Categorie archief: Linux

Pyinstaller – fixing – Dropbox python API SSL issue

When playing around with the python dropbox API to upload files, I ran into issues when trying to make a single executable using pyinstaller.

The error I received was similar as shown below:


I figured it had to do with the trusted-certs  file used by the dropbox API to validate its SSL connection to the dropbox servers.

To overcome this issue, I had to perform the below steps:

  1. First browse to your dropbox API folder and copy the trusted-certs.crt to another location

    In my case this was C:\Python27\Lib\site\packages\dropbox\

Copy trusted-certs.crt to d:\

   2. Stay in the dropbox api folder and open the file using your favorite editor program.

 3. Within file look for the section that starts with:

TRUSTED_CERT_FILE = pkg_resources.resource_filename(__name__, ‘trusted-certs.crt’)

change this to:

def resource_path(relative_path):

“”” Get absolute path to resource, works for dev and for PyInstaller “””


# PyInstaller creates a temp folder and stores path in _MEIPASS

base_path = sys._MEIPASS

except Exception:

base_path = os.path.abspath(“.”)

return os.path.join(base_path, relative_path)

TRUSTED_CERT_FILE = (resource_path(‘certs\\trusted-certs.crt’))

This will ensure that the dropbox API will look in the %temp% directory which the standalone .exe creates at runtime.

  4. Now you have to recompile rest.pyc so the dropbox API and pyinstaller use the changes made

Open python in CMD and run the following command (change the file path to fit your setup)

>>> import py_compile


5. The final step is to create a pyinstaller .spec file in which you tell pyinstaller to copy and include the                        trusted-certs.crt file in the %temp% directory where it also writes files needed by the program at run time.

Do the following:

Run pyinstaller using the “” file which you like to convert into a single exe file

In my case this is:


This will create a find-copy.spec file within the running directory (d:\). Copy and rename this file to something else like           myprog.spec.

Open myprog.spec and modify the following. Make sure the trusted-cert.crt path reflects your situation!

a = Analysis([‘’],



             datas=[(‘d:/trusted-certs.crt’, ‘certs’)],








  6. You are no ready to re-run pyinstaller but this time specifying the myprog.spec file

In my case this looks like this:

Pyinstaller –F myprog.spec

  7. If all went well you should now have a working .exe file which copies and finds the required trusted-certs.crt         file needed by the dropbox API

Enjoy 😉

Linux (Centos) failover without a third-party load balance solution

In this article I describe the steps I followed in order to test a redundant Centos server setup. My goal was to create an Active/Passive Centos setup that could work without the use of any third-party load balance solutions.


Configuration steps (for each Centos LB server)

Enable yum repositories on server

# vi /etc/yum.repos.d/CentOSBase.repo

set enable to 1

Install Keepalived on both servers

# yum install keepalived

Configure keepalived config file

# vi /etc/keepalived/keepalived.conf

Set config similar to below and change state, interface, priority & virtual ip address accordantly:

[root@VLC-2 ~]# vi /etc/keepalived/keepalived.conf




notification_email_from Alexandre.Cassen@firewall.loc


smtp_connect_timeout 30

router_id LVS_DEVEL


vrrp_instance VI_1 {

state MASTER

interface eth0

virtual_router_id 51

priority 101

advert_int 1

authentication {

auth_type PASS

auth_pass 1111


virtual_ipaddress {



Start keepalived services

# service keepalived start

Check for newly created VIP address

[root@CEN-2 ~]# ip address show eth0

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

link/ether 00:0c:29:d1:08:f1 brd ff:ff:ff:ff:ff:ff

inet brd scope global eth0

inet scope global eth0

inet6 fe80::20c:29ff:fed1:8f1/64 scope link

valid_lft forever preferred_lft forever

[root@CEN-2 ~]#


Make Keepalived start at boot time

# chkconfig keepalived on


Configuration steps (on Master only!)

Create a process monitoring script so eth0 is disabled when “your-process” stops running

Mkdir /scripts

# vi /scripts/

Create a similar script as shown below:


# your-process process monitoring script shutdown interface eth0

while :


CURRENT=$(status your-process | awk ‘{ print $2}’ | sed ‘s/,//g’)


if [ “$CURRENT” = “$THRESHOLD” ] ; then

logger -t your-process not compliant

ifconfig eth0 down



logger -t your-process compliant

sleep 15



Test the script is running by checking the /var/log/messages entries. This should look similar to this:

# tailf /var/log/messages

Oct 18 20:50:06 VLC1 puppet-agent[1666]: Finished catalog run in 22.05 seconds

Oct 18 20:50:07 VLC1 your-process: compliant

Oct 18 20:50:22 VLC1 your-process: compliant

Make start at boot time and run it as a background process so it will not intervene with the normal boot process of the VLC server

# vi /etc/init.d/



#Call your-process script and run in background

exec /scripts/ &



Change to obtain execution rights

# chmod +x

Make it run after the boot sequence

# echo /etc/init.d/ >> /etc/rc.local

Reboot the CentOS and check the process has started

# ps ax | grep your-process

1637 ?        S      0:00 /bin/bash /scripts/

4663 pts/0    S+     0:00 grep your-process


Although Keepalive and the process monitoring script are not ideal. They can be useful when you like to test or need to demonstrate a redundant setup with no access to third party solutions.

Your comments or thoughts are more than welcome!

How to resolve DNS queries using different DNS servers & without DNS forwarding

If you ever run in the issue were you have two different DNS servers that are both responsible to resolve different records and you are not allowed to configure DNS forwarding. You can use the following procedure on your Linux, Unix based distro:


  1. cd /usr/bin
  2. cp nslookup nslookup.orig
  3. rm nslookup
  4. vi nslookup

if [[ $HOSTNAME = 192.168.2* ]]; then

/usr/bin/nslookup.orig $HOSTNAME

elif [[ $HOSTNAME = *rsa.lab ]]; then

/usr/bin/nslookup.orig $HOSTNAME


/usr/bin/nslookup.orig $HOSTNAME


  1. chmod 777 nslookup

As a result, internal IP addresses staring with 192.168.2.* and hostnames containing *.rsa.lab where resolved by the DNS server with IP whilst everything else got resolved by the DNS server with IP