I tried using the new Call Workflow Service with a workflow on KNIME Server. The connection works, I can execute the workflow on the server manually. The workflow contains one Workflow Service Input node.
I started by adding a KNIME Server Connector and the node works. I connected it to the Call Workflow Service node. I can open the configuration dialog and I can select a remote workflow.
However, the node fails to fetch the configuration from the remote workflow. I get a https related error that I do not really understand:
I checked the logs on the server and there is nothing related to the error. On client side there is only a log entry similar to the error message, no additional information.
I checked different workflows and always get the same error.
2021-12-22 23:33:23,330 : WARN : main : : WrappedNodeDialog : Call Workflow Service : 4:4 : failed to apply settings: Cannot apply configuration when workflow parameters could not be successfully fetched.
org.knime.core.node.InvalidSettingsException: Cannot apply configuration when workflow parameters could not be successfully fetched.
at org.knime.core.node.util.CheckUtils.checkSetting(CheckUtils.java:269)
at org.knime.core.node.util.CheckUtils.checkSetting(CheckUtils.java:219)
at org.knime.workflowservices.knime.caller.CallWorkflowNodeDialog.saveSettingsTo(CallWorkflowNodeDialog.java:279)
at org.knime.core.node.NodeDialogPane.internalSaveSettingsTo(NodeDialogPane.java:532)
at org.knime.core.node.NodeDialogPane$4.run(NodeDialogPane.java:766)
at org.knime.core.node.util.ViewUtils$3.run(ViewUtils.java:353)
at org.knime.core.node.util.ViewUtils$2.run(ViewUtils.java:155)
at java.desktop/java.awt.event.InvocationEvent.dispatch(Unknown Source)
at java.desktop/java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.desktop/java.awt.EventQueue$4.run(Unknown Source)
at java.desktop/java.awt.EventQueue$4.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.desktop/java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.desktop/java.awt.EventDispatchThread.run(Unknown Source)
at second inspection of the error message, I’m guessing this may be related to the SSL certificate that the KNIME Server has been given (see the answer of this stackoverflow question).
Should the http port (8080 by default) be active, could you run a test with http? Could you hover over the server mountpoint to check whether you login via http or https?
I’m also somewhat confused by only the Call Workflow Service not accepting the certificate.
You can set the canonical address of the KNIME Server, see com.knime.server.canonical-address in the WebPortal under Administration > Configuration, though this likely is correct already.
I could also imagine proxies being an issue here. Maybe the Call Workflow Service doesn’t use a possibly configured proxy. Could you check File > Preferences > General > Network Connections, whether any Proxy entries are ticked?
I don’t want to rule out that the certificate is checked with different standards than other connections. In this case, we’d need to look into the details of the certificate – maybe e.g. intermediate certificate authorities (CA’s) need to be added to the certificate chain, or some other detail is not quite right, which may take some time to locate and we would require more details about the exact error and certificate used. Hopefully it is just a proxy setting that is causing this.
There is no proxy unfortunately. Also, I changed the com.knime.server.canonical-address to the https URL but it does not change anything.
The only functionality that does not work is fetching the parameters in the Call Workflow Service node. In the configuration of that node I can see the list of remote workflows, refresh it, and select a workshop. Only the next step, fetching the parameters, throws an error.
Is it possible that there is a difference in the way how the request is handled in that particular function?
I would like to share more details but there is nothing in the logs except what I posted above. There is nothing about https/SSL in the stack trace. Is it possible to switch to more verbose logging mode?
I’ll reach out to our developers to see how the calls differ. For now I’m out of ideas though. I agree that this isn’t a state we should leave things. You can adjust the log level of your local, calling workflow under File > Preferences > KNIME (log file), or File > Preferences > KNIME > KNIME GUI (console view in KNIME). I’m not sure whether we’ll get more useful information from that though.
we discussed this with the developers today and we regularly run a lot of test in a HTTPS+SSL environment, where everything works fine. To me, this looks like something that needs fixing on the infrastructure level, rather than on the KNIME side.
very sorry for the sporadic replies. I’m sure openssl can give us some information on the certificate, but I haven’t gotten around to the details (neither the command, nor the needed information). I hope to be able to update you on this.
I too am struggling with the same issue with the Call Workflow Service… are there any updates on how to make this simpler to set up? I believe this node is still in Labs and shouldn’t be used in production at this time, right?
I’m afraid SSL certificates remain a fight, but I’m wondering whether this node really behaves differently to others. Does e.g. the GET Request node (you can e.g. access https://<server>/knime/rest/v4 (without tailing slash)) work, when you don’t select to ignore name mismatches?
Hi @marvin_kickuth, thanks for the update and sorry for the late reply.
The GET Request node works. All interaction with the KNIME Server works except for the Call Workflow Service.
Also, in the Call Workflow Service it only failes at the step where the workflow parameters are fetched. I can browse the list of workflows on the server.
That’s why I suspected that this specific function uses a different kind of connection/SSL configuration or similar.
