如何从 celery-django 项目安全连接到 Azure redis？

Question

如何从 celery-django 项目安全连接到 Azure redis？

我正在尝试从本地 Redis 容器转换为 Azure 中的托管服务。

我知道我有正确的服务器名称和密钥，因为

redis-cli -h <server-name>.redis.cache.windows.net -p 6379 -a <azure_key>

Run Code Online (Sandbox Code Playgroud)

连接。

我之前在 celery_manager.py 中的本地连接是

app = Celery(broker=redis://redis:6379)

Run Code Online (Sandbox Code Playgroud)

我在启用非 SSL 端口的情况下成功更新了代理。

broker=redis://:<key>@<server-name>.redis.cache.windows.net:6379 per [this question]

Run Code Online (Sandbox Code Playgroud)

我尝试将经纪人更新为：

broker=redis://:<key>@<server-name>.redis.cache.windows.net:6380

Run Code Online (Sandbox Code Playgroud)

我在 Celery 日志中收到此警告：

[2020-12-03 20:54:00,491: WARNING/celery] Secure redis scheme specified (rediss) with no ssl options, defaulting to insecure SSL behaviour.

Run Code Online (Sandbox Code Playgroud)

django-tasks 中的这个异常：

020-12-03 20:54:31,223 - INFO - runworker - Using single-threaded worker.
2020-12-03 20:54:31,224 - INFO - runworker - Running worker against channel layer default (asgi_redis.core.RedisChannelLayer)
2020-12-03 20:54:31,225 - INFO - worker - Listening on channels http.request, websocket.connect, websocket.disconnect, websocket.receive
Traceback (most recent call last):
  File "/root/miniconda3/lib/python3.6/site-packages/redis/connection.py", line 185, in _read_from_socket
raise socket.error(SERVER_CLOSED_CONNECTION_ERROR)
OSError: Connection closed by server.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/src/manage.py", line 22, in <module>
    execute_from_command_line(sys.argv)
  File "/root/miniconda3/lib/python3.6/site-packages/django/core/management/__init__.py", line 381, in execute_from_command_line
utility.execute()
  File "/root/miniconda3/lib/python3.6/site-packages/django/core/management/__init__.py", line 375, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/root/miniconda3/lib/python3.6/site-packages/django/core/management/base.py", line 323, in run_from_argv
self.execute(*args, **cmd_options)
  File "/root/miniconda3/lib/python3.6/site-packages/django/core/management/base.py", line 364, in execute
output = self.handle(*args, **options)
  File "/root/miniconda3/lib/python3.6/site-packages/channels/management/commands/runworker.py", line 82, in handle
worker.run()
  File "/root/miniconda3/lib/python3.6/site-packages/channels/worker.py", line 87, in run
channel, content = self.channel_layer.receive_many(channels, block=True)
  File "/root/miniconda3/lib/python3.6/site-packages/asgi_redis/core.py", line 128, in receive_many
result = connection.blpop(list_names, timeout=self.blpop_timeout)
  File "/root/miniconda3/lib/python3.6/site-packages/redis/client.py", line 1550, in blpop
return self.execute_command('BLPOP', *keys)
  File "/root/miniconda3/lib/python3.6/site-packages/redis/client.py", line 772, in execute_command
connection = pool.get_connection(command_name, **options)
  File "/root/miniconda3/lib/python3.6/site-packages/redis/connection.py", line 994, in get_connection
connection.connect()
  File "/root/miniconda3/lib/python3.6/site-packages/redis/connection.py", line 502, in connect
self.on_connect()
  File "/root/miniconda3/lib/python3.6/site-packages/redis/connection.py", line 570, in on_connect
if nativestr(self.read_response()) != 'OK':
  File "/root/miniconda3/lib/python3.6/site-packages/redis/connection.py", line 637, in read_response
response = self._parser.read_response()
  File "/root/miniconda3/lib/python3.6/site-packages/redis/connection.py", line 290, in read_response
response = self._buffer.readline()
  File "/root/miniconda3/lib/python3.6/site-packages/redis/connection.py", line 224, in readline
self._read_from_socket()
  File "/root/miniconda3/lib/python3.6/site-packages/redis/connection.py", line 199, in _read_from_socket
(e.args,))
redis.exceptions.ConnectionError: Error while reading from socket: ('Connection closed by server.',)

Run Code Online (Sandbox Code Playgroud)

我看到这个问题并添加了broker_use_ssl，但我不确定如何实际使用该配置。

这并没有改变任何东西：

app = Celery(broker=redis_url, broker_use_ssl={'cert_reqs':'ssl.CERT_REQUIRED'})

Run Code Online (Sandbox Code Playgroud)

我更正了上面的端口并尝试了 @Stanley Kong 建议，包括删除 ssl.CERT_REQUIRED 中的引号。但结果没有变化。

import ssl 

app = Celery(broker=redis_url, broker_use_ssl={'cert_reqs':ssl.CERT_REQUIRED})

Run Code Online (Sandbox Code Playgroud)

Answer 1

Rah*_*put 7

我的工作解决方案。就我而言，redis 主机已打开Azure cache for Redis。

# settings.py
import ssl
_broker_url = f'rediss://:{REDIS_PASS}@{REDIS_HOST_PORT_URL}'
BROKER_URL = _broker_url
CELERY_RESULT_BACKEND = _broker_url
BROKER_USE_SSL={'ssl_cert_reqs': ssl.CERT_REQUIRED}
CELERY_REDIS_BACKEND_USE_SSL={'ssl_cert_reqs': ssl.CERT_REQUIRED}

Run Code Online (Sandbox Code Playgroud)

请注意，rediss 中的额外内容s是用于 ssl 连接的。

对于 celery.py 文件，一切都将保持原样，除了

# celery.py 
app = Celery('appname')

Run Code Online (Sandbox Code Playgroud)

我们还可以根据您的具体需求进行配置。

改变

BROKER_USE_SSL到broker_use_ssl和

CELERY_REDIS_BACKEND_USE_SSL到redis_backend_use_ssl。

然后你可以这样做

app = Celery('appname', broker_url=url, broker_use_ssl={'ssl_cert_reqs': ssl.CERT_REQUIRED})
#if needed please add configuration for result_backend same as this.

Run Code Online (Sandbox Code Playgroud)

归档时间：	5 年，5 月前
查看次数：	2079 次
最近记录：	5 年，1 月前