Apache Airflow Web服务器错误说SSL密钥文件不存在,即使那里没有一个

时间:2018-11-29 20:35:36

标签: python docker ubuntu ssl airflow

我对SSL,证书和密钥非常陌生,因此我非常感谢您的帮助,并认识到我可能犯了一个严重的错误。

我正在三台内部CentOS 7服务器上运行Docker Swarm。 Swarm部署了一部分自定义Docker映像,用于运行Apache Airflow 1.10.0(计划很快升级到1.10.1)。映像以基于Ubuntu的FROM python:3.5-slim开头。

我跟随this guide生成了一个自签名的CA,证书和密钥。我认为这对我的用例是合适的,因为这些服务器位于内部网络上,并且仅当团队成员在站点上或使用VPN时,Airflow Web服务器才能访问。

docker-compose.yml的一部分如下,以使容器可以访问证书和密钥:

version: 3.5
    services:
        [...]
    webserver:
        [...]
        volumes:
            - type: bind
              source: /root/ca/intermediate/certs
              target: /usr/local/airflow/intermediate/certs
            - type: bind
              source: /root/ca/intermediate/private
              target: /usr/local/airflow/intermediate/private

我将文件的所有者从容器中更改为容器中的airflow用户,以便应用程序可以读取它们。

相关的airflow.cfg如下:

[webserver]
base_url = http://localhost:443
web_server_host = 0.0.0.0
web_server_port = 443
web_server_ssl_cert = /usr/local/airflow/intermediate/certs/my_server.cert.pem
web_server_ssl_key = /usr/local/airflow/intermediate/private/my_server.key.pem

.cert.pem.key.pem文件在所有三台服务器上都相同。我这样做是因为我怀疑Docker Swarm路由网格将期望服务器之间的一致性。 (这是漏洞还是其他错误?)

Dockerfile还EXPOSE的端口443

但是,这是每当网络服务器尝试启动时出现的错误:

 Traceback (most recent call last):
 [2018-11-29 19:43:10 +0000] [36] [INFO] Starting gunicorn 19.9.0
   File "/usr/local/bin/gunicorn", line 11, in <module>
     sys.exit(run())
 Traceback (most recent call last):
   File "/usr/local/lib/python3.5/site-packages/gunicorn/app/wsgiapp.py", line 61, in run
     WSGIApplication("%(prog)s [OPTIONS] [APP_MODULE]").run()
   File "/usr/local/bin/gunicorn", line 11, in <module>
   File "/usr/local/lib/python3.5/site-packages/gunicorn/app/base.py", line 223, in run
     sys.exit(run())
     super(Application, self).run()
   File "/usr/local/lib/python3.5/site-packages/gunicorn/app/base.py", line 72, in run
     Arbiter(self).run()
   File "/usr/local/lib/python3.5/site-packages/gunicorn/app/wsgiapp.py", line 61, in run
   File "/usr/local/lib/python3.5/site-packages/gunicorn/arbiter.py", line 199, in run
     WSGIApplication("%(prog)s [OPTIONS] [APP_MODULE]").run()
     self.start()
   File "/usr/local/lib/python3.5/site-packages/gunicorn/arbiter.py", line 157, in start
   File "/usr/local/lib/python3.5/site-packages/gunicorn/app/base.py", line 223, in run
     self.LISTENERS = sock.create_sockets(self.cfg, self.log, fds)
   File "/usr/local/lib/python3.5/site-packages/gunicorn/sock.py", line 162, in create_sockets
     super(Application, self).run()
     raise ValueError('keyfile "%s" does not exist' % conf.keyfile)
   File "/usr/local/lib/python3.5/site-packages/gunicorn/app/base.py", line 72, in run
     Arbiter(self).run()
 ValueError: keyfile "/usr/local/airflow/intermediate/private/my_server.key.pem" does not exist
   File "/usr/local/lib/python3.5/site-packages/gunicorn/arbiter.py", line 199, in run
     self.start()
   File "/usr/local/lib/python3.5/site-packages/gunicorn/arbiter.py", line 157, in start
     self.LISTENERS = sock.create_sockets(self.cfg, self.log, fds)
   File "/usr/local/lib/python3.5/site-packages/gunicorn/sock.py", line 162, in create_sockets
     raise ValueError('keyfile "%s" does not exist' % conf.keyfile)
 ValueError: keyfile "/usr/local/airflow/intermediate/private/my_server.key.pem" does not exist

所以我的问题是,如何让Airflow以适当的方式识别SSL密钥和证书?主题上的documentation气流非常简洁。

我希望我已经提供了足够的上下文-如果有帮助,乐意提供更多。再次感谢。

0 个答案:

没有答案
相关问题
最新问题