From e10bf34dfb8ffd6d89c09ec062bd62dec297bd24 Mon Sep 17 00:00:00 2001 From: Juan Caballero Date: Wed, 29 Nov 2023 10:06:32 +0100 Subject: [PATCH 1/3] adding documentation for certificate change problems --- docs/usage.rst | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/docs/usage.rst b/docs/usage.rst index 49e1eb1..596cb96 100644 --- a/docs/usage.rst +++ b/docs/usage.rst @@ -148,6 +148,25 @@ remove all the flags: and rerun dissectBCL. Note that an existing demuxSheet in the folder won't be overwritten, allowing you to jump in. +Issues with Parkour verification +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +In this case (which is rare as it's caused by changing the certificate provider and it is not commonly listed), the certificate issuer is not recognized as dissect throws this error: + +.. code-block:: console + + requests.exceptions.SSLError: HTTPSConnectionPool(host='parkour.ie-freiburg.mpg.de', port=443): Max retries exceeded with url: + /api/analysis_list/analysis_list/?flowcell_id=XXXXXXXXX (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate + verify failed: unable to get local issuer certificate (_ssl.c:1007)'))) + +then, the new certificate needs to be added in the system (i.e. for CenOS 7, copying it to /etc/pki/ca-trust/source/anchors/ and run "update-ca-trust") and append the content to "cacert.pem" as certifi uses this file to check the issuer. +Python requests uses certifi to verify SSL connections, however, it is not using the system certificates and uses their own file. +To find where is that file, it can be requested as: + +.. code-block:: console + + python -m certifi + + Other issues ^^^^^^^^^^^^ It can happen that the pipeline just crashes. A point of entry there would be to have a look at the log files. These are written per flowcell. From e054ee8fbd7604b660705098b734e568e81e5fdf Mon Sep 17 00:00:00 2001 From: Juan Caballero Date: Wed, 29 Nov 2023 15:49:56 +0100 Subject: [PATCH 2/3] updating certificate issue --- docs/usage.rst | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/docs/usage.rst b/docs/usage.rst index 596cb96..bf8f68e 100644 --- a/docs/usage.rst +++ b/docs/usage.rst @@ -158,13 +158,9 @@ In this case (which is rare as it's caused by changing the certificate provider /api/analysis_list/analysis_list/?flowcell_id=XXXXXXXXX (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)'))) -then, the new certificate needs to be added in the system (i.e. for CenOS 7, copying it to /etc/pki/ca-trust/source/anchors/ and run "update-ca-trust") and append the content to "cacert.pem" as certifi uses this file to check the issuer. -Python requests uses certifi to verify SSL connections, however, it is not using the system certificates and uses their own file. -To find where is that file, it can be requested as: +then, the new certificate needs to be added in the system (i.e. for CenOS 7, copying it to /etc/pki/ca-trust/source/anchors/ and run "update-ca-trust"). -.. code-block:: console - - python -m certifi +Finally, the configuration file needs to point to the chained-certificate in the cert= field. Other issues From 6cc99ae74ad3bd19b70aa188d1beea8bed237d1d Mon Sep 17 00:00:00 2001 From: Ward D Date: Wed, 29 Nov 2023 16:29:04 +0100 Subject: [PATCH 3/3] Update usage.rst typos + strip MPI information. --- docs/usage.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/usage.rst b/docs/usage.rst index bf8f68e..6edf9ac 100644 --- a/docs/usage.rst +++ b/docs/usage.rst @@ -154,13 +154,13 @@ In this case (which is rare as it's caused by changing the certificate provider .. code-block:: console - requests.exceptions.SSLError: HTTPSConnectionPool(host='parkour.ie-freiburg.mpg.de', port=443): Max retries exceeded with url: + requests.exceptions.SSLError: HTTPSConnectionPool(host='parkourURL', port=443): Max retries exceeded with url: /api/analysis_list/analysis_list/?flowcell_id=XXXXXXXXX (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)'))) -then, the new certificate needs to be added in the system (i.e. for CenOS 7, copying it to /etc/pki/ca-trust/source/anchors/ and run "update-ca-trust"). +then, the new certificate needs to be added in the system (i.e. for CentOS 7, copying it to /etc/pki/ca-trust/source/anchors/ and run "update-ca-trust"). -Finally, the configuration file needs to point to the chained-certificate in the cert= field. +Finally, the cert field under the parkour header in the configuration file needs to point to the file copied in the anchors directory. Other issues