Closed zchatt closed 1 year ago
0x55555555
commented
2 years ago Hi @zchatt , how are you trying to connect?
The error you link doesnt look like an SSL error, but instead an authentication issue.
Are you connecting to a local device, or a remote one - do you have a more complete example demonstrating your issue?
zchatt
commented
2 years ago Hi George,
Thank you for getting back to me. I first tried to use start_protocol.py to connect to a local minion device attached to my Macbook. However I received the following error trying to access MinKNOW's CA SSL.
# Run
./start_protocol.py --host localhost --flow-cell-id MN19078 --sample-id "my_sample" --experiment-group "my_group" --experiment-duration 24 --kit SQK-LSK109 --fasta
# Error message
Traceback (most recent call last):
File "/Users/zacc/python_venv/ndecode/lib/python3.8/site-packages/minknow_api/__init__.py", line 190, in grpc_credentials
return grpc_credentials.cached_credentials
AttributeError: 'function' object has no attribute 'cached_credentials'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Users/zacc/github_repo/nucleotrace_api/start_protocol.py", line 635, in <module>
main()
File "/Users/zacc/github_repo/nucleotrace_api/start_protocol.py", line 538, in main
manager = Manager(host=args.host, port=args.port, use_tls=not args.no_tls)
File "/Users/zacc/python_venv/ndecode/lib/python3.8/site-packages/minknow_api/manager.py", line 99, in __init__
super(Manager, self).__init__(
File "/Users/zacc/python_venv/ndecode/lib/python3.8/site-packages/minknow_api/manager.py", line 37, in __init__
minknow_api.grpc_credentials(),
File "/Users/zacc/python_venv/ndecode/lib/python3.8/site-packages/minknow_api/__init__.py", line 195, in grpc_credentials
raise MissingMinknowSSlCertError(
minknow_api.MissingMinknowSSlCertError: Couldn't find a valid path to MinKNOW's CA SSL certificate to initiate a secure connection
Notations within the minknow_api/init.py indicated that I should specify the location of the MinKNOW apps certificate. Therefore I added the location to "os.environ['MINKNOW_TRUSTED_CA']" as indicated above at the beginning of the start_protocol.py which appeared to identify the ceritifcate i.e. MissingMinknowSSlCertError was gone, however this generated the Unauthenticated error;
# Error message
File "/Users/zacc/github_repo/nucleotrace_api/start_protocol.py", line 630, in <module>
main()
File "/Users/zacc/github_repo/nucleotrace_api/start_protocol.py", line 537, in main
add_position_info(experiment_specs, manager)
File "/Users/zacc/github_repo/nucleotrace_api/start_protocol.py", line 461, in add_position_info
add_position_to_specs(experiment_specs, position, position_key_type)
File "/Users/zacc/github_repo/nucleotrace_api/start_protocol.py", line 427, in add_position_to_specs
position_connection = position.connect()
File "/Users/zacc/python_venv/ndecode/lib/python3.8/site-packages/minknow_api/manager.py", line 347, in connect
return minknow_api.Connection(host=self.host, port=port, use_tls=use_tls)
File "/Users/zacc/python_venv/ndecode/lib/python3.8/site-packages/minknow_api/__init__.py", line 299, in __init__
self.instance.get_version_info()
File "/Users/zacc/python_venv/ndecode/lib/python3.8/site-packages/minknow_api/instance_service.py", line 93, in get_version_info
return run_with_retry(self._stub.get_version_info,
File "/Users/zacc/python_venv/ndecode/lib/python3.8/site-packages/minknow_api/instance_service.py", line 37, in run_with_retry
result = MessageWrapper(method(message, timeout=timeout), unwraps=unwraps)
File "/Users/zacc/python_venv/ndecode/lib/python3.8/site-packages/grpc/_channel.py", line 946, in __call__
return _end_unary_response_blocking(state, call, False, None)
File "/Users/zacc/python_venv/ndecode/lib/python3.8/site-packages/grpc/_channel.py", line 849, in _end_unary_response_blocking
raise _InactiveRpcError(state)
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
status = StatusCode.UNAUTHENTICATED
details = "Bad metadata key"
debug_error_string = "{"created":"@1644210054.617217000","description":"Error received from peer ipv6:[::1]:8001","file":"src/core/lib/surface/call.cc","file_line":1075,"grpc_message":"Bad metadata key","grpc_status":16}"Yes, I do believe this is an authentification issue but I am unsure if I am supplying this incorrectly or how to verify the ca.crt? I appreciate any help and guidance.
0x55555555
commented
2 years ago To verify if local connections work, you can try setting MINKNOW_API_USE_LOCAL_TOKEN to force a local token connection:
MINKNOW_API_USE_LOCAL_TOKEN will cause minknow to use the token written to disk and avoid any other authentication systems.
We have specific changes to MinKNOW 5.0 to ship the API with its own copy of the certificate to make your certificate issues easier.
Let us know if that works - we can try to assist further.
zchatt
commented
2 years ago Thank you George. I am unsure of how MINKNOW_API_USE_LOCAL_TOKEN is passed as I could not find any instance of this in the minknow_api eg.'grep -r 'MINKNOW_API_USE_LOCAL_TOKEN' minknow_api/'
I was able to get start_protocol.py working by setting "--no-tls True". Whilst this does'nt solve the issue, its a workable solution for the short-term. Do you have know when MinKNOW 5.0 will be released?
0x55555555
commented
2 years ago I dont know exactly when it will be released, but i would imagine a month or so.
Hi ONT,
I am having an issue supplying th SSL certificate to start_protocol.py. I have set the `MINKNOW_TRUSTED_CA' environment variable within start_protocol.py to the certificate used by the MinKNOW app.
os.environ['MINKNOW_TRUSTED_CA'] = "/Applications/MinKNOW.app/Contents/Resources/conf/rpc-certs/ca.crt"However when running start_protocol.py I receive the following error;
I am able to use the minion through the MiKNOW app which would be using the same certificate so I am unsure the reason for the discrepancy. I am running minknow_api 4.5.0 and MinKNOW 21.11.18. Any help/ insights would be greatly appreciated