From e80b6936a2ba2e926572978ff46c7aa9f62751af Mon Sep 17 00:00:00 2001 From: jiangweidong Date: Fri, 13 May 2022 15:50:01 +0800 Subject: [PATCH] =?UTF-8?q?perf:=20=E5=85=BC=E5=AE=B9AWS=E4=B8=8Aredis[ssl?= =?UTF-8?q?]=E6=97=A0=E8=AF=81=E4=B9=A6=E6=97=A0=E6=B3=95=E9=83=A8?= =?UTF-8?q?=E7=BD=B2=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/common/utils/connection.py | 2 +- apps/jumpserver/rewriting/session.py | 2 +- apps/jumpserver/settings/base.py | 7 ++++++- apps/jumpserver/settings/libs.py | 7 ++++--- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/apps/common/utils/connection.py b/apps/common/utils/connection.py index 291d4516d..242b0cb21 100644 --- a/apps/common/utils/connection.py +++ b/apps/common/utils/connection.py @@ -19,7 +19,7 @@ def get_redis_client(db=0): 'password': CONFIG.REDIS_PASSWORD, 'db': db, "ssl": is_true(CONFIG.REDIS_USE_SSL), - 'ssl_cert_reqs': CONFIG.REDIS_SSL_REQUIRED, + 'ssl_cert_reqs': getattr(settings, 'REDIS_SSL_REQUIRED'), 'ssl_keyfile': getattr(settings, 'REDIS_SSL_KEYFILE'), 'ssl_certfile': getattr(settings, 'REDIS_SSL_CERTFILE'), 'ssl_ca_certs': getattr(settings, 'REDIS_SSL_CA_CERTS'), diff --git a/apps/jumpserver/rewriting/session.py b/apps/jumpserver/rewriting/session.py index d7e0428aa..f3b432657 100644 --- a/apps/jumpserver/rewriting/session.py +++ b/apps/jumpserver/rewriting/session.py @@ -18,7 +18,7 @@ class RedisServer(_RedisServer): ssl_params = {} if CONFIG.REDIS_USE_SSL: ssl_params = { - 'ssl_cert_reqs': CONFIG.REDIS_SSL_REQUIRED, + 'ssl_cert_reqs': getattr(settings, 'REDIS_SSL_REQUIRED'), 'ssl_keyfile': getattr(settings, 'REDIS_SSL_KEYFILE'), 'ssl_certfile': getattr(settings, 'REDIS_SSL_CERTFILE'), 'ssl_ca_certs': getattr(settings, 'REDIS_SSL_CA_CERTS'), diff --git a/apps/jumpserver/settings/base.py b/apps/jumpserver/settings/base.py index 7c3657f35..327c3ea97 100644 --- a/apps/jumpserver/settings/base.py +++ b/apps/jumpserver/settings/base.py @@ -277,6 +277,11 @@ REDIS_SSL_CA_CERTS = os.path.join(PROJECT_DIR, 'data', 'certs', 'redis_ca.crt') if not os.path.exists(REDIS_SSL_CA_CERTS): REDIS_SSL_CA_CERTS = os.path.join(PROJECT_DIR, 'data', 'certs', 'redis_ca.pem') +if not os.path.exists(REDIS_SSL_CA_CERTS): + REDIS_SSL_CA_CERTS = None + +REDIS_SSL_REQUIRED = CONFIG.REDIS_SSL_REQUIRED or 'none' + CACHES = { 'default': { # 'BACKEND': 'redis_cache.RedisCache', @@ -291,7 +296,7 @@ CACHES = { 'OPTIONS': { "REDIS_CLIENT_KWARGS": {"health_check_interval": 30}, "CONNECTION_POOL_KWARGS": { - 'ssl_cert_reqs': CONFIG.REDIS_SSL_REQUIRED, + 'ssl_cert_reqs': REDIS_SSL_REQUIRED, "ssl_keyfile": REDIS_SSL_KEYFILE, "ssl_certfile": REDIS_SSL_CERTFILE, "ssl_ca_certs": REDIS_SSL_CA_CERTS diff --git a/apps/jumpserver/settings/libs.py b/apps/jumpserver/settings/libs.py index 59446b9de..c67c21f0b 100644 --- a/apps/jumpserver/settings/libs.py +++ b/apps/jumpserver/settings/libs.py @@ -3,7 +3,7 @@ import os import ssl -from .base import REDIS_SSL_CA_CERTS, REDIS_SSL_CERTFILE, REDIS_SSL_KEYFILE +from .base import REDIS_SSL_CA_CERTS, REDIS_SSL_CERTFILE, REDIS_SSL_KEYFILE, REDIS_SSL_REQUIRED from ..const import CONFIG, PROJECT_DIR REST_FRAMEWORK = { @@ -90,7 +90,8 @@ if not CONFIG.REDIS_USE_SSL: else: context = ssl.SSLContext() context.check_hostname = bool(CONFIG.REDIS_SSL_REQUIRED) - context.load_verify_locations(REDIS_SSL_CA_CERTS) + if REDIS_SSL_CA_CERTS: + context.load_verify_locations(REDIS_SSL_CA_CERTS) if REDIS_SSL_CERTFILE and REDIS_SSL_KEYFILE: context.load_cert_chain(REDIS_SSL_CERTFILE, REDIS_SSL_KEYFILE) @@ -140,7 +141,7 @@ CELERY_WORKER_REDIRECT_STDOUTS_LEVEL = "INFO" CELERY_TASK_SOFT_TIME_LIMIT = 3600 if CONFIG.REDIS_USE_SSL: CELERY_BROKER_USE_SSL = CELERY_REDIS_BACKEND_USE_SSL = { - 'ssl_cert_reqs': CONFIG.REDIS_SSL_REQUIRED, + 'ssl_cert_reqs': REDIS_SSL_REQUIRED, 'ssl_ca_certs': REDIS_SSL_CA_CERTS, 'ssl_certfile': REDIS_SSL_CERTFILE, 'ssl_keyfile': REDIS_SSL_KEYFILE