无法建立从 Celery 到 Redis 的安全连接
Cannot make a secured connection from Celery to Redis
我正在学习 this 教程,并将与 Celery 背景相关的代码调整到我的项目中。
就我而言,我在 Docker 环境中操作,并且我有一个安全站点(即 https://localhost)。
我调整了安全连接的代码如下:
key_file = '/etc/nginx/ssl/localhost.key'
cert_file = '/etc/nginx/ssl/localhost.crt'
ca_file = '/etc/nginx/ssl/localhost.ca.crt'
app.config['CELERY_BROKER_URL'] = 'rediss://redis:6380/0'
app.config['CELERY_RESULT_BACKEND'] = 'rediss://redis:6380/0'
def make_celery(app):
"""Setup celery."""
celery = Celery(app.import_name,
backend=app.config['CELERY_RESULT_BACKEND'],
broker=app.config['CELERY_BROKER_URL'],
broker_use_ssl = {
'ssl_keyfile': key_file,
'ssl_certfile': cert_file,
'ssl_ca_certs': ca_file,
'ssl_cert_reqs': ssl.CERT_REQUIRED
},
redis_backend_use_ssl = {
'ssl_keyfile': key_file,
'ssl_certfile': cert_file,
'ssl_ca_certs': ca_file,
'ssl_cert_reqs': ssl.CERT_REQUIRED
})
我的 docker-compose 文件如下所示:
version: '3'
services:
web:
restart: always
build:
context: ./web
dockerfile: Dockerfile
expose:
- "8000"
volumes:
- /home/avner/avner/constructionOverlay/code/meshlabjs/branches/meshlabjs_avnerV1/webServer/web:/home/flask/app/web
- data2:/home/flask/app/web/project/avner/img
command: /usr/local/bin/gunicorn -w 2 -t 3600 -b :8000 project:app
depends_on:
- postgres
stdin_open: true
tty: true
nginx:
restart: always
build:
context: ./nginx
dockerfile: Dockerfile
ports:
- "80:80"
- "443:443"
volumes:
- /home/avner/avner/constructionOverlay/code/meshlabjs/branches/meshlabjs_avnerV1/webServer/web:/home/flask/app/web
- data2:/home/flask/app/web/project/avner/img
depends_on:
- web
postgres:
restart: always
build:
context: ./postgresql
dockerfile: Dockerfile
volumes:
- data1:/var/lib/postgresql/data
expose:
- "5432"
redis:
container_name: redis
hostname: redis
image: "redis:alpine"
command: --port 6380
restart: always
expose:
- '6380'
ports:
- "6380:6380"
volumes:
- /home/avner/avner/constructionOverlay/code/meshlabjs/branches/meshlabjs_avnerV1/webServer/redis/redis.conf:/usr/local/etc/redis/redis.conf
celery:
build:
context: ./web
command: watchmedo auto-restart --directory=./ --pattern=*.py --recursive -- celery worker -A project.celery --loglevel=info
volumes:
- /home/avner/avner/constructionOverlay/code/meshlabjs/branches/meshlabjs_avnerV1/webServer/web:/home/flask/app/web
- /home/avner/avner/constructionOverlay/code/meshlabjs/branches/meshlabjs_avnerV1/webServer/nginx/ssl:/etc/nginx/ssl
- data2:/home/flask/app/web/project/avner/img
depends_on:
- redis
volumes:
data1:
data2:
文件:key_file、cert_file和ca_file是使用自CA通过以下步骤生成的,类似于步骤here:
- 创建一个自 CA
- 在 Docker
之外为我的本地主机签署证书
- 将文件挂载到 Docker
进行此更改后,我没有看到连接错误。容器启动正常,日志文件相当!
但是在 运行 时间,当从我的 Web 容器调用 Celery 任务时,在我的 Web 容器中出现错误。
来自我的 javascript 我有一个 POST 电话:
let queryUrl = 'http://localhost/api/v1_2/create_zip_file3';
let fetchData = {
method: 'POST',
};
let response = await fetch(queryUrl, fetchData);
这是 Flask 网络容器中的代码:
@sites_api_blueprint.route('/api/v1_2/create_zip_file', methods=['POST'])
def create_zip_file():
print( 'BEG create_zip_file' )
task = create_zip_file_task.delay(current_user_id=current_user.id)
return jsonify({}), 202, {'Location': url_for('create_zip_file_taskstatus', task_id=task.id)}
@celery.task(bind=True)
def create_zip_file_task(self, current_user_id):
print( 'BEG create_zip_file_task' )
# do some stuff
# ...
# taskstatus -> create_zip_file_taskstatus
@app.route('/status/<task_id>')
def create_zip_file_taskstatus(task_id):
# return the progress status
# ...
网络容器中的错误:
docker logs -f webserver_web_1
...
BEG create_zip_file
172.20.0.5 - - [14/Feb/2020 05:48:32] "POST /api/v1_2/create_zip_file HTTP/1.0" 500 -
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/redis/connection.py", line 492, in connect
sock = self._connect()
File "/usr/local/lib/python3.7/site-packages/redis/connection.py", line 742, in _connect
keyfile=self.keyfile)
FileNotFoundError: [Errno 2] No such file or directory
我做错了什么?
谢谢
艾夫纳
安全连接的问题是因为 ssl 密钥对 Web 容器不可用。
我通过更改 docker-compose.yml
来修复它
cat docker-compose.yml
...
services:
web:
volumes:
- /home/webServer/nginx/ssl:/etc/nginx/ssl
...
更改后,日志文件中没有错误。
但是连接好像还是有问题,触发任务的时候,celery容器上没有activity
这是一个不同的问题,我在 .
中单独跟踪它
我正在学习 this 教程,并将与 Celery 背景相关的代码调整到我的项目中。
就我而言,我在 Docker 环境中操作,并且我有一个安全站点(即 https://localhost)。
我调整了安全连接的代码如下:
key_file = '/etc/nginx/ssl/localhost.key'
cert_file = '/etc/nginx/ssl/localhost.crt'
ca_file = '/etc/nginx/ssl/localhost.ca.crt'
app.config['CELERY_BROKER_URL'] = 'rediss://redis:6380/0'
app.config['CELERY_RESULT_BACKEND'] = 'rediss://redis:6380/0'
def make_celery(app):
"""Setup celery."""
celery = Celery(app.import_name,
backend=app.config['CELERY_RESULT_BACKEND'],
broker=app.config['CELERY_BROKER_URL'],
broker_use_ssl = {
'ssl_keyfile': key_file,
'ssl_certfile': cert_file,
'ssl_ca_certs': ca_file,
'ssl_cert_reqs': ssl.CERT_REQUIRED
},
redis_backend_use_ssl = {
'ssl_keyfile': key_file,
'ssl_certfile': cert_file,
'ssl_ca_certs': ca_file,
'ssl_cert_reqs': ssl.CERT_REQUIRED
})
我的 docker-compose 文件如下所示:
version: '3'
services:
web:
restart: always
build:
context: ./web
dockerfile: Dockerfile
expose:
- "8000"
volumes:
- /home/avner/avner/constructionOverlay/code/meshlabjs/branches/meshlabjs_avnerV1/webServer/web:/home/flask/app/web
- data2:/home/flask/app/web/project/avner/img
command: /usr/local/bin/gunicorn -w 2 -t 3600 -b :8000 project:app
depends_on:
- postgres
stdin_open: true
tty: true
nginx:
restart: always
build:
context: ./nginx
dockerfile: Dockerfile
ports:
- "80:80"
- "443:443"
volumes:
- /home/avner/avner/constructionOverlay/code/meshlabjs/branches/meshlabjs_avnerV1/webServer/web:/home/flask/app/web
- data2:/home/flask/app/web/project/avner/img
depends_on:
- web
postgres:
restart: always
build:
context: ./postgresql
dockerfile: Dockerfile
volumes:
- data1:/var/lib/postgresql/data
expose:
- "5432"
redis:
container_name: redis
hostname: redis
image: "redis:alpine"
command: --port 6380
restart: always
expose:
- '6380'
ports:
- "6380:6380"
volumes:
- /home/avner/avner/constructionOverlay/code/meshlabjs/branches/meshlabjs_avnerV1/webServer/redis/redis.conf:/usr/local/etc/redis/redis.conf
celery:
build:
context: ./web
command: watchmedo auto-restart --directory=./ --pattern=*.py --recursive -- celery worker -A project.celery --loglevel=info
volumes:
- /home/avner/avner/constructionOverlay/code/meshlabjs/branches/meshlabjs_avnerV1/webServer/web:/home/flask/app/web
- /home/avner/avner/constructionOverlay/code/meshlabjs/branches/meshlabjs_avnerV1/webServer/nginx/ssl:/etc/nginx/ssl
- data2:/home/flask/app/web/project/avner/img
depends_on:
- redis
volumes:
data1:
data2:
文件:key_file、cert_file和ca_file是使用自CA通过以下步骤生成的,类似于步骤here:
- 创建一个自 CA
- 在 Docker 之外为我的本地主机签署证书
- 将文件挂载到 Docker
进行此更改后,我没有看到连接错误。容器启动正常,日志文件相当!
但是在 运行 时间,当从我的 Web 容器调用 Celery 任务时,在我的 Web 容器中出现错误。
来自我的 javascript 我有一个 POST 电话:
let queryUrl = 'http://localhost/api/v1_2/create_zip_file3';
let fetchData = {
method: 'POST',
};
let response = await fetch(queryUrl, fetchData);
这是 Flask 网络容器中的代码:
@sites_api_blueprint.route('/api/v1_2/create_zip_file', methods=['POST'])
def create_zip_file():
print( 'BEG create_zip_file' )
task = create_zip_file_task.delay(current_user_id=current_user.id)
return jsonify({}), 202, {'Location': url_for('create_zip_file_taskstatus', task_id=task.id)}
@celery.task(bind=True)
def create_zip_file_task(self, current_user_id):
print( 'BEG create_zip_file_task' )
# do some stuff
# ...
# taskstatus -> create_zip_file_taskstatus
@app.route('/status/<task_id>')
def create_zip_file_taskstatus(task_id):
# return the progress status
# ...
网络容器中的错误:
docker logs -f webserver_web_1
...
BEG create_zip_file
172.20.0.5 - - [14/Feb/2020 05:48:32] "POST /api/v1_2/create_zip_file HTTP/1.0" 500 -
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/redis/connection.py", line 492, in connect
sock = self._connect()
File "/usr/local/lib/python3.7/site-packages/redis/connection.py", line 742, in _connect
keyfile=self.keyfile)
FileNotFoundError: [Errno 2] No such file or directory
我做错了什么?
谢谢 艾夫纳
安全连接的问题是因为 ssl 密钥对 Web 容器不可用。
我通过更改 docker-compose.yml
cat docker-compose.yml
...
services:
web:
volumes:
- /home/webServer/nginx/ssl:/etc/nginx/ssl
...
更改后,日志文件中没有错误。
但是连接好像还是有问题,触发任务的时候,celery容器上没有activity
这是一个不同的问题,我在