Hi
I tried connecting to opensearch using python client but getting SSL Error.
OpenSearch Version: 2.0.1
Python Version:3.6
public IP of the opensearch host: 10.83.5.67
Here is the python code for connecting the client to opensearch:
from opensearch import OpenSearch
host = '10.83.5.67'
port = 9200
auth = ('admin', 'admin') # For testing only. Don't store credentials in code.
ca_certs_path = '/etc/opensearch/cert.pem' # Provide a CA bundle if you use intermediate CAs with your root CA.
# Create the client with SSL/TLS enabled, but hostname verification disabled.
client = OpenSearch(
hosts = [{'host': host, 'port': port}],
http_compress = True, # enables gzip compression for request bodies
http_auth = auth,
use_ssl = True,
verify_certs = True,
ssl_assert_hostname = False,
ssl_show_warn = False,
ca_certs = ca_certs_path
)
The certificates used in opensearch.yml file are:
plugins.security.ssl.transport.pemcert_filepath: /etc/opensearch/cert.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/opensearch/privkey.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/opensearch/fullchain.pem
plugins.security.ssl.http.pemcert_filepath: /etc/opensearch/cert.pem
plugins.security.ssl.http.pemkey_filepath: /etc/opensearch/privkey.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/opensearch/fullchain.pem
This is the error I am getting:
[root@ip-10-92-3-240 pyscripts]# python3 ospy4.py
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen
chunked=chunked)
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in _validate_conn
conn.connect()
File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 358, in connect
ssl_context=context)
File "/usr/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 367, in ssl_wrap_socket
return context.wrap_socket(sock)
File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket
_context=self, _session=session)
File "/usr/lib64/python3.6/ssl.py", line 776, in __init__
self.do_handshake()
File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/opensearchpy/connection/http_urllib3.py", line 250, in perform_request
method, url, body, retries=Retry(False), headers=request_headers, **kw
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 638, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/lib/python3.6/site-packages/urllib3/util/retry.py", line 344, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/usr/lib/python3.6/site-packages/urllib3/packages/six.py", line 692, in reraise
raise value.with_traceback(tb)
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen
chunked=chunked)
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in _validate_conn
conn.connect()
File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 358, in connect
ssl_context=context)
File "/usr/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 367, in ssl_wrap_socket
return context.wrap_socket(sock)
File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket
_context=self, _session=session)
File "/usr/lib64/python3.6/ssl.py", line 776, in __init__
self.do_handshake()
File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake
self._sslobj.do_handshake()
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "ospy4.py", line 31, in <module>
response = client.indices.create(index_name, body=index_body)
File "/usr/local/lib/python3.6/site-packages/opensearchpy/client/utils.py", line 177, in _wrapped
return func(*args, params=params, headers=headers, **kwargs)
File "/usr/local/lib/python3.6/site-packages/opensearchpy/client/indices.py", line 125, in create
"PUT", _make_path(index), params=params, headers=headers, body=body
File "/usr/local/lib/python3.6/site-packages/opensearchpy/transport.py", line 405, in perform_request
raise e
File "/usr/local/lib/python3.6/site-packages/opensearchpy/transport.py", line 375, in perform_request
timeout=timeout,
File "/usr/local/lib/python3.6/site-packages/opensearchpy/connection/http_urllib3.py", line 261, in perform_request
raise SSLError("N/A", str(e), e)
opensearchpy.exceptions.SSLError: ConnectionError([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)) caused by: SSLError([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897))
[root@ip-10-92-3-240 pyscripts]#
Not sure what’s wrong I am using the same certificate in opensearch-dashboard.yml file, but can’t connect using python client.
Any suggestion would be really helpful.
Thanks