[GitHub] [airflow] yerrysherry opened a new issue #8971: Problem when rotating the fernet keys

Fri, 22 May 2020 06:53:47 -0700 


yerrysherry opened a new issue #8971:
URL: https://github.com/apache/airflow/issues/8971


   $ airflow version
   1.10.10
   
   Database: 
   CentOS Linux release 7.6.1810 (Core), 
   
   Webserver - scheduler:
   lsb_release -a
   No LSB modules are available.
   Distributor ID:      Ubuntu
   Description: Ubuntu 18.04.2 LTS
   Release:     18.04
   Codename:    bionic
   
   Problem: Can not access connection after doing a:  airflow rotate_fernet_key
   
   1) Create a new connection in the web interface
   Conn id: my_connection
   Conn Type: HTTP
   Password: my_connection
   
   2) Check the database level
   
   [local] postgres@airflow# select * from connection where 
conn_id='my_connection';
   -[ RECORD 1 
]------+-----------------------------------------------------------------------------------------------------
   id                 | 39
   conn_id            | my_connection
   conn_type          | http
   host               | (null)
   schema             | (null)
   login              | (null)
   password           | 
gAAAAABex9MvQLybzQxgGFmkzbiuLamA5Hy8lsVM3oB-MtHBHct-rkDrOkHNpOXfz53AdyiQnfLDTMDvS_e8_jebnd60kw3aNA==
   port               | (null)
   extra              |
   is_encrypted       | t
   is_extra_encrypted | f
   
   3) Rotate the fernet key. I did NOT change the airflow.cfg file!!!
    $ airflow rotate_fernet_key 
   $ (no outpit)
   
   4) Check the database level. The encrypted password is changed.
   
   [local] postgres@airflow# select * from connection where 
conn_id='my_connection';
   -[ RECORD 1 
]------+-----------------------------------------------------------------------------------------------------
   id                 | 39
   conn_id            | my_connection
   conn_type          | http
   host               | (null)
   schema             | (null)
   login              | (null)
   password           | 
gAAAAABex9MvT44QG8BleLaqz8J60QSmP7n_VxHwTeqdewLC5ptPqabf0c5NpJ-G2zDusgOKY4Ahgun3LcXN4L5hIN3ocNf9YA==
   port               | (null)
   extra              |
   is_encrypted       | t
   is_extra_encrypted | f
   
   5) check the connection in the web interface.
   No problem. I can check and edit connections
   
   6) Create a new Fernet key and change the airflow.cfg file
   
   $ python -c "from cryptography.fernet import Fernet; 
print(Fernet.generate_key().decode())"
   DWL8rqNtdosZa78qFWImXZC4ac8FhfvdkGEebHd-LMc=
   
   fernet_key = 
DWL8rqNtdosZa78qFWImXZC4ac8FhfvdkGEebHd-LMc=,doZ11rM4IyvbQTegQa4jHWuUWkCgCb9zYsPWzL2QLO0=
   
   7)  Rotate the fernet key.
   airflow@airflow-pr-1:~/airflow$ airflow rotate_fernet_key
   airflow@airflow-pr-1:~/airflow$ (no output)
   
   8) When you check now in the web browser. Every entry who was encrypted gets 
an 
   Ooops page
   
   The only thing, I can do is restoring the database
   
   
   Regards,
   Gerrit
   
   
   
   
   
   
   
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to