-
-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sentinel with TLS not working #6455
Comments
@AbdealiJK can you try to fix it following the traceback /site-packages/redis/connection.py", line 828, in init super(SSLConnection, self).init(**kwargs) TypeError: init() got an unexpected keyword argument 'connection_pool' |
Thanks for following up @auvipy I have a fix which I am using I have also submitted a patch in redis-py with it (because the other 2 depend on the redis-py patch) |
can you please send PR on celery & kombu as well? |
Here is the small reproducible examples for things not working with Sentinel+TLS: For the Celery Result Backend: import celery.utils.collections
import celery.backends.redis
redis_ssl = {
'ssl_keyfile': '/home/centos/redis/tls-gen/basic/result/client_key.pem',
'ssl_certfile': '/home/centos/redis/tls-gen/basic/result/client_certificate.pem',
'ssl_ca_certs': '/home/centos/redis/tls-gen/basic/result/ca_certificate.pem',
'ssl_cert_reqs': 'required',
}
sentinel_url = 'sentinel://127.0.0.1:26379'
class App:
conf = celery.utils.collections.AttributeDict({
"result_backend_transport_options": {'master_name': 'mymaster'},
"redis_backend_use_ssl": redis_ssl,
"result_serializer": 'pickle',
"result_cache_max": -1,
"result_expires": 60 * 60 * 24,
"result_accept_content": None,
"accept_content": ['pickle'],
})
app = App()
backend = celery.backends.redis.SentinelBackend(app=app, url=sentinel_url)
backend.client.ping() For the Kombu Broker: import kombu.connection
redis_ssl = {
'ssl_keyfile': '/home/centos/redis/tls-gen/basic/result/client_key.pem',
'ssl_certfile': '/home/centos/redis/tls-gen/basic/result/client_certificate.pem',
'ssl_ca_certs': '/home/centos/redis/tls-gen/basic/result/ca_certificate.pem',
'ssl_cert_reqs': 'required',
}
sentinel_url = 'sentinel://127.0.0.1:26379'
conn = kombu.connection.Connection(
sentinel_url,
transport_options={'master_name': 'mymaster'},
ssl=redis_ssl
)
conn.default_channel.client.ping() |
I think we can close this right? -- no this needs to be in 5.1 |
I tried today this code on kombu 5.3.1, does not work: On redis server the are multiple errors: Which I believe means the client is not using TLS at all. Should this your code work now or I need something different? |
Checklist
master
branch of Celery.contribution guide
on reporting bugs.
for similar or identical bug reports.
for existing proposed fixes.
to find out if the bug was already fixed in the master branch.
in this issue (If there are none, check this box anyway).
Mandatory Debugging Information
celery -A proj report
in the issue.(if you are not able to do this, then at least specify the Celery
version affected).
master
branch of Celery.pip freeze
in the issue.to reproduce this bug.
Optional Debugging Information
and/or implementation.
result backend.
broker and/or result backend.
ETA/Countdown & rate limits disabled.
and/or upgrading Celery and its dependencies.
Related Issues and Possible Duplicates
Related Issues
Possible Duplicates
Environment & Settings
Steps to Reproduce
Required Dependencies
Other Dependencies
Needs SSL certificates for Redis TLS setup - I used https://github.com/michaelklishin/tls-gen to create them
Minimally Reproducible Test Case
I have the following configs:
With redis.conf:
With redis-sentinel.conf:
Expected Behavior
I was expecting Celery to be able to connect to Sentinel, fetch the host and port of the Master.
And then use TLS to connect to the Redis Master.
Actual Behavior
It gives an error
TypeError: __init__() got an unexpected keyword argument 'connection_pool'
Traceback:
The text was updated successfully, but these errors were encountered: