SSL Certificate Error with python-arango Library

485 views Asked by At

I am trying to connect the Python-Arango library to an application. I have set up the ArangoDB on Kubernetes nodes using this tutorial. My yaml file for the cluster is like this:

---
apiVersion: "database.arangodb.com/v1alpha"
kind: "ArangoDeployment"
metadata:


name: "arango-cluster"
spec:
  mode: Cluster
  image: arangodb/arangodb:3.7.6
  tls:
    caSecretName: arango-cluster-ca
  agents:
    storageClassName: my-local-storage
    resources:
      requests:
        storage: 2Gi
  dbservers:
    storageClassName: my-local-storage
    resources:
      requests:
        storage: 17Gi
  externalAccess:
    type: NodePort
    nodePort: 31200

Setup seems fine, since I am able to access the web UI as well as through Arango shell. However, when I am using the python-arango library to connect my application to the DB, I am getting a certificate related error:

Max retries exceeded with url: /_db/testDB/_api/document/demo/10010605 (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),))

When doing kubectl get secrets, I see arango-cluster-ca there, which I have explicitly mentioned in the YAML file above. I have also set the verification flag in the python code False as follows

db = client.db(name='testDB', verify=False, username='root', password='')

Yet, it does not bypass the verification as expected.

I would like to understand what I could have missed - either during setup, or in the Python call - which is not letting me bypass this SSL certificate error issue, or if it's possible to set the certificate up. I tried this Arango tutorial to setup a certificate, but it did not give me success.

Thanks.

2

There are 2 answers

0
Arghya Dutta On BEST ANSWER

The only workaround I was able to figure out was to opt for the unsecured route. Instead of having arango-cluster-ca in the spec.tls.caSecretName field of arango cluster config file, I set the field to None. It allowed me to connect with http without any issues.

Would still like to know if there is some workaround to get it connected via https, so I am still open to answers, else I would close this.

0
eadmaster On

just found a workaround using some undocumented switches:

    arango_client = ArangoClient(hosts=ARANGO_DB_URL, verify_override=False)
    arango_db = arango_client.db(ARANGO_DB_NAME, username=ARANGO_DB_USER, password=ARANGO_DB_PASSWORD, verify_certificate=False)