SSLError while connecting

[tkdebnath]

I am getting SSL: CERTIFICATE_VERIFY_FAILED, even though I am passing parameter

"ssl_verify": False

Code

`if name=="main": nr = InitNornir( inventory={ "plugin": "NautobotInventory", "options": { "nautobot_url": "https://10.81.161.100/", "nautobot_token": "c6798e131be53ae38fd892fb6689144ca6d89c67", "ssl_verify": False, }, }, runner={ "plugin": "threaded", "options": {'num_workers': 5} }, logging={ "enabled": False }, )

results=nr.run(task=helper_update)`

Output Error

`(.venv) tkdebnath@ubuntu:~/EIP$ python ip_helper.py Traceback (most recent call last): File "/home/tkdebnath/EIP/.venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 715, in urlopen httplib_response = self._make_request( File "/home/tkdebnath/EIP/.venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 404, in _make_request self._validate_conn(conn) File "/home/tkdebnath/EIP/.venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 1058, in _validate_conn conn.connect() File "/home/tkdebnath/EIP/.venv/lib/python3.10/site-packages/urllib3/connection.py", line 419, in connect self.sock = ssl_wrapsocket( File "/home/tkdebnath/EIP/.venv/lib/python3.10/site-packages/urllib3/util/ssl.py", line 453, in ssl_wrap_socket ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_intls) File "/home/tkdebnath/EIP/.venv/lib/python3.10/site-packages/urllib3/util/ssl.py", line 495, in _ssl_wrap_socket_impl return ssl_context.wrap_socket(sock) File "/usr/lib/python3.10/ssl.py", line 513, in wrap_socket return self.sslsocket_class._create( File "/usr/lib/python3.10/ssl.py", line 1071, in _create self.do_handshake() File "/usr/lib/python3.10/ssl.py", line 1342, in do_handshake self._sslobj.do_handshake() ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1007)

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/home/tkdebnath/EIP/.venv/lib/python3.10/site-packages/requests/adapters.py", line 486, in send resp = conn.urlopen( File "/home/tkdebnath/EIP/.venv/lib/python3.10/site-packages/urllib3/connectionpool.py", line 799, in urlopen retries = retries.increment( File "/home/tkdebnath/EIP/.venv/lib/python3.10/site-packages/urllib3/util/retry.py", line 592, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='10.81.161.100', port=443): Max retries exceeded with url: /api/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1007)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/home/tkdebnath/EIP/ip_helper.py", line 51, in nr = InitNornir( File "/home/tkdebnath/EIP/.venv/lib/python3.10/site-packages/nornir/init_nornir.py", line 72, in InitNornir inventory=load_inventory(config), File "/home/tkdebnath/EIP/.venv/lib/python3.10/site-packages/nornir/init_nornir.py", line 20, in load_inventory inv = inventory_plugin(config.inventory.options).load() File "/home/tkdebnath/EIP/.venv/lib/python3.10/site-packages/nornir_nautobot/plugins/inventory/nautobot.py", line 148, in load for device in self.devices: File "/home/tkdebnath/EIP/.venv/lib/python3.10/site-packages/nornir_nautobot/plugins/inventory/nautobot.py", line 127, in devices self._devices = self.pynautobot_obj.dcim.devices.all() File "/home/tkdebnath/EIP/.venv/lib/python3.10/site-packages/nornir_nautobot/plugins/inventory/nautobot.py", line 110, in pynautobot_obj self._pynautobot_obj = pynautobot.api( File "/home/tkdebnath/EIP/.venv/lib/python3.10/site-packages/pynautobot/core/api.py", line 116, in init self._validate_version() File "/home/tkdebnath/EIP/.venv/lib/python3.10/site-packages/pynautobot/core/api.py", line 120, in _validate_version api_version = self.version File "/home/tkdebnath/EIP/.venv/lib/python3.10/site-packages/pynautobot/core/api.py", line 145, in version ).get_version() File "/home/tkdebnath/EIP/.venv/lib/python3.10/site-packages/pynautobot/core/query.py", line 198, in get_version req = self.http_session.get( File "/home/tkdebnath/EIP/.venv/lib/python3.10/site-packages/requests/sessions.py", line 602, in get return self.request("GET", url, kwargs) File "/home/tkdebnath/EIP/.venv/lib/python3.10/site-packages/requests/sessions.py", line 589, in request resp = self.send(prep, send_kwargs) File "/home/tkdebnath/EIP/.venv/lib/python3.10/site-packages/requests/sessions.py", line 703, in send r = adapter.send(request, kwargs) File "/home/tkdebnath/EIP/.venv/lib/python3.10/site-packages/requests/adapters.py", line 517, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='10.81.161.100', port=443): Max retries exceeded with url: /api/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1007)'))) (.venv) tkdebnath@ubuntu:~/EIP$`

Modules installed

(.venv) tkdebnath@ubuntu:~/EIP$ pip freeze anyio==4.1.0 bcrypt==4.1.1 certifi==2023.11.17 cffi==1.16.0 charset-normalizer==3.3.2 colorama==0.4.6 cryptography==41.0.7 exceptiongroup==1.2.0 future==0.18.3 h11==0.14.0 httpcore==0.17.3 httpx==0.24.1 idna==3.6 Jinja2==3.1.2 junos-eznc==2.6.8 lxml==4.9.3 MarkupSafe==2.1.3 mypy-extensions==1.0.0 napalm==4.1.0 ncclient==0.6.13 netaddr==0.9.0 netmiko==4.3.0 netutils==1.6.0 nornir==3.4.1 nornir-jinja2==0.2.0 nornir-napalm==0.4.0 nornir-nautobot==3.0.0 nornir-netmiko==1.0.1 nornir-utils==0.2.0 ntc_templates==4.0.1 packaging==23.2 paramiko==3.3.1 pycparser==2.21 pyeapi==1.0.2 PyNaCl==1.5.0 pynautobot==2.0.2 pyparsing==3.1.1 pyserial==3.5 PyYAML==6.0.1 requests==2.31.0 ruamel.yaml==0.18.5 ruamel.yaml.clib==0.2.8 scp==0.14.5 six==1.16.0 sniffio==1.3.0 textfsm==1.1.3 transitions==0.9.0 ttp==0.9.5 ttp-templates==0.3.5 typing_extensions==4.9.0 urllib3==1.26.18 yamlordereddictloader==0.4.2

[gtrdev7]

I have the same isssue

[itheodoridis]

I have the same issue. Also, I don't understand why the verification fails, it shouldn't. The certificate for the signing CA and the nautobot server are installed in the VM running the code. I tried also with ssl_verify = True and it still failed. I have to say that urllib3 is up to v2.x Ι believe while this combination of packages only goes up to 1.26.18 (in case this poses an issue). Also I am using this combination of packages in my latest tests (nornir-nautobot==3.1.0) and python 3.12 although I started seeing the problem with python 3.9.18:

asttokens==2.4.1
bcrypt==4.1.2
certifi==2024.2.2
cffi==1.16.0
charset-normalizer==3.3.2
colorama==0.4.6
cryptography==42.0.2
decorator==5.1.1
executing==2.0.1
fastjsonschema==2.19.1
future==0.18.3
h11==0.14.0
httpcore==0.17.3
httpx==0.24.1
idna==3.6
ipdb==0.13.13
ipython==8.21.0
jedi==0.19.1
Jinja2==3.1.3
junos-eznc==2.7.0
lxml==5.1.0
markdown-it-py==3.0.0
MarkupSafe==2.1.5
matplotlib-inline==0.1.6
mdurl==0.1.2
mypy-extensions==1.0.0
napalm==4.1.0
ncclient==0.6.15
netaddr==0.10.1
netmiko==4.3.0
netutils==1.6.0
nornir==3.4.1
nornir-jinja2==0.2.0
nornir-napalm==0.4.0
nornir-nautobot==3.1.0
nornir-netmiko==1.0.1
nornir-utils==0.2.0
ntc_templates==4.2.0
packaging==23.2
paramiko==3.4.0
parso==0.8.3
pexpect==4.9.0
prompt-toolkit==3.0.43
ptyprocess==0.7.0
pure-eval==0.2.2
pycparser==2.21
pyeapi==1.0.2
Pygments==2.17.2
pymsteams==0.2.2
PyNaCl==1.5.0
pynautobot==2.0.2
pyparsing==3.1.1
pyserial==3.5
PyYAML==6.0.1
requests==2.31.0
requests-toolbelt==1.0.0
rich==13.7.0
ruamel.yaml==0.18.5
ruamel.yaml.clib==0.2.8
scp==0.14.5
setuptools==69.0.3
six==1.16.0
sniffio==1.3.0
stack-data==0.6.3
textfsm==1.1.3
traitlets==5.14.1
transitions==0.9.0
ttp==0.9.5
ttp-templates==0.3.6
typing_extensions==4.9.0
urllib3==1.26.18
wcwidth==0.2.13
yamlordereddictloader==0.4.2

[jvanderaa]

This looks to be related to a check that was added into pynautobot to check on the version of Nautobot upon initialization. The behavior previously expected to set the SSL Verify status after initialization. So we just need to move the SSL Verify portion into the initialization of the method.

[gtrdev7]

Thanks Josh !

Goncalo Rodrigues

CCIE# 66721

---

From: Josh VanDeraa @.> Sent: Tuesday, February 6, 2024 5:09:39 PM To: nautobot/nornir-nautobot @.> Cc: Goncalo Rodrigues @.>; Comment @.> Subject: Re: [nautobot/nornir-nautobot] SSLError while connecting (Issue #134)

Closed #134https://github.com/nautobot/nornir-nautobot/issues/134 as completed via #137https://github.com/nautobot/nornir-nautobot/pull/137.

— Reply to this email directly, view it on GitHubhttps://github.com/nautobot/nornir-nautobot/issues/134#event-11721537130, or unsubscribehttps://github.com/notifications/unsubscribe-auth/A242NSWIDACN5IFGHZMFHJTYSJPVHAVCNFSM6AAAAABASQFZDWVHI2DSMVQWIX3LMV45UABCJFZXG5LFIV3GK3TUJZXXI2LGNFRWC5DJN5XDWMJRG4ZDCNJTG4YTGMA. You are receiving this because you commented.Message ID: @.***>

Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast, a leader in email security and cyber resilience. Mimecast integrates email defenses with brand protection, security awareness training, web security, compliance and other essential capabilities. Mimecast helps protect large and small organizations from malicious activity, human error and technology failure; and to lead the movement toward building a more resilient world. To find out more, visit our website.

[itheodoridis]

thank you! Much appreciated!