Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for Redis Sentinel authentication #1002

Closed
ssouris opened this issue Mar 13, 2019 · 9 comments
Closed

Add support for Redis Sentinel authentication #1002

ssouris opened this issue Mar 13, 2019 · 9 comments
Milestone

Comments

@ssouris
Copy link

@ssouris ssouris commented Mar 13, 2019

Bug Report

Current Behavior

I am trying to connect to the sentinel node of a Redis setup in AWS, and I am getting the message:

NOAUTH Authentication required.

Input Code

Just used a template for Spring Boot from start.spring.io with redis my properties are

spring:
  redis:
    password: ***********
    sentinel:
      master: redis-master
      nodes:
        - redis-sentinel.host

Expected behavior/code

It should connect without a problem.

Environment

  • Lettuce version(s): 5.1.4.RELEASE, 5.1.5.RELEASE
  • Redis version: 5.0.1

Possible Solution

I think the problem is that from 5.0.1 and on they added authentication on the Sentinel and that's why it's failing. For more info check Redis 5 Release Notes

@mp911de

This comment has been minimized.

Copy link
Member

@mp911de mp911de commented Mar 14, 2019

Thanks a lot for the ticket. I wasn't aware of the sentinel change and TBH, I'm not quite sure how to deal with that.
Previously, a URL with authentication affected on the Redis connection, not the Sentinel one. Servers can be configured with different passwords and we need to consider backward compatibility in which Sentinel did not support authentication.

@mp911de mp911de changed the title Connecting to a sentinel Redis 5.0.1 server fails with `NOAUTH Authentication required` Add support for Redis Sentinel authentication Mar 14, 2019
@ssouris

This comment has been minimized.

Copy link
Author

@ssouris ssouris commented Mar 14, 2019

Thanks for the fast response.
Just wanted to let you know that the password that the client will use to authenticate with the sentinels, can be different from the one that it will use to connect to the masters.

@mp911de

This comment has been minimized.

Copy link
Member

@mp911de mp911de commented Mar 14, 2019

Thanks for the heads up. I took a look and the connectSentinel() method is highly optimized for multiple attempts and fallbacks. The only type of failure we could experience there was connection refused. We need to deal with authentication failures and issue authentication in there so the entire sentinel connect process requires a rewrite.

@mp911de mp911de added this to the 5.2.0 milestone Mar 15, 2019
mp911de added a commit that referenced this issue Mar 15, 2019
Redis now supports authentication against Redis Sentinel that was introduced with Redis 5.0.1. The password can be only set programmatically as
URI-based user-info applies to the actual Redis server.

RedisURI sentinelUrl = RedisURI.Builder.sentinel("host", 26379, "my-master", "some-password").build();
@mp911de

This comment has been minimized.

Copy link
Member

@mp911de mp911de commented Mar 15, 2019

That is now in place.

@cdekker

This comment has been minimized.

Copy link

@cdekker cdekker commented Oct 3, 2019

@mp911de How is this to be used with Spring Boot? I am running into the same issue where I have a password on both my Sentinel and Redis node (same password), but upgrading to lettuce-core 5.2.0.RELEASE does not solve the issue.

I have this in my gradle file:

implementation 'org.springframework.boot:spring-boot-starter-data-redis'
compile 'org.springframework.session:spring-session-data-redis:2.1.8.RELEASE'
compile group: 'io.lettuce', name: 'lettuce-core', version: '5.2.0.RELEASE'

When running gradle dependencies, I see that lettuce-core version is successfully overridden from 5.1.8. to 5.2.0:

+--- org.springframework.boot:spring-boot-starter-data-redis -> 2.1.8.RELEASE
|    +--- org.springframework.boot:spring-boot-starter:2.1.8.RELEASE (*)
|    +--- org.springframework.data:spring-data-redis:2.1.10.RELEASE (*)
|    \--- io.lettuce:lettuce-core:5.1.8.RELEASE -> 5.2.0.RELEASE (*)

My application properties has this:

spring.session.store-type=redis

spring.redis.password=mypassword
spring.redis.sentinel.master=mymaster
spring.redis.sentinel.nodes=redis-sentinel-hostname:26379

Yet, when starting up, I still get the same exception: io.lettuce.core.RedisCommandExecutionException: NOAUTH Authentication required.

@mp911de

This comment has been minimized.

Copy link
Member

@mp911de mp911de commented Oct 3, 2019

Please upgrade to Spring Data Redis 2.2. Earlier Spring Data Redis versions do not set the password on RedisURI when using Sentinel.

@cdekker

This comment has been minimized.

Copy link

@cdekker cdekker commented Oct 3, 2019

Upgraded Spring Data Redis to 2.2.0:

    compile "org.springframework.session:spring-session-data-redis:2.1.8.RELEASE"
    compile group: 'org.springframework.data', name: 'spring-data-redis', version: '2.2.0.RELEASE'
    compile group: 'io.lettuce', name: 'lettuce-core', version: '5.2.0.RELEASE'
+--- org.springframework.boot:spring-boot-starter-data-redis -> 2.1.8.RELEASE
|    +--- org.springframework.boot:spring-boot-starter:2.1.8.RELEASE (*)
|    +--- org.springframework.data:spring-data-redis:2.1.10.RELEASE -> 2.2.0.RELEASE (*)
|    \--- io.lettuce:lettuce-core:5.1.8.RELEASE -> 5.2.0.RELEASE (*)

Still same issue.

@mp911de

This comment has been minimized.

Copy link
Member

@mp911de mp911de commented Oct 3, 2019

I took a look, LettuceConnectionFactory sets only the password on the RedisURI but not the Sentinel URI's. The bug should probably be fixed there. @cdekker Can you file a ticket at https://jira.spring.io?

@cdekker

This comment has been minimized.

Copy link

@cdekker cdekker commented Oct 3, 2019

You're saying this is an issue with spring-data-redis? Can open a ticket, yeah.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
3 participants
You can’t perform that action at this time.