In the Airflow admin site
When I update the http_default connection the http sensor gives the following error:
ERROR - Could not create Fernet object: Incorrect padding
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/airflow/models.py", line 173, in get_fernet
_fernet = Fernet(fernet_key.encode('utf-8'))
File "/usr/local/lib/python3.6/site-packages/cryptography/fernet.py", line 35, in init
key = base64.urlsafe_b64decode(key)
File "/usr/local/lib/python3.6/base64.py", line 133, in urlsafe_b64decode
return b64decode(s)
File "/usr/local/lib/python3.6/base64.py", line 87, in b64decode
return binascii.a2b_base64(s)
binascii.Error: Incorrect padding
It seems your $FERNET_KEY is not set.
Can you check the output of echo $FERNET_KEY?
Can you also check the fernet_key = entry in your airflow.cfg?
If those are empty, you can generate a new one with some Python code:
from cryptography.fernet import Fernet
print(Fernet.generate_key().decode())
Then set this value in your airflow.cfg under fernet_key =.
Alternatively you can also set it via export AIRFLOW__CORE__FERNET_KEY=your_fernet_key (this gives you more flexibility if you are building your environment dynamically).
Important to keep in mind
The Fernet Key is used to encrypt your connections' credentials, so you need to keep it safe it you want to be able to decrypt them later. If you had created some connections before with another fernet key, and you generated a new one as described above, your old connections won't work and will have to be recreated once you set the new key in place.
Related
In my Composer Airflow DAGs, I have been using the CloudSqlProxyRunner to connect to my Cloud SQL instance.
However, after updating Google Cloud Composer from v1.18.4 to 1.18.6, my DAG started to encounter a strange error:
[2022-04-22, 23:20:18 UTC] {cloud_sql.py:462} INFO - Downloading cloud_sql_proxy from https://dl.google.com/cloudsql/cloud_sql_proxy.linux.x86_64 to /home/airflow/dXhOYoU_cloud_sql_proxy.tmp
[2022-04-22, 23:20:18 UTC] {taskinstance.py:1702} ERROR - Task failed with exception
Traceback (most recent call last):
File "/opt/python3.8/lib/python3.8/site-packages/airflow/models/taskinstance.py", line 1330, in _run_raw_task
self._execute_task_with_callbacks(context)
File "/opt/python3.8/lib/python3.8/site-packages/airflow/models/taskinstance.py", line 1457, in _execute_task_with_callbacks
result = self._execute_task(context, self.task)
File "/opt/python3.8/lib/python3.8/site-packages/airflow/models/taskinstance.py", line 1513, in _execute_task
result = execute_callable(context=context)
File "/opt/python3.8/lib/python3.8/site-packages/airflow/decorators/base.py", line 134, in execute
return_value = super().execute(context)
File "/opt/python3.8/lib/python3.8/site-packages/airflow/operators/python.py", line 174, in execute
return_value = self.execute_callable()
File "/opt/python3.8/lib/python3.8/site-packages/airflow/operators/python.py", line 185, in execute_callable
return self.python_callable(*self.op_args, **self.op_kwargs)
File "/home/airflow/gcs/dags/real_time_scoring_pipeline.py", line 99, in get_messages_db
with SQLConnection() as sql_conn:
File "/home/airflow/gcs/dags/helpers/helpers.py", line 71, in __enter__
self.proxy_runner.start_proxy()
File "/opt/python3.8/lib/python3.8/site-packages/airflow/providers/google/cloud/hooks/cloud_sql.py", line 524, in start_proxy
self._download_sql_proxy_if_needed()
File "/opt/python3.8/lib/python3.8/site-packages/airflow/providers/google/cloud/hooks/cloud_sql.py", line 474, in _download_sql_proxy_if_needed
raise AirflowException(
airflow.exceptions.AirflowException: The cloud-sql-proxy could not be downloaded. Status code = 404. Reason = Not Found
Checking manually, https://dl.google.com/cloudsql/cloud_sql_proxy.linux.x86_64 indeed returns a 404.
Looking at the function that raises the exception, _download_sql_proxy_if_needed, it has this code:
system = platform.system().lower()
processor = os.uname().machine
if not self.sql_proxy_version:
download_url = CLOUD_SQL_PROXY_DOWNLOAD_URL.format(system, processor)
else:
download_url = CLOUD_SQL_PROXY_VERSION_DOWNLOAD_URL.format(
self.sql_proxy_version, system, processor
)
So, for whatever reason, in both of these latest images of Composer, processor = os.uname().machine returns x86_64. Previously, it returned amd64, and https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 is in fact a valid link to the binary we need.
I replicated this error in Composer 2.0.10 as well.
I am still investigating possible workarounds, but posting this here in case someone else encounters this issue, and has figured out a workaround, and to raise this with Google engineers (who, according to Composer's docs, monitor this tag).
My current workaround is patching the CloudSqlProxyRunner to hardcode the correct URL:
class PatchedCloudSqlProxyRunner(CloudSqlProxyRunner):
"""
This is a patched version of CloudSqlProxyRunner to provide a workaround for an incorrectly
generated URL to the Cloud SQL proxy binary.
"""
def _download_sql_proxy_if_needed(self) -> None:
download_url = "https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64"
# the rest of the code is taken from the original method
proxy_path_tmp = self.sql_proxy_path + ".tmp"
self.log.info(
"Downloading cloud_sql_proxy from %s to %s", download_url, proxy_path_tmp
)
# httpx has a breaking API change (follow_redirects vs allow_redirects)
# and this should work with both versions (cf. issue #20088)
if "follow_redirects" in signature(httpx.get).parameters.keys():
response = httpx.get(download_url, follow_redirects=True)
else:
response = httpx.get(download_url, allow_redirects=True) # type: ignore[call-arg]
# Downloading to .tmp file first to avoid case where partially downloaded
# binary is used by parallel operator which uses the same fixed binary path
with open(proxy_path_tmp, "wb") as file:
file.write(response.content)
if response.status_code != 200:
raise AirflowException(
"The cloud-sql-proxy could not be downloaded. "
f"Status code = {response.status_code}. Reason = {response.reason_phrase}"
)
self.log.info(
"Moving sql_proxy binary from %s to %s", proxy_path_tmp, self.sql_proxy_path
)
shutil.move(proxy_path_tmp, self.sql_proxy_path)
os.chmod(self.sql_proxy_path, 0o744) # Set executable bit
self.sql_proxy_was_downloaded = True
And then instantiate it and use it as I would the original CloudSqlProxyRunner:
proxy_runner = PatchedCloudSqlProxyRunner(path_prefix, instance_spec)
proxy_runner.start_proxy()
But I am hoping that this is properly fixed by someone at Google soon, by fixing the os.uname().machine value,
or uploading a Cloud SQL proxy binary to the one currently generated in _download_sql_proxy_if_needed.
As mentioned by #enocom this commit to support arm64 download links actually caused a side-effect of generating broken download links. I assume the author of the commit thought that the Cloud SQL Proxy had binaries for each machine type, although in fact there are not Linux x86_64 links.
I have created an airflow PR to hopefully fix the broken links, hopefully it will get merged in soon and resolve this. Will update the thread with any updates.
Update (I've been working with Jack on this): I just merged that PR! When a new version of the providers is added to PyPI, you'll need to add it to your Composer environment. In the meantime, as a workaround, you could take the fix from Jack's PR and use it as a local dependency. (Similar to the other reply here!) If you do this, I highly recommend setting a calendar reminder (maybe a month from now?) to remove the workaround and go back to importing from the provider package, just to make sure you don't miss out on other updates to it! :)
I have a program that pools ad stats from different marketing systems. Everything works fine untill i convert it to the .exe format and run it.
Exception in Tkinter callback
Traceback (most recent call last):
File "C:\Users\user\AppData\Local\Programs\Python\Python35\lib\tkinter\__init__.py", line 1549, in __call__
return self.func(*args)
File "C:\Users\user\Desktop\alg\TSK_7. Marketing\report_gui.py", line 24, in <lambda>
ok = tk.Button(root, text="DO NOT PRESS", bg="red", command=lambda: self.run())
File "C:\Users\user\Desktop\alg\TSK_7. Marketing\report_gui.py", line 43, in run
report.merge_all()
File "C:\Users\user\Desktop\alg\TSK_7. Marketing\process_data.py", line 400, in merge_all
fb_df = self.fetch_fb()
File "C:\Users\user\Desktop\alg\TSK_7. Marketing\process_data.py", line 156, in fetch_fb
fb_campaigns = from_fb.run_fb(self.start_date, self.end_date) # in JSON format
File "C:\Users\user\Desktop\alg\TSK_7. Marketing\from_fb.py", line 110, in run_fb
return s.get_stats()
File "C:\Users\user\Desktop\alg\TSK_7. Marketing\from_fb.py", line 84, in get_stats
params=params,
File "C:\Users\user\AppData\Local\Programs\Python\Python35\lib\site-packages\facebookads\adobjects\adaccount.py", line 1551, in get_insights
return request.execute()
File "C:\Users\user\AppData\Local\Programs\Python\Python35\lib\site-packages\facebookads\api.py", line 653, in execute
cursor.load_next_page()
File "C:\Users\user\AppData\Local\Programs\Python\Python35\lib\site-packages\facebookads\api.py", line 797, in load_next_page
params=self.params,
File "C:\Users\user\AppData\Local\Programs\Python\Python35\lib\site-packages\facebookads\api.py", line 305, in call
timeout=self._session.timeout
File "C:\Users\user\AppData\Local\Programs\Python\Python35\lib\site-packages\requests\sessions.py", line 508, in request
resp = self.send(prep, **send_kwargs)
File "C:\Users\user\AppData\Local\Programs\Python\Python35\lib\site-packages\requests\sessions.py", line 618, in send
r = adapter.send(request, **kwargs)
File "C:\Users\user\AppData\Local\Programs\Python\Python35\lib\site-packages\requests\adapters.py", line 407, in send
self.cert_verify(conn, request.url, verify, cert)
File "C:\Users\user\AppData\Local\Programs\Python\Python35\lib\site-packages\requests\adapters.py", line 226, in cert_verify
"invalid path: {0}".format(cert_loc))
OSError: Could not find a suitable TLS CA certificate bundle, invalid path: C:\Users\user\AppData\Local\Temp\_MEI253762\facebookads\fb_ca_chain_bundle.crt
I tried to fix that by using this code but MEI folder keeps changing its digits everytime i run this code so it's no use.
dst = r'C:\Users\user\AppData\Local\Temp\_MEI120642\facebookads'
file = 'fb_ca_chain_bundle.crt'
try:
os.makedirs(dst); ## it creates the destination folder
except:
pass
shutil.move(file, dst)
So i went to this file
C:\Users\user\AppData\Local\Programs\Python\Python35\Lib\site-packages\requests\adapters.py
and tried to comment if statements that raise this error out but got an SSL error. I couldn't find a piece of code responsible for generating those MEI digits.
def cert_verify(self, conn, url, verify, cert):
"""Verify a SSL certificate. This method should not be called from user
code, and is only exposed for use when subclassing the
:class:`HTTPAdapter <requests.adapters.HTTPAdapter>`.
:param conn: The urllib3 connection object associated with the cert.
:param url: The requested URL.
:param verify: Either a boolean, in which case it controls whether we verify
the server's TLS certificate, or a string, in which case it must be a path
to a CA bundle to use
:param cert: The SSL certificate to verify.
"""
if url.lower().startswith('https') and verify:
cert_loc = None
# Allow self-specified cert location.
if verify is not True:
cert_loc = verify
if not cert_loc:
cert_loc = DEFAULT_CA_BUNDLE_PATH
if not cert_loc or not os.path.exists(cert_loc):
raise IOError("Could not find a suitable TLS CA certificate bundle, "
"invalid path: {0}".format(cert_loc))
conn.cert_reqs = 'CERT_REQUIRED'
if not os.path.isdir(cert_loc):
conn.ca_certs = cert_loc
else:
conn.ca_cert_dir = cert_loc
else:
conn.cert_reqs = 'CERT_NONE'
conn.ca_certs = None
conn.ca_cert_dir = None
if cert:
if not isinstance(cert, basestring):
conn.cert_file = cert[0]
conn.key_file = cert[1]
else:
conn.cert_file = cert
conn.key_file = None
if conn.cert_file and not os.path.exists(conn.cert_file):
raise IOError("Could not find the TLS certificate file, "
"invalid path: {0}".format(conn.cert_file))
if conn.key_file and not os.path.exists(conn.key_file):
raise IOError("Could not find the TLS key file, "
"invalid path: {0}".format(conn.key_file))
I ran into this problem as well. It looks like it comes from the certificate bundle cacert.pem not being included in the requests package directory when the program is compiled. The requests module uses the function certifi.core.where to determine the location of cacert.pem. Overriding this function and overriding the variables set by this function seems to fix the problem.
I added this code to the beginning of my program:
import sys, os
def override_where():
""" overrides certifi.core.where to return actual location of cacert.pem"""
# change this to match the location of cacert.pem
return os.path.abspath("cacert.pem")
# is the program compiled?
if hasattr(sys, "frozen"):
import certifi.core
os.environ["REQUESTS_CA_BUNDLE"] = override_where()
certifi.core.where = override_where
# delay importing until after where() has been replaced
import requests.utils
import requests.adapters
# replace these variables in case these modules were
# imported before we replaced certifi.core.where
requests.utils.DEFAULT_CA_BUNDLE_PATH = override_where()
requests.adapters.DEFAULT_CA_BUNDLE_PATH = override_where()
I solved it by input the following code:
import os
import sys
import certifi
os.environ['REQUESTS_CA_BUNDLE'] =
os.path.join(os.path.dirname(sys.argv[0]), certifi.where())
By this I detect the current path to "cacert.pem" and put it in environ
This might be an issue with requests package.
I solved this by manually copying the cacert.pem file from /lib/site-packages/certifi to /lib/site-packages/requests
If you want to fix this issue with .exe, then copy cacert.pem file from /lib/site-packages/certifi to dist/library.zip/certifi/.
I am considering you have created exe using py2exe, where py2exe will create library.zip under dist/ which contains of all script dependencies. I don't know if other exe converters create library.zip.
I encountered this same problem with the requests package when converting to .exe with PyInstaller. I was developing with conda's virtual environment. I pivoted to using Python's virtual environment (as my colleague had done this and didn't get the same error), installed my packages as usual, created the .exe with PyInstaller and didn't encounter the same error.
I'm not sure if the cacert.pem file is correctly packaged into the .exe with the Python virtual environment but is somehow ignored with the conda virtual environment. Perhaps someone else can clarify why this was the case but I hope this helps!
If you want to disable certificate verification, you can use the verify=False parameter in requests.get():
requests.get('https://example.com', verify=False)
I am using Client Database and it will be restored successfully in my local system and working fine but when I am printing any report the within that database at that time.
I got the below traceback from the terminal.
Traceback (most recent call last):
File "/home/best/workspace/dynaweld/web/addons/web/http.py", line 285, in dispatch
r = method(self, **self.params)
File "/home/best/workspace/dynaweld/web/addons/web/controllers/main.py", line 1769, in index
cookies={'fileToken': int(token)})
File "/home/best/workspace/dynaweld/web/addons/web/http.py", line 332, in make_response
response.set_cookie(k, v)
File "/usr/local/lib/python2.7/dist-packages/Werkzeug-0.10.4-py2.7.egg/werkzeug/wrappers.py", line 1008, in set_cookie
self.charset))
File "/usr/local/lib/python2.7/dist-packages/Werkzeug-0.10.4-py2.7.egg/werkzeug/http.py", line 920, in dump_cookie
value = to_bytes(value, charset)
File "/usr/local/lib/python2.7/dist-packages/Werkzeug-0.10.4-py2.7.egg/werkzeug/_compat.py", line 106, in to_bytes
raise TypeError('Expected bytes')
TypeError: Expected bytes
I have tried the following way to resolve above traceback issue but I have not yet succeed.
1. Try remove the unwanted data from my local client database remove the all the data of mail.message object.
2. Remove all the unnecessary database from my system and using only 2-3 database for my OpenERP Server Run.
3. Clean my pc for unwanted files and other detail which was not relevant for my database.
4. I have also check with my enough memory space but I have that enough space for restoring that database file.
Can any one help me how can i fix this issue.
This is because cookies are not intended to support unicode characters, you must use a decoded variable in the cookie you are trying to set. something like :
set_cookie(k, bytes(v))
or at least send your variable as bytes.
I have fixed this by installing an older version of werkzeug, 0.6.2
I'm new to stack so this might be a very silly mistake.
I'm trying to setup a one node swift configuration for a simple proof of concept. I did follow the instructions. However, something is missing. I keep getting this error:
root#lab-srv2544:/etc/swift# swift stat
Traceback (most recent call last):
File "/usr/bin/swift", line 10, in <module>
sys.exit(main())
File "/usr/lib/python2.7/dist-packages/swiftclient/shell.py", line 1287, in main
globals()['st_%s' % args[0]](parser, argv[1:], output)
File "/usr/lib/python2.7/dist-packages/swiftclient/shell.py", line 492, in st_stat
stat_result = swift.stat()
File "/usr/lib/python2.7/dist-packages/swiftclient/service.py", line 427, in stat
raise SwiftError('Account not found', exc=err)
swiftclient.service.SwiftError: 'Account not found'
Also, the syslog always complains about proxy-server:
Dec 12 12:16:37 lab-srv2544 proxy-server: Account HEAD returning 503 for [] (txn: tx9536949d19d14f1ab5d8d-00548b4d25) (client_ip: 127.0.0.1)
Dec 12 12:16:37 lab-srv2544 proxy-server: 127.0.0.1 127.0.0.1 12/Dec/2014/20/16/37 HEAD /v1/AUTH_71e79a29599149099aa98d5d276eaa0b HTTP/1.0 503 - python-swiftclient-2.3.0 8d2b0748804f4b34... - - - tx9536949d19d14f1ab5d8d-00548b4d25 - 0.0013 - - 1418415397.334497929 1418415397.335824013
Anyone seen this problem before?
When using 'swift' command to access swift storage, pass user id and password as argument, if it is not set in environment variable.
The most probable reason for this behavior is a funny order in your "pipeline" directive in /etc/swift/proxy-server.conf
To verify this hypothesis:
comment out your current pipeline, and write this one instead:
pipeline = authtoken cache healthcheck keystoneauth proxy-logging proxy-server
restart your proxy server with the command
swift-init proxy-server restart
Make sure the environment variables OS_USERNAME, OS_PASSWORD, OS_TENANT_NAME and OS_AUTH_URL are defined
try to list your containers with
swift list
If you get a list of containers then the diagnoses is correct.
Get back to your proxy-server.conf and try to add one element per time to your pipeline, restarting the server each time, and testing each time, until you find the right order.
For your reference see http://docs.openstack.org/developer/swift/deployment_guide.html#proxy-server-configuration
Heres one scan of Wapiti. I notice when i had images uploaded (users can upload) i get a crash before Launching module crlf. So just using a fresh instance of my site i ran this and got the result below.
My questions are
1. How do i fix the crashes
2. How might i find out what is causing the crash. I used -v 2 to figure out the url and log them in my app. In both cases i dont see any issues and the project crashes outside of my code
3. How so i solve the unicode warning below?
Wapiti-2.2.1 (wapiti.sourceforge.net)
..............................
Notice
========
This scan has been saved in the file C:\unzipped\wapiti-2.2.1\wapiti-2.2.1\src/s
cans/localhost:17357.xml
You can use it to perform attacks without scanning again the web site with the "
-k" parameter
[*] Loading modules :
mod_crlf, mod_exec, mod_file, mod_sql, mod_xss, mod_backup, mod_htaccess
, mod_blindsql, mod_permanentxss, mod_nikto
[+] Launching module crlf
[+] Launching module exec
[+] Launching module file
[+] Launching module sql
C:\unzipped\wapiti-2.2.1\wapiti-2.2.1\src\attack\mod_sql.py:185: UnicodeWarning:
Unicode equal comparison failed to convert both arguments to Unicode - interpre
ting them as being unequal
if (page, tmp) not in self.attackedPOST:
[+] Launching module xss
Traceback (most recent call last):
File "wapiti.py", line 449, in <module>
wap.attack()
File "wapiti.py", line 266, in attack
x.attack(self.urls, self.forms)
File "C:\unzipped\wapiti-2.2.1\wapiti-2.2.1\src\attack\attack.py", line 121, i
n attack
self.attackGET(page, dictio, headers)
File "C:\unzipped\wapiti-2.2.1\wapiti-2.2.1\src\attack\mod_xss.py", line 71, i
n attackGET
self.findXSS(page, {}, "", code, "", payloads, headers["link_encoding"])
File "C:\unzipped\wapiti-2.2.1\wapiti-2.2.1\src\attack\mod_xss.py", line 306,
in findXSS
dat = self.HTTP.send(url).getPage()
File "C:\unzipped\wapiti-2.2.1\wapiti-2.2.1\src\net\HTTP.py", line 94, in send
info, data = self.h.request(target, headers = _headers)
File "C:\unzipped\wapiti-2.2.1\wapiti-2.2.1\src\net\httplib2\__init__.py", lin
e 1084, in request
(response, content) = self._request(conn, authority, uri, request_uri, metho
d, body, headers, redirections, cachekey)
File "C:\unzipped\wapiti-2.2.1\wapiti-2.2.1\src\net\httplib2\__init__.py", lin
e 888, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, he
aders)
File "C:\unzipped\wapiti-2.2.1\wapiti-2.2.1\src\net\httplib2\__init__.py", lin
e 853, in _conn_request
response = conn.getresponse()
File "C:\dev\bin\Python26\lib\httplib.py", line 974, in getresponse
response.begin()
File "C:\dev\bin\Python26\lib\httplib.py", line 391, in begin
version, status, reason = self._read_status()
File "C:\dev\bin\Python26\lib\httplib.py", line 349, in _read_status
line = self.fp.readline()
File "C:\dev\bin\Python26\lib\socket.py", line 397, in readline
data = recv(1)
socket.error: [Errno 10054] An existing connection was forcibly closed by the re
mote host
Wapiti can crash applications because it uses a lot of your application. Wapiti stack traced when doing an XSS test, and I don't think an xss test can crash an application. However, by submitting a lot of 1 type of request, then this could cause a DoS condition. You need to track down the last request that Wapiti made. Wapiti has a verbose mode, I think its -v and it will print out every request it makes. Once you have the file that is crashing you should review it manually.
Wapiti's blind sql injection attack module uses mysql's benchmark() function which WILL DoS your mysql server, I recommend turning this one off if you are have trouble scanning your entire site.