search

Netflix / security_monkey

Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
Apache License 2.0
4.36k stars 800 forks source link

SSL Redis isn't usable #1175

Open jasonmcintosh opened 5 years ago

jasonmcintosh commented 5 years ago

IF you setup Redis with SSL, celery (e.g. scheduler/workers) won't be able to connect to it and get failures in the logs. E.g.

[2019-02-19 18:47:50,400: ERROR/MainProcess] consumer: Cannot connect to redis://***:6379/0: Error while reading from socket: ('Connection closed by server.',).
Trying again in 6.00 seconds...

Should be able to adjust the celeryconfig.py file to be:

broker_url = '{}://{}/{}'.format(
    os.getenv('SECURITY_MONKEY_REDIS_PROTOCOL', 'redis'),
    os.getenv('SECURITY_MONKEY_REDIS_HOST', 'redis'),
    os.getenv('SECURITY_MONKEY_REDIS_DB', '0')
)

Then for those using SSL, set SECURITY_MONKEY_REDIS_PROTOCOL to "rediss" not "redis" and then things seem to work fine.

mikegrima commented 5 years ago

Can you submit a PR with these changes?

jasonmcintosh commented 5 years ago

Will do soon as I can get a chance. Was working on some updates to the docker sections - e.g. originally was trying to get running in k8s, though leaning back towards ECS so was creating demo terraform for that.