perf: 兼容AWS上redis[ssl]无证书无法部署的问题

2022-05-13 15:50:01 +08:00 · 2022-05-13 15:50:01 +08:00 · e80b6936a2
parent 2c4f937e0b
commit e80b6936a2
4 changed files with 12 additions and 6 deletions
--- a/apps/common/utils/connection.py
+++ b/apps/common/utils/connection.py
@ -19,7 +19,7 @@ def get_redis_client(db=0):
        'password': CONFIG.REDIS_PASSWORD,
        'db': db,
        "ssl": is_true(CONFIG.REDIS_USE_SSL),
-        'ssl_cert_reqs': CONFIG.REDIS_SSL_REQUIRED,
+        'ssl_cert_reqs': getattr(settings, 'REDIS_SSL_REQUIRED'),
        'ssl_keyfile': getattr(settings, 'REDIS_SSL_KEYFILE'),
        'ssl_certfile': getattr(settings, 'REDIS_SSL_CERTFILE'),
        'ssl_ca_certs': getattr(settings, 'REDIS_SSL_CA_CERTS'),
--- a/apps/jumpserver/rewriting/session.py
+++ b/apps/jumpserver/rewriting/session.py
@ -18,7 +18,7 @@ class RedisServer(_RedisServer):
        ssl_params = {}
        if CONFIG.REDIS_USE_SSL:
            ssl_params = {
-                'ssl_cert_reqs': CONFIG.REDIS_SSL_REQUIRED,
+                'ssl_cert_reqs': getattr(settings, 'REDIS_SSL_REQUIRED'),
                'ssl_keyfile': getattr(settings, 'REDIS_SSL_KEYFILE'),
                'ssl_certfile': getattr(settings, 'REDIS_SSL_CERTFILE'),
                'ssl_ca_certs': getattr(settings, 'REDIS_SSL_CA_CERTS'),
--- a/apps/jumpserver/settings/base.py
+++ b/apps/jumpserver/settings/base.py
@ -277,6 +277,11 @@ REDIS_SSL_CA_CERTS = os.path.join(PROJECT_DIR, 'data', 'certs', 'redis_ca.crt')
 if not os.path.exists(REDIS_SSL_CA_CERTS):
    REDIS_SSL_CA_CERTS = os.path.join(PROJECT_DIR, 'data', 'certs', 'redis_ca.pem')

+if not os.path.exists(REDIS_SSL_CA_CERTS):
+    REDIS_SSL_CA_CERTS = None
+
+REDIS_SSL_REQUIRED = CONFIG.REDIS_SSL_REQUIRED or 'none'
+
 CACHES = {
    'default': {
        # 'BACKEND': 'redis_cache.RedisCache',
@ -291,7 +296,7 @@ CACHES = {
        'OPTIONS': {
            "REDIS_CLIENT_KWARGS": {"health_check_interval": 30},
            "CONNECTION_POOL_KWARGS": {
-                'ssl_cert_reqs': CONFIG.REDIS_SSL_REQUIRED,
+                'ssl_cert_reqs': REDIS_SSL_REQUIRED,
                "ssl_keyfile": REDIS_SSL_KEYFILE,
                "ssl_certfile": REDIS_SSL_CERTFILE,
                "ssl_ca_certs": REDIS_SSL_CA_CERTS
--- a/apps/jumpserver/settings/libs.py
+++ b/apps/jumpserver/settings/libs.py
@ -3,7 +3,7 @@
 import os
 import ssl

-from .base import REDIS_SSL_CA_CERTS, REDIS_SSL_CERTFILE, REDIS_SSL_KEYFILE
+from .base import REDIS_SSL_CA_CERTS, REDIS_SSL_CERTFILE, REDIS_SSL_KEYFILE, REDIS_SSL_REQUIRED
 from ..const import CONFIG, PROJECT_DIR

 REST_FRAMEWORK = {
@ -90,7 +90,8 @@ if not CONFIG.REDIS_USE_SSL:
 else:
    context = ssl.SSLContext()
    context.check_hostname = bool(CONFIG.REDIS_SSL_REQUIRED)
-    context.load_verify_locations(REDIS_SSL_CA_CERTS)
+    if REDIS_SSL_CA_CERTS:
+        context.load_verify_locations(REDIS_SSL_CA_CERTS)
    if REDIS_SSL_CERTFILE and REDIS_SSL_KEYFILE:
        context.load_cert_chain(REDIS_SSL_CERTFILE, REDIS_SSL_KEYFILE)

@ -140,7 +141,7 @@ CELERY_WORKER_REDIRECT_STDOUTS_LEVEL = "INFO"
 CELERY_TASK_SOFT_TIME_LIMIT = 3600
 if CONFIG.REDIS_USE_SSL:
    CELERY_BROKER_USE_SSL = CELERY_REDIS_BACKEND_USE_SSL = {
-        'ssl_cert_reqs': CONFIG.REDIS_SSL_REQUIRED,
+        'ssl_cert_reqs': REDIS_SSL_REQUIRED,
        'ssl_ca_certs': REDIS_SSL_CA_CERTS,
        'ssl_certfile': REDIS_SSL_CERTFILE,
        'ssl_keyfile': REDIS_SSL_KEYFILE