-
Notifications
You must be signed in to change notification settings - Fork 23.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Redis-Cluster: Add support to auth in redis-trib.rb #4288
Conversation
Use --password='secret' Added in: info, check, create, add-node, del-node, set-timeout, reshard, rebalance and fix
Hi,
|
Could you please try "redis-trib.rb info --password test123 10.10.3.4:7001" |
That's works. Thank you! |
Hi @otherpirate
|
Hi @k19421 The problem is in redis migrate command, do not have password parameter by default. Migrate command is called here |
So setting up a cluster now and would like to use auth. Is this PR the only way to do it at the moment without manual setup? |
Just wanted to cross check, weather authentication issue with Migrate has been fixed or its still have same issue. I am using redis-4.0.6 with redis-trib-pass.rb and still facing issue while doing redis-trib-pass.rb reshard [ERR] Calling MIGRATE: ERR Target instance replied with error: NOAUTH Authentication required. I am passing password using auth flag: Command Executed : redis-trib-pass.rb reshard --auth host:ip Weird this is , this error only comes when cluster nodes has keys ...for empty masters slots resharding works fine. Any suggestion please ? |
Hi @dineshk8666 The problem is in redis migrate command, do not have support for password/auth parameter. Migrate command is called here You can also remove auth before do reshard, and reset after reshard I know it's not the best solution, but unfortunately is the only way I figured out. |
Hi @otherpirate Thanks for the update. Is there any future solution expected, where auth can be used to reshard slots with auth? My purpose is to scale-up functional redis cluster and it is already configured with auth. Thanks |
@otherpirate I've reviewed the #2507 and I'll talk to @antirez about this issue. Both PRs are obviously related. |
Thanks for the feedback @artix75 Please let me know if I can help with this issue. |
Hi, @otherpirate
Doesn't your fix support call? I think the call is important in my work. I often use "redis-trib.rb call" to batch modifying each node configuration in cluster. |
Hi @BrotherGao Fixed, thanks! |
what is the trick for calling this with create? 10.10.1.12:1500 10.10.11.3:1500 10.10.14.17:1500 10.10.14.18:1500 10.10.15.2:1500 10.10.15.3:1500
|
Hi @damora, Are you sure 10.10.1.12:1500 is up? with auth? The following command works? Obs : You should use |
For add-node command, does it support two password? One for the source node , one for the target node? |
@otherpirate I got it to work. It was user error..:-( |
Hi @chihuo91 No, it do not support more than one password. I never saw a redis cluster with two (or more) password, just for curiosity, could you please explain to me:
Regards |
@otherpirate I just verified that our application only uses one password. |
I have one question. Since you pass the password as command, user can actually use ps to see the password. Is there any way to hide password from ps ? |
So what I wanna ask is that is the command accept the secret argument through stdin? |
Hi @chihuo91 No, do not support. |
Even I had a similar concern about passwords being visible to any user on the redis host. Ideally, we should read password from standard input if password is not specified as a command line parameter. We shouldn't say 'Won't Fix' for this issue for the reason that it runs for a few seconds (cause its a security issue after all). Though one could still write a wrapper script to pass password via stdin, it defeats the purpose of having the original script when a developer needs to write wrapper scripts for provisioning systems in production. |
Hi @otherpirate Thanks for fixing. But I got Invalid option: --use-empty-masters error in line 1718 when I try to run rebalance --use-empty-masters. Same as the option --weight. Do you know what might cause this error? Command ran: |
@otherpirate Just curious. Any update for the error we got? |
Hi @chihuo91 Sorry for bug and delay :/ It's fixed, please, try again :) |
Hi @otherpirate
|
Working on it... Revert "Add help message for password argument" This reverts commit 88e1599.
Hi,@chihuo91 |
Redis-trib will be deprecated in the next release and replaced by redis-cli, that also supports auth. |
Hi @otherpirate source.r.client.call(["migrate",target.info[:host],port,"",0,@timeout,:auth,opt['password'],:keys,*keys]) |
Support added to redis-cli as @artix75 said. Closing. Thanks. |
Use --password='secret'
Added in: info, check, create, add-node, del-node, set-timeout, reshard,
rebalance and fix
Issues #2866 and #3389
Google groups: https://groups.google.com/forum/#!topic/redis-db/Z8lMxTfDct8