Python 客户端 GRPC 与 AWS 的不安全连接问题

Question

I am facing a problem with GRPC and a python client.

Here is what I have:

import grpc
import base64
from grpc_requests import StubClient
from client_pb2_grpc import ClientServiceStub
import client_pb2
import os


# Client snippet
server_port = 443
server_host = 'AWS host'

# create channel insecure
channel = grpc.insecure_channel('{}:{}'.format(server_host, server_port))
stub = ClientServiceStub(channel)


print("----------------------------------------------------------")

feature = stub.GetClientByCode(client_pb2.GetClientRequest(code="mycode"))

What I get all the time is:

I0420 12:57:40.628000000 26428 src/core/ext/filters/client_channel/client_channel.cc:1776] chand=000001A9014C0718: update: state=CONNECTING status=(OK) picker=000001A901545230
I0420 12:57:40.648000000 26428 src/core/ext/filters/client_channel/client_channel.cc:3177] chand=000001A9014C0718 calld=000001A9016014B0: creating dynamic call stack on channel_stack=000001A9015458D0
I0420 12:57:40.653000000 26428 src/core/ext/filters/client_channel/client_channel.cc:1183] chand=000001A9014C0718 dymamic_termination_calld=000001A901601800: create retrying_call=000001A901601860
I0420 12:57:40.656000000 26428 src/core/ext/filters/client_channel/client_channel.cc:4796] chand=000001A9014C0718 retrying_call=000001A901601860: create lb_call=000001A901A74FE0
I0420 12:57:40.659000000 26428 src/core/ext/filters/client_channel/client_channel.cc:5399] chand=000001A9014C0718 lb_call=000001A901A74FE0: LB pick returned QUEUE (subchannel=0000000000000000, error="No Error")
I0420 12:57:40.663000000 26428 src/core/ext/filters/client_channel/client_channel.cc:5323] chand=000001A9014C0718 lb_call=000001A901A74FE0: adding to queued picks list
I0420 12:57:40.701000000 26428 src/core/ext/filters/client_channel/client_channel.cc:2927] chand=000001A9014C0718 calld=000001A9016014B0: cancelling resolver queued pick: error="No Error" self=000001A9015E8F20 calld->resolver_pick_canceller=0000000000000000

I0420 12:57:41.139000000 26084 src/core/lib/surface/call.cc:586] grpc_call_unref(c=000001A901600B20)
I0420 12:57:41.141000000 26084 src/core/lib/surface/completion_queue.cc:1420] grpc_completion_queue_shutdown(cq=000001A97EF2F4C0)
I0420 12:57:41.144000000 26084 src/core/lib/surface/completion_queue.cc:1426] grpc_completion_queue_destroy(cq=000001A97EF2F4C0)
I0420 12:57:41.146000000 26084 src/core/lib/surface/completion_queue.cc:1420] grpc_completion_queue_shutdown(cq=000001A97EF2F4C0)
Traceback (most recent call last):
  File ".\grpc_test.py", line 29, in <module>
    feature = stub.GetClientByCode(client_pb2.GetClientRequest(code="mycode"))
  File "C:\Users\Programs\Python\Python37\lib\site-packages\grpc\_channel.py", line 946, in __call__
    return _end_unary_response_blocking(state, call, False, None)
  File "C:\Users\AppData\Local\Programs\Python\Python37\lib\site-packages\grpc\_channel.py", line 849, in _end_unary_response_blocking
    raise _InactiveRpcError(state)
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
        status = StatusCode.UNAVAILABLE
        details = "failed to connect to all addresses"
        debug_error_string = "{"created":"@1618916261.039000000","description":"Failed to pick subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":5420,"referenced_errors":[{"created":"@1618916261.000000000","description":"failed to connect to all addresses","file":"src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc","file_line":398,"grpc_status":14}]}"
>

Do you have any hint? I have read that most of the people that face the same problem, is normally related with ports. I tried this same instruction with grpcurl, adding an authority (but in python i got some problems with this stuf...)

Thanks in advance.

Answer 1

You may want to post other parts of the trace log. To debug this issue, we need to:

• Check if the name resolution worked, there should be a log saying the given address has been resolved into ip:port;
• See why each address won't work, like the ip:port is not reachable.

If the problem still can't be solved, I would recommend to post issues to https://github.com/grpc/grpc/issues .

Answer 2

Finally worked. Post solution:

import grpc
import base64
from grpc_requests import StubClient
from client_pb2_grpc import ClientServiceStub
import client_pb2
import os

server_port = 'port'
server_host = 'host'
ca_cert = '.pem'
auth = 'auth'
with open(ca_cert, 'rb') as f:
    trusted_certs = f.read()

credentials = grpc.ssl_channel_credentials(root_certificates=trusted_certs)
# make sure that all headers are in lowecase, otherwise grpc throws an exception
call_credentials = grpc.metadata_call_credentials(
    lambda context, callback: callback(((('Authorization', 'Bearer'), auth),), None))

#call_credentials = grpc.access_token_call_credentials("test_access_token")
composite_credentials = grpc.composite_channel_credentials(credentials, call_credentials)
channel = grpc.secure_channel('{}:{}'.format(server_host, server_port), composite_credentials)
stub = ClientServiceStub(channel)

response = stub.GetClientByCode(client_pb2.GetClientRequest(code="local"))

print("[~] Greeter client received: {}".format(response.message))

Moreover I needed to install the server certificate in my computer to have a secured connection.