Hi LooseClams37
From the docker compose, I see the agent is running in venv mode, is that correct?
Also notice that when configuring the minio credentials you can specify if this is an https connection (secure: true) which by default it is not.
See here: https://github.com/allegroai/clearml-agent/blob/5a6caf6399a0128ad81e8723d0a847e2ded5b75e/docs/clearml.conf#L287
yes, I have secure: true, when set as false its a different error. and yes the agent is running in venv mode (as opposed to?)
(Venv mode makes sense if running inside a container, if you need docker support you will need to mount the docker socket inside)
What is exactly the error you re getting from clearml? And what do you have in the configuration file?
Here is what the error is:botocore.exceptions.SSLError: SSL validation failed for https://<redacted>/clearml/.clearml.test [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)
And here is the applicable configuration in clearml.conf:
` sdk {
aws {
s3 {
key: "<redacted>"
secret: "<redacted>"
host: "<redacted>"
credentials: [
{
bucket: "clearml"
host: "<redacted>"
key: "<redacted>"
secret: "<redacted>"
multipart: false
secure: true
}
]
}
}
development {
default_output_uri: "s3://<redacted url matching host above>/clearml"
}
} `
based on iterations before, I was getting issues reaching the minio server, I have rectified that and now its an ssl issue, but I have no idea what is misconfigured as awscli and boto3 both work fine when run within the same container to put/get objects from the same server and bucket
Hmm can you try with additional configuration, next to "secure: true" in your clearml.conf, can you add "verify: false"
I can but that is not a configuration we would want to run with in production
I can but that is not a configuration we would want to run with in production
Agreed, I just want to isolate the issue. I think this is the bottom python interface missing some configuration or environment variables
can we also put the path to the CA?
Yes :)
But first I want to make sure the verify argument is actually used, hence False
hey, that worked! what library is being used that reads that configuration?
going to try it again with a path to ca instead of false
hey, that worked! what library is being used that reads that configuration?
It's passed to boto3, but the pyhon interface and aws cli use different configuration, I guess, because otherwise it should have worked...
ok, ya something must override the standard configuration options
Sure thing :)
BTW could you maybe PR this argument (marked out) so that we know for next time?
happy to help document, can you provide where I should do that?
Thanks!
In the conf file, I guess this will be where ppl will look for it.