SSH keypair auth does not work with the SSOTSyncDevices job

[msheiny]

Environment

• Python version: 3.11.9
• Nautobot version: 2.3.1
• nautobot-device-onboarding version: 4.1.1a0
• ntc-templates version: 6.1.0

Expected Behavior

Following the directions from the docs one expects to be able to onboard devices via ssh key-pair.

Observed Behavior

Steps to Reproduce

1. Update nautobot config to look like this:

PLUGINS_CONFIG = {
    "nautobot_device_onboarding": {},
    "nautobot_ssot": {
        "hide_example_jobs": is_truthy(os.getenv("NAUTOBOT_SSOT_HIDE_EXAMPLE_JOBS")),
    },
    "nautobot_plugin_nornir": {
        "nornir_settings": {
            "credentials": "nautobot_plugin_nornir.plugins.credentials.nautobot_secrets.CredentialsNautobotSecrets",
            "runner": {
                "plugin": "threaded",
                "options": {
                    "num_workers": 20,
                },
            },
        },
        "connection_options": {
            "netmiko": {
                "extras": {
                    "fast_cli": False,
                    "read_timeout_override": 30,
                    "use_keys": True,
                    "key_file": "/source/.ssh_test/id_rsa",
                },
            },
        },
    },
}

2. I added a set of nautobot secrets with GENERIC type
3. Go create a Sync Devices From Network job using those credentials (and all the other required fields)
4. End up with the following error:

Unable to onboard 172.23.0.8, failed with exception A paramiko SSHException occurred during connection creation:

No authentication methods available

Problematic code

This error is happening because within the:

• command_getter -> sync_devices_command_getter method, the code is calling nornir_plays.inventory_creator._set_inventory which is then calling nornir_plays.inventory_creator.guess_netmiko_device_type WHICH makes some direct netmiko calls to try and yank out the device_type.

The problem here is that this code section does NOT pass in any attributes related to public key authentication. So it will fail here if you are relying on accessing a device that is only configured for ssh key auth.

Next steps

I got some code-changes locally where I fixed the issue and was able to connect successfully to a test arista device. It's been a few years from working in Django though, so I'm trying to unpack how to add a unit-test here. Hopefully should have a PR up tomorrow.

[jeffkala]

Assuming this actually only failed with autodetect selected? Should have worked otherwise.

[msheiny]

Assuming this actually only failed with autodetect selected? Should have worked otherwise.

Hey @jeffkala, i got a PR out #295 that forces the autodetect logic to utilize the same ssh settings that are passed via the configuration. I'm a little unclear the delineation between nornir's autodetect list and the one in the docs under that. I'll hit you up out of band to try and get clarity there. Thanks