You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by "Michael Otte (JIRA)" <ji...@apache.org> on 2016/11/27 11:12:58 UTC

[jira] [Created] (AIRFLOW-654) SSL for AMQP w/ Celery(Executor)

Michael Otte created AIRFLOW-654:
------------------------------------

             Summary: SSL for AMQP w/ Celery(Executor)
                 Key: AIRFLOW-654
                 URL: https://issues.apache.org/jira/browse/AIRFLOW-654
             Project: Apache Airflow
          Issue Type: Improvement
          Components: celery, executor
    Affects Versions: Airflow 2.0, Airflow 1.8
         Environment: Tested on:
Airflow 1.7.1.3, celery[auth] 4.0, et.al.
            Reporter: Michael Otte
             Fix For: Airflow 1.7.1.3


Add celery ssl certs for amqp (w/ rabbitmq) encryption.  This can go in celery_executor.py and set with current airflow configuration practices (e.g. explicit in airflow.cfg, env var, etc.)

tldr
Currently, celery's AMQP messages cannot be encrypted using SSL unless a SSH tunnel, VPN, or an alternative network encryption protocol is used.

This is the only feature addition required to be able to use Airflow in an end-to-end encrypted, distributed system.

The webserver, the disk volume, etc. can be encrypted outside of Airflow with good security practices (e.g. the webserver can be secured at the proxy layer, GCM with AES can be used for in-state encryption, etc.) 

Could technically use the certs from the webserver (link to commit/issue comment below) if you're lazy and if the certs are issued from the same certificate authority as the broker's certs.
https://issues.apache.org/jira/browse/AIRFLOW-91?focusedCommentId=15503562&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15503562



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)