search

rc9000 / nd2-worker-plugin-aci

Netdisco plugin to fetch mac and arp tables from APIC (Cisco SDN Controller)
BSD 3-Clause "New" or "Revised" License
2 stars 1 forks source link

APIC 5.2(8h) support #10

Closed lucdnb closed 3 months ago

lucdnb commented 3 months ago

Hello dear developer! First of all, I have to say that this plugin is awesome, thanks for your contribuition!

I need to integrate Netdisco with my ACI environment that is in 5.2(8h) version. I've follow the entire procedure and after running the command to discover the APIC, I have the this certificate error message:

~/bin/netdisco-do discover -d x.x.x.x [6809] 2024-08-20 17:03:10 info App::Netdisco version 2.076005 loaded. [6809] 2024-08-20 17:03:10 info discover: [x.x.x.x] started at Tue Aug 20 14:03:10 2024 Unknown charname 'RIGHTWARDS BLACK ARROW' at /home/netdisco/perl5/lib/perl5/App/Netdisco/Worker/Plugin.pm line 40. [6809] 2024-08-20 17:03:10 info [10.238.181.1] NetdiscoX::Properties found an ACIController - running device.layers fixup [6809] 2024-08-20 17:03:10 info [10.238.181.1] NetdiscoX::FabricDevices - updating custom_fields for devices managed by this APIC [6809] 2024-08-20 17:03:10 error [10.238.181.1] NetdiscoX::Util::ACI - http 500 reply Can't connect to x.x.x.x:443 (certificate verify failed)

SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed at /home/netdisco/perl5/lib/perl5/LWP/Protocol/http.pm line 49. Use of uninitialized value in concatenation (.) or string at /home/netdisco/nd2-worker-plugin-aci/lib/App/NetdiscoX/Util/ACI.pm line 303. [6809] 2024-08-20 17:03:11 info discover: finished at Tue Aug 20 14:03:11 2024 [6809] 2024-08-20 17:03:11 info discover: status info: skip: driver or action not applicable

Can you help me about this issue? Maybe I need to make some changes regarding my APIC version?

Many thanks!

rc9000 commented 3 months ago

Hi! This is unrelated to the APIC version so far, your Perl does not talk to the APIC at all due to the certificate issue. You might need to set the hostname that is expected for the certificate in device_auth.https_hostname, or worst case you can also skip TLS verification with PERL_LWP_SSL_VERIFY_HOSTNAME=0. There some more details in the https://github.com/rc9000/nd2-worker-plugin-aci/blob/master/README.md

Good luck!

lucdnb commented 3 months ago

Hi! Yes this issue is about my APIC https certificate. I have a problem: my certificate do not have "hostname" or "host" field...

image

Skipping the verification by running PERL_LWP_SSL_VERIFY_HOSTNAME=0 or export PERL_LWP_SSL_VERIFY_HOSTNAME=0 doesnt work. I keeping receiving the certificate error (500).

There is other way to solve this issue? Can I disable the ssl verification for this case?

Thanks.

rc9000 commented 3 months ago

I made a new version that can also take PERL_LWP_SSL_VERIFY_MODE=0 which should completely skip checking the certificate. Can you replace the lib/App/NetdiscoX/Util/ACI.pm file and try like this:

PERL_LWP_SSL_VERIFY_HOSTNAME=0 PERL_LWP_SSL_VERIFY_MODE=0 netdisco-do  arpnip -D -d apic.weyland-yutani.co.jp
lucdnb commented 3 months ago

Great! It works! But, the discover now need to be done by exactly this command. So, Netdisco are not able to done the correct discover, macsuck and arpnip on APIC devices, right?

To do so, one of my options is use crontab to run these commands some times for day.

Do you see other way to achieve it? Maybe some change in Netdisco.

rc9000 commented 3 months ago

You can put these variables either in the systemd service or docker-compose file you use to start netdisco.

lucdnb commented 3 months ago

Great! Thank you for all responses.