Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Retry on CondaSSLError. #127

Merged
merged 1 commit into from
Dec 16, 2024
Merged

Retry on CondaSSLError. #127

merged 1 commit into from
Dec 16, 2024

Conversation

bdice
Copy link
Contributor

@bdice bdice commented Dec 15, 2024

Description

This PR will retry conda commands on CondaSSLError.

Context

We have recently seen more SSL errors, like those we attempted to fix in rapidsai/cuml#6177 and rapidsai/cugraph#4825. However, we still observe SSL errors while downloading conda packages.

Errors look like this:

CondaSSLError: Encountered an SSL error. Most likely a certificate verification issue.

Exception: [SYS] unknown error (_ssl.c:2580)

In conda/conda#11564, CondaSSLError was split from CondaHTTPError. This was released in conda 4.14.0.

Currently it appears that all the errors in cuML's CI (sample nightly run) are either CondaSSLError or actual test failures (some are from Hypothesis, some are not). I hope this PR eliminates the CondaSSLError cases.

Alternatives

From https://stackoverflow.com/questions/31729076/conda-ssl-error, it seems there may be alternative solutions. I think we should add this retry either way, but we may be able to do more.

Copy link
Member

@jameslamb jameslamb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for working on this and for the thorough description!

I agree, we should add this retry logic. I've also observed that these are often resolved by a retry, which suggests that "certificates in the CI images are out of date" is not the only cause of this.

@bdice bdice merged commit 9915e90 into rapidsai:main Dec 16, 2024
1 check passed
@jakirkham
Copy link
Member

On the Conda side, certificates come from the ca-certificates package. This does repackage the certificates from certifi, but bundles them separate from any Python code

Also Conda does have a (configurable) list of packages it always checks for updates called, aggressive_update_packages, which includes ca-certificates

Note there was an update to to ca-certificates this weekend: conda-forge/ca-certificates-feedstock#70

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants