python-swat icon indicating copy to clipboard operation
python-swat copied to clipboard

Published 20 hours ago verified publisher icon sassoftware

Connection issue - accessing CAS in containerized Viya 4 environment from local Python client.

Open SundareshSankaran opened this issue 3 years ago • 2 comments
trafficstars

My Python client is a local Jupyter notebook application running on my laptop. On my server, I have published both the HTTP and Binary CAS Node ports and also exposed them as Load Balancers, providing external IPs.

As a first check - I first used swat to access CAS from a Python client on the server - viz. through SAS Studio. Connections to https and bin ports are both successful.

There are two different error messages I get - both are SSL certificate related. The first one is when I connect with the below format ( is the alias for my ingress)

Situation 1 :

os.environ['CAS_CLIENT_SSL_CA_LIST']="trustedcerts.pem"

s = swat.CAS(hostname="<host>/sas-cas-server-default-http", port=443, protocol="https",
              username="user",password=getpass.getpass("Enter password"))

Message (error portion):

SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)

Variants - tried with -bin (cas protocol) and with -client, port=443 and protocol=https

Next, I tried providing a hostname directly, and got the following error (which is a little funny, given that the hostname is actually part of the list of hosts.)

CertificateError: hostname '**10.A.B.C**' doesn't match either of '10.A.B.A', '**10.A.B.C**', 'controller', 'controller.sas-cas-server-default', '......'

I have verified my certificate and it is obtained from the cluster directly in per format.

SundareshSankaran avatar Mar 09 '22 18:03 SundareshSankaran

Stuck on the same issue:

SSLError: HTTPSConnectionPool(host='<host>.com', port=443): Max retries exceeded with url: /cas-shared-default-http/cas/sessions (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))

I was provided a .pem file with certificates for viya which I used to set the path for os.environ["CAS_CLIENT_SSL_CA_LIST"] and I added the contents to my Windows CA store to no avail.

sdimos avatar Jun 17 '22 16:06 sdimos

What version of viya are you trying to connect to ?

What did you use for the hostname in the swat.CAS() function ? for example, are you using the name of the ingress, or the hostname of the cas controller, or something else ?

bkemper24 avatar Jun 17 '22 18:06 bkemper24