Q&A, support and general discussion about the Arvados project, for development see https://gitter.im/arvados/development
but improving this situation is on our roadmap
and probably get a boost in priority
the arvados user group meeting is happening now: https://forum.arvados.org/t/arvados-user-group-video-chat/47/9
When using the Python API, what is the right function call to update a collection with new files replacing the old ones? I'm happily creating initial containers using
save_new, but when trying to create a new version of a collection with new files using a similar approach and calling saveI get the dreaded [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate which I suspect is just telling me I'm not doing it the right way. Are there any cookbook examples of this? I'm having lots of fun learning my way around the API and enjoying using the fabulous new workbench, cool to see all the awesome work you've been doing.
@chapmanb
but it should just work
where are you running it from?
the playground shell? your laptop? somewhere else?
This is from my laptop. The weird thing is that
save_new works fine, but then using save gives that error in the same environment. So I figured I was using the API wrong. If there is a code snippet for how to create a new version of a collection with updated files, I can dig from there.
@chapmanb it doesn't make sense for save_new() to work and save() to not work if they are communicating with the same API server
so that's really odd
save() is the right API call to commit changes to a collection
Thanks y'all, sorry I had to go pickup kids. No rush on this. I added you to the repo and my code is here if I'm doing anything obviously wrong: https://github.com/chapmanb/veggiedb-standardize/blob/d211606c33291bde9ada7942075d380c10cb2179/veggiedb/arvadosio.py#L75 It's the same logic for the actual file addition, just how I initialize and save the collection if it exists versus being new. That's why I figured the error was caused by bad coding, not an actual configuration issue.
@chapmanb no worries, I've been poking at this a bit. The SSL error is very odd; our best guess is currently that something is going on with the
apiconfig object: either it is not properly propagated somehow in the save call (that would be an sdk bug, I'm trying to replicate it), or, could it be apiconfig is not what you expect in some circumstances? Maybe you could add a debug print that prints it out when you get the SSL error.
but I don't know why you'd only see it on 'save' and not 'save_new'
Thanks Ward for digging, I'm glad it's not just me that's confused. I've got this all in a pipenv so pretty isolated and repeatable with the python requirement. pycurl is
pycurl==7.44.1. apiconfig is consistent between both since the code is the same. I'll try to poke more but it's helpful to hear I'm not doing anything obviously wrong in the code.
Thanks Ward, I'm looking at the connection code as well and realizing how different save and save_new are under the covers so will do some debugging. I purposely tried to keep the code on my side as consistent as possible but will also double check that. I appreciate the help.
@chapmanb: yea, can you be more specific about how you run it and under what circumstances you get the error
actually, even better, can you shave it down to a test case
if you can just make a tiny script that just makes a collection and uses save/save_new and see if it succeeds or fails
and then build that back up until we can isolate the issue
stack traces would also be helpful
or, older than the end of September 2021?
(I have this sneaking suspicion that the root cert expiry for Let's Encrypt has something to do with this; that happened Sep 30th - cf. https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/)
venv is kind of nasty, it copies a bunch of system files into your virtualenv at creation.
I see certifi's cacert.pem and httplib2's cacerts.txt also
I think one of those in your venv could be out of date
would that affect any of our python packages that are virtualenvs?
right
just speculating
I've also seen cert breakage caused by this because of out of date libssl and other system packages