security_monkey icon indicating copy to clipboard operation
security_monkey copied to clipboard

Published 20 hours ago verified publisher icon Netflix

SSL Redis isn't usable

Open jasonmcintosh opened this issue 6 years ago • 2 comments

IF you setup Redis with SSL, celery (e.g. scheduler/workers) won't be able to connect to it and get failures in the logs. E.g.

[2019-02-19 18:47:50,400: ERROR/MainProcess] consumer: Cannot connect to redis://***:6379/0: Error while reading from socket: ('Connection closed by server.',).
Trying again in 6.00 seconds...

Should be able to adjust the celeryconfig.py file to be:

broker_url = '{}://{}/{}'.format(
    os.getenv('SECURITY_MONKEY_REDIS_PROTOCOL', 'redis'),
    os.getenv('SECURITY_MONKEY_REDIS_HOST', 'redis'),
    os.getenv('SECURITY_MONKEY_REDIS_DB', '0')
)

Then for those using SSL, set SECURITY_MONKEY_REDIS_PROTOCOL to "rediss" not "redis" and then things seem to work fine.

jasonmcintosh avatar Feb 19 '19 19:02 jasonmcintosh

Can you submit a PR with these changes?

mikegrima avatar Feb 19 '19 20:02 mikegrima

Will do soon as I can get a chance. Was working on some updates to the docker sections - e.g. originally was trying to get running in k8s, though leaning back towards ECS so was creating demo terraform for that.

jasonmcintosh avatar Feb 19 '19 21:02 jasonmcintosh