Page MenuHomePhabricator
Create Task
Maniphest T283483

Various netbox alerts running for days
Open, MediumPublic
Actions

Description

The following netbox alerts have been fire for quite a few days on netbox1001. I have ack'ed them on Icinga in order to clean up things, and creating this task for follow up.

Captura de pantalla 2021-05-24 a las 9.56.52.png (216×1 px, 91 KB)

Details

SubjectRepoBranchLines +/-
reports/puppetdb: use system certificate store for tls verificationoperations/software/netbox-extrasmaster+4 -4
C:netbox: update SSL config to work with pki.discovery.wmnetoperations/puppetproduction+5 -18
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT283483 Various netbox alerts running for days
 ResolvedRequest CmjohnsonT283518 Netbox Errors
 ResolvedRequestPapaulT285718 Netbox Accounting Errors
 ResolvedRequest CmjohnsonT285719 Netbox Duplicate Cable IDs & Accounting Discrepancies
 ResolvedRequestPapaulT290362 Netbox Errors in codfw
 ResolvedRequestJclark-ctrT290364 Netbox Errors in eqiad

Event Timeline

Marostegui created this task.May 24 2021, 8:31 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 24 2021, 8:31 AM
Marostegui triaged this task as Medium priority.May 24 2021, 8:31 AM
jcrespo subscribed.May 24 2021, 8:41 AM

This was the error shown in a few of the alerts:

An exception occurred: SSLError: HTTPSConnectionPool(host='puppetdb1002.eqiad.wmnet', port=8090): Max retries exceeded with url: ///v1/facts/is_virtual (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)'))) <pre>Traceback (most recent call last): File "/srv/deployment/netbox/venv/lib/python3.7/site-packages/urllib3/connectionpool.py", line 706, in urlopen chunked=chunked, File "/srv/deployment/netbox/venv/lib/python3.7/site-packages/urllib3/connectionpool.py", line 382, in _make_request self._validate_conn(conn) File "/srv/deployment/netbox/venv/lib/python3.7/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn conn.connect() File "/srv/deployment/netbox/venv/lib/python3.7/site-packages/urllib3/connection.py", line 421, in connect tls_in_tls=tls_in_tls, File "/srv/deployment/netbox/venv/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 429, in ssl_wrap_socket sock, context, tls_in_tls, server_hostname=server_hostname File "/srv/deployment/netbox/venv/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 472, in _ssl_wrap_socket_impl return ssl_context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.7/ssl.py", line 412, in wrap_socket session=session File "/usr/lib/python3.7/ssl.py", line 853, in _create self.do_handshake() File "/usr/lib/python3.7/ssl.py", line 1117, in do_handshake self._sslobj.do_handshake() ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/srv/deployment/netbox/venv/lib/python3.7/site-packages/requests/adapters.py", line 449, in send timeout=timeout File "/srv/deployment/netbox/venv/lib/python3.7/site-packages/urllib3/connectionpool.py", line 756, in urlopen method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2] File "/srv/deployment/netbox/venv/lib/python3.7/site-packages/urllib3/util/retry.py", line 573, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='puppetdb1002.eqiad.wmnet', port=8090): Max retries exceeded with url: ///v1/facts/is_virtual (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)'))) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/srv/deployment/netbox/deploy-cache/revs/dabbf5ed421a1f0d1a0c086726f646e2d29becd2/src/netbox/extras/reports.py", line 232, in run test_method() File "/srv/deployment/netbox-extras//reports/puppetdb.py", line 125, in test_netbox_in_puppetdb puppetdb_devices = self._get_puppetdb_fact("is_virtual") File "/srv/deployment/netbox-extras//reports/puppetdb.py", line 48, in _get_puppetdb_fact response = requests.get(url, verify=config["puppetdb"]["ca_cert"]) File "/srv/deployment/netbox/venv/lib/python3.7/site-packages/requests/api.py", line 76, in get return request('get', url, params=params, **kwargs) File "/srv/deployment/netbox/venv/lib/python3.7/site-packages/requests/api.py", line 61, in request return session.request(method=method, url=url, **kwargs) File "/srv/deployment/netbox/venv/lib/python3.7/site-packages/requests/sessions.py", line 542, in request resp = self.send(prep, **send_kwargs) File "/srv/deployment/netbox/venv/lib/python3.7/site-packages/requests/sessions.py", line 655, in send r = adapter.send(request, **kwargs) File "/srv/deployment/netbox/venv/lib/python3.7/site-packages/requests/adapters.py", line 514, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='puppetdb1002.eqiad.wmnet', port=8090): Max retries exceeded with url: ///v1/facts/is_virtual (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)'))) </pre>
jcrespo added a subscriber: ayounsi.May 24 2021, 8:42 AM
gerritbot added a comment.May 24 2021, 9:57 AM

Change 693863 had a related patch set uploaded (by Jbond; author: John Bond):

[operations/puppet@production] C:netbox: update SSL config to work with pki.discovery.wmnet

https://gerrit.wikimedia.org/r/693863

gerritbot added a project: Patch-For-Review.May 24 2021, 9:57 AM
gerritbot added a comment.May 24 2021, 10:08 AM

Change 693864 had a related patch set uploaded (by Jbond; author: John Bond):

[operations/software/netbox-extras@master] reports/puppetdb: use system certificate store for tls verification

https://gerrit.wikimedia.org/r/693864

gerritbot added a comment.May 24 2021, 10:15 AM

Change 693863 merged by Jbond:

[operations/puppet@production] C:netbox: update SSL config to work with pki.discovery.wmnet

https://gerrit.wikimedia.org/r/693863

gerritbot added a comment.May 24 2021, 10:17 AM

Change 693864 merged by Jbond:

[operations/software/netbox-extras@master] reports/puppetdb: use system certificate store for tls verification

https://gerrit.wikimedia.org/r/693864

jbond mentioned this in rOSNEf6dbe46cea18: reports/puppetdb: use system certificate store for tls verification.May 24 2021, 10:29 AM
Maintenance_bot removed a project: Patch-For-Review.May 24 2021, 11:10 AM
jbond added subscribers: Volans, jbond.EditedMay 24 2021, 7:28 PM

@Volans just looking throught your reverts/patches and checked on netbox-next and i think this is fixed now

Volans added a comment.May 24 2021, 7:29 PM

Yes indeed, the specific TLS alert is resolved. As for the other failing reports AFAICT they require DC-Ops to chime in and have a look.

wiki_willy added a subtask: T283518: Netbox Errors.May 24 2021, 7:35 PM
wiki_willy added a comment.May 24 2021, 7:38 PM

Yup, we have T283483 opened to address some of the alerts. There are also some LibreNMS alerts related to some sample PDUs we're testing out at codfw, so those will probably continue alerting over the next month or so. Thanks, Willy

In T283483#7108801, @Volans wrote:

Yes indeed, the specific TLS alert is resolved. As for the other failing reports AFAICT they require DC-Ops to chime in and have a look.

Cmjohnson closed subtask T283518: Netbox Errors as Resolved.May 27 2021, 4:00 PM
ayounsi reopened subtask T283518: Netbox Errors as Open.Jun 8 2021, 6:32 AM
Cmjohnson closed subtask T283518: Netbox Errors as Resolved.Jun 9 2021, 3:20 PM
ayounsi removed a project: netbox.Jun 18 2021, 7:50 AM

FYI, I cleaned up the LibreNMS alert, so only the accounting one is still alerting.

wiki_willy added a subtask: T285718: Netbox Accounting Errors.Jun 28 2021, 8:44 PM
wiki_willy added a subtask: T285719: Netbox Duplicate Cable IDs & Accounting Discrepancies.Jun 28 2021, 8:47 PM
wiki_willy closed subtask T285718: Netbox Accounting Errors as Resolved.Jun 28 2021, 10:56 PM
Cmjohnson closed subtask T285719: Netbox Duplicate Cable IDs & Accounting Discrepancies as Resolved.Aug 31 2021, 3:14 PM
wiki_willy added a subtask: T290362: Netbox Errors in codfw.Sep 3 2021, 10:30 PM
wiki_willy added a subtask: T290364: Netbox Errors in eqiad.Sep 3 2021, 10:39 PM
Papaul closed subtask T290362: Netbox Errors in codfw as Resolved.Sep 8 2021, 2:37 PM
Jclark-ctr closed subtask T290364: Netbox Errors in eqiad as Resolved.Sep 8 2021, 8:23 PM
ayounsi mentioned this in T222931: Netbox Reports Ideas and Requests.Jan 13 2022, 8:58 AM
Dzahn subscribed.Jan 13 2022, 5:56 PM
Volans added a comment.Oct 11 2022, 2:36 PM

Current status is that 5 out of 9 Netbox reports are failing

Dzahn unsubscribed.Oct 11 2022, 3:02 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL