Re: [HTCondor-users] Requests and HTCondor Python bindings seem to fight over certificate

[Todd Tannenbaum <tannenba@xxxxxxxxxxx>]

On 10/27/2015 2:15 AM, Iain Steers wrote:
> Hello,
>
> I've been writing a small python script that runs on the central
> manager.
>
> It extracts some statistics from our htcondor deployment and also
> queries our PuppetDB instance for some stats about the worker nodes.
>
> It uses the Python requests library to query puppetdb.
>
> In testing I've noticed that requests and the python-bindings work
> individually in their queries but as soon as both are used in the same
> script they seem to fight over the host certificate of the machine.
>
> [Errno 336265218] _ssl.c:341: error:140B0002:SSL
> routines:SSL_CTX_use_PrivateKey_file:system lib
>
> I've also replicated the exact same error using urllib2 in place of
> requests and the same thing happens.
>
> urllib2.URLError: <urlopen error [Errno 336265218] _ssl.c:341:
> error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib>
>
> IIRC HTCondor uses the globus libraries behind-the-scenes so maybe it's
> to do with the way they interact with the certificate.
>
> Can anyone shed any light?
>
> Thanks,

Just a guess, but is your Python script and attempting to communicate to 
both HTCondor (with GSI or SSL) and Puppet from different threads in the 
same process?  If so, perhaps there is thread safety problem, for 
instance perhaps the HTCondor client libraries that the Python interface 
uses are not thread safe with respect to OpenSSL and/or GSI.

regards
Todd