uWSGI，Flask，sqlalchemy和postgres：SSL错误：解密失败或记录失败 [英] uWSGI, Flask, sqlalchemy, and postgres: SSL error: decryption failed or bad record mac

问题描述

我尝试使用uWSGI + Nginx设置应用程序Web服务器，它使用SQLAlchemy运行一个Flask应用程序来与Postgres数据库进行通信。

到网络服务器，其他的响应将是一个500错误。

错误是：

  Traceback（最近一次调用的最后一个）：
文件/var/env/argos/lib/python3.3/site-packages/sqlalchemy/engine/base.py，第867行，in _execute_context 
 context）
在do_execute 
游标中的/var/env/argos/lib/python3.3/site-packages/sqlalchemy/engine/default.py行388。执行（语句，参数）
 psycopg2.OperationalError：SSL错误：解密失败或错误记录MAC 
 
 
上述异常是以下异常的直接原因：
 
 sqlalchemy.exc.OperationalError：（OperationalError）SSL错误：解密失败或错误记录mac 
  

这个错误是由一个简单的 Flask-SQL触发的炼金方法：

$ $ p $ result = models.Event.query.get（id）


---

uwsgi 由 supervisor 管理，它有一个配置：

  [program ：my_app] 
 command = / usr / bin / uwsgi --ini /etc/uwsgi/apps-enabled/myapp.ini --catch-exceptions 
 directory = / path / to / my / app 
 stopsignal = QUIT 
 autostart = true 
 autorestart = true 
  

和 uwsgi 的配置看起来像：

  [uwsgi] 
 socket = /tmp/my_app.sock 
 logto = /var/log/my_app.log 
 plugins = python3 
 virtualenv = / path / to / my / venv 
 pythonpath = / path / to / my / app 
 wsgi-file = /path/to/my/app/application.py 
 callable = app 
 max-requests = 1000 
 chmod- socket = 666 
 chown-socket = www-data：www-data 
 master = true 
 processes = 2 
 no-orphans = true 
 log-date = true 
 uid = www-data 
 gid = www-data 
  

我能得到的最远的地方在于它与uwsgi的分叉有关。但除此之外，我还不清楚需要做什么。

解决方案

问题最终成为uwsgi的分叉。当使用主进程处理多个进程时，uwsgi在主进程中初始化应用程序，然后将应用程序复制到每个工作进程。问题是如果你在初始化应用程序时打开数据库连接，那么你有多个进程共享相同的连接，这会导致上面的错误。

解决方法是设置uwsgi的懒惰 配置选项，这会强制在每个进程中完成应用程序的加载：

lockquote
$ p $ c $ la $ <$ code> p>

设置懒惰模式（在应用程序中加载应用程序而不是主应用程序）。

此选项可能会影响内存使用量在写语义不能被使用。当启用懒惰时，只有工作人员将被uWSGI的重新加载信号重新加载;主人仍然活着。因此，uWSGI配置的变化不会被主人重新加载。

还有一个 lazy-应用程序选项：

lazy-apps

在每个worker中加载应用程序而不是master。

此选项可能会影响内存使用量，写语义不能被使用。与懒惰不同，这只会影响应用程序的加载方式，而不会影响到加载的行为。

这个uwsgi配置最终为我工作：

  [uwsgi] 
 socket = /tmp/my_app.sock 
 logto = / var / log / my_app.log 
 plugins = python3 
 virtualenv = / path / to / my / venv 
 pythonpath = / path / to / my / app $ b $ wsgi-file = / path / to /my/app/application.py 
 callable = app 
 max-requests = 1000 
 chmod-socket = 666 
 chown-socket = www-data：www-data 
 master = true 
 processes = 2 
 no-orphans = true 
 log-date = true 
 uid = www-data 
 gid = www-data 
 
修正
 lazy = true 
 lazy-apps = true 
  

I'm trying to setup an application webserver using uWSGI + Nginx, which runs a Flask application using SQLAlchemy to communicate to a Postgres database.

When I make requests to the webserver, every other response will be a 500 error.

The error is:

Traceback (most recent call last):
  File "/var/env/argos/lib/python3.3/site-packages/sqlalchemy/engine/base.py", line 867, in _execute_context
    context)
  File "/var/env/argos/lib/python3.3/site-packages/sqlalchemy/engine/default.py", line 388, in do_execute
    cursor.execute(statement, parameters)
psycopg2.OperationalError: SSL error: decryption failed or bad record mac


The above exception was the direct cause of the following exception:

sqlalchemy.exc.OperationalError: (OperationalError) SSL error: decryption failed or bad record mac

The error is triggered by a simple Flask-SQLAlchemy method:

result = models.Event.query.get(id)

---

uwsgi is being managed by supervisor, which has a config:

[program:my_app]
command=/usr/bin/uwsgi --ini /etc/uwsgi/apps-enabled/myapp.ini --catch-exceptions
directory=/path/to/my/app
stopsignal=QUIT
autostart=true
autorestart=true

and uwsgi's config looks like:

[uwsgi]
socket = /tmp/my_app.sock
logto = /var/log/my_app.log
plugins = python3
virtualenv =  /path/to/my/venv
pythonpath = /path/to/my/app
wsgi-file = /path/to/my/app/application.py
callable = app
max-requests = 1000
chmod-socket = 666
chown-socket = www-data:www-data
master = true
processes = 2
no-orphans = true
log-date = true
uid = www-data
gid = www-data

The furthest that I can get is that it has something to do with uwsgi's forking. But beyond that I'm not clear on what needs to be done.

解决方案

The issue ended up being uwsgi's forking.

When working with multiple processes with a master process, uwsgi initializes the application in the master process and then copies the application over to each worker process. The problem is if you open a database connection when initializing your application, you then have multiple processes sharing the same connection, which causes the error above.

The solution is to set the lazy configuration option for uwsgi, which forces a complete loading of the application in each process:

lazy

Set lazy mode (load apps in workers instead of master).

This option may have memory usage implications as Copy-on-Write semantics can not be used. When lazy is enabled, only workers will be reloaded by uWSGI’s reload signals; the master will remain alive. As such, uWSGI configuration changes are not picked up on reload by the master.

There's also a lazy-apps option:

lazy-apps

Load apps in each worker instead of the master.

This option may have memory usage implications as Copy-on-Write semantics can not be used. Unlike lazy, this only affects the way applications are loaded, not master’s behavior on reload.

This uwsgi configuration ended up working for me:

[uwsgi]
socket = /tmp/my_app.sock
logto = /var/log/my_app.log
plugins = python3
virtualenv =  /path/to/my/venv
pythonpath = /path/to/my/app
wsgi-file = /path/to/my/app/application.py
callable = app
max-requests = 1000
chmod-socket = 666
chown-socket = www-data:www-data
master = true
processes = 2
no-orphans = true
log-date = true
uid = www-data
gid = www-data

# the fix
lazy = true
lazy-apps = true

这篇关于uWSGI，Flask，sqlalchemy和postgres：SSL错误：解密失败或记录失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！