docker - AIRFLOW 中缺少 CSRF 会话令牌
问题描述
我正在使用 docker for Airflow。下面的docker-compose文件大部分取自airflow官网。这在我的笔记本电脑上运行良好,但是当我上传到服务器时,我在前端浏览时不断收到错误消息。
错误的请求
CSRF 会话令牌丢失。
从文档中,它告诉我需要添加 AIRFLOW__WEBSERVER__SECRET_KEY 所以我添加了它。有什么我错过的吗?
version: '3'
x-airflow-common:
&airflow-common
image: <image name>
environment:
&airflow-common-env
AIRFLOW__CORE__EXECUTOR: CeleryExecutor
AIRFLOW__CORE__SQL_ALCHEMY_CONN: postgresql+psycopg2://<some connection sting>
AIRFLOW__CELERY__RESULT_BACKEND: db+postgresql://<some connection sting>
AIRFLOW__CELERY__BROKER_URL: redis://:@redis:6379/0
AIRFLOW__CELERY__FLOWER_PORT: '5556'
AIRFLOW__CORE__FERNET_KEY: ''
AIRFLOW__CORE__DAGS_ARE_PAUSED_AT_CREATION: 'True'
AIRFLOW__CORE__LOAD_EXAMPLES: 'False'
AIRFLOW__API__AUTH_BACKEND: 'airflow.api.auth.backend.basic_auth'
AIRFLOW__CORE__EXPOSE_CONFIG: 'True'
AIRFLOW__CORE__REMOTE_LOGGING: 'True'
AIRFLOW__CORE__REMOTE_BASE_LOG_FOLDER: <s3 location>
AIRFLOW__CORE__REMOTE_LOG_CONN_ID: 's3_connection'
AIRFLOW__CORE__ENCRYPT_S3_LOGS: 'False'
AIRFLOW__SMTP__SMTP_HOST: 'smtp.sendgrid.net'
AIRFLOW__SMTP__SMTP_STARTTLS: 'True'
AIRFLOW__SMTP__SMTP_SSL: 'False'
#AIRFLOW__SMTP__SMTP_USER: 'apikey'
#AIRFLOW__SMTP__SMTP_PASSWORD: <password>
AIRFLOW__SMTP__SMTP_PORT: '587'
AIRFLOW__SMTP__SMTP_MAIL_FROM: <email address>
_PIP_ADDITIONAL_REQUIREMENTS: ""
AIRFLOW__WEBSERVER__WORKERS: '1'
AIRFLOW__WEBSERVER__SECRET_KEY: 'secret_key'
volumes:
- ../dags:/opt/airflow/dags
- ../scripts:/opt/airflow/scripts
user: "${AIRFLOW_UID:-50000}:${AIRFLOW_GID:-50000}"
depends_on:
redis:
condition: service_healthy
services:
redis:
image: redis:latest
ports:
- 6379:6379
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 5s
timeout: 30s
retries: 50
restart: always
airflow-webserver:
<<: *airflow-common
command: webserver
extra_hosts:
- "host.docker.internal:host-gateway"
ports:
- 8080:8080
- 9000:9000
healthcheck:
test: ["CMD", "curl", "--fail", "http://localhost:8080/health"]
interval: 10s
timeout: 10s
retries: 5
restart: always
airflow-scheduler:
<<: *airflow-common
command: scheduler
healthcheck:
test: ["CMD-SHELL", 'airflow jobs check --job-type SchedulerJob --hostname "$${HOSTNAME}"']
interval: 10s
timeout: 10s
retries: 5
restart: always
airflow-worker:
<<: *airflow-common
command: celery worker
healthcheck:
test:
- "CMD-SHELL"
- 'celery --app airflow.executors.celery_executor.app inspect ping -d "celery@$${HOSTNAME}"'
interval: 10s
timeout: 10s
retries: 5
restart: always
airflow-init:
<<: *airflow-common
command: version
environment:
<<: *airflow-common-env
_AIRFLOW_DB_UPGRADE: 'true'
_AIRFLOW_WWW_USER_CREATE: 'true'
_AIRFLOW_WWW_USER_USERNAME: ${_AIRFLOW_WWW_USER_USERNAME:-airflow}
_AIRFLOW_WWW_USER_PASSWORD: ${_AIRFLOW_WWW_USER_PASSWORD:-airflow}
flower:
<<: *airflow-common
command: celery flower
ports:
- 5556:5556
healthcheck:
test: ["CMD", "curl", "--fail", "http://localhost:5556/"]
interval: 10s
timeout: 10s
retries: 5
restart: always
volumes:
postgres-db-volume:
解决方案
确保AIRFLOW__WEBSERVER__SECRET_KEY
工作节点和网络服务器(主节点)中的值相同。您可以找到有关此PR的更多详细信息。
工作节点运行一个网络服务器,该服务器处理访问执行日志的请求,这就是为什么您会看到如下错误:*** Failed to fetch log file from worker. 403 Client Error: FORBIDDEN for url: https://worker.worker
或CSRF session token is missing
.
在您的worker中,您可以将密钥的值添加到.env
文件中并将其加载到 docker-compose 定义中:
environment: &airflow-common-env
AIRFLOW__CORE__FERNET_KEY: ${FERNET_KEY}
AIRFLOW__WEBSERVER__SECRET_KEY: ${SECRET_KEY}
env_file:
- .env
推荐阅读
- python-3.x - 谁能帮我在 Windows 上安装 PYPY?
- python - 具有一维输入向量和二维输出向量的 SVR 模型
- autodesk-forge - 在 Autodesk Forge Viewer 中首次加载文件时,仅加载特定的 GUID 作为优先级
- hashmap - ADA - 哈希图中的记录。打印哈希图的问题
- c# - 使用来自另一个 ViewModel 的 treeview 的 selectedItem
- node.js - 在 npm start 时显示错误,但随后运行顺利... [MongoError: Topology closed]
- gensim - MemoryError: Unable to allocate 380. MiB for an array with shape (331792, 300) and data type float32
- java - 使用 TreeSet Java 计算反转
- excel - 使用自动填充增量
- azure - Azure Blob 存储:使用 C# 从 Azure 存储容器“$logs”下载所有日志