[ckan-dev] basic question on configuring SSL with CKAN
gustavo w
gustavo.waku at gmail.com
Wed Oct 25 13:15:10 UTC 2017
Thanks Stefan,
I just modified the files at my machine, adding the SSL_VERIFY = 'False'
*./etc/ckan/datapusher_settings.py*
*./usr/lib/ckan/datapusher/src/datapusher/deployment/datapusher_settings.py*
*the file looks like this:*
*-------*
import uuid
DEBUG = False
TESTING = False
SECRET_KEY = str(uuid.uuid4())
USERNAME = str(uuid.uuid4())
PASSWORD = str(uuid.uuid4())
NAME = 'datapusher'
# database
SQLALCHEMY_DATABASE_URI = 'sqlite:////tmp/job_store.db'
# webserver host and port
HOST = '0.0.0.0'
PORT = 8800
# logging
#FROM_EMAIL = 'server-error at example.com'
#ADMINS = ['yourname at example.com'] # where to send emails
#LOG_FILE = '/tmp/ckan_service.log'
STDERR = True
SSL_VERIFY = 'False'
*-------*
*But the changes looks like are not being reflected. I have rebooted the
machine, but still nothing changes...*
*Do I have to do anything else?*
thanks a lot,
Gustavo
On Wed, Oct 25, 2017 at 9:48 AM, Stefan Oderbolz <stefan.oderbolz at liip.ch>
wrote:
> Hi Gustavo,
>
> there was just recently a bugfix for this issue: https://github.com/
> ckan/datapusher/issues/149
> So you could either update to the latest version of datapusher or try to
> set SSL_VERIFY to 'False' (including the quotes).
>
> - Stefan
>
> On Tue, Oct 24, 2017 at 6:57 PM, gustavo w <gustavo.waku at gmail.com> wrote:
>
>> Hi,
>>
>> I installed ckan 2.6.2, and its working fine (via deb package), with data
>> explorer ok.
>> after I set the SSL protocol using the tutorial available at: (
>> https://github.com/ckan/ckan/wiki/SSL), whenever I upload a new CSV
>> file, the data is not displayed anymore into the dataexplorer.
>>
>> When I force the datastore to process the CSV file, I get the following
>> error:
>>
>> "Erro: File "/usr/lib/ckan/datapusher/lib/python2.7/site-packages/apscheduler/scheduler.py",
>> line 512, in _run_job retval = job.func(*job.args, **job.kwargs)
>> File "/usr/lib/ckan/datapusher/src/datapusher/datapusher/jobs.py", line
>> 300, in push_to_datastore resource = get_resource(resource_id, ckan_url,
>> api_key)
>> File "/usr/lib/ckan/datapusher/src/datapusher/datapusher/jobs.py", line
>> 250, in get_resource 'Authorization': api_key}
>> File "/usr/lib/ckan/datapusher/lib/python2.7/site-packages/requests/api.py",
>> line 110, in post return request('post', url, data=data, json=json,
>> **kwargs)
>> File "/usr/lib/ckan/datapusher/lib/python2.7/site-packages/requests/api.py",
>> line 56, in request return session.request(method=method, url=url,
>> **kwargs)
>> File "/usr/lib/ckan/datapusher/lib/python2.7/site-packages/requests/sessions.py",
>> line 488, in request resp = self.send(prep, **send_kwargs)
>> File "/usr/lib/ckan/datapusher/lib/python2.7/site-packages/requests/sessions.py",
>> line 609, in send r = adapter.send(request, **kwargs)
>> File "/usr/lib/ckan/datapusher/lib/python2.7/site-packages/requests/adapters.py",
>> line 497, in send raise SSLError(e, request=request)
>> SSLError(SSLError(SSLError(1, '_ssl.c:510: error:14090086:SSL
>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed'),),)"
>>
>> Looks like it's an error with python lib SSL protocol.
>> I was instructed to follow the tutorial at: http://docs.ckan.org/proje
>> cts/datapusher/en/latest/using.html#configuring-ssl-verification
>>
>> the tutorial says:
>> *"If you still have problems verifying certificates, or maybe for test
>> purposes, you can switch the verification off in datapusher_settings.py:*
>> *SSL_VERIFY = False"*
>>
>> *I set SSL_VERIFY = False in datapusher_settings.py*
>> *but the server does not reflect this change.*
>>
>> *I found two files like this in my machine.*
>> *./etc/ckan/datapusher_settings.py*
>>
>> *./usr/lib/ckan/datapusher/src/datapusher/deployment/datapusher_settings.py*
>>
>> *I changed both and rebooted the machine.*
>> *somehow it does not work.*
>> *Do I have to recompile somehow the file?*
>>
>> *Can anyone give me directions on how to set the SSL_VERIFY flag into the
>> datapusher_settings? do I have to recompile anything else?*
>>
>> *Thanks a lot,*
>> *Gustavo*
>>
>> _______________________________________________
>> ckan-dev mailing list
>> ckan-dev at lists.okfn.org
>> https://lists.okfn.org/mailman/listinfo/ckan-dev
>> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
>>
>>
>
>
> --
> Liip AG // Limmatstrasse 183 // CH-8005 Zürich
> Tel +41 43 500 39 80 <+41%2043%20500%2039%2080> // GnuPG 0x7B588C67 //
> www.liip.ch
>
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20171025/568b727c/attachment-0003.html>
More information about the ckan-dev
mailing list