Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

invalid peer certificate: BadSignature when connecting to s3 from arm64/aarch64 #2551

Closed
geekodour opened this issue May 29, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@geekodour
Copy link

geekodour commented May 29, 2024

Just trying to connect to the delta lake on s3 fails when attempted from arm64/aarch64 machine, the same exact code and credentials work from amd64 machines(both host and docker images).

Environment

Delta-rs version:

> poetry show|rg "delta|polars|s3|fs|idna"
deltalake           0.17.4      Native Delta Lake Python binding based on d...
fsspec              2024.3.1    File-system specification
idna                3.7         Internationalized Domain Names in Applicati...
polars              0.20.25     Blazingly fast DataFrame library
s3fs                2024.3.1    Convenient Filesystem interface over S3
s3transfer          0.10.1      An Amazon S3 Transfer Manager

Binding:

Environment:

  • Cloud provider: Reproduced on ARM machines on AWS and Hetzner
  • OS: Linux 6.1.90 #1-NixOS SMP Thu May 2 14:29:32 UTC 2024 aarch64 GNU/Linux
  • Other:
    • This issue was reproduced on host ARM machines aswell as ARM docker images

Bug

What happened:

OSError: Generic S3 error: Error after 10 retries in 3.594594837s, max_retries:10, retry_timeout:180s, source:error sending request for url (https://s3.ap-south-1.amazonaws.com/<bucket_name>/<path1>/<path2>/_delta_log/_last_checkpoint): error trying to connect: invalid peer certificate: BadSignature

What you expected to happen:
I'd expect things to just work as it does in amd64. The AWS credentials are correct and are specified via env vars.

How to reproduce it:

from deltalake import DeltaTable
dt_info = {'type': 's3', 'path': 's3a://<bucket_name>/<path1>/<path2>', 'options': {'AWS_S3_LOCKING_PROVIDER': 'dynamodb', 'DELTA_DYNAMO_TABLE_NAME': '<table_name>'}}
dt = DeltaTable(dt_info["path"], storage_options=dt_info["options"])

More details:

# docker
RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates
RUN update-ca-certificates

# nixos host (installed the following package)
cacert

None of this is needed on amd64 images/hosts, things just work. To clarify, even after explicitly installing the certificate bundles like this things do not seem to be working. I am not sure what exactly is causing the issue here.

@geekodour geekodour added the bug Something isn't working label May 29, 2024
@rtyler
Copy link
Member

rtyler commented May 29, 2024

Thank you for the thorough bug report @geekodour! Nothing springs to mind as the culprit just yet, so let me see if I can reproduce this 🤔

@ion-elgreco
Copy link
Collaborator

Related issue #2511, will close so we keep one open

anton-at-cs added a commit to anton-at-cs/mage-ai that referenced this issue Oct 16, 2024
Working with Mage AI in a local environment on M1 Mac I faced the following error when trying to write data to datalake.

```
Generic S3 error: Error after 10 retries in 2.612435942s, max_retries:10, retry_timeout:180s, source:error sending request for url (https://s3..../_delta_log/_last_checkpoint): error trying to connect: invalid peer certificate: BadSignature
```
Seems it's a [known issue](delta-io/delta-rs#2551). And can be solved by upgrading deltalake lib to 0.18.2 version.

This PR updates deltalake version from 0.17.4 to the most recent 0.20.0., however [`overwrite_schema` parameter has been dropped](https://github.com/delta-io/delta-rs/releases#:~:text=fix%3A%20remove%20deprecated%20overwrite_schema%20configuration%20which%20has%20incorrect%20behavior%20by) since 0.18.0 due to

> fix: remove deprecated overwrite_schema configuration which has incorrect behavior
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants