search

scaleway / netbox-netprod-importer

Poll data from network devices in production and import it into netbox
GNU General Public License v3.0
101 stars 31 forks source link

SSL ignore not working. #49

Open GangstaPirates opened 3 years ago

GangstaPirates commented 3 years ago

Hey, Despite having disable_ssl_warnings set as True or False in the config I still get the following issue when trying to connect to netbox api.

ERROR: netbox_importer: Error when polling device HCC-S009-RT01: HTTPSConnectionPool(host='netboxtest.###.##', port=443): Max retries exceeded with url: /api/dcim/devices/?name=HCC-S009-RT01&limit=50 (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),))

danjaf commented 3 years ago

Same Issue, _disable_ssl_warning_s set to True is not being respected at import:

Version: 0.3.3 Python: 3.8.5 certifi: 2019.11.28 urllib3: 1.25.8

~/.config/netbox-netprod-importer/config.yml

netbox@netbox:/opt/netbox-netprod-importer$ cat ~/.config/netbox-netprod-importer/config.yml_bak 
#### Global options ####
########################

## Be more verbose ##
verbose: None

## Disable ssl warnings in urllib3 ##
disable_ssl_warnings: True

################
#### Netbox ####
################

netbox:
  # Netbox API URL
  url: "https://172.16.1.114/api"
  # username: "user"
  # password: "password"
  # or to use a token instead
  token: "********************"

##########################
#### Interconnections ####
##########################

# On some devices, LLDP will expose the host FQDN. If devices are stored on
# Netbox only by their hostname, the interconnection process will not be able
# to find them. Fill this list to strip the domain name from exposed names.
remove_domains:
  - "foo.tld"
  - "bar.tld"

# vim: set ts=2 sw=2:

command run:

netbox-netprod-importer import -f devices.yaml

Error:

ERROR: netbox_importer: Error when polling device XXXXX-INFRA-NUTSW1: HTTPSConnectionPool(host='172.16.1.114', port=443): Max retries exceeded with url: /api/dcim/devices/?name=XXXXX-INFRA-NUTSW1&limit=50 (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

gratziano commented 3 years ago

Hi there, i'm getting facing the same issue: ERROR: netbox_importer: Error when polling device B-core-1: HTTPSConnectionPool(host='172.16.x.x', port=443): Max retries exceeded with url: /api/dcim/devices/?name=x-core-1&limit=50 (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),))

urllib3 ver 1.26.2 any idea?

ecoutinho commented 3 years ago

Hi,

Had the same problem and was able to circumvent the issue by adding my CA certificate chain to

/opt/netbox/venv/lib/python3.6/site-packages/certifi/cacert.pem

This way urllib3 is able to verify the certificate.

gratziano commented 3 years ago

Hi,

Had the same problem and was able to circumvent the issue by adding my CA certificate chain to

/opt/netbox/venv/lib/python3.6/site-packages/certifi/cacert.pem

This way urllib3 is able to verify the certificate.

thanks for the hint, I tried that but it didn't work in my case. here is what I did to fix the issue:

  1. add the my CACERT to /usr/local/share/ca-certificates/CACERT
  2. run sudo update-ca-certificates
  3. make sure the CACERT is appended to file /etc/ssl/certs/ca-certificates.crt

this was fixed for now and I just got the issue #39 with netbox 2.9!

Tolisan commented 3 years ago

Hello, All workarounds above didn't work for me. Appended my CA certificate to /venv/lib/python3.x/site-packages/ceftifi/cacert.pem and it resolved my issue.

haukened commented 2 years ago

Hello, All workarounds above didn't work for me. Appended my CA certificate to /venv/lib/python3.x/site-packages/ceftifi/cacert.pem and it resolved my issue.

This also worked for me

lasag-2511 commented 1 year ago

I have appendended my certs to cacert.pem file on windows, but still i am facing the same issue. can anyone suggest me