-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Redis cluster not considering host protocol for masters #1607
Comments
@mensler unfortunately only Redis class supports specifying protocol right now so you can't use it with RedisCluster. |
OK, thanks for this hint. |
I will try to take a look next week |
Hi @yatsukhnenko! |
@mensler unfortunately no. I made a quick glance, understood that this will not be so easy as I thought and haven't returned to this. |
Any idea if this will be fixed any time soon? |
@mensler @vanderlee could you test changes from |
Hi @yatsukhnenko it still doesn't work :( I tried to ping the masters but it doesn't work
|
@valero90 could you give me access to the node for testing? |
@yatsukhnenko not really, it’s an AWS instance of ElastiCache and there’s not external access to the nodes, sorry :( |
I've tried to connect to |
Perhaps this can help, as I have the same problem with the AWS Elasticache TLS connector with RedisCluster:
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/encryption.html Executed code: Redis:
Result:
Redis Cluster
Result:
|
@vnrld thanks for info. I pushed new change into |
@yatsukhnenko I did tests, and it does not work: Redis extension information
Connecting to the cluster configuration endpoint with TLS prefix
Connecting to the cluster configuration endpoint without TLS prefix
Connecting to all cluster nodes with TLS prefix
Any ideas? Regards, |
Linux: alpine
|
@vnrld if I understand correctly tls connection works because |
@yatsukhnenko: The error is here: #0 /tmp/c1.php(6): RedisCluster->set('test:time', 'Time: 2020-05-2...') and this is the "set" method |
@vnrld I looked at your example incorrectly. I'll try to install Redis 6 or stunnel and replicate issue locally |
@vnrld I added test for tls connection and it works on Travis for Redis + stunnel. If the latest changes in |
I concur that error is there. Looks like when cluster nodes info is retrieved with CLUSTER SLOTS command, Line 595 in 5ca4141
there is no indication in response, if they use TLS or not.
This information should be added from seed connection string when building sockets for actual nodes: Line 698 in 5ca4141
Right now, anything returned from seed info is without indication of whether TLS is used or not, so when actual connection is made, it fails. |
@herrbpl thanks👍, I've got access to aws and already found this problem |
Sorry for necromancing this issue, but did I understand correctly that this is an AWS issue, not one in the library? Is there any solution in sight?
This works, or at least there's no error.
This results in the following error:
Would it be possible to assume tls is used based on the protocol prefix of the cluster node(s)? I know that ioredis is able to connect to Elasticache clusters with tls and password enabled. |
@dennis-hh no, this is phpredis issue and I'm going to fix it after 5.3.0 GA |
I added new parameter to $cluster = new RedisCluster(null, [
'<node-id>-0001-001.<cluster-id>.euc1.cache.amazonaws.com:6379',
'<node-id>-0001-002.<cluster-id>.euc1.cache.amazonaws.com:6379',
], 0, 0, false, null, [
'verify_peer' => false,
]); Could somebody test this changes? |
Changes were merged into |
I just tested latest develop with a 3 node redis cluster in AWS with TLS. Working great! |
I'm connecting to an AWS ElastiCache Redis cluster using in-transit encryption (TLS) by adding the tls:// protocol to the host (see example below). I guess that the protocol is not taken into account when connecting to a node.
If I connect to a cluster without encryption it works as expected, it also works when connecting to an encrypted non-clustered Redis instance.
Expected behaviour
Using methods like keys() on the cluster or ping()/scan() on each master should return the correct results.
Actual behaviour
keys() returns the error "RedisCluster::keys(): Can't send KEYS to masterhost-1.euc1.cache.amazonaws.com:6379".
ping() on a master returns "Unable to send commnad at the specificed node" (there are typos in this error message ;-))
I'm seeing this behaviour on
Steps to reproduce, backtrace or example script
I've checked
develop
branchThe text was updated successfully, but these errors were encountered: