A problem that I’ve come across is that I have a Flask application that wants to connect to a Grafana Instance through Grafana Client, but every time I try to it gives me out the following error:
(.venv) usr:~/projects/app$ flask run --cert=cert.pem --key=key.pem
Debug mode: off
WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
Running on https://127.0.0.1:5000
Press CTRL+C to quit
[2024-09-10 10:38:50,702] ERROR in app: Exception on /grafana [GET]
Traceback (most recent call last):
File "/home/usr/projects/app/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 975, in _make_request
self._validate_conn(conn)
File "/home/usr/projects/app/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 1939, in _validate_conn
super()._validate_conn(conn)
File "/home/usr/projects/app/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 608, in _validate_conn
conn.connect()
File "/home/usr/projects/app/.venv/lib/python3.11/site-packages/urllib3/connection.py", line 732, in connect
sock_and_verified = _ssl_wrap_socket_and_match_hostname(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/usr/projects/app/.venv/lib/python3.11/site-packages/urllib3/connection.py", line 895, in _ssl_wrap_socket_and_match_hostname
ssl_sock = ssl_wrap_socket(
^^^^^^^^^^^^^^^^
File "/home/usr/projects/app/.venv/lib/python3.11/site-packages/urllib3/util/ssl_.py", line 637, in ssl_wrap_socket
ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/usr/projects/app/.venv/lib/python3.11/site-packages/urllib3/util/ssl_.py", line 681, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/ssl.py", line 517, in wrap_socket
return self.sslsocket_class._create(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/ssl.py", line 1075, in _create
self.do_handshake()
File "/usr/lib/python3.11/ssl.py", line 1346, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/usr/projects/app/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 1400, in urlopen
response = self._make_request( # type: ignore[call-overload,misc]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/usr/projects/app/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 999, in _make_request
raise new_e
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/home/usr/projects/app/.venv/lib/python3.11/site-packages/niquests/adapters.py", line 899, in send
resp_or_promise = conn.urlopen( # type: ignore[call-overload]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/usr/projects/app/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 1476, in urlopen
retries = retries.increment(
^^^^^^^^^^^^^^^^^^
File "/home/usr/projects/app/.venv/lib/python3.11/site-packages/urllib3/util/retry.py", line 542, in increment
raise MaxRetryError(_pool, url, reason) from reason # type: ignore[arg-type]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='grafana.prd.rede.tst', port=443): Max retries exceeded with url: /api/health (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/usr/projects/app/.venv/lib/python3.11/site-packages/flask/app.py", line 1473, in wsgi_app
response = self.full_dispatch_request()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/usr/projects/app/.venv/lib/python3.11/site-packages/flask/app.py", line 882, in full_dispatch_request
rv = self.handle_user_exception(e)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/usr/projects/app/.venv/lib/python3.11/site-packages/flask/app.py", line 880, in full_dispatch_request
rv = self.dispatch_request()
^^^^^^^^^^^^^^^^^^^^^^^
File "/home/usr/projects/app/.venv/lib/python3.11/site-packages/flask/app.py", line 865, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args) # type: ignore[no-any-return]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/usr/projects/app/app.py", line 48, in grafana_page
health = grafana_instance.health.check()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/usr/projects/app/.venv/lib/python3.11/site-packages/grafana_client/elements/health.py", line 15, in check
return self.client.GET(path)
^^^^^^^^^^^^^^^^^^^^^
File "/home/usr/projects/app/.venv/lib/python3.11/site-packages/grafana_client/client.py", line 198, in __request_runner
r = self.s.request(
^^^^^^^^^^^^^^^
File "/home/usr/projects/app/.venv/lib/python3.11/site-packages/niquests/sessions.py", line 550, in request
resp = self.send(prep, **send_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/usr/projects/app/.venv/lib/python3.11/site-packages/niquests/sessions.py", line 1201, in send
r = adapter.send(request, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/usr/projects/app/.venv/lib/python3.11/site-packages/niquests/adapters.py", line 948, in send
raise SSLError(e, request=request)
niquests.exceptions.SSLError: HTTPSConnectionPool(host='grafana.local', port=443): Max retries exceeded with url: /api/health (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))
`
Grafana is hosted on the intranet but requires an SSL connection. I’ve created the self-signed certificate to use for local testing, but nothing seems to work. Do I have to wrap something with the SSL context for it to work? I’ve never really messed with this stuff.
My app.py has the following:
from flask import Flask
from grafana_client import GrafanaApi
from .settings import settings
api = GrafanaApi(verify=False, host=settings.GRAFANA_URL)
grafana_instance = api.from_url(
url=settings.GRAFANA_URL, credential=settings.GRAFANA_TOKEN
)
app = Flask(__name__, static_url_path="/static")
@app.route("/grafana", methods=["GET"])
def grafana_page():
health = grafana_instance.health.check()
print(health)
return {"OK": "OK"}
I’ve tried setting an insecure connection through the grafana-client, but it seems even then it requests from the Grafana URL to ask whether it wants to make an insecure connection or not, so turning verify=False on the GrafanaApi object doesn’t do much.
Does Python see the local certificates when running? Do I have to set it so that it sees my local certificates and if so, would it use it during the grafana-client call without explicitly calling it?
2