new_learner
new_learner

Reputation: 65

Error accessing AWS elasticache redis in cluster mode) + TLS Enabled from django service

I'm trying to connect AWS elasticache(redis in cluster mode) with TLS enabled, the library versions and django cache settings as below

====Dependencies======
redis==3.0.0
redis-py-cluster==2.0.0
django-redis==4.11.0

======settings=======
CACHES = {
    'default': {
        'BACKEND': 'django_redis.cache.RedisCache',
        'LOCATION': "redis://xxxxxxx.mc-redis-cache-v2.zzzzz.usw2.cache.amazonaws.com:6379/0",
        'OPTIONS': {
            'PASSWORD': '<password>',
            'REDIS_CLIENT_CLASS': 'rediscluster.RedisCluster',
            'CONNECTION_POOL_CLASS': 'rediscluster.connection.ClusterConnectionPool',
            'CONNECTION_POOL_KWARGS': {
                'skip_full_coverage_check': True,
                "ssl_cert_reqs": False,
                "ssl": True
            }
        }
    }
}

It doesn't seem to be a problem with client-class(provided by redis-py-cluster) since I'm able to access

from rediscluster import RedisCluster
startup_nodes = [{"host": "redis://xxxxxxx.mc-redis-cache-v2.zzzzz.usw2.cache.amazonaws.com", "port": "6379"}]

rc = RedisCluster(startup_nodes=startup_nodes, ssl=True, ssl_cert_reqs=False, decode_responses=True, skip_full_coverage_check=True, password='<password>')

rc.set("foo", "bar")
rc.get('foo')
'bar'

but I'm seeing this error when django service is trying to access the cache, is there any configuration detail that I might be missing?

File "/usr/lib/python3.6/site-packages/django_redis/cache.py", line 32, in _decorator
    return method(self, *args, **kwargs)
  File "/usr/lib/python3.6/site-packages/django_redis/cache.py", line 81, in get
    client=client)
  File "/usr/lib/python3.6/site-packages/django_redis/client/default.py", line 194, in get
    client = self.get_client(write=False)
  File "/usr/lib/python3.6/site-packages/django_redis/client/default.py", line 90, in get_client
    self._clients[index] = self.connect(index)
  File "/usr/lib/python3.6/site-packages/django_redis/client/default.py", line 103, in connect
    return self.connection_factory.connect(self._server[index])
  File "/usr/lib/python3.6/site-packages/django_redis/pool.py", line 64, in connect
    connection = self.get_connection(params)
  File "/usr/lib/python3.6/site-packages/django_redis/pool.py", line 75, in get_connection
    pool = self.get_or_create_connection_pool(params)
  File "/usr/lib/python3.6/site-packages/django_redis/pool.py", line 94, in get_or_create_connection_pool
    self._pools[key] = self.get_connection_pool(params)
  File "/usr/lib/python3.6/site-packages/django_redis/pool.py", line 107, in get_connection_pool
    pool = self.pool_cls.from_url(**cp_params)
  File "/usr/lib/python3.6/site-packages/redis/connection.py", line 916, in from_url
    return cls(**kwargs)
  File "/usr/lib/python3.6/site-packages/rediscluster/connection.py", line 146, in __init__
    self.nodes.initialize()
  File "/usr/lib/python3.6/site-packages/rediscluster/nodemanager.py", line 172, in initialize
    raise RedisClusterException("ERROR sending 'cluster slots' command to redis server: {0}".format(node))
rediscluster.exceptions.RedisClusterException: ERROR sending 'cluster slots' command to redis server: {'host': 'xxxxxxx.mc-redis-cache-v2.zzzzz.usw2.cache.amazonaws.com', 'port': '6379'}

I also tried passing "ssl_ca_certs": "/etc/ssl/certs/ca-certificates.crt" to CONNECTION_POOL_KWARGS and setting the location scheme to rediss still no luck

Upvotes: 2

Views: 6313

Answers (1)

user1658605
user1658605

Reputation: 71

you need to change ssl_cert_reqs=False to ssl_cert_reqs=None

Here's the link to the redis Python git repo that points to this: https://github.com/andymccurdy/redis-py#ssl-connections

Upvotes: 2

Related Questions