Error loading data using Enterprise Edition

#1

Hi there,

I created a poc graph using dev edition and it works as expected. Now I am moving on to the Enterprise Edition. I installed the Enterprise 3.0.5 free edition on a Ubuntu VM, applied the license from install_conf.json thru the admin GUI, it shows valid after the update.

I then tried to run the same gsql to create vertices/edges and load data. However, I got the following error. The same set of data/gsql works on the dev edition or the Enterprise Edition on docker. Any advice?

(removed some info for size limitation)

     --- Version --- 
    TigerGraph version: 3.0.5
    product          release_3.0.5_10-01-2020         afafe5e703beee639d6effe49f58446e91ba33cb  2020-07-27 11:57:50 -0700
...

[INFO] EOL = 
    (10)
    ==============args==================
    sep_str: 
    (char) sep = ,
    eol_str: 
    (char) eol = 

    job_name_or_path: battleMap_loadSink
    path: 
    input_files: 
    is_directory: 208
    ignoreheader: 0
    progress_file: /home/tigergraph/tigergraph/log/restpp/restpp_loader_logs/battleMap/battleMap.loadSink.file.m1.1603678649691.progress
    configFileName: /home/tigergraph/tigergraph/data/files/tg.cfg
    partition: 1
    replica: 1
    gsql_pipe_fd: -1
    concurrency: 256
    batch_size: 8192
    gsql_pipe_name: 
    transactional: 0
    skipNLines: -1
    firstNLines: -1
    ====================================
    Cannot bind to ipc:///var/tmp/tigergraph/tigergraph/gsql_2633 StatusHubAgentServer won't start
    WARNING: Logging before InitGoogleLogging() is written to STDERR
    I1026 02:17:30.117605  2633 config.cpp:183] Queue infos:
    I1026 02:17:30.117704  2633 config.cpp:185] queue name:delta_queue topic:Topic: deltaQ
     source: GPE
     target: GPE

    I1026 02:17:30.117712  2633 config.cpp:185] queue name:get_request_queue topic:Topic: get_requestQ
     source: GPE
     target: GPE
    GPE_1_1: tcp://127.0.0.1:7502

     source: RESTPP
     target: GPE
    GPE_1_1: tcp://127.0.0.1:7502

     source: RESTPP-LOADER
     target: GPE
    GPE_1_1: tcp://127.0.0.1:7502

     source: KAFKA-LOADER
     target: GPE
    GPE_1_1: tcp://127.0.0.1:7502

    I1026 02:17:30.117718  2633 config.cpp:185] queue name:id_request_queue_query topic:Topic: id_requesQ_QUERY
     source: GPE
     target: GSE
    GSE_1_1: tcp://127.0.0.1:6500

     source: RESTPP
     target: GSE
    GSE_1_1: tcp://127.0.0.1:6500

     source: RESTPP-LOADER
     target: GSE
    GSE_1_1: tcp://127.0.0.1:6500

     source: KAFKA-LOADER
     target: GSE
    GSE_1_1: tcp://127.0.0.1:6500

    I1026 02:17:30.117724  2633 config.cpp:185] queue name:id_response_queue_query topic:Topic: id_responseQ_QUERY
     source: GSE
     target: GPE
    GPE_1_1: tcp://127.0.0.1:7500

     source: GSE
     target: RESTPP
    RESTPP_1_1: tcp://127.0.0.1:5500

     source: GSE
     target: RESTPP-LOADER
    RESTPP-LOADER_1_1: tcp://127.0.0.1:8501

     source: GSE
     target: KAFKA-LOADER
    KAFKA-LOADER_1_1: tcp://127.0.0.1:9501

    I1026 02:17:30.117749  2633 config.cpp:185] queue name:response_queue topic:Topic: responseQ
     source: GPE
     target: GPE
    GPE_1_1: tcp://127.0.0.1:7501

     source: GPE
     target: RESTPP
    RESTPP_1_1: tcp://127.0.0.1:5400

     source: GPE
     target: RESTPP-LOADER
    RESTPP-LOADER_1_1: tcp://127.0.0.1:8401

     source: GPE
     target: KAFKA-LOADER
    KAFKA-LOADER_1_1: tcp://127.0.0.1:9401

    I1026 02:17:30.118805  2633 completion_queue_manager.cpp:18] Client CQManager(0x7fdf5b2cc6e0) constructing
    D1026 02:17:30.119298977    2633 env_linux.c:77]             Warning: insecure environment read function 'getenv' used
    I1026 02:17:30.121806  2633 gdict.cpp:293] Dictionary initialize start
    2020-10-26 02:17:30,121:2633(0x7fdf60537340):ZOO_INFO@log_env@1102: Client environment:zookeeper.version=zookeeper C client 3.5.8
    2020-10-26 02:17:30,121:2633(0x7fdf60537340):ZOO_INFO@log_env@1106: Client environment:host.name=badf32e1527b
    2020-10-26 02:17:30,121:2633(0x7fdf60537340):ZOO_INFO@log_env@1113: Client environment:os.name=Linux
    2020-10-26 02:17:30,121:2633(0x7fdf60537340):ZOO_INFO@log_env@1114: Client environment:os.arch=4.19.76-linuxkit
    2020-10-26 02:17:30,121:2633(0x7fdf60537340):ZOO_INFO@log_env@1115: Client environment:os.version=#1 SMP Tue May 26 11:42:35 UTC 2020
    2020-10-26 02:17:30,122:2633(0x7fdf60537340):ZOO_INFO@log_env@1123: Client environment:user.name=tigergraph
    I1026 02:17:30.122148  2687 completion_queue_manager.cpp:89] Client CompletionQueue (0x7fdf5b3222e0) begin processing.
    2020-10-26 02:17:30,122:2633(0x7fdf60537340):ZOO_INFO@log_env@1131: Client environment:user.home=/home/tigergraph
    2020-10-26 02:17:30,122:2633(0x7fdf60537340):ZOO_INFO@log_env@1143: Client environment:user.dir=/home/tigergraph/tigergraph/app/3.0.5/bin
    2020-10-26 02:17:30,122:2633(0x7fdf60537340):ZOO_INFO@zookeeper_init_internal@1186: Initiating client connection, host=127.0.0.1:19999 sessionTimeout=30000 watcher=0x72cb80 sessionId=0 sessionPasswd=<null> context=0x7fdf5b254000 flags=0
    2020-10-26 02:17:30,122:2633(0x7fdefabff700):ZOO_INFO@check_events@2473: initiated connection to server [127.0.0.1:19999]
    2020-10-26 02:17:30,124:2633(0x7fdefabff700):ZOO_INFO@check_events@2525: session establishment complete on server [127.0.0.1:19999], sessionId=0x1000043cb0f0007, negotiated timeout=30000 
    I1026 02:17:30.124940  2689 zookeeper_context.cpp:203] Root Watcher SESSION_EVENT state = CONNECTED_STATE for path: NA
    I1026 02:17:30.124958  2689 zookeeper_context.cpp:74] ZooKeeper Connection is setup. Session id: 1000043cb0f0007, previous client id:0
    I1026 02:17:30.124975  2689 zookeeper_watcher.cpp:314] Zk Session connected, notifying watchers
    I1026 02:17:30.124984  2689 zookeeper_watcher.cpp:321]   --> Number of watchers: 0
    I1026 02:17:30.124989  2689 zookeeper_watcher.cpp:322]   --> Callback time used(us): 5
    I1026 02:17:30.173662  2633 heartbeat_client.cpp:440] CLIENT: resolved server address: 127.0.0.1:17797
    I1026 02:17:30.173698  2633 channel_pool.cpp:11] Create channel for target: 127.0.0.1:17797
    I1026 02:17:30.175642  2633 async_client.cpp:46] Connected to 127.0.0.1:17797. ChannelState:2
    W1026 02:17:30.175704  2633 heartbeat_client.cpp:467] CLIENT: Detect server update, old server: , new server: 127.0.0.1:17797. Tried to start client session, session: 0x25fa648 state:CLIENT_SESSION_ISSUED rc: kOk
    I1026 02:17:30.176069  2687 heartbeat_client.cpp:342] ClientSession is issued. Session 0x25fa648 Server:127.0.0.1:17797
    I1026 02:17:30.176375  2691 single_thread_worker.cpp:85] SingleThreadWorker start: HeartbeatClient
    I1026 02:17:30.176414  2691 client_watcher_manager.cpp:31] Reconnect session, re-watch all paths. size:0
    I1026 02:17:30.185927  2633 gdict.cpp:340] Dictionary initialize succeed, took 64 milliseconds
    E1026 02:17:30.200398  2633 gconfig_general.cpp:284] Graph battleMap failed to get end points. List endpoints files failed. rc:kNotFound
    E1026 02:17:30.221669  2633 gconfig_general.cpp:284] Graph battleMap failed to get end points. List endpoints files failed. rc:kNotFound

    02:17:30.186499 restppconfig.cpp:181] Engine_RefreshConfig|Start RefreshServerConfig
    02:17:30.219554 restppconfig.cpp:259] Engine_RefreshGraphSchemaCatalog|| rc.Ok() = 1
    02:17:30.219560 restppconfig.cpp:188] Engine_RefreshConfig|Start RefreshEndpoints
    02:17:30.222222 restppconfig.cpp:194] Engine_RefreshConfig|Start RefreshLoadingJobs
    02:17:30.222226 restppconfig.cpp:270] Engine_RefreshLoadingJobs|received start
    02:17:30.222228 restppconfig.cpp:277] Engine_RefreshLoadingJobs|received end
    02:17:30.223301 restppconfig.cpp:315] Engine_LJM|Registered 1 loading jobs with total parsing JSON time: 0 (ms) and total register job time : 1 (ms)
    02:17:30.223306 restppconfig.cpp:200] Engine_RefreshConfig|Finish Catalog Refresh
    02:17:30.223310 restppconfig.cpp:217] Engine_RefreshConfig|
    Refresh graphCatalogYamlNode and schema_node success

    02:17:30.223311 restppconfig.cpp:233] Engine_RefreshConfig|
    Refresh Auth start

    02:17:30.223313 restppconfig.cpp:242] Engine_RefreshConfig|
    Finish Refresh Auth

    02:17:30.223314 restppconfig.cpp:243] Engine_RefreshConfig|
    Finish All ConfigRefresh

    02:17:30.225907 gtimer.cpp:78] MessageQueue|Kafka|CreateWriter|loading-logLog folder at /home/tigergraph/tigergraph/log/fileLoader
    ENTERPRISE_EDITION
    E1026 02:17:30.313616  2633 zookeeper_context.cpp:1053] Recursive delete /tigergraph/dict/objects/__services/RESTPP-LOADER/_runtime_nodes/RESTPP-LOADER_1_1 failed. PathCount:1 Rc:no node
    ENTERPRISE_EDITION
    ENTERPRISE_EDITION
    ENTERPRISE_EDITION
    [INFO] yamlfromfile = 0, with args.job_name_or_path = battleMap_loadSink
    filename = /home/tigergraph/tigergraph/log/restpp/restpp_loader_logs/battleMap/battleMap.loadSink.file.m1.1603678649691.progress, progress size = 665
    write: filename = /home/tigergraph/tigergraph/log/restpp/restpp_loader_logs/battleMap/battleMap.loadSink.file.m1.1603678649691.progress, mem = {"commandStr":"/home/tigergraph/tigergraph/app/3.0.5/bin//tg_app_fileldr  --job battleMap_loadSink --totalTask 1 --config /home/tigergraph/tigergraph/data/files/tg.cfg --progress /home/tigergraph/tigergraph/log/restpp/restpp_loader_logs/battleMap/battleMap.loadSink.file.m1.1603678649691.progress --jobid battleMap.loadSink.file.m1.1603678649691","config_list":[{"EOL":"\\n","HEADER":"true","QUOTE":"double","SEPARATOR":",","TRANSACTION":"false","filename":"f","path":"/home/tigergraph/mydata/RussRogers.0.4/./dataStores.csv"}],"graph_name":"battleMap","machine_id":1,"version":"v1"}
    /home/tigergraph/mydata/RussRogers.0.4/./dataStores.csv

    offset_line = 1, offset_line_ = 1, skipNLines = -1, firstNLines = -1
    line_count = 1
    [INFO] Start loading /home/tigergraph/mydata/RussRogers.0.4/./dataStores.csv, LineBatch = 8192, LineOffset = 1, ByteOffset = 30
    E1026 02:17:30.326167  2706 gbrain_service.cpp:458] Cannot watch path: /tigergraph/dict/objects/__services/RLS-GSE/_runtime_nodes, zk rc: -101
    E1026 02:17:30.326189  2706 gbrain_service_manager.cpp:133] Can not Register watcher for SingleServiceManager, path: /__services/RLS-GSE/_runtime_nodes, rc: kNotFound
    E1026 02:17:30.326656  2706 gbrain_service.cpp:458] Cannot watch path: /tigergraph/dict/objects/__services/RLS-GSE/_static_nodes, zk rc: -101
    E1026 02:17:30.326673  2706 gbrain_service_manager.cpp:147] Can not Register watcher for SingleServiceManager, path: /__services/RLS-GSE/_static_nodes, rc: kNotFound
    E1026 02:17:30.327724  2706 gbrain_service_manager.cpp:210] Can not read nodes from service: RLS-GSE, node type: static nodes, error: kNotFound
    <repeated many times....>
   
    E1026 02:27:30.478688  2712 ioutil.cpp:201] [ERROR] LoadingCallback response: {"error":true,"message":"The query didn't finish because it exceeded the query timeout threshold (600 seconds). To increase the query time, please check the error code for details.","results":[],"code":"REST-3002"}
    Opening TokenBank.so
    [ABORTED] loading is aborted, head = 1, tail = 1

    /home/tigergraph/mydata/RussRogers.0.4/./dataStores.csv[ERROR] Loading aborted, finished loading first 1 lines (guaranteed)
    destroy worker
    Loading /home/tigergraph/mydata/RussRogers.0.4/./dataStores.csv failed.
    E1026 02:27:32.434418  2633 brain_daemon.cpp:187] Daemon @127.0.0.1:1000 is begin deleted without being shot down first. Daemon type: RESTPP-LOADER_1

    02:27:32.434965 brain_daemon.cpp:524] Daemon @127.0.0.1:1000 is begin stopped without being UP. Current state is 0. Ignoring stop command.I1026 02:27:32.851686  2633 gdict.cpp:348] Dictionary un-initialize start
    I1026 02:27:33.272034  2691 single_thread_worker.cpp:92] SingleThreadWorker stop: HeartbeatClient
    W1026 02:27:33.272354  2633 zookeeper_context.cpp:923] Disconnect from ZooKeeper now
    W1026 02:27:33.273217  2687 heartbeat_client.cpp:51] Session read OnError with 127.0.0.1:17797. Try to stop client session 0x25fa648.
    I1026 02:27:33.273294  2687 heartbeat_client.cpp:265] Canceling client session. Session 0x25fa648 leaving from CLIENT_SESSION_SETUP to CLIENT_SESSION_EXPIRED. Statistics:{ SessionSetupCount: 1, SessionRecoverCount: 0, SessionWriteIssueCount: 603, SessionWriteFinsihCount: 603, SessionReadIssueCount: 604, SessionReadFinsihCount: 604 }
    2020-10-26 02:27:33,273:2633(0x7fdf60537340):ZOO_INFO@zookeeper_close@3325: Closing zookeeper sessionId=0x1000043cb0f0007 to [127.0.0.1:19999]

    2020-10-26 02:27:33,274:2633(0x7fdf60537340):ZOO_INFO@zookeeper_close@3347: Freeing zookeeper resources for sessionId=0x1000043cb0f0007

    I1026 02:27:33.274670  2633 zookeeper_watcher.cpp:326] Zk Session Disconnected, notifying watchers
    I1026 02:27:33.274690  2633 zookeeper_watcher.cpp:332]   --> Number of watchers notified: 1
    I1026 02:27:33.274696  2633 zookeeper_watcher.cpp:333]   --> Callback time used(us): 12
    W1026 02:27:33.274714  2633 zookeeper_context.cpp:174] ZookeeperContext destructed, this: 0x7fdf5b254000
    I1026 02:27:33.274724  2633 brain_daemon.cpp:628] BrainDaemon session watcher destruction.
    I1026 02:27:33.373507  2687 completion_queue_manager.cpp:108] Client CompletionQueue (0x7fdf5b3222e0) quit.
    I1026 02:27:33.373944  2633 completion_queue_manager.cpp:74] CQManager(0x7fdf5b2cc6e0) stopped.
    I1026 02:27:33.373978  2633 completion_queue_manager.cpp:27] Client CQManager(0x7fdf5b2cc6e0) destructing

    02:27:32.435469 kafka_message.cpp:74] Comm_Kafka|MessageQueue|Kafka|Close|
    02:27:33.275202 brain_daemon.cpp:643] Comm_Daemon|BrainDaemon zk connection disconnected.MessageQueue|ZMQ|Context_Destory
    MessageQueue|ZMQ|Context_Destory

    02:27:33.376444 gcleanup.cpp:327] System_GCleanUp
    02:27:33.376454 gcleanup.cpp:327] System_GCleanUp|Thread #1 exited.|Thread #0 exited.
    02:27:33.376510 gcleanup.cpp:327] System_GCleanUp|Thread #2 exited.
    02:27:33.376563 gcleanup.cpp:327] System_GCleanUp|Thread #3 exited.
    02:27:33.377312 gcleanup.cpp:128] System_GCleanUp|Finished
#2

@John_Chen

Is your data file path valid?

/home/tigergraph/mydata/RussRogers.0.4/./dataStores.csv

#3

Hi Bruno,

The path is valid. The issue is with enabling HTTPS - here is the details:

  • Use HTTP: gsql (including schema definition and data loading) works well.
  • Use HTTPS: gsql (same gsql, same dir, same data) fails.

I suspect the REST call for loading data is not working b/c HTTPS is enabled. Thoughts?

Also, it doesn’t seem I can set port 443 using tigergraph.
gadmin config set Nginx.Port 443
[ Error] ParameterErr (failed to set config Nginx.Port; key Nginx.Port validation failed with value [443]; value 443 is not in expected range: [1024, 65535])

when using root:
/home/tigergraph/tigergraph/app/cmd/gadmin config set Nginx.Port 443
./gadmin config set Nginx.Port 443
ExternalError (Failed to get the APP root from config; open /root/.tg.cfg: no such file or directory)

#4

Oh I see. You are using tigergraph user, the port numbers from 1 to 1023 are restricted for root user only and we can not assign those ports without having root access. There is a workaround, using iptables and port forwarding. You leave your GraphStudio port on 14240 and redirect it to 443.

sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -A OUTPUT -o lo -p tcp --dport 443 -j REDIRECT --to-port 14240
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 14240

If you need this permanently use a systemd script:
sudo vi /etc/systemd/system/tg_https_fwd.service

[Unit]
Description=https 443 to 14240 fwd skript
[Service]
ExecStart=/usr/bin/tg_https_fwd.sh
[Install]
WantedBy=multi-user.target

And then create the shell script to start with the boot process:
sudo nano /usr/bin/tg_https_fwd.sh

#!/bin/bash
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A OUTPUT -o lo -p tcp --dport 443 -j REDIRECT --to-port 14240
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 14240

Change the rights and enable it for auto start:
sudo chmod 755 /usr/bin/tg_https_fwd.sh
systemctl enable tg_https_fwd

Bruno

#5

Thanks Bruno, this makes sense!

How about not being able to run load queries (schema ddl works fine) on HTTPS? Is it related to REST++ auth? I double checked: gadmin config set RESTPP.Factory.EnableAuth => false

I am reading https://docs.tigergraph.com/admin/admin-guide/user-access-management/user-privileges-and-authentication but haven’t found the answer yet.

Thanks,
John

#6

Port 9000 is not automatically enabled for https. Can you show me an example of your REST call?

#7
  • use curl on HTTPS as the tigergraph user
  • since I can enable HTTPS for GraphStudio GUI, I believe the cert is correctly applied.
    curl --user tigergraph:tigergraph -X POST 'https://localhost:14240/gsqlserver/interpreted_query?a=10' -d ' INTERPRET QUERY (int a) FOR GRAPH battleMap { PRINT a; } '
    **curl: (77) Problem with the SSL CA cert (path? access rights?)**
  • use HTTP
        tigergraph@fd4e182c1fbd:~$ curl --user tigergraph:tigergraph -X POST 'localhost:14240/gsqlserver/interpreted_query?a=10' -d ' INTERPRET QUERY (int a) FOR GRAPH battleMap { PRINT a; } '

        <html>
        <head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
        <body>
        <center><h1>400 Bad Request</h1></center>
        <center>The plain HTTP request was sent to HTTPS port</center>
        <hr><center>nginx/1.16.1</center>
        </body>
        </html>
#8

@John_Chen Can you please try if using curl with allowing insecure SSL connection would work (-k)?
vvv is just to get more detailed information.

curl -kvvv --user tigergraph:tigergraph -X POST ‘https://localhost:14240/gsqlserver/interpreted_query?a=10’ -d ’ INTERPRET QUERY (int a) FOR GRAPH battleMap { PRINT a; } ’

you can check your certificate trust using this call:

curl -kvvv https://localhost:14240

I think the issue is not the certificate itself but the trust (.pem) part of it - it seems to be missing when curl tries to make a connection.

Bruno

#9

Hi Bruno,

The two curl commands give the same error, so I post the result of the simpler command here. The key thing is
error reading ca cert file /etc/ssl/certs/ca-certificates.crt (Error while reading file.).

So the curl is not reading my cert specified by gadmin config set Nginx.SSL.Cert "@/home/tigergraph/mydata/cert/localhost-public.crt"

    curl -kvvv https://localhost:14240
    * Rebuilt URL to: https://localhost:14240/
    *   Trying 127.0.0.1...
    * Connected to localhost (127.0.0.1) port 14240 (#0)
    * error reading ca cert file /etc/ssl/certs/ca-certificates.crt (Error while reading file.)
    * found 0 certificates in /etc/ssl/certs
    * ALPN, offering http/1.1
    * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
    * 	 server certificate verification SKIPPED
    * 	 server certificate status verification SKIPPED
    * error fetching CN from cert:The requested data were not available.
    * 	 common name:  (matched)
    * 	 server certificate expiration date OK
    * 	 server certificate activation date OK
    * 	 certificate public key: RSA
    * 	 certificate version: #3
    * 	 subject: C=US,ST=Minnesota,L=Plymouth,O=UnitedHealth Group Inc.
    * 	 start date: Wed, 28 Oct 2020 17:16:54 GMT
    * 	 expire date: Thu, 28 Oct 2021 17:16:54 GMT
    * 	 issuer: C=US,ST=Minnesota,L=Minneapolis,O=Optum,CN=OptumInternalIssuingCA2
    * 	 compression: NULL
    * ALPN, server accepted to use http/1.1
    > GET / HTTP/1.1
    > Host: localhost:14240
    > User-Agent: curl/7.47.0
    > Accept: */*
    >
    < HTTP/1.1 200 OK
    < Server: nginx/1.16.1
    < Date: Thu, 29 Oct 2020 12:48:46 GMT
    < Content-Type: text/html
    < Content-Length: 694
    < Last-Modified: Tue, 28 Jul 2020 01:37:57 GMT
    < Connection: keep-alive
    < ETag: "5f1f8175-2b6"
    < X-Frame-Options: SAMEORIGIN
    < Accept-Ranges: bytes
    <
    <!doctype html>
    <html lang="en">
    <head>
      <meta charset="utf-8">
      <title>GraphStudio</title>
      <base href="/">

      <meta name="viewport" content="width=device-width, initial-scale=1">
      <link rel="icon" type="image/x-icon" href="favicon.ico">
    <link rel="stylesheet" href="styles.2aceb85b86d5143261d6.css"></head>
    <body class="mat-typography">
      <app-root></app-root>
    <script type="text/javascript" src="runtime.da1e09fc88587752ad34.js"></script><script type="text/javascript" src="polyfills.349072347a52d91ca4e9.js"></script><script type="text/javascript" src="scripts.7522843f73b22e9165d1.js"></script><script type="text/javascript" src="main.cb54a25591c1b95c0924.js"></script></body>
    </html>
    * Connection #0 to host localhost left intact
#10

this above should work since it is ignoring the invalid certificate.

Can you please check if ca-bundle package is installed?

#11

Hi Bruno,

It doesn’t seem ca-bundle package is installed.
dpkg -s ca-bundle
dpkg-query: package ‘ca-bundle’ is not installed and no information is available

After installation, I suppose I also need to add my crt to the root certs?
https://support.nmi.com/hc/en-gb/articles/360021544791-How-to-Check-If-the-Correct-Certificates-Are-Installed-on-Linux#Checking%20Certificates.

#12

Correct. Install ca-bundle and add your CA to it. You may need to recreate the ca-trust, depending on a distro you are running.