我目前正在Airflow 1.10上使用Celery Executitor。我的经纪人是AWS Elasticache Redis(v.5.0.6(。我如何在传输中启用加密?
根据Airflow源代码,需要ssl_keyfile、ssl_certfile和ssl_ca_certs。
elif 'redis://' in broker_url:
broker_use_ssl = {'ssl_keyfile': conf.get('celery', 'SSL_KEY'),
'ssl_certfile': conf.get('celery', 'SSL_CERT'),
'ssl_ca_certs': conf.get('celery', 'SSL_CACERT'),
'ssl_cert_reqs': ssl.CERT_REQUIRED}
https://github.com/apache/airflow/blob/1.10.10/airflow/config_templates/default_celery.py#L68-L72
但是Elasticache Redis不提供TLS证书。官方文档只解释了redis-cli的一个解决方案,该解决方案使用stunnel的TLS隧道。
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html#connect-tls
Airflow Celery Executitor是否支持在Elasticache Redis上传输加密?如果是这样,我们该如何实施呢?
以下气流配置适用于elasticache和redisssl注意rediss上的额外s
broker_url = rediss://:password@host:port/db?ssl_cert_reqs=required
broker_use_ssl = { "ssl_cert_reqs": ssl.CERT_REQUIRED }
ssl_active = False
ssl_key =
ssl_cert =
ssl_cacert =