Closed neuropathbasel closed 3 years ago
Hello @neuropathbasel,
When communicating with remote hosts, you must use tls (the examples dont support that in order to be concise).
You will also need to use port 9502 for the manager.
For example:
import argparse
from minknow_api.manager import Manager
def main():
"""Main entrypoint for list_sequencing_devices example"""
parser = argparse.ArgumentParser(
description="List sequencing positions connected to a host."
)
parser.add_argument(
"--host", default="localhost", help="Specify which host to connect to."
)
parser.add_argument(
"--port", default=None, help="Specify which porer to connect to."
)
args = parser.parse_args()
# Construct a manager using the host + port provided.
manager = Manager(host=args.host, port=args.port, use_tls=True) # Enable TLS
# Find a list of currently available sequencing positions.
positions = manager.flow_cell_positions()
# Print out available positions.
print("Available sequencing positions on %s:%s:" % (args.host, args.port))
for pos in positions:
print("%s: %s" % (pos.name, pos.state))
if pos.running:
print(" secure: %s" % pos.description.rpc_ports.secure)
print(" insecure: %s" % pos.description.rpc_ports.insecure)
# User could call {pos.connect()} here to connect to the running MinKNOW instance.
if __name__ == "__main__":
main()
Thanks for the information. I just wonder if every MinKNOW instance has its own certificate or if the certificate is the same on every remote machine?
Thanks Jens
The certificate is the same for the moment, this is something we are considering changing in the future.
Thanks,
hello jorj1988, Many thanks for your prompt reply. I did specify port 9502 for the remote machine. However without any success - I am pretty sure I am missing something. On machine 1 (with IP 192.168.0.15) I ran: (gRPC) user@meqneuropat15:~/minknow_api$ python ./python/examples/list_sequencing_positions.py --host 192.168.1.18 --port 9502
But instead of a device listing I did obtain:
Traceback (most recent call last):
File "./python/examples/list_sequencing_positions.py", line 41, in
Any suggestion? best Claus
Hi @neuropathbasel,
Did you modify the example to use tls - as in the snippet above?
manager = Manager(host=args.host, port=args.port, use_tls=True) # Enable TLS
Hi George, I did modify the the example, but the error stayed the same until I started a new terminal. Now I do need SSL certificates. (gRPC) user@meqneuropat15:~/minknow_api$ python ./python/examples/list_sequencing_positions.py --host 192.168.1.18 --port 9502 Traceback (most recent call last): File "/home/user/minknow_api/gRPC/lib/python3.7/site-packages/minknow_api/init.py", line 190, in grpc_credentials return grpc_credentials.cached_credentials AttributeError: 'function' object has no attribute 'cached_credentials'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "./python/examples/list_sequencing_positions.py", line 41, in
will go through this repo to find a HowTo cheers
Claus
@George I understood your first reply that I have to work on port 9502 - a secure chanel. So far I did not progress standard error is "Couldn't find a valid path to MinKNOW's CA SSL certificate to initiate a secure connection"
Currently I would prefer for a fist trial to use a insecure channel on port 9501 - at least for a first attempt. How can I get this to work? best Claus
The certificate is the same for the moment, this is something we are considering changing in the future.
Thanks,
- George
Thanks George!
Please also consider a way to pull the certificate from the MinKNOW instance via some API calls when using different certificates for different instances of MinKNOW. Otherwise it would be pain in the ass to manually transfer and store each certificate from the remote machines to a local one.
Cheers Jens
@neuropathbasel you can change how minknow binds insecure ports in the user_conf
file (in <minknow install dir>/ conf / user_conf
:
the local_connection_only
setting should be set to "minknow_default" currently, if you set it to all_open
minknow will bind all insecure ports to the network. This is not recommended from a security POV, but I agree is simpler to test things work as expected.
Thanks for the rapid help. I introduced on both machines the changes you suggested and restarted the minknow service with sudo restart minknow service. however, so far, without any luck. for reasons unclear to me there is still the need for defining the path to a to MinKNOW's CA SSL certificate. I assumed to use an insecure connection. Entering python list_sequencing_positions_remote.py --host 192.168.1.18 --port 9501
prompts: Traceback (most recent call last): File "/home/user/minknow_api/gRPC/lib/python3.7/site-packages/minknow_api/init.py", line 190, in grpc_credentials return grpc_credentials.cached_credentials AttributeError: 'function' object has no attribute 'cached_credentials'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "list_sequencing_positions_remote.py", line 55, in
I did find the https://github.com/nanoporetech/minknow_api/blob/2fad019ee71546c00f534bdd0ca37d885baf073a/README.md the section "How do I connect to a "secure" port?", but I am not where to implement the given code.
Any suggestion? Best Claus
Hi @neuropathbasel ,
The code above implies you are using tls still:
manager = Manager(host=args.host, port=args.port, use_tls=True)
If you are using port 9501 you will need to not use tls.
If you use tls you need to ensure you supply the certificate from the minknow sequencing device on the local machine.
Thanks,
thanks for your rapid help. I did correct the code, but did not try to start the code from another terminal. On this headless system, I am accessing via VNC I feel that something (an editor?) is blocking some functions. I have not seen this before.
Is there an example for supplying the certificate with the simple list_sequencing devices?
In my hand the link to the API description files (https://github.com/nanoporetech/minknow_api/blob/2fad019ee71546c00f534bdd0ca37d885baf073a/protos/minknow_api) is not found. many thanks Claus
Please see this other issue where we discussed how to link CA certificates for minknow:
Hello, Many thanks for forwarding me here. First step on the local linux machine worked fine and prompted:
~/minknow_api$ python ./python/examples/list_sequencing_positions.py --host localhost --port 9501 Available sequencing positions on localhost:9501: MN32638: running secure: 8001 insecure: 8000
However, issues started with the attempt to obtain a similar readout form an identical second machine in the same subnet running under 192.18.01.18. On this machine MinKNOW GUI Installed version: 4.1.22 is running and a Minion is attached to it via USB 3. This unit is “detected” by the local MinKNOW GUI.
Running on the first linux machine ~/minknow_api$ python ./python/examples/list_sequencing_positions.py --host 192.168.1.18 --port 9501
yields: Traceback (most recent call last): File "./python/examples/list_sequencing_positions.py", line 41, in
main()
File "./python/examples/list_sequencing_positions.py", line 23, in main
manager = Manager(host=args.host, port=args.port, use_tls=False)
File "/home/user/minknow_api/gRPC/lib/python3.7/site-packages/minknow_api/manager.py", line 108, in init
minknow_api.manager_service.GetVersionInfoRequest()
File "/home/user/minknow_api/gRPC/lib/python3.7/site-packages/grpc/_channel.py", line 946, in call
return _end_unary_response_blocking(state, call, False, None)
File "/home/user/minknow_api/gRPC/lib/python3.7/site-packages/grpc/_channel.py", line 849, in _end_unary_response_blocking
raise _InactiveRpcError(state)
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
status = StatusCode.UNAVAILABLE
details = "failed to connect to all addresses"
debug_error_string = "{"created":"@1618939002.979941782","description":"Failed to pick subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":5419,"referenced_errors":[{"created":"@1618939002.979938522","description":"failed to connect to all addresses","file":"src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc","file_line":397,"grpc_status":14}]}"
ping to 192.168.1.18 yields an immediate reply.
Different attempts and the content of manager.py and manager_service.py imply to me that remote hosts are (so far ?) not supported.
Could you please let me know if gRPC calls to remote machine via the minknow_api are supported? Many thanks Claus