Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document usage of Redis + SSL #57

Open
davidjrice opened this issue Nov 28, 2023 · 3 comments
Open

Document usage of Redis + SSL #57

davidjrice opened this issue Nov 28, 2023 · 3 comments

Comments

@davidjrice
Copy link

davidjrice commented Nov 28, 2023
edited

Ran into some issues getting setup with SSL using celery-singleton

As I couldn't find a working way to pass args necessary to the redis instance used I ended up creating a RedisSSLBackend class and configuring celery with the following:

app=Celery(
    __name__,
    broker=config.REDIS_URI,
    singleton_backend_class=RedisSSLBackend
    broker_use_ssl={
        "ssl_cert_reqs": SSL_VERIFY_MODE,
    },
)
import ssl
from typing import Any
from urllib.parse import urlparse

import redis
from celery_singleton.backends.redis import RedisBackend

from app import config

SSL_VERIFY_MODE: ssl.VerifyMode = ssl.CERT_NONE

class RedisSSLBackend(RedisBackend):
    def __init__(self, *_args: Any, **_kwargs: Any) -> None:
        redis_uri = urlparse(config.REDIS_URI)
        self.redis = redis.Redis(
            host=redis_uri.hostname,
            port=redis_uri.port,
            ssl=True,
            ssl_cert_reqs=SSL_VERIFY_MODE,
        )
@aemdy
Copy link

aemdy commented Dec 4, 2023

You can use CELERY_SINGLETON prefix to provide config options for the backend.

In your case it would be:

import ssl

CELERY_SINGLETON_BACKEND_KWARGS = {"ssl_cert_reqs": ssl.SSL_VERIFY_MODE}

@apoclyps
Copy link

@aemdy Is it possible to make use of the existing broker_use_ssl or is the preferred way to do this via singleton_backend_kwargs ?

Approach 1
Configuring singleton_backend_kwargs to passthrough the kwargs

import ssl
from typing import Final

from app import config
from lib.celery import Celery, celery_queue_name
from lib.celery.singleton import Singleton

def configure_celery(app: Celery) -> Celery:
    app.conf.singleton_backend_kwargs = {
        "ssl_cert_reqs": ssl.CERT_REQUIRED,
        "ssl_certfile": "/ca-certs/redis.crt",
        "ssl_keyfile": "/ca-certs/redis.key",
        "ssl_ca_certs": "/ca-certs/ca.crt",
    }

    return app


celery = configure_celery(
    app=Celery(
        __name__,
        broker="redis://localhost:6379",
        task_create_missing_queues=True,
        task_acks_late=True,
        task_time_limit=60,
    )
)

Aproach 2
Using broker_use_ssl to passthrough the kwargs

celery = Celery(
    __name__,
    broker="redis://localhost:6379",
    task_create_missing_queues=True,
    task_acks_late=True,
    task_time_limit=60,
    broker_use_ssl={
        "ssl_cert_reqs": ssl.CERT_REQUIRED,
        "ssl_certfile": "/ca-certs/redis.crt",
        "ssl_keyfile": "/ca-certs/redis.key",
        "ssl_ca_certs": "/ca-certs/ca.crt",
    }
)

@stuaxo
Copy link

stuaxo commented Jun 5, 2024
edited

Q: As an alternative, does using the "rediss:" URL (with the extra s) work ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@davidjrice @stuaxo @aemdy @apoclyps