napalm-ros icon indicating copy to clipboard operation
napalm-ros copied to clipboard

Published 20 hours ago verified publisher icon napalm-automation-community

Support additional SSL context parameters for Netbox

Open washcroft opened this issue 2 years ago • 5 comments

New optional_args for Netbox

  • When netbox_default_ssl_params is set to True:
    • verify_certificate - if specified and set to False (default is True), the MikroTik certificate will not be checked for trust, meaning the common name doesn't need to match the device being connected to, and the issuing CA doesn't need to be trusted (use this if the certificate is set to none in the api-ssl service on the MikroTik)
    • check_hostname - if specified and set to False (default is True unless the device being connected to is via IP Address not Hostname), the certificate common name doesn't need to match the device being connected to
    • ca_certificate - if specified (as a Base64 string e.g. Mw9THGWGW........saW6Ttg==), the MikroTik certificate will be checked it has been issued by this CA
  • username and password - allows overriding the otherwise global NAPALM credentials with device specific credentials (Netbox limitation)

washcroft avatar Aug 14 '22 11:08 washcroft

So netbox passes params in optional_args per device group or for single one ?

luqasz avatar Aug 16 '22 17:08 luqasz

So netbox passes params in optional_args per device group or for single one ?

Per device "platform", you can use that to group devices, or use per device if you wish.

washcroft avatar Aug 23 '22 10:08 washcroft

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

stale[bot] avatar Oct 22 '22 11:10 stale[bot]

Do you want me to do anything further with this?

washcroft avatar Oct 23 '22 06:10 washcroft

Sorry for not responding. After revisiting and rereading all netbox specific features, I have some thoughts. napalm-ros allows for passing ssl contexts as well as username and password. There is no need to add custom logic if netbox things. It is just a matter of time when some one comes and asks to change e.g. ssl context because they don't use host cert verification while someone wants to use it.

I'd prefer for netbox (and others) to use already existing functionality. Please contact netbox developers and override any required params there.

luqasz avatar Oct 23 '22 18:10 luqasz

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

stale[bot] avatar Dec 22 '22 18:12 stale[bot]