Yes, already tried, it's not implemented as we got this error :
Can't specify the options 'verify_certs' via a dictionary in 'hosts', only 'host', 'path_prefix', 'port', 'scheme', 'url_prefix', 'use_ssl' options are allowed
@<1752864322440138752:profile|GiddyDragonfly90> - I think you can also add verify_certs: false
in the same elasticsearchConnectionString
object, have you tried?
To override args passed to elastic connection string
- name: CLEARML__HOSTS__ELASTIC__WORKERS__ARGS
value: >-
{"verify_certs":false}
- name: CLEARML__HOSTS__ELASTIC__DATASETS__ARGS
value: >-
{"verify_certs":false}
- name: CLEARML__HOSTS__ELASTIC__EVENTS__ARGS
value: >-
{"verify_certs":false}
As the elasticsearch cluster might be reinstalled, I prefer to not add the CA into bundle certificates of clearml
i can't see any option on elasticsearchConnectionString which allow me to bypass certificate check
@<1729671499981262848:profile|CooperativeKitten94> as we use eck operator for our elasticsearch cluster, clearML try to connect to elasticsearch using https, but as it is self signed certificates, it it possible to bypass certificate check ?
@<1752864322440138752:profile|GiddyDragonfly90> - MongoDB is used as a dependency Helm Chart from the Bitnami repo. We are using version 12.1.31 of the chart. See this tag None
In the clearml override values, under the mongodb
section you can specify any value that is usable in the original chart 🙂
@<1729671499981262848:profile|CooperativeKitten94> last question, is there any extraEnvs for MongoDB ? As credentials are plain text into logs
Okay I tried, it works with :
apiserver:
extraEnvs:
- name: CLEARML_ELASTIC_SERVICE_USERNAME
value: "elastic"
- name: CLEARML_ELASTIC_SERVICE_PASSWORD
value: "toto"
But we don't need to add the option into elasticsearchConnectionString :
externalServices:
elasticsearchConnectionString: "[...,"secure":true,...]"
As we get this error :
ValueError: Can't specify the options 'secure' via a dictionary in 'hosts', only 'host', 'path_prefix', 'port', 'scheme', 'url_prefix', 'use_ssl' options are allowed
It works fine, thank you very much 😉
I see, in the example you provided you used a comma ,
to separate username and password, I suggest trying to use a column :
I didn't know that I could use CLEARML_ELASTIC_SERVICE_USERNAME / CLEARML_ELASTIC_SERVICE_PASSWORD env variables 🙂 good to know
Yes, I've already try to pass credentials into host name, but it didn't work
For this to work you might also have to add "secure": true
in the connection string object:
externalServices:
elasticsearchConnectionString: "[...,"secure":true,...]"
If that doesn't work, try removing the auth from the connection string and instead define two extraEnvs
for the apiserver
:
apiserver:
extraEnvs:
- name: CLEARML_ELASTIC_SERVICE_USERNAME
value: "elastic"
- name: CLEARML_ELASTIC_SERVICE_PASSWORD
value: "toto"
Hi @<1752864322440138752:profile|GiddyDragonfly90> - Can you try with the last value you proposed, but use :
to separate user and password in the string, like this:
externalServices:
elasticsearchConnectionString: '[{"scheme":"http","host":"elastic:toto@elasticsearch-es-http","port":9200}]'