When docker container is used, the application is loaded via gunicorn. Since gunicorn imports an app as a python module, the code inside if __name__ == '__main__': is never executed. As a result the application.config doesn't get updated properly with the env vars passed via the docker cmd. I noticed this while investigating an ssl error on an ES cluster protected with Searchguard. The connection was failing with an "unknown_ca" (error snippet below - hostname has been anonymised) error on the ES side. The debug mode on logging is also affected by this issue so I've added one more env var in order to be able to enable/disable it.
Tested with:
ElasticHQ Version:
3.5.0
Python version:
Python 3.6.8 (default in docker container)
Error log snippet from the ES node:
[ERROR][c.f.s.s.h.n.SearchGuardSSLNettyHttpServerTransport] [elsnode.example.com] SSL Problem Received fatal alert: unknown_ca
javax.net.ssl.SSLException: Received fatal alert: unknown_ca
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[?:?]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1647) ~[?:?]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1615) ~[?:?]
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1781) ~[?:?]
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1070) ~[?:?]
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:896) ~[?:?]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:766) ~[?:?]
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[?:1.8.0_212]
When docker container is used, the application is loaded via gunicorn. Since gunicorn imports an app as a python module, the code inside
if __name__ == '__main__':
is never executed. As a result theapplication.config
doesn't get updated properly with the env vars passed via the docker cmd. I noticed this while investigating an ssl error on an ES cluster protected with Searchguard. The connection was failing with an "unknown_ca" (error snippet below - hostname has been anonymised) error on the ES side. The debug mode on logging is also affected by this issue so I've added one more env var in order to be able to enable/disable it.Tested with:
ElasticHQ Version: 3.5.0
Python version: Python 3.6.8 (default in docker container)
Error log snippet from the ES node: