Pickle拒绝使用芹菜报告将内容序列化ContentDisallowed:拒绝反序列化Pickle类型的不受信任的内容 [英] Pickle is refusing to serialize content with celery reporting ContentDisallowed: Refusing to deserialize untrusted content of type pickle

问题描述

我正在尝试将除datetime.datetime以外的大多数JSON对象可序列化的python对象放入Rabbitmq队列中，因此使用pickle进行序列化.

I am trying to put some python object mostly json serializable except datetime.datetime in rabbitmq queue and so using pickle to serialize.

celery_config文件:

celery_config file:

CELERY_TASK_SERIALIZER = 'pickle'
CELERY_RESULT_SERIALIZER = 'pickle'

它抛出一个异常:

 File "/usr/local/lib/python2.7/dist-packages/kombu/serialization.py", line 174, in loads
    raise self._for_untrusted_content(content_type, 'untrusted')
ContentDisallowed: Refusing to deserialize untrusted content of type pickle (application/x-python-serialize)

此链接 建议我对没有线索的地方进行消息签名.

This link suggests I do message signing about which I have no clue.

有人可以指导我完成工作吗?

Can someone please guide me through how do I work it out?

推荐答案

您尝试过吗，

CELERY_ACCEPT_CONTENT = ['pickle']

如该链接所示( http://docs.celeryproject.org/en/latest/userguide/configuration.html#std:setting-accept_content ) 此设置接受序列化程序名称和内容类型的列表，因此您可以将序列化程序白名单或希望序列化的内容类型白名单.

As indicated in this link ( http://docs.celeryproject.org/en/latest/userguide/configuration.html#std:setting-accept_content) this setting accepts a list of serializer names and content-types, so you could either white-list the serializer or the content-types you expect to serialize.

执行上述操作，或者使用SSL消息签名…基本上就是建立一个ssh-key对，并使celery能够使用您的密钥来建立安全连接.

So either do the above, or use SSL message signing… which is basically, building a ssh-key pair, and enabling celery to use your keys to get a secure connection.

您可以通过在以下位置注册密钥"和证书"来激活消息签名:

You can activate message signing, by registering your "KEY" and "CERTIFICATE" with:

CELERY_SECURITY_KEY = '/etc/ssl/private/worker.key'
CELERY_SECURITY_CERTIFICATE = '/etc/ssl/certs/worker.pem'
CELERY_SECURITY_CERT_STORE = '/etc/ssl/certs/*.pem'
from celery.security import setup_security
setup_security()

关于这些东西的含义……以及它的工作方式，请参见: http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO /x64.html

As far as what that stuff means… and how it works, see: http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html

有关如何生成密钥(以及启用安全的无密码登录)的信息，请参见: https://help.github.com/articles/generating-ssh-keys/ 或 http://mah.everybody.org/docs/ssh 以获得其中引用的更多常规链接.

Also, for how to generate keys (and enable secure passwordless logins), see: https://help.github.com/articles/generating-ssh-keys/ or http://mah.everybody.org/docs/ssh for more general links referenced therein.

这篇关于Pickle拒绝使用芹菜报告将内容序列化ContentDisallowed:拒绝反序列化Pickle类型的不受信任的内容的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！