Reply
Highlighted
Explorer
Posts: 15
Registered: ‎03-03-2017
Accepted Solution

SSL certification validation ignoring "-k" via python scripting

Dear Team,

 

I am trying to connect to cm api client with below python script.

 

Code:

import sys
from datetime import datetime, timedelta
from cm_api.api_client import ApiResource
cm_host = "172.21.1.40"
cm_port = "7183"
cdh5 = None
cm_host = "<IP Address>"
api = ApiResource(cm_host, 7183, username=" ********", password="*********", use_tls=True)
for c in api.get_all_clusters():
    print c.name

 

I get below error

...
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/cm_api/api_client.py", line 131, in get_all_clusters
return clusters.get_all_clusters(self, view)
File "/usr/lib/python2.7/site-packages/cm_api/endpoints/clusters.py", line 66, in get_all_clusters
params=view and dict(view=view) or None)
File "/usr/lib/python2.7/site-packages/cm_api/endpoints/types.py", line 139, in call
ret = method(path, params=params)
File "/usr/lib/python2.7/site-packages/cm_api/resource.py", line 110, in get
return self.invoke("GET", relpath, params)
File "/usr/lib/python2.7/site-packages/cm_api/resource.py", line 73, in invoke
headers=headers)
File "/usr/lib/python2.7/site-packages/cm_api/http_client.py", line 181, in execute
return self._opener.open(request)
File "/usr/lib64/python2.7/urllib2.py", line 431, in open
response = self._open(req, data)
File "/usr/lib64/python2.7/urllib2.py", line 449, in _open
'_open', req)
File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/usr/lib64/python2.7/urllib2.py", line 1258, in https_open
context=self._context, check_hostname=self._check_hostname)
File "/usr/lib64/python2.7/urllib2.py", line 1214, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)>

 

I can overrided above error with below command manually[-k]

curl -X post  -k -u userid:**** https://******************:7183/api/v19/clusters/ADH-DEVELOPMENT001/commands/stop

 

Now the problem statment is . I am not sure how to add -k option in python code basically don't know how to "Ignore SSL certification validation"

 

 

Thanks and Regards,

Naveen Srikanth D

Master
Posts: 326
Registered: ‎07-01-2015

Re: SSL certification validation ignoring "-k" via python scripting

Hi,

 you have to create an ssl_context before you open the connection and point it to the CA certificate:

import ssl

context = ssl.create_default_context(cafile=cmcertpath)
api = ApiResource( cm_host, '7183', username=username, password=password, use_tls=True, ssl_context=context)

 

Announcements