search

sassoftware / python-swat

The SAS Scripting Wrapper for Analytics Transfer (SWAT) package is the Python client to SAS Cloud Analytic Services (CAS). It allows users to execute CAS actions and process the results all from Python.
Other
144 stars 61 forks source link

RuntimeError: Booting the TK subsystem failed: TKECERT: Extension load failure. #161

Closed gygabyte017 closed 1 year ago

gygabyte017 commented 1 year ago

Hi, same as #106 is happening again in k8s environment:

ERROR: Could not load opensslcert extension. OpenSSL libraries are not found or the wrong version.
Traceback (most recent call last):
    import swat
  File "/usr/local/lib/python3.9/site-packages/swat/__init__.py", line 72, in <module>
    from . import config    # noqa: E402
  File "/usr/local/lib/python3.9/site-packages/swat/config.py", line 83, in <module>
    register_option('tkpath', 'string', set_tkpath, _initialize_tkpath(),
  File "/usr/local/lib/python3.9/site-packages/swat/utils/config.py", line 764, in register_option
    _config[key] = SWATOption(key, typedesc, validator, default, doc, environ=environ)
  File "/usr/local/lib/python3.9/site-packages/swat/utils/config.py", line 656, in __init__
    self._default = validator(default)
  File "/usr/local/lib/python3.9/site-packages/swat/config.py", line 54, in set_tkpath
    InitializeTK(a2n(path, 'utf-8'))
  File "/usr/local/lib/python3.9/site-packages/swat/clib.py", line 182, in InitializeTK
    out = _pyswat.InitializeTK(*args, **kwargs)
RuntimeError: Booting the TK subsystem failed: TKECERT: Extension load failure.
bkemper24 commented 1 year ago

What version of openssl are you using ? Unfortunately, the python-swat client does not support openssl 3 at this time.

If you have an earlier version of openssl, such as openssl 1.1.1, installed you can try something similar to the following, pointing to the correct location for your system, to tell python-swat to use the openssl 1.1.1 libraries instead:

import os os.environ['TKESSL_OPENSSL_LIB'] = "/usr/lib/x86_64-linux-gnu/libssl.so.1.1" os.environ['TKECERT_CRYPTO_LIB'] = "/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1"

gygabyte017 commented 1 year ago

Thank you, I solved manually setting that environment variables you mentioned in the Dockerfile:

# Force using old openssl package due to swat compatibility
RUN apt-get update && apt-get install -y zstd && rm -rf /var/lib/apt/lists/*
RUN wget https://archlinux.org/packages/core/x86_64/openssl-1.1/download/ -O openssl-1.1-1.1.1.s-4-x86_64.pkg.tar.zst
RUN tar --use-compress-program=unzstd -xvf openssl-1.1-1.1.1.s-4-x86_64.pkg.tar.zst
RUN cp usr/lib/libcrypto.so.1.1 /usr/lib/x86_64-linux-gnu/
RUN cp usr/lib/libssl.so.1.1 /usr/lib/x86_64-linux-gnu/

ENV TKECERT_CRYPTO_LIB=/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
ENV TKESSL_OPENSSL_LIB=/usr/lib/x86_64-linux-gnu/libssl.so.1.1
jcdops commented 8 months ago

The workaround described above was working, but stopped working when I rebuilt the container. https://archlinux.org/packages/core/x86_64/openssl-1.1/download/ downloads the latest patch version, which appears is a breaking change to what SWAT needs.

I got around it by using an ubuntu archive:

RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.20_amd64.deb && \ dpkg -i libssl1.1_1.1.1f-1ubuntu2.20_amd64.deb && \ rm libssl1.1_1.1.1f-1ubuntu2.20_amd64.deb

ENV TKESSL_OPENSSL_LIB=/usr/lib/x86_64-linux-gnu/libssl.so.1.1

My container already had libcrypto.so.1.1.

Ideally swat should be compatible the latest libssl so we don't need this work around