ORuteMa commented on PR #30352: URL: https://github.com/apache/airflow/pull/30352#issuecomment-1500038233
> Hey! > > I've set aside some time today to work on this, but I could not finish a test. We're deploying Airflow using the Docker container, and as far as I can tell this has not been built into an image yet. So I've used our current pipeline to build an image off of this branch, and use that image as the base for our own image. > > I've also tried to look into how, using the changes in this PR, I'm supposed to correctly configure Redis Sentinel. In my original issue ([comment link](https://github.com/apache/airflow/issues/28010#issue-1469804366)) I've talked over a few ways which I thought might work (leaning on some stuff I found externally as well). > > Having said that, the test environment in our organisation is now up to date and I have that image built off of this branch. If you can tell me what the syntax is for configuring Sentinel I should be able to give it a go relatively quickly. In our case, the following apply: > > * 3 sentinels (identified by hostname) > * 3 masters (identified by "master-name" via the sentinels) > * sentinels and masters require TLS (internal cert, so disabling SSL verification is ok, I'll figure out that later) > * sentinels are unauthenticated > * masters are protected by a password > * default user, database ID 0 > > We deploy everything in containers and use environment variables for configuration. > > Hoping to hear from you! Hi! Thanks for your work. I will share my config below. @jonathanjuursema In my case, I configured the `broker_url` in the following format to include 3 authenticated sentinels: `sentinel://:${authPass}@${host1}:${port};sentinel://:${authPass}@${host2}:${port};sentinel://:${authPass}@${host3}:${port}`. I have kept `celery_ssl_active` as **False** and configured `sentinel_kwargs={"password": "{master_password}"}` in the **[celery_broker_transport_options]** section because my master is authenticated. Regarding sentinel with TLS, I think it is supported, and you can find more details from https://github.com/celery/celery/pull/6647. Therefore, in my PR, I have changed line 85 to support the URL of the `sentinel://` prefix with SSL. If you have the time, could you please test whether the sentinel works properly when SSL is enabled? My Redis deployment is only protected by a password, so I would like to ensure that the SSL configuration is functional. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
