Pickle拒绝使用芹菜报告将内容序列化ContentDisallowed:拒绝反序列化Pickle类型的不受信任的内容 [英] Pickle is refusing to serialize content with celery reporting ContentDisallowed: Refusing to deserialize untrusted content of type pickle
问题描述
我正在尝试将除datetime.datetime以外的大多数JSON对象可序列化的python对象放入Rabbitmq队列中,因此使用pickle进行序列化.
I am trying to put some python object mostly json serializable except datetime.datetime in rabbitmq queue and so using pickle to serialize.
celery_config文件:
celery_config file:
CELERY_TASK_SERIALIZER = 'pickle'
CELERY_RESULT_SERIALIZER = 'pickle'
它抛出一个异常:
File "/usr/local/lib/python2.7/dist-packages/kombu/serialization.py", line 174, in loads
raise self._for_untrusted_content(content_type, 'untrusted')
ContentDisallowed: Refusing to deserialize untrusted content of type pickle (application/x-python-serialize)
此链接 建议我对没有线索的地方进行消息签名.
This link suggests I do message signing about which I have no clue.
有人可以指导我完成工作吗?
Can someone please guide me through how do I work it out?
推荐答案
您尝试过吗,
CELERY_ACCEPT_CONTENT = ['pickle']
如该链接所示( http://docs.celeryproject.org/en/latest/userguide/configuration.html#std:setting-accept_content ) 此设置接受序列化程序名称和内容类型的列表,因此您可以将序列化程序白名单或希望序列化的内容类型白名单.
As indicated in this link ( http://docs.celeryproject.org/en/latest/userguide/configuration.html#std:setting-accept_content) this setting accepts a list of serializer names and content-types, so you could either white-list the serializer or the content-types you expect to serialize.
执行上述操作,或者使用SSL消息签名…基本上就是建立一个ssh-key对,并使celery
能够使用您的密钥来建立安全连接.
So either do the above, or use SSL message signing… which is basically, building a ssh-key pair, and enabling celery
to use your keys to get a secure connection.
您可以通过在以下位置注册密钥"和证书"来激活消息签名:
You can activate message signing, by registering your "KEY" and "CERTIFICATE" with:
CELERY_SECURITY_KEY = '/etc/ssl/private/worker.key'
CELERY_SECURITY_CERTIFICATE = '/etc/ssl/certs/worker.pem'
CELERY_SECURITY_CERT_STORE = '/etc/ssl/certs/*.pem'
from celery.security import setup_security
setup_security()
关于这些东西的含义……以及它的工作方式,请参见: http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO /x64.html
As far as what that stuff means… and how it works, see: http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html
有关如何生成密钥(以及启用安全的无密码登录)的信息,请参见: https://help.github.com/articles/generating-ssh-keys/一个> 或 http://mah.everybody.org/docs/ssh 以获得其中引用的更多常规链接.
Also, for how to generate keys (and enable secure passwordless logins), see: https://help.github.com/articles/generating-ssh-keys/ or http://mah.everybody.org/docs/ssh for more general links referenced therein.
这篇关于Pickle拒绝使用芹菜报告将内容序列化ContentDisallowed:拒绝反序列化Pickle类型的不受信任的内容的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!