在我们的项目中,我们正在使用Flower以Redis作为代理监视Celery的任务。
当我们使用SSL将REDIS配置为代理时,在代理选项卡中,我们可以看到下一条消息:
“不支持'redis'经纪人”
我们尝试通过下一个网址(并成功)从Celery连接到Redis:
“ rediss:// {REDIS_HOST}:{REDIS_PORT} / {REDIS_DB_NAME}?{SSL_OPTIONS}”
如Celery文档中所示。
此外,我们尝试了--broker和--broker_api参数,结果相同。
工作程序和任务运行正常(在工作程序内,代理正常显示),但“代理”选项卡为空。
如果我们查看Celery代码,则可以发现Celery如何管理URL解析以设置Redis作为代理的ssl选项和配置:
if scheme == 'redis':
# If connparams or query string contain ssl params, raise error
if (any(key in connparams for key in ssl_param_keys) or
any(key in query for key in ssl_param_keys)):
raise ValueError(E_REDIS_SSL_PARAMS_AND_SCHEME_MISMATCH)
if scheme == 'rediss':
connparams['connection_class'] = redis.SSLConnection
# The following parameters, if present in the URL, are encoded. We
# must add the decoded values to connparams.
for ssl_setting in ssl_param_keys:
ssl_val = query.pop(ssl_setting, None)
if ssl_val:
connparams[ssl_setting] = unquote(ssl_val)
如果我们查看Flower代码,就会发现Flower如何管理网址解析以设置代理:
class Broker(object):
def __new__(cls, broker_url, *args, **kwargs):
scheme = urlparse(broker_url).scheme
if scheme == 'amqp':
return RabbitMQ(broker_url, *args, **kwargs)
elif scheme == 'redis':
return Redis(broker_url, *args, **kwargs)
elif scheme == 'redis+socket':
return RedisSocket(broker_url, *args, **kwargs)
else:
raise NotImplementedError
我们可以看到,Flower似乎不支持带SSL的Redis(仅支持redis,不支持rediss)。
这是真的吗?是否可以通过芹菜和Flower中的Rediss与Redis进行连接,或者在没有Rediss的情况下使用SSL与Redis进行连接?
谢谢!
答案 0 :(得分:0)
它与以下URL选项配合使用。
证书的百分比编码路径或普通路径均有效。
rediss和redis方案都可以使用。
使用Celery == 4.4.7,flower == 0.9.5
export SSL_CACERT_PATH="%2Fvar%2Fssl%2Fmyca.pem"
export SSL_CLIENT_CERT_PATH="%2Fvar%2Fssl%2Fclient-cert.pem"
export SSL_CLIENT_KEY_PATH="%2Fvar%2Fssl%2Fprivate%2Fworker-key.pem"
OR
export SSL_CACERT_PATH=/var/ssl/myca.pem
export SSL_CLIENT_CERT_PATH=/var/ssl/client-cert.pem
export SSL_CLIENT_KEY_PATH=/var/ssl/private/worker-key.pem
#Ensure no whitespaces if breaking lines
export REDISS_BROKER_URL="rediss://:${REDIS_PASSWORD}@${REDIS_HOST}:${REDIS_PORT}?\
ssl_cert_reqs=required\
&ssl_ca_certs=${SSL_CACERT_PATH}\
&ssl_certfile=${SSL_CLIENT_CERT_PATH}\
&ssl_keyfile=${SSL_CLIENT_KEY_PATH}"
flower -b $REDISS_BROKER_URL
#Ensure no whitespaces if breaking lines
export REDIS_BROKER_URL="redis://:${REDIS_PASSWORD}@${REDIS_HOST}:${REDIS_PORT}?\
ssl_cert_reqs=required\
&ssl_ca_certs=${SSL_CACERT_PATH}\
&ssl_certfile=${SSL_CLIENT_CERT_PATH}\
&ssl_keyfile=${SSL_CLIENT_KEY_PATH}"
flower -b $REDIS_BROKER_URL
[I 201023 07:20:09 command:140] Visit me at http://localhost:5555
[I 201023 07:20:09 command:145] Broker: redis://:**@xxxx:xxxx//
[I 201023 07:20:09 command:148] Registered tasks:
['celery.accumulate',
'celery.backend_cleanup',
'celery.chain',
'celery.chord',
'celery.chord_unlock',
'celery.chunks',
'celery.group',
'celery.map',
'celery.starmap']
[I 201023 07:20:10 mixins:229] Connected to redis://:**@xxxx:xxxx//
^C^C