sassoftware / python-swat

The SAS Scripting Wrapper for Analytics Transfer (SWAT) package is the Python client to SAS Cloud Analytic Services (CAS). It allows users to execute CAS actions and process the results all from Python.
Other
148 stars 63 forks source link

Connection issue - accessing CAS in containerized Viya 4 environment from local Python client. #129

Open SundareshSankaran opened 2 years ago

SundareshSankaran commented 2 years ago

My Python client is a local Jupyter notebook application running on my laptop. On my server, I have published both the HTTP and Binary CAS Node ports and also exposed them as Load Balancers, providing external IPs.

As a first check - I first used swat to access CAS from a Python client on the server - viz. through SAS Studio. Connections to https and bin ports are both successful.

There are two different error messages I get - both are SSL certificate related. The first one is when I connect with the below format ( is the alias for my ingress)

Situation 1 :

os.environ['CAS_CLIENT_SSL_CA_LIST']="trustedcerts.pem"

s = swat.CAS(hostname="<host>/sas-cas-server-default-http", port=443, protocol="https",
              username="user",password=getpass.getpass("Enter password"))

Message (error portion):

SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)

Variants - tried with -bin (cas protocol) and with -client, port=443 and protocol=https

Next, I tried providing a hostname directly, and got the following error (which is a little funny, given that the hostname is actually part of the list of hosts.)

CertificateError: hostname '**10.A.B.C**' doesn't match either of '10.A.B.A', '**10.A.B.C**', 'controller', 'controller.sas-cas-server-default', '......'

I have verified my certificate and it is obtained from the cluster directly in per format.

sdimos commented 2 years ago

Stuck on the same issue:

SSLError: HTTPSConnectionPool(host='<host>.com', port=443): Max retries exceeded with url: /cas-shared-default-http/cas/sessions (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))

I was provided a .pem file with certificates for viya which I used to set the path for os.environ["CAS_CLIENT_SSL_CA_LIST"] and I added the contents to my Windows CA store to no avail.

bkemper24 commented 2 years ago

What version of viya are you trying to connect to ?

What did you use for the hostname in the swat.CAS() function ? for example, are you using the name of the ingress, or the hostname of the cas controller, or something else ?