perf: 兼容AWS上redis[ssl]无证书无法部署的问题

pull/8247/head
jiangweidong 2022-05-13 15:50:01 +08:00 committed by Jiangjie.Bai
parent 2c4f937e0b
commit e80b6936a2
4 changed files with 12 additions and 6 deletions

View File

@ -19,7 +19,7 @@ def get_redis_client(db=0):
'password': CONFIG.REDIS_PASSWORD,
'db': db,
"ssl": is_true(CONFIG.REDIS_USE_SSL),
'ssl_cert_reqs': CONFIG.REDIS_SSL_REQUIRED,
'ssl_cert_reqs': getattr(settings, 'REDIS_SSL_REQUIRED'),
'ssl_keyfile': getattr(settings, 'REDIS_SSL_KEYFILE'),
'ssl_certfile': getattr(settings, 'REDIS_SSL_CERTFILE'),
'ssl_ca_certs': getattr(settings, 'REDIS_SSL_CA_CERTS'),

View File

@ -18,7 +18,7 @@ class RedisServer(_RedisServer):
ssl_params = {}
if CONFIG.REDIS_USE_SSL:
ssl_params = {
'ssl_cert_reqs': CONFIG.REDIS_SSL_REQUIRED,
'ssl_cert_reqs': getattr(settings, 'REDIS_SSL_REQUIRED'),
'ssl_keyfile': getattr(settings, 'REDIS_SSL_KEYFILE'),
'ssl_certfile': getattr(settings, 'REDIS_SSL_CERTFILE'),
'ssl_ca_certs': getattr(settings, 'REDIS_SSL_CA_CERTS'),

View File

@ -277,6 +277,11 @@ REDIS_SSL_CA_CERTS = os.path.join(PROJECT_DIR, 'data', 'certs', 'redis_ca.crt')
if not os.path.exists(REDIS_SSL_CA_CERTS):
REDIS_SSL_CA_CERTS = os.path.join(PROJECT_DIR, 'data', 'certs', 'redis_ca.pem')
if not os.path.exists(REDIS_SSL_CA_CERTS):
REDIS_SSL_CA_CERTS = None
REDIS_SSL_REQUIRED = CONFIG.REDIS_SSL_REQUIRED or 'none'
CACHES = {
'default': {
# 'BACKEND': 'redis_cache.RedisCache',
@ -291,7 +296,7 @@ CACHES = {
'OPTIONS': {
"REDIS_CLIENT_KWARGS": {"health_check_interval": 30},
"CONNECTION_POOL_KWARGS": {
'ssl_cert_reqs': CONFIG.REDIS_SSL_REQUIRED,
'ssl_cert_reqs': REDIS_SSL_REQUIRED,
"ssl_keyfile": REDIS_SSL_KEYFILE,
"ssl_certfile": REDIS_SSL_CERTFILE,
"ssl_ca_certs": REDIS_SSL_CA_CERTS

View File

@ -3,7 +3,7 @@
import os
import ssl
from .base import REDIS_SSL_CA_CERTS, REDIS_SSL_CERTFILE, REDIS_SSL_KEYFILE
from .base import REDIS_SSL_CA_CERTS, REDIS_SSL_CERTFILE, REDIS_SSL_KEYFILE, REDIS_SSL_REQUIRED
from ..const import CONFIG, PROJECT_DIR
REST_FRAMEWORK = {
@ -90,7 +90,8 @@ if not CONFIG.REDIS_USE_SSL:
else:
context = ssl.SSLContext()
context.check_hostname = bool(CONFIG.REDIS_SSL_REQUIRED)
context.load_verify_locations(REDIS_SSL_CA_CERTS)
if REDIS_SSL_CA_CERTS:
context.load_verify_locations(REDIS_SSL_CA_CERTS)
if REDIS_SSL_CERTFILE and REDIS_SSL_KEYFILE:
context.load_cert_chain(REDIS_SSL_CERTFILE, REDIS_SSL_KEYFILE)
@ -140,7 +141,7 @@ CELERY_WORKER_REDIRECT_STDOUTS_LEVEL = "INFO"
CELERY_TASK_SOFT_TIME_LIMIT = 3600
if CONFIG.REDIS_USE_SSL:
CELERY_BROKER_USE_SSL = CELERY_REDIS_BACKEND_USE_SSL = {
'ssl_cert_reqs': CONFIG.REDIS_SSL_REQUIRED,
'ssl_cert_reqs': REDIS_SSL_REQUIRED,
'ssl_ca_certs': REDIS_SSL_CA_CERTS,
'ssl_certfile': REDIS_SSL_CERTFILE,
'ssl_keyfile': REDIS_SSL_KEYFILE