Project

Profile

Help

Maintenance: Planio will be observing a scheduled maintenance window this Tuesday, November 5, 2024 from 03:00 UTC until 06:30 UTC to perform urgent network maintenance in our primary data center. Your Planio account will be unavailable during this maintenance window.

Issue #575

closed

Warning in the log when starting celery services

Added by pthomas@redhat.com over 9 years ago. Updated over 5 years ago.

Status:
CLOSED - DUPLICATE
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
3. High
Version:
2.4.1
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

Description of problem:
Warnings in the log when starting/restarting the celery services

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. systemctl restart pulp_workers
2.
3.

Actual results:

Oct 09 10:54:43 cloud-qe-15.idmqe.lab.eng.bos.redhat.com pulp[28633]: py.warnings:WARNING: /usr/lib/python2.7/site-packages/celery/apps/worker.py:161: CDeprecationWarning:
Oct 09 10:54:43 cloud-qe-15.idmqe.lab.eng.bos.redhat.com pulp[28633]: py.warnings:WARNING: Starting from version 3.2 Celery will refuse to accept pickle by default.
Oct 09 10:54:43 cloud-qe-15.idmqe.lab.eng.bos.redhat.com pulp[28633]: py.warnings:WARNING:
Oct 09 10:54:43 cloud-qe-15.idmqe.lab.eng.bos.redhat.com pulp[28633]: py.warnings:WARNING: The pickle serializer is a security concern as it may give attackers
Oct 09 10:54:43 cloud-qe-15.idmqe.lab.eng.bos.redhat.com pulp[28633]: py.warnings:WARNING: the ability to execute any command. It's important to secure
Oct 09 10:54:43 cloud-qe-15.idmqe.lab.eng.bos.redhat.com pulp[28633]: py.warnings:WARNING: your broker from unauthorized access when using pickle, so we think
Oct 09 10:54:43 cloud-qe-15.idmqe.lab.eng.bos.redhat.com pulp[28633]: py.warnings:WARNING: that enabling pickle should require a deliberate action and not be
Oct 09 10:54:43 cloud-qe-15.idmqe.lab.eng.bos.redhat.com pulp[28633]: py.warnings:WARNING: the default choice.
Oct 09 10:54:43 cloud-qe-15.idmqe.lab.eng.bos.redhat.com pulp[28633]: py.warnings:WARNING:
Oct 09 10:54:43 cloud-qe-15.idmqe.lab.eng.bos.redhat.com pulp[28633]: py.warnings:WARNING: If you depend on pickle then you should set a setting to disable this
Oct 09 10:54:43 cloud-qe-15.idmqe.lab.eng.bos.redhat.com pulp[28633]: py.warnings:WARNING: warning and to be sure that everything will continue working
Oct 09 10:54:43 cloud-qe-15.idmqe.lab.eng.bos.redhat.com pulp[28633]: py.warnings:WARNING: when you upgrade to Celery 3.2::
Oct 09 10:54:43 cloud-qe-15.idmqe.lab.eng.bos.redhat.com pulp[28633]: py.warnings:WARNING:
Oct 09 10:54:43 cloud-qe-15.idmqe.lab.eng.bos.redhat.com pulp[28633]: py.warnings:WARNING: CELERY_ACCEPT_CONTENT = ['pickle', 'json', 'msgpack', 'yaml']
Oct 09 10:54:43 cloud-qe-15.idmqe.lab.eng.bos.redhat.com pulp[28633]: py.warnings:WARNING:
Oct 09 10:54:43 cloud-qe-15.idmqe.lab.eng.bos.redhat.com pulp[28633]: py.warnings:WARNING: You must only enable the serializers that you will actually use.
Oct 09 10:54:43 cloud-qe-15.idmqe.lab.eng.bos.redhat.com pulp[28633]: py.warnings:WARNING:
Oct 09 10:54:43 cloud-qe-15.idmqe.lab.eng.bos.redhat.com pulp[28633]: py.warnings:WARNING:
Oct 09 10:54:43 cloud-qe-15.idmqe.lab.eng.bos.redhat.com pulp[28633]: py.warnings:WARNING: warnings.warn(CDeprecationWarning(W_PICKLE_DEPRECATED))
Oct 09 10:54:43 cloud-qe-15.idmqe.lab.eng.bos.redhat.com pulp[28633]: py.warnings:WARNING:
Oct 09 10:54:43 cloud-qe-15.idmqe.lab.eng.bos.redhat.com celery[28633]: -------------- v3.1.11 (Cipater)
Oct 09 10:54:43 cloud-qe-15.idmqe.lab.eng.bos.redhat.com celery[28633]: ---- ** -----
Expected results:

Additional info:

+ This bug was cloned from Bugzilla Bug #1151224 +


Related issues

Is duplicate of Pulp - Story #23: As a user, I can rest easy in the knowledge that Pulp's Celery tasks are not serialized dangerouslyCLOSED - CURRENTRELEASEipanova@redhat.com

Actions
Actions #1

Updated by rbarlow over 9 years ago

Here's the message with the log details removed:

/usr/lib/python2.7/site-packages/celery/apps/worker.py:161: CDeprecationWarning:
Starting from version 3.2 Celery will refuse to accept pickle by default.
The pickle serializer is a security concern as it may give attackers
the ability to execute any command.  It's important to secure
your broker from unauthorized access when using pickle, so we think
that enabling pickle should require a deliberate action and not be
the default choice.
If you depend on pickle then you should set a setting to disable this
warning and to be sure that everything will continue working
when you upgrade to Celery 3.2::
CELERY_ACCEPT_CONTENT = ['pickle', 'json', 'msgpack', 'yaml']
You must only enable the serializers that you will actually use.
warnings.warn(CDeprecationWarning(W_PICKLE_DEPRECATED))
-------------- resource_manager@cloud-qe-15.idmqe.lab.eng.bos.redhat.com v3.1.11 (Cipater)
---- **** -----

+ This comment was cloned from Bugzilla #1151224 comment 1 +

Actions #2

Updated by bmbouter over 9 years ago

I've added a troubleshooting note [0] to the 2.5.0 docs indicating this warning is part of normal operation.

[0]: https://github.com/pulp/pulp/pull/1232

+ This comment was cloned from Bugzilla #1151224 comment 2 +

Actions #3

Updated by bmbouter over 9 years ago

Putting this back to NEW because I only documented the bug I did not actually fix it. To fix this bug I think you will need to:

- Port over all celery tasks to using arguments that serialize correctly with json

- Have Pulp configure celery to disable all pickling except json

- test test test and update the unit tests

- Decide if the consumer agent executes arbitrary code passed in via the message bus, and if so if we are OK with that. If we are not then we need to start using the json serializer with consumer tasks also.

+ This comment was cloned from Bugzilla #1151224 comment 3 +

Actions #4

Updated by bmbouter over 9 years ago

  • Severity changed from High to 3. High
Actions #5

Updated by bmbouter over 8 years ago

  • Status changed from NEW to CLOSED - DUPLICATE
Actions #6

Updated by bmbouter over 8 years ago

  • Is duplicate of Story #23: As a user, I can rest easy in the knowledge that Pulp's Celery tasks are not serialized dangerously added
Actions #7

Updated by bmbouter over 5 years ago

  • Tags Pulp 2 added

Also available in: Atom PDF