You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm busy trying to build a python Arrow server on a docker container. The rationale for moving it into a container is to isolate components of my program so if there's an exception/performance issue where something gobbles all the memory I'm able to quickly kill the container without bringing down the entire program.
I'm having problems connecting a local python script client to the server in the container. I'm not sure if it's a certificate issue /grpc issue/arrow server config issue. Going to break down what I've done below. Any help would be appreciated :)
Since I want to implement secure communication I'll need a certificate - self-signed should be fine for development. Generate development certificate using dotnet dev-certs. After trusting certificate, export it using cmd in windows.
My understanding is that the Arrow server only accepts .crt and .key files for public private key. I used WSL and SSL to convert the pfx file using this article from IBM.
Placing the public and private key in the same folder as my server script - I adjust the code as follows to not need to pass things in via args.
Running this on my local machine is fine- now I want to move the server into the container. I set up the docker file in the same folder as server script. See below (I know it's not ideal, but it does the job)
In the container, I quickly get python and pyarrow installed and then start the server
apt-getupdateapt-getinstallpython3.10python3-pippipinstallpyarrow//start server timecdhomepython3server.py//responds with "Serving on grpc+tls://localhost:5005"
Since the ports are mapped when we started the container, I rerun the client on my local and I'm greeted with this error on the client end.
gRPCreturnedunavailableerror, withmessage: failedtoconnecttoalladdresses. Clientcontext: IOError: Couldnotwrite record batchtostream. Detail: Internal. gRPCclientdebugcontext: {"created":"@1648805430.279000000","description":"Failed to pick subchannel","file":"C:\vcpkg\buildtrees\grpc\src\2180080eb4-87c05d756b.clean\src\core\ext\filters\client_channel\client_channel.cc","file_line":3159,"referenced_errors":[{"created":"@1648805430.279000000","description":"failed to connect to all addresses","file":"C:\vcpkg\buildtrees\grpc\src\2180080eb4-87c05d756b.clean\src\core\lib\transport\error_utils.cc","file_line":147,"grpc_status":14}]}. Additionally, couldnotfinishwriting record batchesbeforeclosing
Putting a try-catch on the server-side doesn't provide any more info, unfortunately.
I've already ruled out that I might have a dodgy certificate. I've used the same certificate to set up a basic C# kestrel server in a container using HTTPS. I've also tried the above using a C# server with the same issue.
Is there any obvious I'm missing in the config? I haven't found any examples where people use certificates with pyarrow, so a bit at a loss.
David Li / @lidavidm:
Try binding the server to 0.0.0.0 instead of localhost (I don't see the full server code but that would explain why it works outside the container but not inside, I think, and the Flight example binds to localhost indeed)
Yibo Cai / @cyb70289:
Agree with David that the localhost inside a container is not accessible from the host.
That said, I think we should use host network docker run --net=host ... (only supported on Linux). The default network goes through iptable NAT for each packet, bad for fast data plane traffic. https://docs.docker.com/network/host/
hi
I'm busy trying to build a python Arrow server on a docker container. The rationale for moving it into a container is to isolate components of my program so if there's an exception/performance issue where something gobbles all the memory I'm able to quickly kill the container without bringing down the entire program.
I'm having problems connecting a local python script client to the server in the container. I'm not sure if it's a certificate issue /grpc issue/arrow server config issue. Going to break down what I've done below. Any help would be appreciated :)
Grabbed the arrow python server from the github repo.
Since I want to implement secure communication I'll need a certificate - self-signed should be fine for development. Generate development certificate using dotnet dev-certs. After trusting certificate, export it using cmd in windows.
My understanding is that the Arrow server only accepts .crt and .key files for public private key. I used WSL and SSL to convert the pfx file using this article from IBM.
Placing the public and private key in the same folder as my server script - I adjust the code as follows to not need to pass things in via args.
My client code is a slimmed-down version of the one on the repo as a test I want to push some dummy data into the server.
build the image and run the container as below
Putting a try-catch on the server-side doesn't provide any more info, unfortunately.
I've already ruled out that I might have a dodgy certificate. I've used the same certificate to set up a basic C# kestrel server in a container using HTTPS. I've also tried the above using a C# server with the same issue.
Is there any obvious I'm missing in the config? I haven't found any examples where people use certificates with pyarrow, so a bit at a loss.
Reporter: Chris Dunderdale / @thatstatsguy
PRs and other links:
Note: This issue was originally created as ARROW-16090. Please see the migration documentation for further details.
The text was updated successfully, but these errors were encountered: