Using Netbox Ansible Modules

Question

I've been wanting to try out Ansible modules available for Netbox [1].

However, I find myself stuck right in the beginning.

Here's what I've tried:

Add prefix/VLAN to netbox [2]:

cat setup-vlans.yml 
---
- hosts: netbox 
  
  tasks:
    - name: Create prefix 192.168.10.0/24 in Netbox 
      netbox_prefix:
        netbox_token: "{{ netbox_token }}"
        netbox_url: "{{ netbox_url }}"
        data:
          prefix: 192.168.10.0/24
        state: present

That gives me the following error:

ansible-playbook setup-vlans.yml 

PLAY [netbox] *********************************************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************************************
ok: [NETBOX]

TASK [Create prefix 192.168.10.0/24 in Netbox] ************************************************************************************************
fatal: [NETBOX]: FAILED! => {"changed": false, "msg": "Failed to establish connection to Netbox API"}

PLAY RECAP ************************************************************************************************************************************
NETBOX                     : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

Can someone please point me where I am going wrong?

Note: The NetBox URL is an https://url setup with nginx and netbox-docker [3].

Thanks & Regards, Sana

[1] https://github.com/netbox-community/ansible_modules

[2] https://docs.ansible.com/ansible/latest/modules/netbox_prefix_module.html

[3] https://github.com/netbox-community/netbox-docker

The error message tells `Failed to establish connection to Netbox API`. are you able to manually access it using curl ? — Baptiste Mille-Mathias, Jul 07 '20 at 05:26
@BaptisteMille-Mathias Yup, I can. `curl -X GET -H "Authorization: Token XXX" https://netbox.url/api/ipam/prefixes/ -H "accept: application/json" {"count":0,"next":null,"previous":null,"results":[]}` — sanakhanlibre, Jul 07 '20 at 05:47

Baptiste Mille-Mathias · Answer 1 · 2020-07-07T09:54:44.253

1

All playbooks using API modules like netbox (but this is the same for gcp or aws) must use as host not the target but the host that will execute the playbook to call the API. Most of the time this is localhost, but that can be also a dedicated node like a bastion.

You can see in the example on the documentation you linked that it uses hosts: localhost.

Hence I think your playbook should be

---
- hosts: localhost
  connection: local
  gather_facts: False
  
  tasks:
    - name: Create prefix 192.168.10.0/24 in Netbox 
      netbox_prefix:
        netbox_token: "{{ netbox_token }}"
        netbox_url: "{{ netbox_url }}"
        data:
          prefix: 192.168.10.0/24
        state: present

edited Jul 07 '20 at 09:54

answered Jul 07 '20 at 06:20

Baptiste Mille-Mathias

2,144
4
31
37

Thanks much for pointing that out. I notice that `openssl s_client -connect netbox.url:443 -showcerts 2>&1 | head` gives me `verify error:num=20:unable to get local issuer certificate`. That could be the reason it can't connect to the NetBox API, however I don't know how to fix this. I am using a self signed certificate. https://pastebin.com/W5aZi3xs – sanakhanlibre Jul 07 '20 at 08:04
Yup sure, I would upvote the answer but since I am a new user, it doesn't allow me yet to upvote. I was wondering if there was a way to specify cacert file with pynetbox, the same way we do with requests with `verify="/my/path/to/cacert.crt"`. https://pastebin.com/zsJNYTSB – sanakhanlibre Jul 07 '20 at 10:07
Please create another question, on stackoverflow, one topic = one question. – Baptiste Mille-Mathias Jul 07 '20 at 10:12
Okies, sure. For reference: https://stackoverflow.com/questions/62773263/does-pynetbox-api-have-an-option-to-verify-ca-cert-for-self-signed-cert – sanakhanlibre Jul 07 '20 at 10:33
Btw, even after adding `validate_certs: false` and using http, I still can't connect to NetBox API. Am I still missing something? – sanakhanlibre Jul 07 '20 at 11:53
what is the error message you get, also run the playbook with -vvvv for more verbose output. – Baptiste Mille-Mathias Jul 07 '20 at 14:27
Although I could [connect to NetBox API using python shell](https://pastebin.com/LyLw7svm) I am stuck with using it [with Ansible](https://pastebin.com/6Q99dnBi). Also tried [setting the env variable](https://pastebin.com/vbkvstBP) – sanakhanlibre Jul 08 '20 at 03:49
For a problem that you have to target, I suggest rather to go a place for interactive support like IRC chan #ansible. StackOverflow is better for surrounded problem. – Baptiste Mille-Mathias Jul 08 '20 at 07:19

score 1 · Accepted Answer · answered Jul 14 '20 at 12:39

I had the same. Apparently the pynetbox api has changed in instantiation (ssl_verify is now replaced by requests session parameters).

I had to force ansible galaxy to update to the latest netbox module with:

ansible-galaxy collection install netbox.netbox -f

The force option did the trick for me.

Using Netbox Ansible Modules

2 Answers2

Linked