just EAPI) using python>=3.10.0

Did you follow the steps from https://github.com/napalm-automation/napalm#faq

(Place an x between the square brackets where applicable)

Setup

napalm version

(Paste verbatim output from pip freeze | grep napalm between quotes below)

napalm==4.0.0
netbox-napalm-plugin==0.1.2

Network operating system version

(Paste verbatim output from show version - or equivalent - between quotes below)

spine1-nxos# sh ver
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html
Copyright (c) 2002-2021, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.

Nexus 9000v is a demo version of the Nexus Operating System

Software
  BIOS: version
 NXOS: version 9.3(7a)
  BIOS compile time:
  NXOS image file is: bootflash:///nxos.9.3.7a.bin
  NXOS compile time:  6/18/2021 0:00:00 [06/18/2021 01:31:45]

Hardware
  cisco Nexus9000 C9300v Chassis
   with 8159468 kB of memory.
  Processor Board ID 97ZE61EG3HU

  Device name: spine1-nxos
  bootflash:    4287040 kB
Kernel uptime is 533 day(s), 17 hour(s), 17 minute(s), 8 second(s)

Last reset
  Reason: Unknown
  System version:
  Service:

plugin
  Core Plugin, Ethernet Plugin

Active Package(s):

Steps to Reproduce the Issue

Error Traceback

(Paste the complete traceback of the exception between quotes below)

(venv) unit@b3a646194686:/opt/netbox/netbox$ napalm --vendor nxos --user lab --password pass 172.29.151.1 call get_facts
2023-05-06 14:15:35,874 - napalm - ERROR - open - Failed: Cannot connect to 172.29.151.1

================= Traceback =================

Traceback (most recent call last):
  File "/opt/netbox/venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 703, in urlopen
    httplib_response = self._make_request(
  File "/opt/netbox/venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 386, in _make_request
    self._validate_conn(conn)
  File "/opt/netbox/venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 1042, in _validate_conn
    conn.connect()
  File "/opt/netbox/venv/lib/python3.10/site-packages/urllib3/connection.py", line 419, in connect
    self.sock = ssl_wrap_socket(
  File "/opt/netbox/venv/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 453, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls)
  File "/opt/netbox/venv/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 495, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock)
  File "/usr/lib/python3.10/ssl.py", line 513, in wrap_socket
    return self.sslsocket_class._create(
  File "/usr/lib/python3.10/ssl.py", line 1071, in _create
    self.do_handshake()
  File "/usr/lib/python3.10/ssl.py", line 1342, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLZeroReturnError: TLS/SSL connection has been closed (EOF) (_ssl.c:997)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/netbox/venv/lib/python3.10/site-packages/requests/adapters.py", line 487, in send
    resp = conn.urlopen(
  File "/opt/netbox/venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 787, in urlopen
    retries = retries.increment(
  File "/opt/netbox/venv/lib/python3.10/site-packages/urllib3/util/retry.py", line 592, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='172.29.151.1', port=443): Max retries exceeded with url: /ins (Caused by SSLError(SSLZeroReturnError(6, 'TLS/SSL connection has been closed (EOF) (_ssl.c:997)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/netbox/venv/lib/python3.10/site-packages/napalm/nxapi_plumbing/api_client.py", line 95, in _send_request
    response = requests.post(
  File "/opt/netbox/venv/lib/python3.10/site-packages/requests/api.py", line 115, in post
    return request("post", url, data=data, json=json, **kwargs)
  File "/opt/netbox/venv/lib/python3.10/site-packages/requests/api.py", line 59, in request
    return session.request(method=method, url=url, **kwargs)
  File "/opt/netbox/venv/lib/python3.10/site-packages/requests/sessions.py", line 587, in request
    resp = self.send(prep, **send_kwargs)
  File "/opt/netbox/venv/lib/python3.10/site-packages/requests/sessions.py", line 701, in send
    r = adapter.send(request, **kwargs)
  File "/opt/netbox/venv/lib/python3.10/site-packages/requests/adapters.py", line 518, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='172.29.151.1', port=443): Max retries exceeded with url: /ins (Caused by SSLError(SSLZeroReturnError(6, 'TLS/SSL connection has been closed (EOF) (_ssl.c:997)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/netbox/venv/lib/python3.10/site-packages/napalm/nxos/nxos.py", line 807, in open
    self._send_command("show hostname")
  File "/opt/netbox/venv/lib/python3.10/site-packages/napalm/nxos/nxos.py", line 824, in _send_command
    return self.device.show(command, raw_text=raw_text)
  File "/opt/netbox/venv/lib/python3.10/site-packages/napalm/nxapi_plumbing/device.py", line 70, in show
    result = self.show_list(commands, raw_text)
  File "/opt/netbox/venv/lib/python3.10/site-packages/napalm/nxapi_plumbing/device.py", line 98, in show_list
    return self.api._nxapi_command(commands, method=cmd_method)
  File "/opt/netbox/venv/lib/python3.10/site-packages/napalm/nxapi_plumbing/api_client.py", line 136, in _nxapi_command
    response = self._send_request(commands, method=method)
  File "/opt/netbox/venv/lib/python3.10/site-packages/napalm/nxapi_plumbing/api_client.py", line 104, in _send_request
    raise NXAPIConnectionError(str(e))
napalm.nxapi_plumbing.errors.NXAPIConnectionError: HTTPSConnectionPool(host='172.29.151.1', port=443): Max retries exceeded with url: /ins (Caused by SSLError(SSLZeroReturnError(6, 'TLS/SSL connection has been closed (EOF) (_ssl.c:997)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/netbox/venv/bin/napalm", line 8, in <module>
    sys.exit(main())
  File "/opt/netbox/venv/lib/python3.10/site-packages/napalm/base/clitools/cl_napalm.py", line 308, in main
    run_tests(args)
  File "/opt/netbox/venv/lib/python3.10/site-packages/napalm/base/clitools/cl_napalm.py", line 283, in run_tests
    call_open_device(device)
  File "/opt/netbox/venv/lib/python3.10/site-packages/napalm/base/clitools/cl_napalm.py", line 27, in wrapper
    r = func(*args, **kwargs)
  File "/opt/netbox/venv/lib/python3.10/site-packages/napalm/base/clitools/cl_napalm.py", line 207, in call_open_device
    return device.open()
  File "/opt/netbox/venv/lib/python3.10/site-packages/napalm/nxos/nxos.py", line 810, in open
    raise ConnectionException("Cannot connect to {}".format(self.hostname))
napalm.base.exceptions.ConnectionException: Cannot connect to 172.29.151.1
ktbyers commented 1 year ago

@ryanmerolle Do you want to do a PR via some optional_args that would fix this for both eAPI and NX-API?

It is possible that we might to embed some hooks/fixes in the nx-api code that is included in NAPALM to pass in the SSL context (i.e. do a similar fix as pyeapi did).