嗨,我计划将Airflow版本从1.11升级到11.1,该版本部署在OpenShift中。由于有大量的DAG,所以我计划在新娘发布中升级,而不是去Airflow 2.2
我得到的错误很可能是由于fernet密钥:
ERROR: The `secret_key` setting under the webserver config has an insecure value - Airflow has
failed safe and refuses to start. Please change this value to a new, per-environment,
randomly generated string, for example using this command `openssl rand -hex 30`
早些时候,我使用静态Fernet密钥,YAML文件如下:
apiVersion:v1
kind:Secret
metadata:
name : airflow-secret
namespace : CUSTOM_NAMESPACE
labels:
app:airflow
type: Opaque
stringData:
fernet-key: my_fernet_key
我的Python版本:3.8我的气流Web服务器配置:
apiVersion: v1
kind: DeploymentConfig
metadata:
name: airflow-webserver
namespace: CUSTOM_NAMESPACE
labels:
app: airflow
spec:
strategy:
type: Rolling
trigger:
- type : ConfigChange
- type : ImageChange
ImageChangeParams:
automatic: true
containerNames:
- airflow-webserver
from:
kind: ImageStreamTag
namespace: CUSTOM_NAMESPACE
replicas: 1
revisionHistoryLimit : 10
paused: false
selector :
app : airflow
deploymentconfig : airflow-webserver
template:
metadata:
labels:
name: airflow-webserver
app: airflow
deploymentconfig : airflow-webserver
spec:
volumes:
- name: airflow-dags
persistentVolumeClaims:
claimName: airflow-dags
containers:
- name: airflow-webserver
image: airflow:latest
resources:
limits:
memory: 4Gi
env:
- name : FERNET_KEY
valueFrom:
secretKeyRef:
name: airflow-secrets
key : fernet-key
- name : SERVICE_ACCOUNT_NAME
valueFrom:
secretKeyRef:
name: airflow-service-account
key : service-account-name
ports:
- containerPort: 8080
protocol: TCP
volumeMounts:
- name: airflow-dags
mountPath: /opt/airflow/dags
- name: airflow-logs
mountPath: /opt/airflow/logs
我的理解是,我们需要以某种方式在fernet密钥中提供动态值,但对于我的情况,它是静态的,任何可能的方法来解决错误。
谢谢!
主要问题是气流.cfg中存储了默认值,即
secret_key = temporary_value
我们可以通过看到错误消息生成secret_key:
openssl rand -hex 30
假设该值是->94b9d6124f2e9a5783d94dc7aa3641ebb8929dbbf2f3989402f9e400ac
我们需要将值输入airflow.cfg 中的secret_key
secret_key = 94b9d6124ff2e9a5783d94dc7aa3641ebb8929bdbbf2f3989402f9e400ac