Read timeout error
mariano-daniel opened this issue · 11 comments
Hello, I'm getting the following error when running python3 netbox_zabbix_sync.py
raceback (most recent call last):
File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/urllib3/connection.py", line 196, in _new_conn
sock = connection.create_connection(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/urllib3/util/connection.py", line 60, in create_connection
for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/socket.py", line 962, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
socket.gaierror: [Errno -2] Name or service not known
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 789, in urlopen
response = self._make_request(
^^^^^^^^^^^^^^^^^^^
File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 490, in _make_request
raise new_e
File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 466, in _make_request
self._validate_conn(conn)
File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 1095, in _validate_conn
conn.connect()
File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/urllib3/connection.py", line 615, in connect
self.sock = sock = self._new_conn()
^^^^^^^^^^^^^^^^
File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/urllib3/connection.py", line 203, in _new_conn
raise NameResolutionError(self.host, self, e) from e
urllib3.exceptions.NameResolutionError: <urllib3.connection.HTTPSConnection object at 0x7ff7b45e8950>: Failed to resolve 'http' ([Errno -2] Name or service not known)
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/requests/adapters.py", line 667, in send
resp = conn.urlopen(
^^^^^^^^^^^^^
File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 843, in urlopen
retries = retries.increment(
^^^^^^^^^^^^^^^^^^
File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/urllib3/util/retry.py", line 519, in increment
raise MaxRetryError(_pool, url, reason) from reason # type: ignore[arg-type]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='http', port=443): Max retries exceeded with url: /192.168.0.91/api/extras/custom-fields/?type=text&content_type_id=23&limit=0 (Caused by NameResolutionError("<urllib3.connection.HTTPSConnection object at 0x7ff7b45e8950>: Failed to resolve 'http' ([Errno -2] Name or service not known)"))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/netbox-zabbix-sync/netbox_zabbix_sync.py", line 197, in <module>
main(args)
File "/opt/netbox-zabbix-sync/netbox_zabbix_sync.py", line 83, in main
for cf in device_cfs:
File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/pynetbox/core/response.py", line 128, in __next__
next(self.response), self.endpoint.api, self.endpoint
^^^^^^^^^^^^^^^^^^^
File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/pynetbox/core/query.py", line 292, in get
req = self._make_call(add_params=add_params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/pynetbox/core/query.py", line 242, in _make_call
req = getattr(self.http_session, verb)(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/requests/sessions.py", line 602, in get
return self.request("GET", url, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/requests/sessions.py", line 589, in request
resp = self.send(prep, **send_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/requests/sessions.py", line 703, in send
r = adapter.send(request, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/netbox-4.0.7/venv/lib/python3.11/site-packages/requests/adapters.py", line 700, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='http', port=443): Max retries exceeded with url: /192.168.0.91/api/extras/custom-fields/?type=text&content_type_id=23&limit=0 (Caused by NameResolutionError("<urllib3.connection.HTTPSConnection object at 0x7ff7b45e8950>: Failed to resolve 'http' ([Errno -2] Name or service not known)"))
I'm assuming there's an issue with the ZABBIX_HOST env variable? Although it's:
echo $ZABBIX_HOST
https://192.168.0.95
Any pointers would be greatly appreciated!
Both Zabbix and Netbox must have valid SSL certs for the script to connect. If not then both will need to be set up to support http connections. I have my Dev setup so netbox and zabbix listen to http requests on a nonstandard port so the script will connect.
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='http', port=443): Max retries exceeded with url: /192.168.0.91/api/extras/custom-fields/?type=text&content_type_id=23&limit=0 (Caused by NameResolutionError("<urllib3.connection.HTTPSConnection object at 0x7ff7b45e8950>: Failed to resolve 'http' ([Errno -2] Name or service not known)"))
This lines seems to indicate urllib is trying to resolve a host called http
with the path /192.168.0.91/api/extras/custom-fields/?type=text&content_type_id=23&limit=0
which seems off.
Can you share all of the relevant variables in your env?
@Kage1 hey! thanks for the input, I believe that seems to be the case, since now I am getting this error:
requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.0.91', port=443): Max retries exceeded with url: /api/extras/custom-fields/?type=text&content_type_id=23&limit=0 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:992)')))
Which adds up to the comment made by @q1x 🫡
Here's my env variables sir! :
echo $ZABBIX_HOST $NETBOX_HOST $ZABBIX_TOKEN $NETBOX_TOKEN
https://192.168.0.95 https://192.168.0.91 431bf9c1213aebaXXXXXXXXXXX0abad5311c2e38fa9fa101c00744 55dc2b5505dXXXXXXXXX53c60a6e5c1
Is there any way to overcome this certificate verification? 🤔
I'm using the REQUESTS_CA_BUNDLE environment variable to work around our private certificates.
Perhaps have a look into that.
I still find it weird how that original error manifested...
Was your ZABBIX_HOST set to https and NETBOX_HOST to https?
@q1x Thanks! I've added REQUESTS_CA_BUNDLE to point to ca-certificates.crt
on 192.168.0.91 (the netbox server where I'm running netbox-zabbix-sync) and I still get [SSL: CERTIFICATE_VERIFY_FAILED]
error.
I'm sorry I forgot to mention that previous ZABBIX Host was set to http, I guess that was the cause for the initial error.
Thanks for the help!
When utilizing SSL the cert needs to match the machine/domain name that the cert applies to. Also based on the self signed error the script is wanting an SSL cert issued by a real signing authority, e.g. LetsEncrypt, not a self generated one.
So at a bare min you need to ensure DNS is working and change your Netbox and Zabbix access URLs to the names of the servers not the IPs.
Thanks a lot for the help @Kage1 ! I will get DNS working on my network and then try again and report back. Thanks again!
Both Zabbix and Netbox must have valid SSL certs for the script to connect. If not then both will need to be set up to support http connections. I have my Dev setup so netbox and zabbix listen to http requests on a nonstandard port so the script will connect.
Hello again! @Kage1 Going back to this reply. Since using SSL connections on VMs is not very practical at the moment, let me know if I understood correctly: If I spin up two VMs with Netbox and Zabbix from scratch, non SSL, the script should work?
I just need to test this scenario working before I get approval from my manager to roll this into production (most likely with internet facing domains with SSL or servers not exposed to the internet (accessible vía VPN, but the problem would be the CA verification, since most of our non exposed servers are SSL encrypted but self-signed)).
It is not recommended to use it without SSL in prod. The non-ssl setup we are using is in our lab only. Our prod system has a set of valid certs for both Netbox & Zabbix.
For our lab yes we are running it with http only abet on custom ports instead of 80.
@Kage1 thanks for the confirmation! Yes indeed, I'm in the same situation, I will be using non-SSL only on VMs for testing purposes and then on prod it will be only with SSL but self signed, that is my only worry, because it seems that the script does not like self-signed certs.
Closing this one since it was SSL certificate related. The script (for now) does not support invalid certs. In my opinion the fault is not present in the code or SSL implementation, its working with invalid certs to begin with. Make life simple, use a proper signed cert (either by your internal company CA or with public tools such as LetsEncrypt) or run Netbox without encryption with port 80.
Both options work fine with the script at the time of writing.