NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-08-23 07:56:44 -06:00
Code Issues Actions 9 Packages Projects Releases Wiki Activity

feat: added setting redis certificate authority path

Browse Source
This commit is contained in:
Patrick Kerwood 2022-08-11 21:41:32 +02:00
parent aabe8f7c5b
commit 2541fd9aa0
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
netbox/netbox/configuration_example.py
View File

@ -37,6 +37,8 @@ REDIS = {
# Set this to True to skip TLS certificate verification # Set this to True to skip TLS certificate verification
# This can expose the connection to attacks, be careful # This can expose the connection to attacks, be careful
# 'INSECURE_SKIP_TLS_VERIFY': False, # 'INSECURE_SKIP_TLS_VERIFY': False,
# Set a path to a certificate authority, typically used with a self signed certificate.
#'CA_CERT_PATH': '/etc/ssl/certs/ca.crt',
}, },
'caching': { 'caching': {
'HOST': 'localhost', 'HOST': 'localhost',
@ -50,6 +52,8 @@ REDIS = {
# Set this to True to skip TLS certificate verification # Set this to True to skip TLS certificate verification
# This can expose the connection to attacks, be careful # This can expose the connection to attacks, be careful
# 'INSECURE_SKIP_TLS_VERIFY': False, # 'INSECURE_SKIP_TLS_VERIFY': False,
# Set a path to a certificate authority, typically used with a self signed certificate.
#'CA_CERT_PATH': '/etc/ssl/certs/ca.crt',
} }
} }

12
netbox/netbox/settings.py
View File

@ -232,6 +232,7 @@ TASKS_REDIS_PASSWORD = TASKS_REDIS.get('PASSWORD', '')
TASKS_REDIS_DATABASE = TASKS_REDIS.get('DATABASE', 0) TASKS_REDIS_DATABASE = TASKS_REDIS.get('DATABASE', 0)
TASKS_REDIS_SSL = TASKS_REDIS.get('SSL', False) TASKS_REDIS_SSL = TASKS_REDIS.get('SSL', False)
TASKS_REDIS_SKIP_TLS_VERIFY = TASKS_REDIS.get('INSECURE_SKIP_TLS_VERIFY', False) TASKS_REDIS_SKIP_TLS_VERIFY = TASKS_REDIS.get('INSECURE_SKIP_TLS_VERIFY', False)
TASKS_REDIS_CA_CERT_PATH = TASKS_REDIS.get('CA_CERT_PATH', False)
# Caching # Caching
if 'caching' not in REDIS: if 'caching' not in REDIS:
@ -246,6 +247,7 @@ CACHING_REDIS_SENTINELS = REDIS['caching'].get('SENTINELS', [])
CACHING_REDIS_SENTINEL_SERVICE = REDIS['caching'].get('SENTINEL_SERVICE', 'default') CACHING_REDIS_SENTINEL_SERVICE = REDIS['caching'].get('SENTINEL_SERVICE', 'default')
CACHING_REDIS_PROTO = 'rediss' if REDIS['caching'].get('SSL', False) else 'redis' CACHING_REDIS_PROTO = 'rediss' if REDIS['caching'].get('SSL', False) else 'redis'
CACHING_REDIS_SKIP_TLS_VERIFY = REDIS['caching'].get('INSECURE_SKIP_TLS_VERIFY', False) CACHING_REDIS_SKIP_TLS_VERIFY = REDIS['caching'].get('INSECURE_SKIP_TLS_VERIFY', False)
CACHING_REDIS_CA_CERT_PATH = REDIS['caching'].get('CA_CERT_PATH', False)
CACHES = { CACHES = {
'default': { 'default': {
@ -257,6 +259,8 @@ CACHES = {
} }
} }
} }
if CACHING_REDIS_SENTINELS: if CACHING_REDIS_SENTINELS:
DJANGO_REDIS_CONNECTION_FACTORY = 'django_redis.pool.SentinelConnectionFactory' DJANGO_REDIS_CONNECTION_FACTORY = 'django_redis.pool.SentinelConnectionFactory'
CACHES['default']['LOCATION'] = f'{CACHING_REDIS_PROTO}://{CACHING_REDIS_SENTINEL_SERVICE}/{CACHING_REDIS_DATABASE}' CACHES['default']['LOCATION'] = f'{CACHING_REDIS_PROTO}://{CACHING_REDIS_SENTINEL_SERVICE}/{CACHING_REDIS_DATABASE}'
@ -265,7 +269,9 @@ if CACHING_REDIS_SENTINELS:
if CACHING_REDIS_SKIP_TLS_VERIFY: if CACHING_REDIS_SKIP_TLS_VERIFY:
CACHES['default']['OPTIONS'].setdefault('CONNECTION_POOL_KWARGS', {}) CACHES['default']['OPTIONS'].setdefault('CONNECTION_POOL_KWARGS', {})
CACHES['default']['OPTIONS']['CONNECTION_POOL_KWARGS']['ssl_cert_reqs'] = False CACHES['default']['OPTIONS']['CONNECTION_POOL_KWARGS']['ssl_cert_reqs'] = False
if CACHING_REDIS_CA_CERT_PATH:
CACHES['default']['OPTIONS'].setdefault('CONNECTION_POOL_KWARGS', {})
CACHES['default']['OPTIONS']['CONNECTION_POOL_KWARGS']['ssl_ca_certs'] = CACHING_REDIS_CA_CERT_PATH
# #
# Sessions # Sessions
@ -631,6 +637,10 @@ else:
'DEFAULT_TIMEOUT': RQ_DEFAULT_TIMEOUT, 'DEFAULT_TIMEOUT': RQ_DEFAULT_TIMEOUT,
} }
if TASKS_REDIS_CA_CERT_PATH:
RQ_PARAMS.setdefault('REDIS_CLIENT_KWARGS', {})
RQ_PARAMS['REDIS_CLIENT_KWARGS']['ssl_ca_certs'] = TASKS_REDIS_CA_CERT_PATH
RQ_QUEUES = { RQ_QUEUES = {
'high': RQ_PARAMS, 'high': RQ_PARAMS,
'default': RQ_PARAMS, 'default': RQ_PARAMS,