https://flyte.org logo
Title
l

Louis DiNatale

04/06/2023, 7:59 PM
Hey flyte team im trying to use flyteremote and am running into a SSL error. Peer name is not in peer certification. The documentation doesnt make it exactly clear how to pass in the cert unless I missed something. Is it as simple as passing in the path to the “certificate_chain” option?
k

Ketan (kumare3)

04/06/2023, 11:29 PM
yes, these are grpc options, let me share
cc @Yee / @Eduardo Apolinario (eapolinario)
c

Chirag Gosalia

04/07/2023, 1:00 PM
we have our cert, is it possible to show example snippet of how you would pass it? Documentation was a bit thin in this regard.
k

Ketan (kumare3)

04/07/2023, 1:10 PM
Yes, we will do
s

Stephanie Marker

04/07/2023, 1:44 PM
Is it this? It seems like we are supposed to read in the cert bytes then pass it as an arg to FlyteRemote's `grpc_credentials`: nvm Chirag tried this and it didn't work https://flyte-org.slack.com/archives/CP2HDHKE1/p1675532821853759?thread_ts=1675162165.893489&cid=CP2HDHKE1
y

Yee

04/07/2023, 6:45 PM
remote_client._client = remote_client.client.with_root_certificate(remote_client.config.platform, "/path/to/cert.cer")
remote_client._client_initialized = True
this will fix that first issue. flytekit doesn’t apply the cert to both place - only when trying to create the channel for auth, not when generally just making calls, which is why it was failing. we should update that but this is the workaround for now. the root cause is that the user is trying to access flyte from a domain different than the one that the cert was generated for, which is why it needs to be passed in. running now into a second issue but suspect it’s unrelated. will report back if not.
c

Chirag Gosalia

04/07/2023, 6:53 PM
Tried the above and got error
_InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
        status = StatusCode.INTERNAL
        details = "Exception serializing request!"
        debug_error_string = "None"
y

Yee

04/07/2023, 7:08 PM
that’s the second issue
can you check flyte admin logs?
that is at least a flyte error i think
l

Louis DiNatale

04/07/2023, 7:09 PM
let me verify now
no nothing
y

Yee

04/07/2023, 7:24 PM
can we first verify with
flytectl --admin.caCertFilePath /path/to/cert get projects
l

Louis DiNatale

04/07/2023, 7:37 PM
it works, it also works without the cert
flytectl works just fine its just flyteremote