I'm using the this module [1]: https://github.com/kragniz/python-etcd3 to communicate with etcdv3. I have created all the necessary certs and tested client secure connection with curl. However atempting a simple get operation fails. Code snippet and exception below.
import etcd3
ca='/Users/PKI/etcd/ca.pem'
cert='/Users/PKI/etcd/client.pem'
key='/Users/PKI/etcd/client-key.pem'
etcd = etcd3.client(ca_cert=ca, cert_cert=cert, cert_key=key)
etcd.get('foo')
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
status = StatusCode.UNAVAILABLE
details = "failed to connect to all addresses"
debug_error_string = "{"created":"#1594500226.366466000","description":"Failed to pick subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":3948,"referenced_errors":[{"created":"#1594500226.366461000","description":"failed to connect to all addresses","file":"src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc","file_line":394,"grpc_status":14}]}"
>
> /usr/local/lib/python3.8/site-packages/etcd3/client.py(46)handler()
-> return f(*args, **kwargs)
I haven't done much with grpc so I'm not sure if there are options I should pass to init the etcd3 client.
Related
I am developing a web server using flask 2.0.2 and deploying using hypercorn. I want to deploy it as asgi application.
My main.py looks like this:
from flask import Flask
from asgiref.wsgi import WsgiToAsgi
app = Flask(__name__)
#app.get("/")
async def hello_word():
await asyncio.sleep(1)
return "<p> Hello World </p>"
asgi_app = WsgiToAsgi(app)
When deploying the server: hypercorn main:asgi_app
The following error is raised but the server is deployed successfully.
[2021-11-29 20:15:30 +0530] [41394] [ERROR] ASGI Framework Lifespan error, continuing without Lifespan support
Traceback (most recent call last):
File "/PycharmProjects/MyProject/venv/lib/python3.7/site-packages/hypercorn/asyncio/lifespan.py", line 32, in handle_lifespan
await invoke_asgi(self.app, scope, self.asgi_receive, self.asgi_send)
File "/PycharmProjects/MyProject/venv/lib/python3.7/site-packages/hypercorn/utils.py", line 246, in invoke_asgi
await app(scope, receive, send)
File "/PycharmProjects/MyProject/venv/lib/python3.7/site-packages/asgiref/wsgi.py", line 21, in __call__
await WsgiToAsgiInstance(self.wsgi_application)(scope, receive, send)
File "/PycharmProjects/MyProject/venv/lib/python3.7/site-packages/asgiref/wsgi.py", line 36, in __call__
raise ValueError("WSGI wrapper received a non-HTTP scope")
ValueError: WSGI wrapper received a non-HTTP scope
[2021-11-29 20:15:30 +0530] [41394] [INFO] Running on http://127.0.0.1:8000 (CTRL + C to quit)
I am able to hit the route defined but the cause of this error is still unknown to me. On looking into the stack trace, i found that when deploying the handle_lifespan function in hypercorn/asyncio/lifespan.py is called which looks like this:
async def handle_lifespan(self) -> None:
self._started.set()
scope: LifespanScope = {"type": "lifespan", "asgi": {"spec_version": "2.0"}}
try:
await invoke_asgi(self.app, scope, self.asgi_receive, self.asgi_send)
except LifespanFailureError:
# Lifespan failures should crash the server
raise
except Exception:
self.supported = False
if not self.startup.is_set():
message = "ASGI Framework Lifespan error, continuing without Lifespan support"
elif not self.shutdown.is_set():
message = "ASGI Framework Lifespan error, shutdown without Lifespan support"
else:
message = "ASGI Framework Lifespan errored after shutdown."
await self.config.log.exception(message)
finally:
self.startup.set()
self.shutdown.set()
This defines the scope type as "lifespan" and passes this scope to the WsgiToAsgiInstance class that checks the scope of the request:
if scope["type"] != "http":
raise ValueError("WSGI wrapper received a non-HTTP scope")
Can someone help me understanding it better?
This error can be ignored (and with the next release of Hypercorn it will report as a warning instead). It indicates what you already know - WSGI apps don't support the lifespan protocol.
I have this easy code to connect to download some data using GRPC
creds = grpc.ssl_channel_credentials()
channel = grpc.secure_channel(f'{HOST}:{PORT}', credentials=creds)
stub = liveops_pb2_grpc.LiveOpsStub(channel=channel)
request = project_pb2.ListProjectsRequest(organization=ORGANIZATION)
projects = stub.ListProjects(request=request)
print(projects)
This worked fine on wednesday. It runs in a docker container with Python 3.8.10 and protobuf==3.18.0,grpcio==1.40.0, grpcio-tools==1.40.0.
Today I updated MAC OS Big Sur to 11.6 and after finishing some extra features on the code I see that it returns:
E0930 21:12:04.108551900 1 ssl_transport_security.cc:1468] Handshake failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.
E0930 21:12:04.194319000 1 ssl_transport_security.cc:1468] Handshake failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.
E0930 21:12:04.286163700 1 ssl_transport_security.cc:1468] Handshake failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.
Traceback (most recent call last):
File "", line 302, in <module>
projects = liveops_stub.ListProjects(request=request)
File "/home/airflow/.local/lib/python3.8/site-packages/grpc/_channel.py", line 946, in __call__
return _end_unary_response_blocking(state, call, False, None)
File "/home/airflow/.local/lib/python3.8/site-packages/grpc/_channel.py", line 849, in _end_unary_response_blocking
raise _InactiveRpcError(state)
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
status = StatusCode.UNAVAILABLE
details = "failed to connect to all addresses"
debug_error_string = "{"created":"#1633036324.286560700","description":"Failed to pick subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":3186,"referenced_errors":[{"created":"#1633036324.286548700","description":"failed to connect to all addresses","file":"src/core/lib/transport/error_utils.cc","file_line":146,"grpc_status":14}]}"
>
Seems to be something related to SSL Certificates.
If I check /etc/ssl/certs folder it is empty, so could be that SSL SO certificate has been erased?
How can I fix it?
Let's Encrypt cross-signed DST Root CA X3 expired yesterday, it caused some SSL problems on some clients. I managed to fix it by manually changing the intermediate chain to use the new Root X1 instead.
On the server, run:
sudo certbot certonly --nginx -d <ADDRESS> --preferred-chain "ISRG Root X1"
If you are not running nginx you might need to replace it with your server, and make sure to restart it.
As Firas Al Mannaa said Let's Encrypt cross-signed DST Root CA X3 expired yesterday, it caused some SSL problems on some clients.
I added a new function to get a certificate from ca-bundle:
def get_ssl_certificate():
request_response = req.get('https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt')
certificate_content = request_response.text
certificate_as_bytes = str.encode(certificate_content)
return certificate_as_bytes
And then I used this certificate
creds = grpc.ssl_channel_credentials(root_certificates=certificate_as_bytes)
This question already has answers here:
Python FTP implicit TLS connection issue
(7 answers)
Closed 3 years ago.
I am trying to connect to connect to a FTP site to download some files:
from ftplib import FTP_TLS
from ftplib import FTP
import ssl
import ftplib
FTP_TLS.ssl_version = ssl.PROTOCOL_TLSv1_2
ftps = FTP_TLS(timeout=100)
ftps.set_debuglevel(2)
ftps.connect('IP', port)
ftps.auth()
ftps.prot_p()
ftps.login('username', 'password')
The program tries for sometime before it fails with the following error:
get ''
Traceback (most recent call last): File "FTP.py", line 12, in
ftps.connect('IP', port) File "C:_data\learn\Miniconda\lib\ftplib.py", line 155, in connect
self.welcome = self.getresp() File "C:_data\learn\Miniconda\lib\ftplib.py", line 236, in getresp
resp = self.getmultiline() File "C:_data\learn\Miniconda\lib\ftplib.py", line 222, in getmultiline
line = self.getline() File "C:_data\learn\Miniconda\lib\ftplib.py", line 210, in getline
raise EOFError EOFError
I am not sure what the cause of this error is . I can connect to the ftp server using the same details with a FTP client (FileZilla). Can anyone point out if there is issue with my code and possible options to fix this.
Edit 1
As suggested below posting FileZilla logs :
Status: Connecting to IP:Port...
Status: Connection established, initializing TLS...
Status: Verifying certificate...
Status: TLS connection established, waiting for welcome message...
Status: Logged in
Status: Retrieving directory listing...
Status: Directory listing of "/" successful
FIleZilla explicitly pops up a certificate which I press OK on my desktop after which the connection is established. I am assuming the failure here is because my code doesn't accept the certificate. Any help is appreciated.
For anyone looking for an answer, the issue was that implicit FTPS connections need the socket to be ssl wrapped automatically.I used the below piece of code written by George Leslie-Waksman
import ftplib
import ssl
class ImplicitFTP_TLS(ftplib.FTP_TLS):
"""FTP_TLS subclass that automatically wraps sockets in SSL to support implicit FTPS."""
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self._sock = None
#property
def sock(self):
"""Return the socket."""
return self._sock
#sock.setter
def sock(self, value):
"""When modifying the socket, ensure that it is ssl wrapped."""
if value is not None and not isinstance(value, ssl.SSLSocket):
value = self.context.wrap_socket(value)
self._sock = value
If this resolves your issue, kindly upvote the original answer -->https://stackoverflow.com/a/36049814/392233
I have very simple setup. I have etcd 3.3 server.
I have code in python (3.6) ive installed etcd3 version 0.10.0
import etcd3
data = etcd3.client(host='my.host.net', port=2379).get('/exesiting/key'))
print( data )
Key exsist, server address is ok.
This code fails randomly with follwing error
failed: grpc._channel._Rendezvous: <_Rendezvous of RPC that terminated with:
status = StatusCode.UNKNOWN
details = "Failed to create subchannel"
debug_error_string = "{"created":"#1557133790.170407000","description":"Failed to create subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":2715,"referenced_errors":[{"created":"#1557133790.170402000","description":"Empty update","file":"src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc","file_line":270}]}"
What is wrong? Do i need to clean up connections somehow?
Python 3.6.4 (32 bit x86) using slackclient locally connects to the RTM API and is able to listen in on slack channel changes. That same code running in Azure (64 bit AMD) does not work.
I've made sure that the Azure python install is as close to my local machine as possible. There are a few package discrepancies (see below) though this should not be the issue since these are not being used:
Azure vs. Local Machine
* numpy 1.15.3 vs. numpy 1.16.0
* pyodbc 4.0.24 vs. pyodbc 4.0.25
* pytz 2018.7 vs. pytz 2018.9
* setuptools 38.5.2 vs. setuptools 28.8.0
I've looked at the following links though I am not sure they will help. Some of the instructions for setting up a proxy in Azure are no longer valid (off by several steps). Recently Azure stopped serving a web app of mine (C#/ASP) when I changed the (totally unrelated Python) setting below.
Application settings->General settings->Python version (from Off to 3.4)
It was a real pain to get it back. I think that I will need a proxy though I would imagine Azure should provide better instructions for this. I am somewhat of an Azure newb though not new enough to start changing things willy nilly!
make Python 3.x Slack (slackclient) use a corporate proxy
Custom Slack Bot cannot connect
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-connectors-with-proxy-servers
https://learn.microsoft.com/en-us/azure/azure-functions/functions-proxies
import time, logging, os
from slackclient import SlackClient
from datetime import datetime
def main():
#proxies = dict(https="proxy.azure.com:443", http="proxy.azure.com:443")
sc = SlackClient(BOT_TOKEN)
CHANNEL_ID = "some channel id"
logger.debug("Listening to channel '{0}' with id '{1}' for the following actions: ".format(CHANNEL_NAME, CHANNEL_ID))
if sc.rtm_connect():
logger.debug("Connected to Slack!")
while True:
# Read latest messages
# If activity is in CHANNEL_ID do something
else:
logger.debug("Couldn't connect to slack")
On my local machine I get the following (I cut out some of the code):
DEBUG - Listening to channel 'news' with id 'CFDQ3BXYZ' for the following actions:
DEBUG - message_replied
DEBUG - message_deleted
DEBUG - message_changed
DEBUG - Connected to Slack!
However, in Azure, I get the following:
DEBUG - Listening to channel 'news' with id 'CFDQ3BXYZ' for the following actions:
DEBUG - message_replied
DEBUG - message_deleted
DEBUG - message_changed
DEBUG - Couldn't connect to Slack!
The Azure error message is as follows:
01-14-2019 23:17:26, urllib3.connectionpool, DEBUG, Starting new HTTPS connection (1): slack.com:443
01-14-2019 23:17:26, urllib3.connectionpool, DEBUG, https://slack.com:443 "POST /api/rtm.start HTTP/1.1" 200 18349
01-14-2019 23:17:26, slackclient.client, WARNING, Failed RTM connect
Traceback (most recent call last):
File "D:\home\python364x64\lib\site-packages\slackclient\server.py", line 192, in connect_slack_websocket
http_proxy_auth=proxy_auth,
File "D:\home\python364x64\lib\site-packages\websocket\_core.py", line 511, in create_connection
websock.connect(url, **options)
File "D:\home\python364x64\lib\site-packages\websocket\_core.py", line 220, in connect
options.pop('socket', None))
File "D:\home\python364x64\lib\site-packages\websocket\_http.py", line 120, in connect
sock = _open_socket(addrinfo_list, options.sockopt, options.timeout)
File "D:\home\python364x64\lib\site-packages\websocket\_http.py", line 164, in _open_socket
sock.setsockopt(*opts)
OSError: [WinError 10042] An unknown, invalid, or unsupported option or level was specified in a getsockopt or setsockopt call
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "D:\home\python364x64\lib\site-packages\slackclient\client.py", line 140, in rtm_connect
self.server.rtm_connect(use_rtm_start=with_team_state, **kwargs)
File "D:\home\python364x64\lib\site-packages\slackclient\server.py", line 159, in rtm_connect
self.connect_slack_websocket(self.ws_url)
File "D:\home\python364x64\lib\site-packages\slackclient\server.py", line 200, in connect_slack_websocket
raise SlackConnectionError(message=str(e))
slackclient.server.SlackConnectionError: [WinError 10042] An unknown, invalid, or unsupported option or level was specified in a getsockopt or setsockopt call
01-14-2019 23:17:26, Slack_bot_listener, DEBUG, Couldn't connect to slack
Any help will be greatly appreciated!
It appears that WebJobs are restricted to port 80 only. So there is no way to open up ports, etc. on Azure WebJobs at least at this time (see article/post below). So it appears that a VM or some other route is the way to proceed.
Can I open ports on Azure Websites?