Uploaded image for project: 'Apache Airflow'
  1. Apache Airflow
  2. AIRFLOW-6985

Airflow should handle the rediss:// protocol for TLS-enable Redis

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.10.9
    • Fix Version/s: None
    • Component/s: configuration
    • Labels:
      None

      Description

      Please see the following issue for Flower:

      https://github.com/mher/flower/issues/639

      Flower and Airflow do not handle TLS-enable connections to Redis the same way. Thus, when providing the same broker URL to Flower that the one provided to Airflow, Flower cannot start/work.

      There are several issues at hand here:

      • Airflow by itself does handle its configuration correctly using `ssl_active`, but does not handle `rediss://`
      • Flower by itself handles `rediss://` but does not handle an additionnal `ssl_active` option
      • in the Helm chart for Airflow, there is no easy way to provide a configuration to Flower (Flower gets its configuration via the same configuration as Airflow, and thus cannot be correctly configured because Airflow would throw an exception)

      See airflow/config_templates/default_celery.py where an exception is raised if `rediss://` is used.

      A nice and quick fix would be to handle `rediss://` and drive the TLS-enabled mode is that protocol is used while `ssl_active` is also set to true. If `rediss://` is used but `ssl_active` is set to false, an exception could be raised to warn the user that the configuration is inconsistent.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              nbardelot Noël BARDELOT
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: