Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here. Want to know more about what has changed? Check out the Community News blog.

SSL certification validation ignoring "-k" via python scripting

SOLVED Go to solution

SSL certification validation ignoring "-k" via python scripting

Explorer

Dear Team,

 

I am trying to connect to cm api client with below python script.

 

Code:

import sys
from datetime import datetime, timedelta
from cm_api.api_client import ApiResource
cm_host = "172.21.1.40"
cm_port = "7183"
cdh5 = None
cm_host = "<IP Address>"
api = ApiResource(cm_host, 7183, username=" ********", password="*********", use_tls=True)
for c in api.get_all_clusters():
    print c.name

 

I get below error

...
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/cm_api/api_client.py", line 131, in get_all_clusters
return clusters.get_all_clusters(self, view)
File "/usr/lib/python2.7/site-packages/cm_api/endpoints/clusters.py", line 66, in get_all_clusters
params=view and dict(view=view) or None)
File "/usr/lib/python2.7/site-packages/cm_api/endpoints/types.py", line 139, in call
ret = method(path, params=params)
File "/usr/lib/python2.7/site-packages/cm_api/resource.py", line 110, in get
return self.invoke("GET", relpath, params)
File "/usr/lib/python2.7/site-packages/cm_api/resource.py", line 73, in invoke
headers=headers)
File "/usr/lib/python2.7/site-packages/cm_api/http_client.py", line 181, in execute
return self._opener.open(request)
File "/usr/lib64/python2.7/urllib2.py", line 431, in open
response = self._open(req, data)
File "/usr/lib64/python2.7/urllib2.py", line 449, in _open
'_open', req)
File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/usr/lib64/python2.7/urllib2.py", line 1258, in https_open
context=self._context, check_hostname=self._check_hostname)
File "/usr/lib64/python2.7/urllib2.py", line 1214, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)>

 

I can overrided above error with below command manually[-k]

curl -X post  -k -u userid:**** https://******************:7183/api/v19/clusters/ADH-DEVELOPMENT001/commands/stop

 

Now the problem statment is . I am not sure how to add -k option in python code basically don't know how to "Ignore SSL certification validation"

 

 

Thanks and Regards,

Naveen Srikanth D

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: SSL certification validation ignoring "-k" via python scripting

Master Collaborator

Hi,

 you have to create an ssl_context before you open the connection and point it to the CA certificate:

import ssl

context = ssl.create_default_context(cafile=cmcertpath)
api = ApiResource( cm_host, '7183', username=username, password=password, use_tls=True, ssl_context=context)

 

1 REPLY 1
Highlighted

Re: SSL certification validation ignoring "-k" via python scripting

Master Collaborator

Hi,

 you have to create an ssl_context before you open the connection and point it to the CA certificate:

import ssl

context = ssl.create_default_context(cafile=cmcertpath)
api = ApiResource( cm_host, '7183', username=username, password=password, use_tls=True, ssl_context=context)