Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Credential lookup failure crashes s3 crawler #46

Open
TobiasKadelka opened this issue Jul 11, 2019 · 2 comments
Open

Credential lookup failure crashes s3 crawler #46

TobiasKadelka opened this issue Jul 11, 2019 · 2 comments

Comments

@TobiasKadelka
Copy link

Trying this:

$ datalad crawl-init --save --template simple_s3 directory=subdataset bucket=hcp-openaccess prefix=HCP/
$ datalad crawl

Leads to a crash:

[INFO   ] Loading pipeline specification from ./.datalad/crawl/crawl.cfg 
[INFO   ] Creating a pipeline for the hcp-openaccess bucket 
[INFO   ] Running pipeline [<datalad_crawler.nodes.s3.crawl_s3 object at 0x7f5397a1b668>, switch(default=None, key='datalad_action', mapping=<<{'directory': [assign(...>>, re=False)] 
[ERROR  ] Failed to unlock the collection! [SecretService.py:get_preferred_collection:61] (KeyringLocked) 
Exception ignored in: <bound method AnnexRepo.__del__ of <AnnexRepo path=/home/homeGlobal/tkadelka/hcp (<class 'datalad.support.annexrepo.AnnexRepo'>)>>
Traceback (most recent call last):
  File "/home/homeGlobal/tkadelka/env/datalad-crawler/datalad.git/datalad/support/annexrepo.py", line 365, in __del__
AttributeError: 'NoneType' object has no attribute 'debug'
Full traceback 
DATALAD_RUNTIME_RAISEONERROR=1 datalad --dbg crawl
[INFO   ] Loading pipeline specification from ./.datalad/crawl/crawl.cfg 
[INFO   ] Creating a pipeline for the hcp-openaccess bucket 
[INFO   ] Running pipeline [<datalad_crawler.nodes.s3.crawl_s3 object at 0x7f50bafeba20>, switch(default=None, key='datalad_action', mapping=<<{'commit': <function A...>>, re=False)] 
Traceback (most recent call last):
  File "/home/homeGlobal/tkadelka/env/datalad-crawler/bin/datalad", line 8, in <module>
    main()
  File "/home/homeGlobal/tkadelka/env/datalad-crawler/datalad.git/datalad/cmdline/main.py", line 500, in main
    ret = cmdlineargs.func(cmdlineargs)
  File "/home/homeGlobal/tkadelka/env/datalad-crawler/datalad.git/datalad/interface/base.py", line 643, in call_from_parser
    ret = cls.__call__(**kwargs)
  File "/home/homeGlobal/tkadelka/env/datalad-crawler/datalad-crawler/datalad_crawler/crawl.py", line 130, in __call__
    output = run_pipeline(pipeline, stats=stats)
  File "/home/homeGlobal/tkadelka/env/datalad-crawler/datalad-crawler/datalad_crawler/pipeline.py", line 114, in run_pipeline
    output = list(xrun_pipeline(*args, **kwargs))
  File "/home/homeGlobal/tkadelka/env/datalad-crawler/datalad-crawler/datalad_crawler/pipeline.py", line 194, in xrun_pipeline
    for idata_out, data_out in enumerate(xrun_pipeline_steps(pipeline, data_in, output=output_sub)):
  File "/home/homeGlobal/tkadelka/env/datalad-crawler/datalad-crawler/datalad_crawler/pipeline.py", line 270, in xrun_pipeline_steps
    for data_ in data_in_to_loop:
  File "/home/homeGlobal/tkadelka/env/datalad-crawler/datalad-crawler/datalad_crawler/nodes/s3.py", line 125, in __call__
    _ = downloader.get_status(url)  # just to authenticate and establish connection
  File "/home/homeGlobal/tkadelka/env/datalad-crawler/datalad.git/datalad/downloaders/base.py", line 603, in get_status
    return self.access(self._get_status, url, old_status=old_status, **kwargs)
  File "/home/homeGlobal/tkadelka/env/datalad-crawler/datalad.git/datalad/downloaders/base.py", line 141, in access
    used_old_session = self._establish_session(url, allow_old=allow_old_session)
  File "/home/homeGlobal/tkadelka/env/datalad-crawler/datalad.git/datalad/downloaders/s3.py", line 196, in _establish_session
    self._bucket = self.authenticator.authenticate(bucket_name, self.credential)
  File "/home/homeGlobal/tkadelka/env/datalad-crawler/datalad.git/datalad/downloaders/s3.py", line 78, in authenticate
    credentials = credential()
  File "/home/homeGlobal/tkadelka/env/datalad-crawler/datalad.git/datalad/downloaders/credentials.py", line 149, in __call__
    v = self._keyring.get(name, f)
  File "/home/homeGlobal/tkadelka/env/datalad-crawler/datalad.git/datalad/support/keyring_.py", line 51, in get
    return self._keyring.get_password(self._get_service_name(name), field)
  File "/home/homeGlobal/tkadelka/env/datalad-crawler/lib/python3.5/site-packages/keyring/core.py", line 55, in get_password
    return _keyring_backend.get_password(service_name, username)
  File "/home/homeGlobal/tkadelka/env/datalad-crawler/lib/python3.5/site-packages/keyring/backends/chainer.py", line 43, in get_password
    password = keyring.get_password(service, username)
  File "/home/homeGlobal/tkadelka/env/datalad-crawler/lib/python3.5/site-packages/keyring/backends/SecretService.py", line 67, in get_password
    collection = self.get_preferred_collection()
  File "/home/homeGlobal/tkadelka/env/datalad-crawler/lib/python3.5/site-packages/keyring/backends/SecretService.py", line 61, in get_preferred_collection
    raise KeyringLocked("Failed to unlock the collection!")
keyring.errors.KeyringLocked: Failed to unlock the collection!

> /home/homeGlobal/tkadelka/env/datalad-crawler/lib/python3.5/site-packages/keyring/backends/SecretService.py(61)get_preferred_collection()
-> raise KeyringLocked("Failed to unlock the collection!")

This is running on a server that has no desktop environment installed.
@kyleam
Copy link
Collaborator

kyleam commented Jul 11, 2019

[ I know nothing about the keyring package and very little about DataLad's credential handling. I'd guess @yarikoptic will be able to give a more informed response. ]

This is running on a server that has no desktop environment installed.

It seems like more work would be needed to get keyring working in that environment: https://keyring.readthedocs.io/en/latest/index.html#using-keyring-on-headless-linux-systems.

Perhaps a workaround would be to specify the credentials through an environment variable?

datalad/datalad@d4a5db9

Also, could you provide output from datalad wtf?

@yarikoptic
Copy link
Member

thanks for asking and sorry for the pains -- we should improve all this keyring handling and documentation.

we indeed use keyring module with the default to choose the "most appropriate credential store" for the system. E.g. if it is a linux with Gnome3 , you could find "Passwords and Keys" application and see your keystore in there, probably locked. Upon initial invocation keyring should initiate its unlock, you unlock, and subsequent call should work out...

On a remote server, if no X forwarding was setup for your session, it should have used some alternative secure storage backend, it should have worked :-/

What I did, awhile back, to avoid messing with autoselection etc on a remote server is to follow keyring docs to establish simple file based keyring (see e.g. https://pypi.org/project/keyring/#config-file-path). Here is a walkthrough:

  1. figure out where keyring is looking for a config file:
$> python -c "import keyring.util.platform_; print(keyring.util.platform_.config_root())"
/home/yoh/.local/share/python_keyring
  1. make a config file specifying the backend:
$> cat /home/yoh/.local/share/python_keyring/keyringrc.cfg 
[backend]
default-keyring=keyrings.alt.file.PlaintextKeyring

and then when you try, it should generate file like /home/yoh/.local/share/python_keyring/keyring_pass.cfg where it would store the credentials.

@TobiasKadelka TobiasKadelka mentioned this issue Jul 12, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yarikoptic @kyleam @TobiasKadelka