Kubeflow: problem with SSL certificate in Jupiter Notebook - kubernetes

We installed Kubeflow 1.0 on Kubernetes 1.15.16 (with Azure) and we have an issue with SSL certificate when trying to install pip package in Jupiter Notebook. The same issue also appear when trying to install directly the package from the docker container used for the Notebook Server:
In order to provide more context about the mentioned issues, here are attached some outputs that contain the errores mentioned within.
Issues found during installation of ‘nose’ package
If we try:
pip install --index-url=https://pypi.python.org/simple/ nose
Output is:
WARNING: Certificate did not match expected hostname: pypi.python.org.
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError
Could not fetch URL https://pypi.python.org/simple/nose/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.python.org', port=443): Max retries exceeded with url: /simple/nose/
ERROR: Could not find a version that satisfies the requirement nose (from versions: none)
ERROR: No matching distribution found for nose
Could not fetch URL https://pypi.python.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.python.org', port=443): Max retries exceeded with url: /simple/pip/
Similar issue also happen using curl:
! curl https://pypi.org
Output:
curl: (51) SSL: no alternative certificate subject name matches target host name 'pypi.org'
We tried to ignore the SSL verification using
pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org
But is also raise an error:
ERROR: Could not find a version that satisfies the requirement nose (from versions: none)
ERROR: No matching distribution found for nose
We dont know where to start to solve this...
Any help would be welcome!
Thanks a lot in advance!

I got a same exception in kubeflow with Azure.
This command work for me:
pip install xgboost -i http://pypi.douban.com/simple/ --trusted-host pypi.douban.com
pypi.douban.com is a chinese mirror url.
But when I go to the next step, I got the same ssl ca error when use kubeflow sdk in python. I'm still finding solution.

Related

while installing "pip install python-chess" in a virtual environment on vscode, got full errors about ssl

I am not an expert but a junior developer, and I tried to make an AI for chess, for this I went to vscode, made a folder "pychess" in vscode and on my desktop, I activate the virtual env, and then I ran pip install python-chess
and I have this :
WARNING: pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/ssl/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/ssl/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/ssl/
ERROR: Operation cancelled by user
WARNING: pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.")) - skipping
kinda spent all day to figure out , changing path variables; trying different commands that I even don't remember, and I just don't know what is the problem, when I do "import chess" even if I managed to download it from windows prompt (probably I added 3 times the anaconda path to make it work), even then, it says "seems like package chess is installed on "C....blabla"" but still import chess was not working. So i deleted the chess framework downloaded from windows prompt and hoped that this time it will probably work on my terminal in vscode and inside de v environment, but I was wrong again
Please, any suggestions?
I would suggest installing openssl here
then you should make sure python is installed and run
./configure --with-openssl=/home/username/openssl
then finally run this and if there is no output you should be good
python3 -m ssl

How can I connect to MongoDB Atlas through Python 3.6 on my Macbook Air without SSL handshake error?

I've set up a test MongoDb Atlas account, just one of the free ones and using the below code on my Ubuntu box I can successfully create users and also search for them.
When I try the exact same thing on my MacBook Air I get an SSL handshake as below.
pymongo.errors.ServerSelectionTimeoutError: SSL handshake failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833),SSL handshake failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833),SSL handshake failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833)
import pymongo
client = pymongo.MongoClient("mongodb+srv://MYUSERNAME:MYPASSWORD#cluster0-ABCDEF.mongodb.net/test")
db = client.johnny
collection = db.myjohnnytest
example = {'name' : 'Johnny',
'email' : 'johnny#test.net'}
user_id = collection.insert_one(example).inserted_id
I found this answer which seemed like it was the key:
Stack Overflow Answer
But I have since tried this and whether I follow it exactly or activate my virtualenv I get the following error:
Could not find an activated virtualenv (required).
Traceback (most recent call last):
File "", line 44, in
File "", line 25, in main
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/subprocess.py", line 291, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/Library/Frameworks/Python.framework/Versions/3.6/bin/python3.6', '-E', '-s', '-m', 'pip', 'install', '--upgrade', 'certifi']' returned non-zero exit status 3.
logout
Saving session...
...copying shared history...
...saving history...truncating history files...
...completed.
By default, PyMongo is configured to require a certificate from the server when TLS is enabled. This is configurable using the ssl_cert_reqs option. To disable this requirement pass ssl.CERT_NONE as a keyword parameter:
>>> uri = 'mongodb://example.com/?ssl=true&ssl_cert_reqs=CERT_NONE'
>>> client = pymongo.MongoClient(uri)
Have you update the CA bundle for Python?
From a bash shell/ terminal:
open "/Applications/Python 3.6/Install Certificates.command"
or Python 3.7 etc
MongoDB Documentation for Python
Stackoverflow article on MacOS, Python and CA
I am showing 2 ways of solving this:
(easiest)
Adding ...&ssl=true&ssl_ca_certs=/path/to/cert.pem to the mongodb url
(recommended)
Configuring python SSL connection.
$ python3 -c "import ssl; print(ssl.get_default_verify_paths())
DefaultVerifyPaths(cafile='/Library/Frameworks/Python.framework/Versions/3.6/etc/openssl/cert.pem', capath=None, openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/Library/Frameworks/Python.framework/Versions/3.6/etc/openssl/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/Library/Frameworks/Python.framework/Versions/3.6/etc/openssl/certs')
Then make sure you add your cert.pem file to the specified path. In my case, I should add it to the folder /Library/Frameworks/Python.framework/Versions/3.6/etc/openssl/

use pip intall virtualenv:ProtocolError('Connection aborted.', gaierror(-3, 'Temporary failure in name resolution'))

I installed virtualenv with pip, but I'm getting this error:
[root#szlnginx_proxy bin]# ./pip install virtualenv
Collecting virtualenv
Retrying (Retry(total=4, connect=None, read=None, redirect=None)) after connection broken by 'ProtocolError('Connection aborted.', gaierror(-3, 'Temporary failure in name resolution'))': /simple/virtualenv/
I came across the same problem and I was able to resolve it by adding "nameservers" to /etc/resolv.conf. For a list of nameservers and further information on resolv.conf you can check out:
https://wiki.archlinux.org/index.php/Resolv.conf.
I also had this issue. In my case it was that I had a proxy and had not set the environment variables http_proxy and https_proxy.
If you suspect you have this issue you can look at this other answer

Capifony SSH Exception on windows - 998 error code

I am trying to setup Capifony to deploy on windows however when running cap deploy I get the following output.
Spec
ruby 2.0.0p481
capifony v2.7.0
The error message
servers: ["homestead.app"]
** [deploy:update_code] exception while rolling back: Capistrano::ConnectionError, connection failed for: homestead.app (Net::SSH::Exception: Creation of file mapping failed with error: 998) connection failed for: homestead.app (Net::SSH::Exception: Creation of file mapping failed with error: 998)
If I close down pageant this issue goes away however I require pageant to load the ssh key for the github repo as it required for doing a git ls-remote locally.
Any suggestions/workarounds?
Related issues found
https://github.com/test-kitchen/test-kitchen/issues/448
Resolved my issue by using an older version of ruby (Ruby 1.9.3-p545).

solarisstudio12.3 installation on Solaris 11 machine

I am trying to install solaris studio 12.3 on a Solaris 11 x86 machine.
I have downloaded oracle cert and key from mentioned link, but while publishing am getting following error.
pkg set-publisher -k Oracle_Solaris_Studio.key.pem -c Oracle_Solaris_Studio.certificate.pem -g **PORTAL** solarisstudio
pkg set-publisher: The origin URIs for 'solarisstudio' do not appear to point to a valid pkg repository.
Please verify the repository's location and the client's network configuration.
Additional details:
Unable to contact valid package repository
Encountered the following error(s):
Unable to contact any configured publishers.
This is likely a network configuration problem.
1: Framework error: code: 7 reason: Failed connect to pkg.oracle.com:443; Connection refused
URL: '**PORTAL**' (happened 4 times)
2: Framework error: code: 28 reason: Connection timed out after 60000 milliseconds
URL: '**PORTAL**' (happened 4 times)
Please let me know if further information is required.
NOTE PORTAL - https://pkg.oracle.com/solarisstudio/release
Configuring correct proxy settings as pointed out by alanc, resolved the issue.