Hi @all,
We are trying to deploy the python client in the OpenSearch environment.
OpenSearch and OpenSearch-dashboards is running on the latest version, 2.0.1.
The python code for connecting the OpenSearch:
from opensearchpy import OpenSearch
host = 'our.mapped.domain'
port = 9200
auth = ('admin', 'admin') # For testing only. Don't store credentials in code.
ca_certs_path = '/etc/opensearch/cert.pem' # Provide a CA bundle if you use intermediate CAs with your root CA.
# Optional client certificates if you don't want to use HTTP basic authentication.
client_cert_path = '/etc/opensearch/cert.pem'
client_key_path = '/etc/opensearch/privkey.pem'
# Create the client with SSL/TLS enabled, but hostname verification disabled.
client = OpenSearch(
hosts = [{'host': host, 'port': port}],
http_compress = True, # enables gzip compression for request bodies
http_auth = auth,
client_cert = '/etc/opensearch/cert.pem',
client_key = '/etc/opensearch/privkey.pem',
use_ssl = True,
verify_certs = True,
ssl_assert_hostname = False,
ssl_show_warn = False,
ca_certs = '/etc/opensearch/cert.pem'
)
The SSL certificate file permissions are given below:
# file: etc/opensearch/cert.pem
# owner: root
# group: opensearch
user::rw-
user:opensearch-dashboards:rw-
user:opensearch:rwx
group::r-x
group:opensearch:rwx
mask::rwx
other::r--
The privkey.pem files have the same permission.
After executing the .py file, it gave an error regarding the SSL certificate files.
The error is given below.
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen
chunked=chunked)
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in _validate_conn
conn.connect()
File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 358, in connect
ssl_context=context)
File "/usr/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 354, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket
_context=self, _session=session)
File "/usr/lib64/python3.6/ssl.py", line 776, in __init__
self.do_handshake()
File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/opensearchpy/connection/http_urllib3.py", line 250, in perform_request
method, url, body, retries=Retry(False), headers=request_headers, **kw
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 638, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/lib/python3.6/site-packages/urllib3/util/retry.py", line 344, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/usr/lib/python3.6/site-packages/urllib3/packages/six.py", line 692, in reraise
raise value.with_traceback(tb)
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen
chunked=chunked)
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in _validate_conn
conn.connect()
File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 358, in connect
ssl_context=context)
File "/usr/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 354, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket
_context=self, _session=session)
File "/usr/lib64/python3.6/ssl.py", line 776, in __init__
self.do_handshake()
File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake
self._sslobj.do_handshake()
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "ospy3.py", line 44, in <module>
response = client.indices.create(index_name, body=index_body)
File "/usr/local/lib/python3.6/site-packages/opensearchpy/client/utils.py", line 177, in _wrapped
return func(*args, params=params, headers=headers, **kwargs)
File "/usr/local/lib/python3.6/site-packages/opensearchpy/client/indices.py", line 125, in create
"PUT", _make_path(index), params=params, headers=headers, body=body
File "/usr/local/lib/python3.6/site-packages/opensearchpy/transport.py", line 405, in perform_request
raise e
File "/usr/local/lib/python3.6/site-packages/opensearchpy/transport.py", line 375, in perform_request
timeout=timeout,
File "/usr/local/lib/python3.6/site-packages/opensearchpy/connection/http_urllib3.py", line 261, in perform_request
raise SSLError("N/A", str(e), e)
opensearchpy.exceptions.SSLError: ConnectionError([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)) caused by: SSLError([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897))
So if anyone could point me in the right direction that would be a great help.
Thanks.