Kin*_*ngz 6 encryption cryptography docker airflow
我将 dockerized 气流服务FERNET_KEY作为使用.env文件导出的环境变量(其中还包括除 之外的其他环境变量FERNET_KEY)。
当我构建和运行 docker 容器时,气流服务按预期运行,然后我转到连接并在气流 UI 中设置我的 AWS 连接,如此处提到的https://airflow.apache.org/howto/connection/aws。 HTML。到现在为止还挺好。现在,我故意停止 docker 容器,然后再次启动容器并转到气流 UI--> 连接以查看我的 AWS 连接设置是否仍然存在(这是我在停止容器之前配置的)。
但是,这就是发生的事情。当我去查看aws_default气流 UI 中的设置时,我看到如下错误
Ooops.
____/ ( ( ) ) \___
/( ( ( ) _ )) ) )\
(( ( )( ) ) ( ) )
((/ ( _( ) ( _) ) ( () ) )
( ( ( (_) (( ( ) .((_ ) . )_
( ( ) ( ( ) ) ) . ) ( )
( ( ( ( ) ( _ ( _) ). ) . ) ) ( )
( ( ( ) ( ) ( )) ) _)( ) ) )
( ( ( \ ) ( (_ ( ) ( ) ) ) ) )) ( )
( ( ( ( (_ ( ) ( _ ) ) ( ) ) )
( ( ( ( ( ) (_ ) ) ) _) ) _( ( )
(( ( )( ( _ ) _) _(_ ( (_ )
(_((__(_(__(( ( ( | ) ) ) )_))__))_)___)
((__) \\||lll|l||/// \_))
( /(/ ( ) ) )\ )
( ( ( ( | | ) ) )\ )
( /(| / ( )) ) ) )) )
( ( ((((_(|)_))))) )
( ||\(|(|)|/|| )
( |(||(||)|||| )
( //|/l|||)|\\ \ )
(/ / // /|//||||\\ \ \ \ _)
-------------------------------------------------------------------------------
Node: 64e7a509837f
-------------------------------------------------------------------------------
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 2446, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1951, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1820, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/local/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise
raise value
File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1949, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1935, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/usr/local/lib/python3.7/site-packages/flask_admin/base.py", line 69, in inner
return self._run_view(f, *args, **kwargs)
File "/usr/local/lib/python3.7/site-packages/flask_admin/base.py", line 368, in _run_view
return fn(self, *args, **kwargs)
File "/usr/local/lib/python3.7/site-packages/flask_admin/model/base.py", line 2125, in edit_view
form = self.edit_form(obj=model)
File "/usr/local/lib/python3.7/site-packages/flask_admin/model/base.py", line 1340, in edit_form
return self._edit_form_class(get_form_data(), obj=obj)
File "/usr/local/lib/python3.7/site-packages/wtforms/form.py", line 212, in __call__
return type.__call__(cls, *args, **kwargs)
File "/usr/local/lib/python3.7/site-packages/flask_admin/form/__init__.py", line 16, in __init__
super(BaseForm, self).__init__(formdata=formdata, obj=obj, prefix=prefix, **kwargs)
File "/usr/local/lib/python3.7/site-packages/wtforms/form.py", line 278, in __init__
self.process(formdata, obj, data=data, **kwargs)
File "/usr/local/lib/python3.7/site-packages/wtforms/form.py", line 127, in process
if obj is not None and hasattr(obj, name):
File "/usr/local/lib/python3.7/site-packages/sqlalchemy/orm/attributes.py", line 353, in __get__
retval = self.descriptor.__get__(instance, owner)
File "/usr/local/lib/python3.7/site-packages/airflow/models/connection.py", line 155, in get_password
return fernet.decrypt(bytes(self._password, 'utf-8')).decode()
File "/usr/local/lib/python3.7/site-packages/cryptography/fernet.py", line 171, in decrypt
raise InvalidToken
cryptography.fernet.InvalidToken
我可能遗漏了一些关于 Fernet 键的概念。每次我的 docker 容器启动时,我都必须生成新的 fernet 密钥吗?如果是这样,我应该如何在 docker 构建时即时生成?在FERNET_KEY我注入到.env文件实际上是在我的本地计算机生成并复制到.env其泊坞窗是使用文件(FERNET_KEY = 4EPOSLXXXXXXXXXXXIERu =)
您不需要即时生成新密钥。您可能错过了一些东西,您是否尝试连接到您的 docker 机器并从终端打印 FERNET_KEY 以检查它是否尚未真正加载?
$ docker exec -it <CONTAINER ID> bash
(now, inside the container) # echo ${FERNET_KEY}
如果它与您的 env 文件不同,则说明有问题。您使用的是 docker-compose 环境吗?如果是这样,您还需要对 docker-compose.yml 添加以下内容:
environment:
- FERNET_KEY=${FERNET_KEY}
| 归档时间: |
|
| 查看次数: |
3032 次 |
| 最近记录: |