Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lab demo fails with hostname mismatch #175

Open
planetf1 opened this issue Aug 15, 2022 · 1 comment
Open

Lab demo fails with hostname mismatch #175

planetf1 opened this issue Aug 15, 2022 · 1 comment
Labels
containers

Comments

@planetf1
Copy link
Member

Jupyter notebooks will fail to communicate with egeria servers which are not on localhost with the following error:

Checking OMAG Server Platform availability...
Exception: HTTPSConnectionPool(host='lab-core', port=9443): Max retries exceeded with url: /open-metadata/platform-services/users/garygeeke/server-platform/origin (Caused by SSLError(CertificateError("hostname 'lab-core' doesn't match 'localhost'")))
    Core Platform is down - start it before proceeding
Exception: HTTPSConnectionPool(host='lab-datalake', port=9443): Max retries exceeded with url: /open-metadata/platform-services/users/garygeeke/server-platform/origin (Caused by SSLError(CertificateError("hostname 'lab-datalake' doesn't match 'localhost'")))
    Data Lake Platform is down - start it before proceeding
Exception: HTTPSConnectionPool(host='lab-dev', port=9443): Max retries exceeded with url: /open-metadata/platform-services/users/garygeeke/server-platform/origin (Caused by SSLError(CertificateError("hostname 'lab-dev' doesn't match 'localhost'")))
    Dev Platform is down - start it before proceeding
Done.

This occurs despite the correct truststore being in place.

This is because the certificate we (the Jupyter server) receive should be unique to the host, and contain the DNS hostname (in this case of the egeria platforms).

To fix this requires that we dynamically generate certs as part of the deployment - or require each/every egeria platform to have a unique cert.

There is no longer seemingly any way in python 3.10 using the requests module to turn off just the hostname verification.

Until we have revisited the whole area of cert deployment, we will need to change the notebooks to explicitly disable certificate checking
@planetf1
Copy link
Member Author

The 'best' approach is probably to switch to using a custom context for requests.

However this really requires a little refactoring to establish the context at the beginning of each notebook, and also to check that the persistent connections/context don't cause other issues.

Due to this in the short term I am making an explicit change to set 'verify=False' on all requests module calls. I'd hoped to avoid this, but at this time it seems the pragmatic approach until we can properly resolve deployment of certificates & potentially cleaner structuring of the python library code

@planetf1 planetf1 transferred this issue from odpi/egeria-coco-labs Aug 15, 2022
@planetf1 planetf1 self-assigned this Aug 25, 2022
@planetf1 planetf1 removed their assignment Jun 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
containers
Projects
No open projects
Egeria Kubernetes & Container
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
1 participant
@planetf1