napalm-automation/napalm-ansible

Unable to connect to Arista EOS using napalm_get_facts

rainierpineda2 opened this issue · 2 comments

rainierpineda2 commented

I get the following error when connecting via napal_get_facts with dev_os set to eos.
TASK [validate_device_facts : Get device facts via NAPALM] *********************************************************************************** fatal: [netbox]: FAILED! => {"changed": false, "msg": "cannot connect to device: Socket error during eAPI connection: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)"}

I am able to connect when I use a python script with a code that tries to ignore the SSL cert verification. How do I turn that on in napalm_get_facts? Seems like validate_certs: no is not an option

The Arista device is running 4.19.1F-2GB. It is an Arista DCS-7150S-52-CL-F

rainierpineda2 commented

$ ansible --version
ansible 2.7.0b1
config file = /home/u1163139/ansible.cfg
configured module search path = [u'/usr/lib/python2.7/site-packages/napalm_ansible']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, May 31 2018, 09:41:32) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
$ python -V
Python 2.7.5
$ pip freeze | grep napalm
napalm==2.3.3
napalm-ansible==0.10.0
napalm-aos==0.1.1
napalm-asa==0.1.1
napalm-base==1.0.0
napalm-brocade==0.2.2
napalm-ce==0.1.1
napalm-dellos10==1.0.6
napalm-eos==0.6.1
napalm-exaros==0.1.0
napalm-exos==0.1.0
napalm-fortios==0.4.1
napalm-ibm==0.1.7
napalm-ios==0.8.1
napalm-iosxr==0.5.6
napalm-junos==0.12.1
napalm-logs==0.7.0
napalm-mos==2.0.4
napalm-nxos==0.7.1
napalm-panos==0.5.2
napalm-pluribus==0.5.1
napalm-ros==0.3.5
napalm-ruckus-fastiron==1.0.26
napalm-salt==0.0.2
napalm-vyos==0.1.5
napalm-yang==0.1.0

ktbyers commented

Hmmmm, that looks like this:

arista-eosplus/pyeapi#149

And the fix being:

You can disable the default certificate verification by editing the cert-verification.cfg
file in RedHat or by setting the PYTHONHTTPSVERIFY environment variable to 0.

Let me know if that works.

Obviously there are security implications so the more secure solution is to verify the SSL certificate of the remote device.