Problem to install python-runner and the faas scheduler

Hey guys, so I am using the Entreprise edition and I want to use Python scripts but I got trouble to make it works. I’m not good at Docker so the first thing that I don’t know is if it’s normal that the manual never tells to start the Docker. The manual also say to configure the conf file
/opt/seatable-python-runner/conf/seatable_python_runner_settings.py and I was wondering why is there another conf file which has lot more parameters : /opt/seatable-python-runner/settings.py.
I don’t know if the problem may come from these things, I’m getting the error

error: Internal Server Error.
at t/e/</<

This is correct. When you execute a Python script in SeaTable, the Docker container is spun up, the script is run, and the Docker container is trashed.

Multiple conf files. Not so unusual, right?

Check the log files!

I checked the log files and it says this : 2023-02-23 11:29:58,334 [ERROR] seahub.api2.endpoints.run_script:129 post HTTPConnectionPool(host=‘faas.seatable.yaousam.fr’, port=8888): Max retries exceeded with url: /run-script/ (Caused by NewConnectionError(‘<urllib3.connection.HTTPConnection object at 0x7f5f02b47a90>: Failed to establish a new connection: [Errno 111] Connection refused’))
2023-02-23 11:29:58,335 [ERROR] django.request:230 log_response Internal Server Error: /api/v2.1/dtable/db1eebf8-2ae1-4769-aadc-f0727fc333a9/run-script/78L8.py/

I’m not using https for the faas scheduler, my server is listening on the good ports (had many issues with that )

I tried to redo everything from the beginning. I have made a new seatable server with https on seatable and on the faas scheduler. After verifying that everything was like it is said on the manual, I got the same error in dtable_web.log:

2023-02-27 12:33:36,389 [ERROR] seahub.api2.endpoints.run_script:129 post HTTPSConnectionPool(host=‘faas.test.fr’, port=443): Max retries exceeded with url: /run-script/ (Caused by NewConn>

2023-02-27 12:33:36,390 [ERROR] django.request:224 log_response Internal Server Error: /api/v2.1/dtable/6540bf63-8dbb-4df7-a6b9-b49217616642/run-script/US83.py/

That part: Max retries exceeded with url: /run-script/, seem to be the issue but I can’t figure why. If anyone had the same issue and found a solution, i’ll be happy to read it.

After spending a lot of times reading logs and testing, the error seems to come from SSL. With this error:

[2023-02-27 14:40:24,104] [ERROR] faas_scheduler.utils:373 remove_invalid_tasks HTTPSConnectionPool(host=‘seatable-test.indclic.fr’, port=4443): Max retries exceeded with url: /api/v2.1/script-permissions/ (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED>
Traceback (most recent call last):
File “/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py”, line 710, in urlopen
chunked=chunked,
File “/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py”, line 386, in _make_request
self.validate_conn(conn)
File “/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py”, line 1040, in validate_conn
conn.connect()
File “/usr/local/lib/python3.6/dist-packages/urllib3/connection.py”, line 424, in connect
tls_in_tls=tls_in_tls,
File "/usr/local/lib/python3.6/dist-packages/urllib3/util/ssl.py", line 450, in ssl_wrap_socket
sock, context, tls_in_tls, server_hostname=server_hostname
File "/usr/local/lib/python3.6/dist-packages/urllib3/util/ssl.py", line 493, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File “/usr/lib/python3.6/ssl.py”, line 407, in wrap_socket
_context=self, _session=session)
File “/usr/lib/python3.6/ssl.py”, line 817, in init
self.do_handshake()
File “/usr/lib/python3.6/ssl.py”, line 1077, in do_handshake
self._sslobj.do_handshake()
File “/usr/lib/python3.6/ssl.py”, line 689, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/local/lib/python3.6/dist-packages/requests/adapters.py”, line 450, in send
timeout=timeout
File “/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py”, line 786, in urlopen
method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
File “/usr/local/lib/python3.6/dist-packages/urllib3/util/retry.py”, line 592, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host=‘seatable-test.indclic.fr’, port=4443): Max retries exceeded with url: /api/v2.1/script-permissions/ (Caused by SSLError(SSLError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)’),))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/opt/seatable-faas-scheduler/faas-scheduler/faas_scheduler/utils.py”, line 343, in remove_invalid_tasks
response = requests.get(permission_url, headers=headers, json={‘users’: users, ‘org_ids’: org_ids})
File “/usr/local/lib/python3.6/dist-packages/requests/api.py”, line 75, in get
return request(‘get’, url, params=params, **kwargs)
File “/usr/local/lib/python3.6/dist-packages/requests/api.py”, line 61, in request
return session.request(method=method, url=url, **kwargs)
File “/usr/local/lib/python3.6/dist-packages/requests/sessions.py”, line 529, in request
resp = self.send(prep, **send_kwargs)
File “/usr/local/lib/python3.6/dist-packages/requests/sessions.py”, line 645, in send
r = adapter.send(request, **kwargs)
File “/usr/local/lib/python3.6/dist-packages/requests/adapters.py”, line 517, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host=‘seatable-test.indclic.fr’, port=4443): Max retries exceeded with url: /api/v2.1/script-permissions/ (Caused by SSLError(SSLError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)’),))

I would know if is it in fact possible to do the installation on an internal server, certificates doesn’t work, I got an ssl error every time, even after doing for the third time the installation of certificate. Keep getting an error saying unknow ca cert but the ca cert is on the server and linked in the nginx.conf fie for the faas scheduler.

Hey YaourtSama,
the easy installation (and what is described at Deploy - SeaTable Admin Manual) is that either SeaTable and SeaTable Faas Scheduler are reachable via a public URL and both use Let’s Encrypt. In this case, you will not have any problems with the certificate verification.

It is possible to run the Faas-Scheduler and Python internal, but this complicates it a lot. It is not enough to tell the docker hosts which certificate to use. You have to tell the docker container running SeaTable and the python in the docker container how to deal with your self-signed certificate.

Here is a short summary, what we do for our customers with a dedicated system:

• we use two virtual machines. One for SeaTable, one for Faas/Python
• we only need one DNS-entry pointing to the SeaTable VM
• we create a root authority
• we add the root authority to both VMs, the SeaTable Container and the python environment inside the Docker Container of SeaTable
• then it is possible to use Faas/Python internal.

You write in your first post, I am not good at Docker. In this case, I would recommend that you use two public domains and use Let’s Encrypt for both.

I am sorry for the inconvenience, figured out why it’s not working, the logs weren’t showing anything so I did everything again from the beginning. It appears that the problem were my certificates key were encrypted and caused the faas ngninx to not work properly. Now my seatable can contact the faas scheduler without any issue.

The only thing left is a 502 bad gateway error between the faas and the python runner when I try to run a script

It works !

I verified everything, add the missing port to the python runner on the faas, recreated the docker and a beautiful hello world appeared.

Thanks for your feedback and great that it works now.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.