You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "Michael Otte (JIRA)" <ji...@apache.org> on 2016/11/27 11:12:58 UTC
[jira] [Created] (AIRFLOW-654) SSL for AMQP w/ Celery(Executor)
Michael Otte created AIRFLOW-654:
------------------------------------
Summary: SSL for AMQP w/ Celery(Executor)
Key: AIRFLOW-654
URL: https://issues.apache.org/jira/browse/AIRFLOW-654
Project: Apache Airflow
Issue Type: Improvement
Components: celery, executor
Affects Versions: Airflow 2.0, Airflow 1.8
Environment: Tested on:
Airflow 1.7.1.3, celery[auth] 4.0, et.al.
Reporter: Michael Otte
Fix For: Airflow 1.7.1.3
Add celery ssl certs for amqp (w/ rabbitmq) encryption. This can go in celery_executor.py and set with current airflow configuration practices (e.g. explicit in airflow.cfg, env var, etc.)
tldr
Currently, celery's AMQP messages cannot be encrypted using SSL unless a SSH tunnel, VPN, or an alternative network encryption protocol is used.
This is the only feature addition required to be able to use Airflow in an end-to-end encrypted, distributed system.
The webserver, the disk volume, etc. can be encrypted outside of Airflow with good security practices (e.g. the webserver can be secured at the proxy layer, GCM with AES can be used for in-state encryption, etc.)
Could technically use the certs from the webserver (link to commit/issue comment below) if you're lazy and if the certs are issued from the same certificate authority as the broker's certs.
https://issues.apache.org/jira/browse/AIRFLOW-91?focusedCommentId=15503562&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15503562
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)