Skip to content

Ca cert for snapshots #6010

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Feb 18, 2025
Merged

Ca cert for snapshots #6010

merged 4 commits into from
Feb 18, 2025

Conversation

generall
Copy link
Member

I have a single node hybrid cloud cluster. I configured TLS directly in the DB (no P2P TLS) which sets this:

service:
  # Enable HTTPS for the REST and gRPC API
  enable_tls: true

# TLS configuration.
# Required if either service.enable_tls or cluster.p2p.enable_tls is true.
tls:
  # Server certificate chain file
  cert: ./tls/cert.pem

  # Server private key file
  key: ./tls/key.pem

This works correctly when connecting to Qdrant.
But when I try to load a snapshots from a remote HTTP location:

PUT /collections/midjourney/snapshots/recover
{
  "location": "http://snapshots.qdrant.io/midlib.snapshot"
}

I get the following error returned from Qdrant

{
  "error": "Service internal error: failed to initialize HTTP(S) client: failed to read HTTPS client CA certificate file ./tls/cacert.pem: No such file or directory (os error 2)"
}

Why is a ./tls/cacert.pem mandatory for this operation?

Resolution:

Indeed, ./tls/cacert.pem is not required. Not our config file can accept null as ca_cert.
To covert for the case where default configuration is used, the download will no longer error out if certificate is not found.

@generall generall requested a review from timvisee February 17, 2025 23:20
timvisee
timvisee reviewed Feb 18, 2025
View reviewed changes
Copy link
Member

@timvisee timvisee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A question about error handling before we merge:

@github-actions github-actions bot mentioned this pull request Feb 18, 2025
Open
@generall generall merged commit fceacef into dev Feb 18, 2025
17 checks passed
@generall generall deleted the ca-cert-for-snapshots branch February 18, 2025 15:08
timvisee added a commit that referenced this pull request Mar 21, 2025
@generall @timvisee
Ca cert for snapshots (#6010)
f455669 
* make cacert optional

* ignore missing cacertificate on creating https client

* Some tweaks

* Update development.yaml

---------

Co-authored-by: timvisee <tim@visee.me>
@timvisee timvisee mentioned this pull request Mar 21, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@timvisee timvisee timvisee approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@generall @timvisee