You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Many hosted key-value/redis services run on hosts that they do not own such as compute-1.amazonaws.com therefore they can provide an SSL cert so communication is not sent over plaintext, however the client cannot validate that the certificate matches the host, because the service doesn't own the host (i.e. Heroku or Redis Cloud does not own the compute-1.amazonaws.com domain). Therefore it's common to disable SSL verification like https://github.com/codetriage/CodeTriage/blob/2f193418ca0b8757ca0a1159a2e7827ff5a02926/config/initializers/sidekiq.rb#L3-L8.
Expected
I expect that if I configure sidekiq's Redis connection to ignore the SSL verification that activejob-uniqueness will also ignore it. Alternatively, I expect documentation on the readme to highlight that this gem requires a separate connection configuration
Actual
When using this gem with sidekiq with a Redis provider that requires SSL (Redis 6+ AFAIK requires SSL) then it will error:
/app/vendor/bundle/ruby/3.3.0/gems/redis-client-0.22.2/lib/redis_client/ruby_connection.rb:134:in `connect_nonblock': SSL_connect returned=1 errno=0 peeraddr=<redacted> state=error: certificate verify failed (self-signed certificate in certificate chain) (rediss://<redacted>:<redacted>) (RedisClient::CannotConnectError)
from /app/vendor/bundle/ruby/3.3.0/gems/redis-client-0.22.2/lib/redis_client/ruby_connection.rb:134:in `block in connect'
from <internal:kernel>:187:in `loop'
from /app/vendor/bundle/ruby/3.3.0/gems/redis-client-0.22.2/lib/redis_client/ruby_connection.rb:133:in `connect'
from /app/vendor/bundle/ruby/3.3.0/gems/redis-client-0.22.2/lib/redis_client/ruby_connection.rb:51:in `initialize'
from /app/vendor/bundle/ruby/3.3.0/gems/redis-client-0.22.2/lib/redis_client.rb:746:in `new'
from /app/vendor/bundle/ruby/3.3.0/gems/redis-client-0.22.2/lib/redis_client.rb:746:in `block in connect'
from /app/vendor/bundle/ruby/3.3.0/gems/redis-client-0.22.2/lib/redis_client/middlewares.rb:12:in `connect'
from /app/vendor/bundle/ruby/3.3.0/gems/redis-client-0.22.2/lib/redis_client.rb:745:in `connect'
from /app/vendor/bundle/ruby/3.3.0/gems/redis-client-0.22.2/lib/redis_client.rb:732:in `raw_connection'
from /app/vendor/bundle/ruby/3.3.0/gems/redis-client-0.22.2/lib/redis_client.rb:697:in `ensure_connected'
from /app/vendor/bundle/ruby/3.3.0/gems/redis-client-0.22.2/lib/redis_client.rb:277:in `call'
from /app/vendor/bundle/ruby/3.3.0/gems/activejob-uniqueness-0.3.2/lib/active_job/uniqueness/lock_manager.rb:13:in `block (2 levels) in delete_lock'
from /app/vendor/bundle/ruby/3.3.0/gems/redlock-2.0.6/lib/redlock/client.rb:203:in `block (2 levels) in synchronize'
Note that in the backtrace is activejob-uniqueness and redlock.
Fix
I don't know if it's possible to extend the sidekiq patch to apply the SSL configuration automatically. An shorter term fix would be to add a suggestion that sidekiq users can disable SSL via this code in the README. Perhaps something like this:
This gem relies on redlock for it's Redis connection, that means it will not inherit global configuration of Sidekiq. To configure the connection, you can use config.redlock_servers, for example to disable SSL verification for Redis/Key-Value cloud providers:
I would also suggest putting this section directly under the "configuration" section and above the "usage" as the "sidekiq API" section is currently somewhat hidden if you're not looking for it (though the patch is mentioned multiple times).
I also found a related issue where someone hit the same problem and then closed after they found the workaround that I'm suggesting here in the docs #58 (comment)
The text was updated successfully, but these errors were encountered:
Context
Many hosted key-value/redis services run on hosts that they do not own such as
compute-1.amazonaws.comtherefore they can provide an SSL cert so communication is not sent over plaintext, however the client cannot validate that the certificate matches the host, because the service doesn't own the host (i.e. Heroku or Redis Cloud does not own thecompute-1.amazonaws.comdomain). Therefore it's common to disable SSL verification like https://github.com/codetriage/CodeTriage/blob/2f193418ca0b8757ca0a1159a2e7827ff5a02926/config/initializers/sidekiq.rb#L3-L8.Expected
I expect that if I configure sidekiq's Redis connection to ignore the SSL verification that
activejob-uniquenesswill also ignore it. Alternatively, I expect documentation on the readme to highlight that this gem requires a separate connection configurationActual
When using this gem with sidekiq with a Redis provider that requires SSL (Redis 6+ AFAIK requires SSL) then it will error:
Note that in the backtrace is
activejob-uniquenessandredlock.Fix
I don't know if it's possible to extend the sidekiq patch to apply the SSL configuration automatically. An shorter term fix would be to add a suggestion that sidekiq users can disable SSL via this code in the README. Perhaps something like this:
This gem relies on
redlockfor it's Redis connection, that means it will not inherit global configuration ofSidekiq. To configure the connection, you can useconfig.redlock_servers, for example to disable SSL verification for Redis/Key-Value cloud providers:I would also suggest putting this section directly under the "configuration" section and above the "usage" as the "sidekiq API" section is currently somewhat hidden if you're not looking for it (though the patch is mentioned multiple times).
I also found a related issue where someone hit the same problem and then closed after they found the workaround that I'm suggesting here in the docs #58 (comment)
The text was updated successfully, but these errors were encountered: