2

I've been trying to play around with NetBox Ansible modules with a NetBox setup having self signed certificate. [1] That however gives me the error:

Failed to establish connection to Netbox API

I realised that this was due to me using Self signed certificate:

>>> import pynetbox
>>> nb = pynetbox.api(
... 'https://netbox.url',
... token='XXX'
... )
 
>>> nb.dcim.devices.all()
 
<snipped>
 
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='netbox.url', port=443): Max retries exceeded with url: /api/dcim/devices/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)')))

I was wondering if there is a way to specify cacert file with pynetbox, the same way we do with requests using verify="/my/path/to/cacert.crt"

>>> nb = pynetbox.api(
... 'https://netbox.url',
... token='XXX',
... private_key_file='/my/path/to/key',
... ssl_verify='/my/path/to/cacert.crt'
... )
Traceback (most recent call last):
  File "<stdin>", line 5, in <module>
TypeError: __init__() got an unexpected keyword argument 'ssl_verify'

[1] Using Netbox Ansible Modules

Python Version: Python 3.7.7 pynetbox version: '2.8'

sanakhanlibre
  • 47
  • 1
  • 9

2 Answers2

2

This was discussed in an issue in their GitHub repo where they allege one can set the REQUESTS_CA_BUNDLE environment variable to point to the CA bundle that requests should use for verifying the endpoint (here are the requests docs)

In theory:

import pynetbox
import os

os.environ['REQUESTS_CA_BUNDLE'] = '/path/to/your/ca.pem'
# and off to the races
mdaniel
  • 31,240
  • 5
  • 55
  • 58
2

You can disable ssl verification like so:

nb.http_session.verify = False

It's mentioned in the docs here https://buildmedia.readthedocs.org/media/pdf/pynetbox/latest/pynetbox.pdf

Sherlon Antoine
  • 21
  • 1