Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Redis Sentinel authentication #1002

Closed
ssouris opened this issue Mar 13, 2019 · 16 comments
Closed

Add support for Redis Sentinel authentication #1002

ssouris opened this issue Mar 13, 2019 · 16 comments
Labels
type: enhancement A general enhancement
Milestone
5.2.0

Comments

@ssouris
Copy link

ssouris commented Mar 13, 2019

Bug Report

Current Behavior

I am trying to connect to the sentinel node of a Redis setup in AWS, and I am getting the message:

NOAUTH Authentication required.

Input Code

Just used a template for Spring Boot from start.spring.io with redis my properties are

spring:
  redis:
    password: ***********
    sentinel:
      master: redis-master
      nodes:
        - redis-sentinel.host

Expected behavior/code

It should connect without a problem.

Environment

  • Lettuce version(s): 5.1.4.RELEASE, 5.1.5.RELEASE
  • Redis version: 5.0.1

Possible Solution

I think the problem is that from 5.0.1 and on they added authentication on the Sentinel and that's why it's failing. For more info check Redis 5 Release Notes
@mp911de
Copy link
Collaborator

mp911de commented Mar 14, 2019

Thanks a lot for the ticket. I wasn't aware of the sentinel change and TBH, I'm not quite sure how to deal with that.
Previously, a URL with authentication affected on the Redis connection, not the Sentinel one. Servers can be configured with different passwords and we need to consider backward compatibility in which Sentinel did not support authentication.

@mp911de mp911de added the type: enhancement A general enhancement label Mar 14, 2019
@mp911de mp911de changed the title Connecting to a sentinel Redis 5.0.1 server fails with NOAUTH Authentication required Add support for Redis Sentinel authentication Mar 14, 2019
@ssouris
Copy link
Author

ssouris commented Mar 14, 2019

Thanks for the fast response.
Just wanted to let you know that the password that the client will use to authenticate with the sentinels, can be different from the one that it will use to connect to the masters.

@mp911de
Copy link
Collaborator

mp911de commented Mar 14, 2019

Thanks for the heads up. I took a look and the connectSentinel() method is highly optimized for multiple attempts and fallbacks. The only type of failure we could experience there was connection refused. We need to deal with authentication failures and issue authentication in there so the entire sentinel connect process requires a rewrite.

@mp911de mp911de added this to the 5.2.0 milestone Mar 15, 2019
mp911de added a commit that referenced this issue Mar 15, 2019
@mp911de
Add support for Redis Sentinel authentication #1002
8e21d2e 
Redis now supports authentication against Redis Sentinel that was introduced with Redis 5.0.1. The password can be only set programmatically as
URI-based user-info applies to the actual Redis server.

RedisURI sentinelUrl = RedisURI.Builder.sentinel("host", 26379, "my-master", "some-password").build();
@mp911de
Copy link
Collaborator

mp911de commented Mar 15, 2019

That is now in place.

@mp911de mp911de closed this as completed Mar 15, 2019
@mp911de mp911de mentioned this issue Sep 20, 2019
Closed
@cdekker
Copy link

cdekker commented Oct 3, 2019

@mp911de How is this to be used with Spring Boot? I am running into the same issue where I have a password on both my Sentinel and Redis node (same password), but upgrading to lettuce-core 5.2.0.RELEASE does not solve the issue.

I have this in my gradle file:

implementation 'org.springframework.boot:spring-boot-starter-data-redis'
compile 'org.springframework.session:spring-session-data-redis:2.1.8.RELEASE'
compile group: 'io.lettuce', name: 'lettuce-core', version: '5.2.0.RELEASE'

When running gradle dependencies, I see that lettuce-core version is successfully overridden from 5.1.8. to 5.2.0:

+--- org.springframework.boot:spring-boot-starter-data-redis -> 2.1.8.RELEASE
|    +--- org.springframework.boot:spring-boot-starter:2.1.8.RELEASE (*)
|    +--- org.springframework.data:spring-data-redis:2.1.10.RELEASE (*)
|    \--- io.lettuce:lettuce-core:5.1.8.RELEASE -> 5.2.0.RELEASE (*)

My application properties has this:

spring.session.store-type=redis

spring.redis.password=mypassword
spring.redis.sentinel.master=mymaster
spring.redis.sentinel.nodes=redis-sentinel-hostname:26379

Yet, when starting up, I still get the same exception: io.lettuce.core.RedisCommandExecutionException: NOAUTH Authentication required.

@mp911de
Copy link
Collaborator

mp911de commented Oct 3, 2019

Please upgrade to Spring Data Redis 2.2. Earlier Spring Data Redis versions do not set the password on RedisURI when using Sentinel.

@cdekker
Copy link

cdekker commented Oct 3, 2019
edited

Upgraded Spring Data Redis to 2.2.0:

    compile "org.springframework.session:spring-session-data-redis:2.1.8.RELEASE"
    compile group: 'org.springframework.data', name: 'spring-data-redis', version: '2.2.0.RELEASE'
    compile group: 'io.lettuce', name: 'lettuce-core', version: '5.2.0.RELEASE'

+--- org.springframework.boot:spring-boot-starter-data-redis -> 2.1.8.RELEASE
|    +--- org.springframework.boot:spring-boot-starter:2.1.8.RELEASE (*)
|    +--- org.springframework.data:spring-data-redis:2.1.10.RELEASE -> 2.2.0.RELEASE (*)
|    \--- io.lettuce:lettuce-core:5.1.8.RELEASE -> 5.2.0.RELEASE (*)

Still same issue.

@mp911de
Copy link
Collaborator

mp911de commented Oct 3, 2019

I took a look, LettuceConnectionFactory sets only the password on the RedisURI but not the Sentinel URI's. The bug should probably be fixed there. @cdekker Can you file a ticket at https://jira.spring.io?

@cdekker
Copy link

cdekker commented Oct 3, 2019

You're saying this is an issue with spring-data-redis? Can open a ticket, yeah.

@kshchepanovskyi

This comment has been minimized.

Sign in to view
@andrew-landsverk-win
Copy link

Regrading the previous off-topic comment, I had to disable the sentinel password on my cluster to get spring-data-redis to connect. I am using the latest Spring Boot 2.2.6.

@huyto000
Copy link

@andrew-landsverk-win i've just connected to Redis sentinel from springboot-2.2.6 successful.
In configuration bean, you have to set both "setPassword" and "setSentinelPassword"

@andrew-landsverk-win
Copy link

@huyto000 thanks for the reply, do you know of a way to set sentinelPassword via Spring Boot properties at this time?

This was referenced Aug 13, 2020
Closed
Closed
@caplike
Copy link

caplike commented Aug 30, 2020
edited

Same problems here, sprng-boot-starter-data-redis:2.2.1:RELEASE

UPDATED: Got to set requirepass which is the same as the password in Redis instance's redis.conf in sentinel.conf.

This was referenced Dec 30, 2020
Closed
Closed
@Pramit2512
Copy link

Pramit2512 commented Jun 21, 2022
edited

I recently noticed in lettuce docs that below usage is deprecated

sentinel(String host, int port, String masterId, CharSequence password)
Deprecated. since 6.0,
use sentinel(String, int, String) and withAuthentication(String, CharSequence) instead.

and when i check `
public RedisURI.Builder withAuthentication(String username, CharSequence password)

I have checked the implementation of withAuthentication method and it is as belows:

   /**
     * Configures authentication.
     *
     * @param username the user name
     * @param password the **password name**
     * @return the builder
     * @since 6.0
     */


        public Builder withAuthentication(String username, CharSequence password) {

            LettuceAssert.notNull(username, "User name must not be null");
            LettuceAssert.notNull(password, "Password must not be null");

            this.username = username;
            return withPassword(password);
        }

I am not able to understand the String username in parameter list for method withAuthentication . What is it ,and how can we get this/configure this .Is this any random string or sentinel username .if so how can we set/get the sentinel username from config file.
I have never seen username usage before.Can anyone please explain?

Also is passwordname different from password? In specification they have given it as passwordname

@Pramit2512
Copy link

After some help i was able to connect to redis as :

    RedisClient redisClient = RedisClient.create();

        LOG.info("created the redis client");

        RedisURI source = RedisURI.Builder
                .sentinel(getSentinelHost_1(), getSentinelPort_1())
                .withSentinel(getSentinelHost_2(), getSentinelPort_2())
                .withSentinel(getSentinelHost_3(), getSentinelPort_3())
                .withSentinelMasterId(getMasterName()).withPassword(getMasterPassword())
                .build();

        for (RedisURI sentinel : source.getSentinels()) {
            sentinel.setPassword(getSentinelPassword());
        }

        StatefulRedisMasterReplicaConnection<String, String> connection = MasterReplica.connect(redisClient, StringCodec.UTF8,
                source);

        connection.setReadFrom(ReadFrom.REPLICA_PREFERRED);

        LOG.info("created the redis connection");

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: enhancement A general enhancement
Projects
None yet
Milestone
5.2.0
Development

No branches or pull requests
8 participants
@mp911de @cdekker @ssouris @kshchepanovskyi @caplike @huyto000 @andrew-landsverk-win @Pramit2512