I'm trying to use the new socket support for Google App Engine in order to perform some DNS queries. I'm using dnspython to perform the query, and the code works fine outside GAE.
The code is the following:
class DnsQuery(webapp2.RequestHandler):
def get(self):
domain = self.request.get('domain')
logging.info("Test Query for "+domain)
answers = dns.resolver.query(domain, 'TXT', tcp=True)
logging.info("DNS OK")
for rdata in answers:
rc = str(rdata.exchange).lower()
logging.info("Record "+rc)
When I run in GAE I get the following error:
File "/base/data/home/apps/s~/one.366576281491296772/main.py", line 37, in post
return self.get()
File "/base/data/home/apps/s~/one.366576281491296772/main.py", line 41, in get
answers = dns.resolver.query(domain, 'TXT', tcp=True)
File "/base/data/home/apps/s~/one.366576281491296772/dns/resolver.py", line 976, in query
raise_on_no_answer, source_port)
File "/base/data/home/apps/s~/one.366576281491296772/dns/resolver.py", line 821, in query
timeout = self._compute_timeout(start)
File "/base/data/home/apps/s~/one.366576281491296772/dns/resolver.py", line 735, in _compute_timeout
raise Timeout
Which is raised by dnspython when no answer is returned within the time limit. I've raised the timelimit to 60 seconds, and DnsQuery is a task, but still getting the same error.
Is there any limitation in Google App Engine socket implementation, which prevents the execution of DNS requests ?
This is a bug and will be fixed ASAP.
As a workaround, pass in the source='' argument to dns.resolver.query.
tcp=True is not necessary.
No. There is no limit on UDP ports. (only smtp ports on TCP).
It is possible there is an issue with the socket service routing. Please file an issue with the app engine issue tracker. https://code.google.com/p/googleappengine/issues/list
dnspython is using socket. However, socket is only available in paid apps.1
Related
We host elatsicsearch cluster on Elastic Cloud and call it from dataflow (GCP). Job works fine in dev but when we deploy to prod we're seeing lots of connection timeout on the client side.
Traceback (most recent call last):
File "apache_beam/runners/common.py", line 1213, in apache_beam.runners.common.DoFnRunner.process
File "apache_beam/runners/common.py", line 570, in apache_beam.runners.common.SimpleInvoker.invoke_process
File "main.py", line 159, in process
File "/usr/local/lib/python3.7/site-packages/elasticsearch/client/utils.py", line 152, in _wrapped
return func(*args, params=params, headers=headers, **kwargs)
File "/usr/local/lib/python3.7/site-packages/elasticsearch/client/__init__.py", line 1617, in search
body=body,
File "/usr/local/lib/python3.7/site-packages/elasticsearch/transport.py", line 390, in perform_request
raise e
File "/usr/local/lib/python3.7/site-packages/elasticsearch/transport.py", line 365, in perform_request
timeout=timeout,
File "/usr/local/lib/python3.7/site-packages/elasticsearch/connection/http_urllib3.py", line 258, in perform_request
raise ConnectionError("N/A", str(e), e)
elasticsearch.exceptions.ConnectionError: ConnectionError(<urllib3.connection.HTTPSConnection object at 0x7fe5d04e5690>: Failed to establish a new connection: [Errno 110] Connection timed out) caused by: NewConnectionError(<urllib3.connection.HTTPSConnection object at 0x7fe5d04e5690>: Failed to establish a new connection: [Errno 110] Connection timed out)
I increased timeout setting in elasticsearch client to 300s like below but it didn't seem to help.
self.elasticsearch = Elasticsearch([es_host], http_auth=http_auth, timeout=300)
Looking at deployment at https://cloud.elastic.co/deployments//metrics
CPU and memory usage are very low (below 10%) and search response time is also order of 200ms.
What could be the bottleneck here and how we can we avoid such timeouts?
As seen in below log most of requests are failing with connection timeout while successful request receives response very quick:
I tried ssh into the VM where we experience the connection error. netstat showed there were about 60 ESTABLISHED connections to the elastic search IP address. When I curl from the VM to elasticsearch address I was able to reproduce timeout. I can curl fine to other URLs. Also I can curl fine to elasticsearch from my local so issue is only connection between VM and elasticsaerch server.
Does dataflow (compute engine) or ElasticSearch has limitation on number of concurrent connection? I could not find any information online.
I did a little bit of research about the connector for ElasticSearch. There are a two principles that you may want to try to ensure your connector is as efficient as possible.
Note Setting a maximum number of workers, as suggested in the other answer, will probably not help as much (for now) - let's improve utilization from your Beam/Elastic cluster resources, and if we start hitting limits for either, then we can consider restricting # of workers - but right now, you can try to improve your connector.
Using bulk requests to external services
The code you provide issues an individual search request for every element coming into the DoFn. As you've noted, this works fine, but it will cause your pipeline to spend too much time waiting on external requests for each element - so your wait for roundtrips will be O(n).
Gladly, the Elasticsearch client has an msearch method, which should allow you to perform searches in bulk. You can do something like this:
class PredictionFn(beam.DoFn):
def __init__(self, ...):
self.buffer = []
...
def process(self, element):
self.buffer.append(element)
if len(self.buffer) > BATCH_SIZE:
return self.flush()
def flush(self):
result = []
# Perform the search requests for user ids
user_ids = [uid for cid, did, uid in self.buffer]
user_ids_request = self._build_uid_reqs(user_ids)
resp = es.msearch(body=user_ids_request)
user_id_and_device_id_lists = []
for r, elm in zip(resp['responses'], self.buffer):
if len(r["hits"]["hits"]) == 0:
continue
# Get new device_id_list
user_id_and_device_id_lists.append((elm[2], # User ID
device_id_list))
device_id_lists = [elm[1] for elm in user_id_and_device_id_lists]
device_ids_request = self._build_device_id_reqs(device_id_lists)
resp = es.msearch(body=device_ids_request)
resp = self.elasticsearch.search(index="sessions", body={"query": {"match": {"userId": user_id }}})
# Handle the result, output anything necessary
def _build_uid_reqs(self, uids):
# Relying on this answer: https://stackoverflow.com/questions/28546253/how-to-create-request-body-for-python-elasticsearch-msearch/37187352
res = []
for uid in uids:
res.append(json.dumps({'index': 'sessions'})) # Request HEAD
res.append(json.dumps({"query": {"match": {"userId": uid }}})) # Request BODY
return '\n'.join(res)
Reusing the client as it's thread-safe
The Elasticsearch client is also thread safe!
So rather than creating a new one every time, you can do something like this:
class PredictionFn(beam.DoFn):
CLIENT = None
def init_elasticsearch(self):
if PredictionFn.CLIENT is not None:
return PredictionFn.CLIENT
es_host = fetch_host()
http_auth = fetch_auth()
PredictionFn.CLIENT = Elasticsearch([es_host], http_auth=http_auth,
timeout=300, sniff_on_connection_fail=True,
retry_on_timeout=True, max_retries=2,
maxsize=5) # 5 connections per client
return PredictionFn.CLIENT
This should ensure that you keep a single client for each worker, and you won't be creating so many connections to ElasticSearch - and thus not getting the rejection messages.
Let me know if these two help, or if we need to try further improvements!
EDIT: This was red herring. CLOSE_WAIT is not related. I again had the same issue and most of connections are now in ESTABLISHED status :/
While both of answers below are insightful, I don't think they answered the question.
After some more investigation, I find out that somehow elasticsearch-py (or urllib3), in combination with dataflow, will leave connection in CLOSE_WAIT status. Once connection got this status, these connections got stuck (OS will not release these sockets because OS thinks application code will close it) so after running job sometime, all of my connections in connection pool are in this CLOSE_WAIT status and therefore I cannot make any new connections. If I don't use connection pool and instantiate elasticsaerch client for each pardo, it just gets worth, somehow connections got stuck even faster.
I reported issue here https://github.com/elastic/elasticsearch-py/issues/1459 but honestly the issue seems deeper in stack, because I had similar issue when I directly used requests package's connection pool (which I believe also used urllib3 under the hood).
Dataflow has no limit on the number of outgoing connections.
It uses a K8s cluster under the hood, and every python thread lives into their own docker container.
API calls to Elastic cloud are rate-limited (take a look at the x-rate-limit-{interval,limit,remaining} fields in the response headers).
With Dataflow it is very easy to hit API rate limits if you do a lot of parallel jobs and/or google cloud scales up the nodes of your job to make it faster.
Possible workarounds in your Dataflow / Apache Beam job:
1 - (no code required) Play with (Dataflow execution parameters)[ https://cloud.google.com/dataflow/docs/guides/specifying-exec-params] to limit the number of concurrent processing threads.
The three parameters you need to tweak are:
max_num_workers : maximum number of worker instances (machines) running.
number_of_worker_harness_threads: by default 1 thead per CPU your instance has.
machine_type: the instance type you will use.
2 - Implement rate-limit on your code. See Apache Beam Timely (and stateful) processing processing with Apache Beam
Hello Dear StackOverflow friends,
I'm receiving an strange error when connecting to a managed MySQL instance (DigitalOcean). The connection works on my Dev computer (Windows 8.1 machine), but not on the Prod server (CentOS 8, SELinux in permissive mode). The connection also works with MySQL Workbench.
I've done pip freeze on both mentioned environments and both results are mysql-connector-python==8.0.19 which I find very strange. I've made sure to run my tests with the venv activated.
The managed MySQL 8.x instance is set up to allow connections from both my droplet and my Dev IP address. I've also tried this without the firewall enabled. The managed instance requires the usage of an SSL enabled connection, so a CA Certificate is provided (I've applied chmod 777 over it for now to make sure that's not the cause of the problem).
I've checked the documentation of the library I'm using and it's compatible with MySQL 8.
It is also worth noting I've also tried the solution in this question about it.
The code is the following. Works as expected in Windows.
import datetime
import mysql.connector
from mysql.connector.constants import ClientFlag
dbconn_host = '<sanitized>'
dbconn_port = '<sanitized>'
dbconn_user = '<sanitized>'
dbconn_passwd = '<sanitized>'
dbconn_database = '<sanitized>'
cnx = mysql.connector.connect(
host=dbconn_host,
port=dbconn_port,
user=dbconn_user,
passwd=dbconn_passwd,
database=dbconn_database,
client_flags=ClientFlag.SSL,
ssl_ca='.\\ca_certificate.crt', # When running on prod server I change it to a proper Linux path
# auth_plugin='caching_sha2_password' # Trying another solution I had it changed to mysql_native_password
)
cur_a = cnx.cursor(buffered=True)
query_sel = (
"SELECT * FROM datasources"
)
cur_a.execute(query_sel)
for w in cur_a:
print(w[0])
This is the stack trace I receive in Linux.
(venv) [root#<sanitized> <sanitized>]# python -i conn-test.py
Traceback (most recent call last):
File "conn-test.py", line 12, in <module>
cnx = mysql.connector.connect(
File "/var/<sanitized>/venv/lib/python3.8/site-packages/mysql/connector/__init__.py", line 219, in connect
return MySQLConnection(*args, **kwargs)
File "/var/<sanitized>/venv/lib/python3.8/site-packages/mysql/connector/connection.py", line 104, in __init__
self.connect(**kwargs)
File "/var/<sanitized>/venv/lib/python3.8/site-packages/mysql/connector/abstracts.py", line 960, in connect
self._open_connection()
File "/var/<sanitized>/venv/lib/python3.8/site-packages/mysql/connector/connection.py", line 290, in _open_connection
self._do_auth(self._user, self._password,
File "/var/<sanitized>/venv/lib/python3.8/site-packages/mysql/connector/connection.py", line 212, in _do_auth
self._auth_switch_request(username, password)
File "/var/<sanitized>/venv/lib/python3.8/site-packages/mysql/connector/connection.py", line 256, in _auth_switch_request
raise errors.get_exception(packet)
mysql.connector.errors.DatabaseError: 1251: Client does not support authentication protocol requested by server; consider upgrading MySQL client
>>>
What do you think could be the issue here?
The magic of StackOverflow, is when you post a question that you find the solution in a few minutes. Two things happened:
Half the time I didn't have network connectivity to the MySQL database.
So I ran all kinds of tests before I could even ping the server, then I realized I should run all tests again, but I didn't start with the basics (I did all tests with patches applied, instead of trying a "vanilla" connection first, so to speak).
The solution is I commented out client_flags=ClientFlag.SSL, but left the CA Certificate enabled and the connection worked as expected in the Prod server.
Overall goal: I'm trying to authenticate to Active Directory over LDAP with Kerberos on Windows. Due to dependencies, I'm unable to use python-ldap or python-gssapi, so I'm using ldap3 with the patch found in this answer to use Kerberos (by way of winkerberos instead of python-gssapi).
Example code:
from ldap3 import Connection, Server, ALL, IP_V4_PREFERRED, SASL, GSSAPI
domain_controller = input("DC: ")
SERVER = Server(domain_controller,
allowed_referral_hosts=[('*', True)],
get_info=ALL,
mode=IP_V4_PREFERRED)
CONNECTION = {"authentication": SASL,
"sasl_mechanism": GSSAPI,
"check_names": True}
c = Connection(SERVER, **CONNECTION)
c.bind()
Throws:
File "ldap3\core\connection.py", line 550, in bind
response = self.do_sasl_bind(controls)
File "ldap3\core\connection.py", line 1252, in do_sasl_bind
result = sasl_gssapi(self, controls)
File "ldap3\protocol\sasl\kerberos.py", line 54, in sasl_gssapi
base64.b64encode(in_token).decode('ascii')
winkerberos.GSSError: SSPI: InitializeSecurityContext: The specified target is unknown or unreachable
I've tried changing # to / from the solution here without any difference. The socket is resolving the dc fqdn properly, the dc has the SASL/GSSAPI mechanism supported, and I can alternatively pass a username/password to bind successfully. The part failing here sounds kerberos-specific.
Question: what is causing this error and how can I remediate it?
I am creating a Flask application that is connecting to a Cloudant database using the python cloudant library.
My response time when I just add connect statement (with no queries) can be anywhere from .4s to 12s. My connect statement is like so:
client = Cloudant(USERNAME, PASSWORD, url=URL, connect=True)
When I remove the connection code, my response time is very low.
I have run a profiler on my system and it shows that the increase in response time is due to reading an ssl socket.
I have also tried using the default example from IBM Bluemix Github and got similar results for response time.
I am running my Flask application using the built in development web server. I have tried connecting to the database before every request and I have tried having a single connection that gets reused. Could this delay be due to my local machine? And what would cause it to be quick some times and not others? Other posts have suggested issues with IPv6 or DNS, but I do not think that is the case.
With API calls like:
ddoc = DesignDocument(g.db, '_design/docs')
g.myview = View(ddoc, 'my-view')
g.myview(key=[somekey])['rows']
I have already created the views and are indexed by the appropriate key, so it is not slow due to indexing.
try to use this code to connect to your Cloudant database:
def conn(user, pwd, db, **kwargs):
client = Cloudant(user, pwd, account=kwargs.get('host', user))
client.connect()
database = self.client[db]
I'm trying to consume a SOAP web service using Python suds but I am getting the error "RuntimeError: maximum recursion depth exceeded while calling a Python object".
According to the trace, there is infinite recursion at "suds/binding/multiref.py", line 69.
The web service I'm trying to access is http://www.reactome.org:8080/caBIOWebApp/services/caBIOService?wsdl.
The method I'm trying to access is loadPathwayForId.
Here's the part of my code that consumes the web service:
from suds.client import Client
client = Client('http://www.reactome.org:8080/caBIOWebApp/services/caBIOService?wsdl')
pathway = client.service.loadPathwayForId(2470946)
I'm not sure what is responsible for the infinite recursion. I tried to look up this problem and there has been reports of issues with suds and infinite recursion, but the traces are different than mine (the recursive code is different), so I suspect my problem has other origins.
The full trace:
File "C:\Python27\lib\suds\bindings\multiref.py", line 69, in update
self.update(c)
File "C:\Python27\lib\suds\bindings\multiref.py", line 69, in update
self.update(c)
...
File "C:\Python27\lib\suds\bindings\multiref.py", line 69, in update
self.update(c)
File "C:\Python27\lib\suds\bindings\multiref.py", line 69, in update
self.update(c)
File "C:\Python27\lib\suds\bindings\multiref.py", line 67, in update
self.replace_references(node)
File "C:\Python27\lib\suds\bindings\multiref.py", line 80, in replace_references
href = node.getAttribute('href')
File "C:\Python27\lib\suds\sax\element.py", line 404, in getAttribute
prefix, name = splitPrefix(name)
File "C:\Python27\lib\suds\sax\__init__.py", line 49, in splitPrefix
if isinstance(name, basestring) \
RuntimeError: maximum recursion depth exceeded while calling a Python object
Thanks in advance for the help!
After more testing, it seems that (unfortunately) suds has trouble interpreting Java Collection objects serialized as XML. I ended up using SOAPpy instead to avoid this issue. If someone can suggest a fix, that would be awesome! I really like suds for its other merits over SOAPpy.
I tried lots of SUDS versions and forks, and finally got to find one that works with proxies, https and authenticated services, find it here:
https://github.com/unomena/suds
Also, here is example code showing simple usage:
from suds.client import Client
# SOAP WSDL url
url = 'https://example.com/ws/service?WSDL'
# SOAP service username and password for authentication, if needed
username = 'user_name'
password = 'pass_word'
# local intranet proxy definition to get to the internet, if needed
proxy = dict(http='http://username:password#localproxy:8080',
https='http://username:password#localproxy:8080')
# unauthenticaded, no-proxy
# client = Client(url)
# use a proxy to connect to the service
# client = Client(url, proxy=proxy)
# no proxy, authenticathed service
# client = Client(url, username=username, password=password)
# use a proxy to connect to an authenticated service
client = Client(url, proxy=proxy, username=username, password=password)
print client