Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSLError while pushing to Datastore #229

Open
maxclac opened this issue Jul 27, 2021 · 15 comments
Open

SSLError while pushing to Datastore #229

maxclac opened this issue Jul 27, 2021 · 15 comments

Comments

@maxclac
Copy link

maxclac commented Jul 27, 2021

Hi!

I am using CKAN 2.9.2 and I am currently having a problem with an Excel file in a dataset that I try to manually push to the Datastore.

Traceback (most recent call last):
  File "/usr/lib/ckan/datapusher/src/datapusher/datapusher/jobs.py", line 363, in push_to_datastore
    response = requests.get(
  File "/usr/lib/ckan/datapusher/lib/python3.8/site-packages/requests/api.py", line 76, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/lib/ckan/datapusher/lib/python3.8/site-packages/requests/api.py", line 61, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/ckan/datapusher/lib/python3.8/site-packages/requests/sessions.py", line 530, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/ckan/datapusher/lib/python3.8/site-packages/requests/sessions.py", line 643, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/ckan/datapusher/lib/python3.8/site-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='ckan.example.com', port=443): Max retries exceeded with url: /dataset/12baf1af-1b92-4b37-834c-660ee75e19e5/resource/9e577061-19a0-47e4-ba5b-e0a4b3da4063/download/file.xlsx (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1131)')))

I put the SSL_VERIFY to False in the config file but it did not help.

What can I do?
@maxclac
Copy link
Author

maxclac commented Jul 28, 2021

Any idea, anyone?

@jqnatividad
Copy link
Contributor

jqnatividad commented Jul 28, 2021
edited

Have you tried installing ndg-httpsclient?

pip install ndg-httpsclient

If it doesn't help, at least it could also help with debugging your SSL issues.

https://github.com/cedadev/ndg_httpsclient/#running-ndg_httpclient

@maxclac
Copy link
Author

maxclac commented Jul 28, 2021

Thank you for the suggestion! I will try this and let you know.

@maxclac
Copy link
Author

maxclac commented Jul 28, 2021

I am sorry but I would need more help here. How this tool works exactly?

@jqnatividad
Copy link
Contributor

Also, just noticed host='ckan.example.com' in your trace log:

requests.exceptions.SSLError: HTTPSConnectionPool(host='ckan.example.com', port=443): Max retries exceeded with url: /dataset/12baf1af-1b92-4b37-834c-660ee75e19e5/resource/9e577061-19a0-47e4-ba5b-e0a4b3da4063/download/file.xlsx (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1131)')))

Is your ckan.site_url set correctly?

@maxclac
Copy link
Author

maxclac commented Jul 28, 2021

No, I just replaced my actual url with this, so that I don't reveal it.

@jqnatividad
Copy link
Contributor

jqnatividad commented Jul 28, 2021
edited

Got the suggestion from https://stackoverflow.com/questions/33410577/python-requests-exceptions-sslerror-eof-occurred-in-violation-of-protocol.

It should help with SSL certificate issues, but like you said, you had SSL_VERIFY set to False.

Anyway, its most likely an configuration issue on your end as Datapusher works with SSL and it will have to be a process of elimination.

First off, does the Datapusher work when you run CKAN without SSL?

G'luck!

@maxclac
Copy link
Author

maxclac commented Jul 29, 2021

Thanks! I would rather not turn off SSL unless I really have to, as it is a productive running CKAN instance.

@maxclac
Copy link
Author

maxclac commented Jul 29, 2021

I was thinking about using xloader instead, but it is not so straightforward.

@markstuart
Copy link

markstuart commented Aug 12, 2021
edited

Hey @maxclac, we were having this same issue building datapusher in a Docker container. After a lot of trial and error, we tried changing the base image from ubuntu:20.04 to debian:buster and everything just started working.

I can only assume that there is some incompatibility in the ssl libraries provided by the operating system and the python libraries used by datapusher?

Anyway, might help you resolve the issue. Good luck!

@maxclac
Copy link
Author

maxclac commented Aug 13, 2021

Interesting! Thank you, I will have a look.

@markstuart
Copy link

We've been through a few rounds of trying to get this working nicely... If you have the ability to use a pre-built docker image in your environment I heartily recommend https://hub.docker.com/r/keitaro/ckan-datapusher... worked nicely out of the box for me, can override some settings with environment vars etc

@maxclac
Copy link
Author

maxclac commented Aug 19, 2021

I see. It means that I can disable my current Datapusher, and use a container from this Docker image instead? Do I understand that right?

@maxclac
Copy link
Author

maxclac commented Nov 24, 2021

Hi! Just an update, I am still having this problem and would still appreciate help.

@maxclac
Copy link
Author

maxclac commented Nov 25, 2021

It is working when I set SSL_VERIFY = False in /usr/lib/ckan/datapusher/src/datapusher/datapusher/jobs.py. It would mean that the parameter ckan.datapusher.ssl_verify = False in my config file is ignored.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@markstuart @jqnatividad @maxclac