如何解决docker 容器内的 botocore.exceptions.SSLError (CERTIFICATE_VERIFY_FAILED)
当我使用 Docker 容器内的 boto3 库对我的 AWS 账户进行 API 调用时,我一直在尝试找出问题所在。我看到的错误是:
docker run --rm -ti -v ${HOME}/.aws/credentials:/root/.aws/credentials:ro boto3_test
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py",line 699,in urlopen
httplib_response = self._make_request(
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py",line 382,in _make_request
self._validate_conn(conn)
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py",line 1010,in _validate_conn
conn.connect()
File "/usr/local/lib/python3.8/site-packages/urllib3/connection.py",line 411,in connect
self.sock = ssl_wrap_socket(
File "/usr/local/lib/python3.8/site-packages/urllib3/util/ssl_.py",line 428,in ssl_wrap_socket
ssl_sock = _ssl_wrap_socket_impl(
File "/usr/local/lib/python3.8/site-packages/urllib3/util/ssl_.py",line 472,in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock,server_hostname=server_hostname)
File "/usr/local/lib/python3.8/ssl.py",line 500,in wrap_socket
return self.sslsocket_class._create(
File "/usr/local/lib/python3.8/ssl.py",line 1040,in _create
self.do_handshake()
File "/usr/local/lib/python3.8/ssl.py",line 1309,in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_Failed] certificate verify Failed: self signed certificate in certificate chain (_ssl.c:1125)
During handling of the above exception,another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/botocore/httpsession.py",line 314,in send
urllib_response = conn.urlopen(
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py",line 755,in urlopen
retries = retries.increment(
File "/usr/local/lib/python3.8/site-packages/urllib3/util/retry.py",line 507,in increment
raise six.reraise(type(error),error,_stacktrace)
File "/usr/local/lib/python3.8/site-packages/urllib3/packages/six.py",line 734,in reraise
raise value.with_traceback(tb)
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py",in do_handshake
self._sslobj.do_handshake()
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_Failed] certificate verify Failed: self signed certificate in certificate chain (_ssl.c:1125)
During handling of the above exception,another exception occurred:
Traceback (most recent call last):
File "/src/main.py",line 51,in <module>
print(dynamodb_ss.get_all_records())
File "/src/main.py",line 25,in get_all_records
response = self.table.scan()
File "/usr/local/lib/python3.8/site-packages/boto3/resources/factory.py",line 520,in do_action
response = action(self,*args,**kwargs)
File "/usr/local/lib/python3.8/site-packages/boto3/resources/action.py",line 83,in __call__
response = getattr(parent.Meta.client,operation_name)(*args,**params)
File "/usr/local/lib/python3.8/site-packages/botocore/client.py",line 357,in _api_call
return self._make_api_call(operation_name,kwargs)
File "/usr/local/lib/python3.8/site-packages/botocore/client.py",line 662,in _make_api_call
http,parsed_response = self._make_request(
File "/usr/local/lib/python3.8/site-packages/botocore/client.py",line 682,in _make_request
return self._endpoint.make_request(operation_model,request_dict)
File "/usr/local/lib/python3.8/site-packages/botocore/endpoint.py",line 102,in make_request
return self._send_request(request_dict,operation_model)
File "/usr/local/lib/python3.8/site-packages/botocore/endpoint.py",line 136,in _send_request
while self._needs_retry(attempts,operation_model,request_dict,File "/usr/local/lib/python3.8/site-packages/botocore/endpoint.py",line 253,in _needs_retry
responses = self._event_emitter.emit(
File "/usr/local/lib/python3.8/site-packages/botocore/hooks.py",line 356,in emit
return self._emitter.emit(aliased_event_name,**kwargs)
File "/usr/local/lib/python3.8/site-packages/botocore/hooks.py",line 228,in emit
return self._emit(event_name,kwargs)
File "/usr/local/lib/python3.8/site-packages/botocore/hooks.py",line 211,in _emit
response = handler(**kwargs)
File "/usr/local/lib/python3.8/site-packages/botocore/retryhandler.py",line 183,in __call__
if self._checker(attempts,response,caught_exception):
File "/usr/local/lib/python3.8/site-packages/botocore/retryhandler.py",line 250,in __call__
should_retry = self._should_retry(attempt_number,File "/usr/local/lib/python3.8/site-packages/botocore/retryhandler.py",line 277,in _should_retry
return self._checker(attempt_number,caught_exception)
File "/usr/local/lib/python3.8/site-packages/botocore/retryhandler.py",line 316,in __call__
checker_response = checker(attempt_number,line 222,in __call__
return self._check_caught_exception(
File "/usr/local/lib/python3.8/site-packages/botocore/retryhandler.py",line 359,in _check_caught_exception
raise caught_exception
File "/usr/local/lib/python3.8/site-packages/botocore/endpoint.py",line 200,in _do_get_response
http_response = self._send(request)
File "/usr/local/lib/python3.8/site-packages/botocore/endpoint.py",line 269,in _send
return self.http_session.send(request)
File "/usr/local/lib/python3.8/site-packages/botocore/httpsession.py",line 341,in send
raise SSLError(endpoint_url=request.url,error=e)
botocore.exceptions.SSLError: SSL validation Failed for https://dynamodb.us-west-2.amazonaws.com/ [SSL: CERTIFICATE_VERIFY_Failed] certificate verify Failed: self signed certificate in certificate chain (_ssl.c:1125)
我的 Dockerfile 包含以下内容:
FROM python:3.8-slim
RUN pip install --upgrade pip
copY requirements.txt .
RUN pip install -r requirements.txt
copY /src/ /src/
RUN chmod +x /src/main.py
ENTRYPOINT ["python","/src/main.py"]
这是我的 requirements.txt 文件:
awscli==1.19.50
boto3==1.17.50
botocore==1.20.50
certifi==2020.12.5
cffi==1.14.5
colorama==0.4.3
cryptography==3.4.7
docutils==0.15.2
jmespath==0.10.0
pyasn1==0.4.8
pycparser==2.20
pyOpenSSL==20.0.1
python-dateutil==2.8.1
PyYAML==5.4.1
rsa==4.7.2
s3transfer==0.3.6
six==1.15.0
urllib3==1.26.4
本质上,我只是想在 DynamoDB 中检索记录列表。此脚本在本地运行良好,但在 Docker 容器中失败。
我是否必须配置 SSL 证书?非常感谢任何帮助!
谢谢, 布莱恩
编辑:这里是 Python 代码
import boto3
from botocore.exceptions import ClientError
def gen_session_obj(profile_name='dynamodb',region_name='us-west-2'):
return boto3.Session(profile_name=profile_name,region_name=region_name)
def gen_client(session,service):
client = session.resource(service)
return client
class DynamoDbStateStore:
def __init__(self,dynamo_db_resource,table):
self.dynamodb_session = dynamo_db_resource
self.table = self.dynamodb_session.Table(table)
def get_all_records(self,project_expression=''):
try:
if project_expression:
response = self.table.scan(ProjectionExpression=project_expression)
else:
response = self.table.scan()
data = response.get('Items')
while 'LastEvaluatedKey' in response:
if project_expression:
response = self.table.scan(
ExclusiveStartKey=response['LastEvaluatedKey'],ProjectionExpression=project_expression
)
else:
response = self.table.scan(
ExclusiveStartKey=response['LastEvaluatedKey']
)
data.extend(response['Items'])
except ClientError as e:
print(e.response['Error']['Message'])
raise
return data
if __name__ == '__main__':
session = gen_session_obj()
dynamodb_client = gen_client(session,'dynamodb')
dynamodb_ss = DynamoDbStateStore(dynamodb_client,'user_mgr_audit_log')
print(dynamodb_ss.get_all_records())
解决方法
尝试禁用 ssl 层。 在您的代码添加之前
import ssl
try:
_create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
pass
else:
ssl._create_default_https_context = _create_unverified_https_context
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
