Django Celery生产者和工人模型数据库 [英] Django Celery Database for Models on Producer and Worker
问题描述
我想开发一个使用Django作为Fronted和Celery做背景的应用程序。
现在,有时不同机器上的芹菜工作者需要数据库访问我的django前端机器(两个不同的服务器)。
他们需要知道一些实时的东西,并运行django应用程序与
python manage.py celeryd
他们需要访问所有型号的数据库。
我必须通过直接连接访问我的MySQL数据库吗?因此,我必须允许用户my-django-app访问不仅来自我的前端机器上的本地主机,而是从我的其他工作服务器ips访问
这是正确的路,还是我错过了什么?只是以为这不是真的安全(没有ssl),但也许这只是它的方式。
感谢您的回复!
他们需要访问数据库。该访问将通过数据库后端,它可以是Django或一个来自第三方。
有一件事我在Django网站的 settings.py 从 / etc 中的文件加载数据库访问信息。这样一来,每台机器的访问设置(数据库主机,端口,用户名,密码)都可以不同,并且敏感信息(如密码)不在我的项目库中。您可能希望以类似方式限制对工作人员的访问,方法是使用不同的用户名连接。
您还可以传入数据库连接信息,甚至只需一个通过环境变量配置文件的键或路径,并在 settings.py 中处理它。
例如,这是我如何拉入我的数据库配置文件:
g = {}
dbSetup = {}
execfile(os.environ ['DB_CONFIG'],g,dbSetup)
如果dbSetup中的数据库:
DATABASES = dbSetup ['databases']
else:
DATABASES = {
'default':{
'ENGINE':'django.db.backends.mysql',
#...
}
}
不用说,您需要确保 DB_CONFIG 。默认情况下应该将Django引用到开发人员自己的测试数据库。使用 ast 模块而不是 execfile 也可能有更好的解决方案,但我还没有研究过。
我做的另一件事是使用不同的用户进行DB管理任务与其他任何事情。在我的 manage.py 中,我添加了以下序言:
查找数据库配置(如果有的话),并在环境中进行设置。
adminDBConfFile ='/etc/django/db_admin.py'
dbConfFile ='/etc/django/db_regular.py'
import sys
import os
def goodFile (路径):
返回os.path.isfile(path)和os.access(path,os.R_OK)
如果len(sys.argv)> = 2和sys.argv [1]在[syncdb,dbshell,migrate] \
和goodFile(adminDBConfFile):
os.environ ['DB_CONFIG'] = adminDBConfFile
elif goodFile(dbConfFile)
os.environ ['DB_CONFIG'] = dbConfFile
$ c> /etc/django/db_regular.py 适用于只能使用SELECT,INSERT,UPDATE和DELETE访问Django数据库的用户,以及 / etc / django /db_admin.py 是针对具有这些权限的用户加上CREATE,DROP,INDEX,ALTER和LOCK TABLES。 (迁移命令来自南)。我在运行时对Django代码进行了一些保护,使我的架构乱七八糟,并限制了SQL注入攻击可能导致的损坏(尽管您仍然应该检查并过滤所有的用户输入)。
这不是解决您的具体问题的方法,但可能会为您提供一些创新方法,以便为您的目的智能化Django的数据库访问设置。
I want to develop an application which uses Django as Fronted and Celery to do background stuff. Now, sometimes Celery workers on different machines need database access to my django frontend machine (two different servers). They need to know some realtime stuff and to run the django-app with
python manage.py celeryd
they need access to a database with all models available.
Do I have to access my MySQL database through direct connection? Thus I have to allow user "my-django-app" access not only from localhost on my frontend machine but from my other worker server ips?
Is this the "right" way, or I'm missing something? Just thought it isn't really safe (without ssl), but maybe that's just the way it has to be.
Thanks for your responses!
They will need access to the database. That access will be through a database backend, which can be one that ships with Django or one from a third party.
One thing I've done in my Django site's settings.py is load database access info from a file in /etc. This way the access setup (database host, port, username, password) can be different for each machine, and sensitive info like the password isn't in my project's repository. You might want to restrict access to the workers in a similar manner, by making them connect with a different username.
You could also pass in the database connection information, or even just a key or path to a configuration file, via environment variables, and handle it in settings.py.
For example, here's how I pull in my database configuration file:
g = {}
dbSetup = {}
execfile(os.environ['DB_CONFIG'], g, dbSetup)
if 'databases' in dbSetup:
DATABASES = dbSetup['databases']
else:
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
# ...
}
}
Needless to say, you need to make sure that the file in DB_CONFIG is not accessible to any user besides the db admins and Django itself. The default case should refer Django to a developer's own test database. There may also be a better solution using the ast module instead of execfile, but I haven't researched it yet.
Another thing I do is use separate users for DB admin tasks vs. everything else. In my manage.py, I added the following preamble:
# Find a database configuration, if there is one, and set it in the environment.
adminDBConfFile = '/etc/django/db_admin.py'
dbConfFile = '/etc/django/db_regular.py'
import sys
import os
def goodFile(path):
return os.path.isfile(path) and os.access(path, os.R_OK)
if len(sys.argv) >= 2 and sys.argv[1] in ["syncdb", "dbshell", "migrate"] \
and goodFile(adminDBConfFile):
os.environ['DB_CONFIG'] = adminDBConfFile
elif goodFile(dbConfFile):
os.environ['DB_CONFIG'] = dbConfFile
Where the config in /etc/django/db_regular.py is for a user with access to only the Django database with SELECT, INSERT, UPDATE, and DELETE, and /etc/django/db_admin.py is for a user with these permissions plus CREATE, DROP, INDEX, ALTER, and LOCK TABLES. (The migrate command is from South.) This gives me some protection from Django code messing with my schema at runtime, and it limits the damage an SQL injection attack can cause (though you should still check and filter all user input).
This isn't a solution to your exact problem, but it might give you some ideas for ways to smarten up Django's database access setup for your purposes.
这篇关于Django Celery生产者和工人模型数据库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
