You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2021/09/23 13:45:01 UTC

[GitHub] [superset] manishbansal8843 opened a new issue #16811: Add CA bundle to superset docker container

manishbansal8843 opened a new issue #16811:
URL: https://github.com/apache/superset/issues/16811


   I need to add root certificates to the superset container so that it can communicate to my secured authorization server.
   
   As of now, i could not find any environment variable or mount path where i can add the certificates and same get updated to the `cacert.pem` at runtime. 
   
   As of now, what i have done is, I logged into my container and appended my root.pem file to the certifi `cacert.pem` for which I found the path from `certifi.where()` command on python terminal inside the container which is `/usr/local/lib/python3.7/site-pacakges/certifi/cacert.pem`
   
   Is there any standard way to do it?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] manishbansal8843 commented on issue #16811: Add CA bundle to superset docker container

Posted by GitBox <gi...@apache.org>.

manishbansal8843 commented on issue #16811:
URL: https://github.com/apache/superset/issues/16811#issuecomment-925893756


   Update: I tried passing `--ca-certs` param to the `gunicorn` command as well but it did not work. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] manishbansal8843 edited a comment on issue #16811: Add CA bundle to superset docker container

Posted by GitBox <gi...@apache.org>.

manishbansal8843 edited a comment on issue #16811:
URL: https://github.com/apache/superset/issues/16811#issuecomment-925969182


   Final Update: 
   
   I mounted my ca bundle on the container at path `/app/docker/mycacert.pem`. Further, I created one sh file called as `start.sh` and mounted it on superset container at `/app/docker/start.sh` with below code.
   
   ```
   cat /app/docker/mycacert.pem >> /usr/local/lib/python3.7/site-pacakges/certifi/cacert.pem
   
   gunicorn --bind  0.0.0.0:8088 --access-logfile - --error-logfile - --workers 5 --worker-class gthread --threads 4 --timeout 200 --limit-request-line 4094 --limit-request-field_size 8190 'superset.app:create_app()'
   ```
   Further, docker-compose.yml is modified and replaced command parameter as below.
   `command: ["/app/docker/start.sh"]`
   
   However, this feels like a hack and it would be great if some standard solution is made available. Thanks


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] manishbansal8843 commented on issue #16811: Add CA bundle to superset docker container

Posted by GitBox <gi...@apache.org>.

manishbansal8843 commented on issue #16811:
URL: https://github.com/apache/superset/issues/16811#issuecomment-925969182


   Final Update: I created one sh file called as `start.sh` and mounted it on superset container with below code.
   
   ```
   cat /app/docker/mycacert.pem >> /usr/local/lib/python3.7/site-pacakges/certifi/cacert.pem
   
   gunicorn --bind  0.0.0.0:443 --access-logfile - --error-logfile - --workers 5 --worker-class gthread --threads 4 --timeout 200 --limit-request-line 4094 --limit-request-field_size 8190 'superset.app:create_app()'
   ```
   Further, docker-compose.yml is modified and replaced command parameter as below.
   `command: ["/my/mount/path/start.sh"]`
   
   However, this feels like a hack and it would be great if some standard solution is made available. Thanks


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] manisha-tanwar commented on issue #16811: Add CA bundle to superset docker container

Posted by GitBox <gi...@apache.org>.

manisha-tanwar commented on issue #16811:
URL: https://github.com/apache/superset/issues/16811#issuecomment-1032724125


   looking for same option with kubernetes installation.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] manishbansal8843 edited a comment on issue #16811: Add CA bundle to superset docker container

Posted by GitBox <gi...@apache.org>.

manishbansal8843 edited a comment on issue #16811:
URL: https://github.com/apache/superset/issues/16811#issuecomment-925969182


   Final Update: 
   
   I mounted my ca bundle on the container at path `/app/docker/mycacert.pem`. Further, I created one sh file called as `start.sh` and mounted it on superset container at `/app/docker/start.sh` with below code.
   
   ```
   cat /app/docker/mycacert.pem >> /usr/local/lib/python3.7/site-pacakges/certifi/cacert.pem
   
   gunicorn --bind  0.0.0.0:443 --access-logfile - --error-logfile - --workers 5 --worker-class gthread --threads 4 --timeout 200 --limit-request-line 4094 --limit-request-field_size 8190 'superset.app:create_app()'
   ```
   Further, docker-compose.yml is modified and replaced command parameter as below.
   `command: ["/app/docker/start.sh"]`
   
   However, this feels like a hack and it would be great if some standard solution is made available. Thanks


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] manishbansal8843 commented on issue #16811: Add CA bundle to superset docker container

Posted by GitBox <gi...@apache.org>.

manishbansal8843 commented on issue #16811:
URL: https://github.com/apache/superset/issues/16811#issuecomment-925929876


   Update 2: I also tried passing 2 commands in docker-compose `command` parameter where first command is to append my root.pem to cacerts.pem and then run gunicorn command but after that my container does not start. Not sure if its an issue with my docker command or something else.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org