Redis Password ignored in misp-core config

[joe-speedboat]

Hi
With latest version, you introduced redis password, which defaults to redispassword
If I leaf default, redispassword in config is still empty.
If I set password in .env, it is still empty in config.

[root@test-misp misp-containers]# ls -la
-rw-r--r--. 1 root root 6957 Aug 15 09:51 docker-compose.yml
-rw-r--r--. 1 root root 5097 Aug 15 10:43 .env

[root@test-misp misp-containers]# grep _TAG docker-compose.yml .env 
docker-compose.yml:    image: ghcr.io/misp/misp-docker/misp-core:${CORE_TAG}
docker-compose.yml:          - CORE_TAG=${CORE_TAG:?Missing .env file, see README.md for instructions}
docker-compose.yml:    image: ghcr.io/misp/misp-docker/misp-modules:${MODULES_TAG}
docker-compose.yml:        - MODULES_TAG=${MODULES_TAG:?Missing .env file, see README.md for instructions}
.env:CORE_TAG=v2.4.195
.env:MODULES_TAG=v2.4.195

[root@test-misp misp-containers]# grep REDIS docker-compose.yml .env 
docker-compose.yml:    command: "--requirepass ${REDIS_PASSWORD:-redispassword}"
docker-compose.yml:      test: "valkey-cli -a ${REDIS_PASSWORD:-redispassword} ping || exit 1"
docker-compose.yml:          - PYPI_REDIS_VERSION=${PYPI_REDIS_VERSION}
docker-compose.yml:      - "REDIS_PASSWORD=${REDIS_PASSWORD:-redispassword}"
docker-compose.yml:      - "REDIS_BACKEND=redis"
docker-compose.yml:      - "REDIS_PW=${REDIS_PASSWORD:-redispassword}"

.env:# PYPI_REDIS_VERSION="==5.0.*"
.env:REDIS_PASSWORD=myRedIsPw

[root@test-misp misp-containers]# podman-compose up -d
[root@test-misp misp-containers]# sleep 120

[root@test-misp misp-containers]# fgrep redis configs/* | grep -e pass -e pw
configs/config.php:    'redis_password' => '',
configs/config.php:    'redis_password' => '',
configs/config.php.template:        'redis_password'                 => '',
configs/config.php.template:        'redis_password' => '',

[root@test-misp misp-containers]# podman logs misp-containers_misp-core_1 | tail -50
2024-08-15 09:02:08,684 INFO success: update_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-15 09:02:08,684 WARN exited: update_00 (exit status 1; not expected)
2024-08-15 09:02:09,687 INFO spawned: 'update_00' with pid 4256
2024-08-15 09:02:10,755 INFO success: update_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-15 09:02:10,756 WARN exited: update_00 (exit status 1; not expected)
2024-08-15 09:02:11,758 INFO spawned: 'update_00' with pid 4267
2024-08-15 09:02:12,825 INFO success: update_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-15 09:02:12,825 WARN exited: update_00 (exit status 1; not expected)
2024-08-15 09:02:13,827 INFO spawned: 'update_00' with pid 4275
2024-08-15 09:02:14,894 INFO success: update_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-15 09:02:14,894 WARN exited: update_00 (exit status 1; not expected)
2024-08-15 09:02:15,897 INFO spawned: 'update_00' with pid 4286
2024-08-15 09:02:16,964 INFO success: update_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-15 09:02:16,965 WARN exited: update_00 (exit status 1; not expected)
2024-08-15 09:02:17,967 INFO spawned: 'update_00' with pid 4297
2024-08-15 09:02:19,035 INFO success: update_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-15 09:02:19,035 WARN exited: update_00 (exit status 1; not expected)
2024-08-15 09:02:20,037 INFO spawned: 'update_00' with pid 4305
2024-08-15 09:02:21,106 INFO success: update_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-15 09:02:21,106 WARN exited: update_00 (exit status 1; not expected)
2024-08-15 09:02:22,108 INFO spawned: 'update_00' with pid 4316
2024-08-15 09:02:23,175 INFO success: update_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-15 09:02:23,176 WARN exited: update_00 (exit status 1; not expected)
2024-08-15 09:02:24,178 INFO spawned: 'update_00' with pid 4327
2024-08-15 09:02:25,245 INFO success: update_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-15 09:02:25,245 WARN exited: update_00 (exit status 1; not expected)
2024-08-15 09:02:26,247 INFO spawned: 'update_00' with pid 4335
2024-08-15 09:02:27,318 INFO success: update_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-15 09:02:27,318 WARN exited: update_00 (exit status 1; not expected)
2024-08-15 09:02:28,320 INFO spawned: 'update_00' with pid 4346
2024-08-15 09:02:29,386 INFO success: update_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-15 09:02:29,386 WARN exited: update_00 (exit status 1; not expected)
2024-08-15 09:02:30,388 INFO spawned: 'update_00' with pid 4357
2024-08-15 09:02:31,456 INFO success: update_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-15 09:02:31,456 WARN exited: update_00 (exit status 1; not expected)
2024-08-15 09:02:32,458 INFO spawned: 'update_00' with pid 4368
2024-08-15 09:02:33,525 INFO success: update_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-15 09:02:33,526 WARN exited: update_00 (exit status 1; not expected)
2024-08-15 09:02:34,528 INFO spawned: 'update_00' with pid 4376
2024-08-15 09:02:35,597 INFO success: update_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-15 09:02:35,597 WARN exited: update_00 (exit status 1; not expected)
2024-08-15 09:02:36,599 INFO spawned: 'update_00' with pid 4387
2024-08-15 09:02:37,666 INFO success: update_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-15 09:02:37,666 WARN exited: update_00 (exit status 1; not expected)
2024-08-15 09:02:38,669 INFO spawned: 'update_00' with pid 4398
2024-08-15 09:02:39,738 INFO success: update_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-15 09:02:39,738 WARN exited: update_00 (exit status 1; not expected)
2024-08-15 09:02:40,740 INFO spawned: 'update_00' with pid 4406
2024-08-15 09:02:41,808 INFO success: update_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-08-15 09:02:41,808 WARN exited: update_00 (exit status 1; not expected)

I will dive deeper, this is just first shot, if i take docker-misp repo, but i guess passwords must not be empty if defined in .env
Thanks Chris

[joe-speedboat]

BTW, its fresh Rocky Linux 9 minimal setup with selinux disabled, on same image, i get it running with misp-docker repo 30d ago.

[ostefano]

Make sure to delete all current containers (including redis) and start from scratch.

Also, make sure that the images you pulled are up-to-date (tag v.2.4.195 has been updated two days ago).

Since this is not an issue with the image, I am closing this.
Feel free to ask for support in the gitter/matrix chan.

[joe-speedboat]

Hi @ostefano
I ALWAYS test with fresh deployments, this is just a minimal setup of rocky linux 9. Im doing enterprise for 25y, thanks for the hint.

have you tested and succeeded this setup by pulling container-images from registry with a fresh setup?

chris

[ostefano]

Yes

[ostefano]

For the records, I believe it might be a permission problem causing preventing the container to update the config file. The fact the workers are restarting continuously is a sign that redis picked up the password, unlike misp-core

[joe-speedboat]

yupp, redis picked up the config, I verified within container.
misp-core can write configs, see above, I always use fresh images for each test.
so i can not understand why it cant read while it cant write?
hmmm, lets see
v2.4.194 worked out of the box with fresh deployment in QA env

[ostefano]

194 does not have this new functionality. if misp-core can't write configs, this is a bigger issue of your specific deployment.