Error with requests for which authentication is required.

[evfratov]

Dear Support!

We are trying to use MinKNOW API to remotely acquire certain data from sequencers. To authenticate clients requesting the data we are going to use TLS certificates as described in documentation at minknow_api GitHub repo (https://github.com/nanoporetech/minknow_api/blob/master/AUTH.md). Currently we have generated self-signed certificate for a client, put it in the /opt/ont/minknow/conf/rpc-certs/ and trying make a request for which authentication is required. The certificate and corresponding private key were generated using «create_client_certificates.py» script in the same repo.

For the request below
# python3 extract_run_statistics.py --host 192.168.1.10 --port 9501 --position 1A --client-cert-chain=./my_client_cert.pem --client-key=./my_client_key.pem

we receive the following output:
...
_grpc._channel._InactiveRpcError: <InactiveRpcError of RPC that terminated with:
status = StatusCode.UNAVAILABLE
details = "failed to connect to all addresses; last error: UNAVAILABLE: ipv4:192.168.1.10:9501: Socket closed"
debug_error_string = "UNKNOWN:Error received from peer {created_time:"2024-01-11T15:46:30.468611", grpc_status:14, grpc_message:"failed to connect to all addresses; last error: UNAVAILABLE: ipv4:192.168.1.10:9501: Socket closed"}"

Could you provide any help regarding this error?

From the network perspective there is no problems - network access is granted to the client connecting to sequencer. Port 9501 is also opened on the sequencer.

There is also no problems with requests that do not require authentication. For example: using minknow_api we can acquire MinKNOW version, sequencing postitions status and other info that is provided by manager GRPC service without authentication.

Best regards and thank you for your help!

[pustoshilov-d]

@evfratov Hi!
Actually you should use conf/rpc-client-certs, not a conf/rpc-certs/
And also restart the machine/MinKNOW