This message was deleted.

2022-12-13 152521 2022-12-13T092521.345233+0000 | opal_client.data.fetcher |ERROR | Timeout while fetching url: https://private-url/data.json 2022-12-13 152521 Traceback (most recent call last): 2022-12-13 152521 2022-12-13 152521 File "/usr/local/lib/python3.10/asyncio/locks.py", line 214, in wait 2022-12-13 152521 await fut 2022-12-13 152521 └ <Future cancelled> 2022-12-13 152521 2022-12-13 152521 asyncio.exceptions.CancelledError 2022-12-13 152521 2022-12-13 152521 2022-12-13 152521 During handling of the above exception, another exception occurred: 2022-12-13 152521 2022-12-13 152521 2022-12-13 152521 Traceback (most recent call last): 2022-12-13 152521 2022-12-13 152521 File "/usr/local/lib/python3.10/asyncio/tasks.py", line 456, in wait_for 2022-12-13 152521 return fut.result() 2022-12-13 152521 │ └ <method 'result' of '_asyncio.Task' objects> 2022-12-13 152521 └ <Task cancelled name='Task-198' coro=<Event.wait() done, defined at /usr/local/lib/python3.10/asyncio/locks.py:201>> 2022-12-13 152521 2022-12-13 152521 asyncio.exceptions.CancelledError 2022-12-13 152521 2022-12-13 152521 2022-12-13 152521 The above exception was the direct cause of the following exception: 2022-12-13 152521 2022-12-13 152521 2022-12-13 152521 Traceback (most recent call last): 2022-12-13 152521 2022-12-13 152521 File "/usr/local/bin/gunicorn", line 33, in <module> 2022-12-13 152521 sys.exit(load_entry_point('gunicorn==20.1.0', 'console_scripts', 'gunicorn')()) 2022-12-13 152521 │ │ └ <function importlib_load_entry_point at 0x7f117fff6cb0> 2022-12-13 152521 │ └ <built-in function exit> 2022-12-13 152521 └ <module 'sys' (built-in)> 2022-12-13 152521 File "/usr/local/lib/python3.10/site-packages/gunicorn/app/wsgiapp.py", line 67, in run 2022-12-13 152521 WSGIApplication("%(prog)s [OPTIONS] [APP_MODULE]").run() 2022-12-13 152521 └ <class 'gunicorn.app.wsgiapp.WSGIApplication'> 2022-12-13 152521 File "/usr/local/lib/python3.10/site-packages/gunicorn/app/base.py", line 231, in run 2022-12-13 152521 super().run() 2022-12-13 152521 File "/usr/local/lib/python3.10/site-packages/gunicorn/app/base.py", line 72, in run 2022-12-13 152521 Arbiter(self).run() 2022-12-13 152521 │ └ <gunicorn.app.wsgiapp.WSGIApplication object at 0x7f117ffd7ee0> 2022-12-13 152521 └ <class 'gunicorn.arbiter.Arbiter'> 2022-12-13 152521 File "/usr/local/lib/python3.10/site-packages/gunicorn/arbiter.py", line 202, in run 2022-12-13 152521 self.manage_workers() 2022-12-13 152521 │ └ <function Arbiter.manage_workers at 0x7f117f48ed40> 2022-12-13 152521 └ <gunicorn.arbiter.Arbiter object at 0x7f117efc3580> 2022-12-13 152521 File "/usr/local/lib/python3.10/site-packages/gunicorn/arbiter.py", line 551, in manage_workers 2022-12-13 152521 self.spawn_workers() 2022-12-13 152521 │ └ <function Arbiter.spawn_workers at 0x7f117f48ee60> 2022-12-13 152521 └ <gunicorn.arbiter.Arbiter object at 0x7f117efc3580> 2022-12-13 152521 File "/usr/local/lib/python3.10/site-packages/gunicorn/arbiter.py", line 622, in spawn_workers 2022-12-13 152521 self.spawn_worker() 2022-12-13 152521 │ └ <function Arbiter.spawn_worker at 0x7f117f48edd0> 2022-12-13 152521 └ <gunicorn.arbiter.Arbiter object at 0x7f117efc3580> 2022-12-13 152521 File "/usr/local/lib/python3.10/site-packages/gunicorn/arbiter.py", line 589, in spawn_worker 2022-12-13 152521 worker.init_process() 2022-12-13 152521 │ └ <function UvicornWorker.init_process at 0x7f117da980d0> 2022-12-13 152521 └ <uvicorn.workers.UvicornWorker object at 0x7f117de371f0> 2022-12-13 152521 File "/usr/local/lib/python3.10/site-packages/uvicorn/workers.py", line 66, in init_process 2022-12-13 152521 super(UvicornWorker, self).init_process() 2022-12-13 152521 │ └ <uvicorn.workers.UvicornWorker object at 0x7f117de371f0> 2022-12-13 152521 └ <class 'uvicorn.workers.UvicornWorker'> 2022-12-13 152521 File "/usr/local/lib/python3.10/site-packages/gunicorn/workers/base.py", line 142, in init_process 2022-12-13 152521 self.run() 2022-12-13 152521 │ └ <function UvicornWorker.run at 0x7f117da98280> 2022-12-13 152521 └ <uvicorn.workers.UvicornWorker object at 0x7f117de371f0> 2022-12-13 152521 File "/usr/local/lib/python3.10/site-packages/uvicorn/workers.py", line 83, in run 2022-12-13 152521 return asyncio.run(self._serve()) 2022-12-13 152521 │ │ │ └ <function UvicornWorker._serve at 0x7f117da981f0> 2022-12-13 152521 │ │ └ <uvicorn.workers.UvicornWorker object at 0x7f117de371f0> 2022-12-13 152521 │ └ <function run at 0x7f117f039870> 2022-12-13 152521 └ <module 'asyncio' from '/usr/local/lib/python3.10/asyncio/__init__.py'> 2022-12-13 152521 File "/usr/local/lib/python3.10/asyncio/runners.py", line 44, in run 2022-12-13 152521 return loop.run_until_complete(main) 2022-12-13 152521 │ │ └ <coroutine object UvicornWorker._serve at 0x7f117c9a87b0> 2022-12-13 152521 │ └ <method 'run_until_complete' of 'uvloop.loop.Loop' objects> 2022-12-13 152521 └ <uvloop.Loop running=True closed=False debug=False> 2022-12-13 152521 > File "/usr/local/lib/python3.10/site-packages/opal_client-0.3.1-py3.10.egg/opal_client/data/fetcher.py", line 70, in handle_url 2022-12-13 152521 response = await self._engine.handle_url(url, config=config) 2022-12-13 152521 │ │ │ │ └ {'headers': {'secret-key': ''}} 2022-12-13 152521 │ │ │ └ 'https://private-url/data.json' 2022-12-13 152521 │ │ └ <function FetchingEngine.handle_url at 0x7f117cf3f6d0> 2022-12-13 152521 │ └ <opal_common.fetcher.engine.fetching_engine.FetchingEngine object at 0x7f117ccd44f0> 2022-12-13 152521 └ <opal_client.data.fetcher.DataFetcher object at 0x7f117ccd5a80> 2022-12-13 152521 File "/usr/local/lib/python3.10/site-packages/opal_common-0.3.1-py3.10.egg/opal_common/fetcher/engine/fetching_engine.py", line 114, in handle_url 2022-12-13 152521 await asyncio.wait_for(wait_event.wait(), timeout) 2022-12-13 152521 │ │ │ │ └ 10 2022-12-13 152521 │ │ │ └ <function Event.wait at 0x7f117f097f40> 2022-12-13 152521 │ │ └ <asyncio.locks.Event object at 0x7f117ca5fb80 [unset]> 2022-12-13 152521 │ └ <function wait_for at 0x7f117f096dd0> 2022-12-13 152521 └ <module 'asyncio' from '/usr/local/lib/python3.10/asyncio/__init__.py'> 2022-12-13 152521 File "/usr/local/lib/python3.10/asyncio/tasks.py", line 458, in wait_for 2022-12-13 152521 raise exceptions.TimeoutError() from exc 2022-12-13 152521 │ └ <class 'asyncio.exceptions.TimeoutError'> 2022-12-13 152521 └ <module 'asyncio.exceptions' from '/usr/local/lib/python3.10/asyncio/exceptions.py'> 2022-12-13 152521 2022-12-13 152521 asyncio.exceptions.TimeoutError 2022-12-13 152521 2022-12-13T092521.349007+0000 | opal_client.data.updater |ERROR | Failed to fetch url https://private-url/data.json, got exception: 2022-12-13 152521 2022-12-13T092521.349297+0000 | opal_client...base_policy_store_client |ERROR | OPA transaction failed, transaction id=a12026d39f6a4f17974f499111deb95f, actions=[], error=None

Hey @Abdullah Al Rifat, nice to meet 🙂 Before diving in the logs you shared with us, is this

private-url

is a local service on your Docker ? If so, I would try to remove the

https

as it’s probably exposed as non-secured local application.

no it is a nginx endpoint serving the json file

so it’s probably exposed as

http

isn’t it ?

i tried with http it is same.

It can either be a network issue between your OPAL container to the nginx/ceph or that it’s getting timed out because the data.json is heavy but I don’t think that’s the case.

on postman it took around 100-200 ms so that should not be the issue. for the network i tried setting up proxy for the endpoint i am using no result

Can you try to run a

curl

inside the opal-client/server just to check if you are able to connect to this endpoint ?

docker run -it permitio/opal-client curl -v "<https://private-url/data.json>"

it is unable to resolve host

hey @Abdullah Al Rifat it means the issue the OPAL container cannot find https://private-url (cannot resolve the dns host). in what environment are you running? kubernetes? docker compose? where is your private-url host set up relative to the OPAL container?

OPAL container is running locally by docker compose and trying to pull data from private host, i have vpn turned on my local machine also tried setting up proxy on docker desktop mac.

Well I think because of this network configuration you’ll need to bridge the network with vlan or something like this using Docker

@Raz Co i tried with the ip docker run -it permitio/opal-client curl -v “http://ip-address/bundles/data/contactsapi it is accessable but it is failing in the opal client as usual i look into this https://github.com/permitio/opal/discussions/268 is there any way to disable ssl check?

So first, if you want to access a local resource from a container (Docker), you’ll have to use

host.docker.internal

, this is basically a mapping to the localhost that Docker create inside your containers. So in your example, you should use

<http://host.docker.internal:8182/>...

. Read more here- https://docs.docker.com/desktop/networking/#i-want-to-connect-from-a-container-to-a-service-on-the-host Regarding the websocket tls, I would recommend to use a certificate to secure the connection. Maybe @Asaf Cohen can help with this issue and wether it can be disabled.

Trying server - wss://host.docker.internal:7002/ws 2022-12-14 151251 2022-12-14T091251.333989+0000 | fastapi_websocket_rpc.websocket_rpc_c...| INFO | RPC Connection failed - [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:997) i generated local certifiacte passed it to opal client. but getting this error

Are you using

<https://host.docker.internal>

or

http://

?