Redis connect failed just show NOAUTH Authentication required

[leotu]

Welcome!

• Yes, I've searched similar issues on GitHub and didn't find any.
• Yes, I've searched similar issues on the Traefik community forum and didn't find any.

What did you do?

I run new release version v2.9.1 Latest

It still has problem that can't login Redis with specified username & password

#9304
kvtools/redis#3

What did you see instead?

It does have to have an account and password,
but whether to provide a password or not, it always show
"KV connection error: KV store connection error: NOAUTH Authentication required..."

I write java test code, it login success, but Traefik failed

• https://lettuce.io/

import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.concurrent.CountDownLatch;

import org.junit.jupiter.api.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import io.lettuce.core.RedisClient;
import io.lettuce.core.RedisURI;
import io.lettuce.core.codec.StringCodec;

class TestRedisClient {
    private static final Logger log = LoggerFactory.getLogger(TestRedisClient.class);

    @Test
    void test() {
        log.debug("Begin...");
        CountDownLatch latch = new CountDownLatch(1);
        try {
            String username = URLEncoder.encode("traefik-user", StandardCharsets.UTF_8);
            String password = URLEncoder.encode("~treafik-Test-109!", StandardCharsets.UTF_8);
            String connectionString = "redis://" + username + ":" + password
                    + "@redis-14654.c289.us-west-1-2.ec2.cloud.redislabs.com:14654/0";
            
            RedisURI redisURI = RedisURI.create(connectionString);

            RedisClient client = RedisClient.create();
            client.connectAsync(StringCodec.UTF8, redisURI)
                    .thenAccept(conn -> {
                        log.debug("onSuccess, conn: {}", conn);
                        conn.close();
                        latch.countDown();
                    })
                    .exceptionally(err -> {
                        log.error("onFailure", err);
                        latch.countDown();
                        return null;
                    });

            log.debug("Before await");
            latch.await();
            
            client.close();
            log.debug("After await");
        } catch (Exception e) {
            log.error(e.toString());
        } finally {
            log.debug("End.");
        }
    }
}

What version of Traefik are you using?

traefik_v2.9.1_windows_amd64.zip

D:\traefik>traefik version
2022/10/05 23:42:47 Datadog Tracer v1.38.1 WARN: Unable to load high precison timer, defaulting to time.Now()
Version:      2.9.1
Codename:     banon
Go version:   go1.19.1
Built:        2022-10-03T14:22:13Z
OS/Arch:      windows/amd64

What is your environment & configuration?

Here is test Account

providers:
  redis: 
    rootKey: "traefik"
    username: "traefik-user"
    password: "~treafik-Test-109!"  
    endpoints:
      - "redis-14654.c289.us-west-1-2.ec2.cloud.redislabs.com:14654"

If applicable, please paste the log output in DEBUG level

time="2022-10-05T21:20:47+08:00" level=info msg="Traefik version 2.9.1 built on 2022-10-03T14:22:13Z"
time="2022-10-05T21:20:47+08:00" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
time="2022-10-05T21:20:47+08:00" level=info msg="Enabling ProxyProtocol without trusted IPs: Insecure" entryPointName=http
time="2022-10-05T21:20:47+08:00" level=info msg="Enabling ProxyProtocol without trusted IPs: Insecure" entryPointName=https
time="2022-10-05T21:20:47+08:00" level=info msg="Starting provider aggregator aggregator.ProviderAggregator"
time="2022-10-05T21:20:47+08:00" level=info msg="Starting provider *file.Provider"
time="2022-10-05T21:20:47+08:00" level=info msg="Starting provider *traefik.Provider"
time="2022-10-05T21:20:47+08:00" level=info msg="Starting provider *consulcatalog.Provider"
time="2022-10-05T21:20:47+08:00" level=info msg="Starting provider *acme.ChallengeTLSALPN"
time="2022-10-05T21:20:47+08:00" level=info msg="Starting provider *redis.Provider"
time="2022-10-05T21:20:48+08:00" level=error msg="KV connection error: KV store connection error: NOAUTH Authentication required, retrying in 525.860654ms" providerName=redis
time="2022-10-05T21:20:48+08:00" level=error msg="KV connection error: KV store connection error: NOAUTH Authentication required, retrying in 922.623964ms" providerName=redis
time="2022-10-05T21:20:49+08:00" level=error msg="KV connection error: KV store connection error: NOAUTH Authentication required, retrying in 1.542543566s" providerName=redis
time="2022-10-05T21:20:51+08:00" level=error msg="KV connection error: KV store connection error: NOAUTH Authentication required, retrying in 1.281710557s" providerName=redis
time="2022-10-05T21:20:52+08:00" level=error msg="KV connection error: KV store connection error: NOAUTH Authentication required, retrying in 2.089869192s" providerName=redis
time="2022-10-05T21:20:55+08:00" level=error msg="KV connection error: KV store connection error: NOAUTH Authentication required, retrying in 5.110286725s" providerName=redis

[alorle]

Same here. I can confirm that in v2.8.8 the problem is not present.

[ldez]

in v2.8.8 the username was not supported -> #9304.

[ldez]

I'm looking for a redis.conf to reproduce the problem.

[leotu]

Here is a sample config file (My MacOS)

traefik.yml

log:
  level: info
  filePath: "./log/traefik.log"

accessLog:
  filePath: "./log/access.log"
  bufferingSize: 100
  filters:    
    statusCodes:
      - "200"
      - "300-302"
    retryAttempts: true
    minDuration: "10ms"
  fields:
    defaultMode: keep
    names:
      ClientUsername: drop
    headers:
      defaultMode: keep
      names:
        User-Agent: redact
        Authorization: drop
        Content-Type: keep

providers:
  file:
    watch: true
    directory: "./conf"
    debugLogGeneratedTemplate: true
 
  redis: 
    rootKey: "traefik"
    username: "traefik-user"
    password: "~treafik-Test-109!"  
    endpoints:
      - "redis-14654.c289.us-west-1-2.ec2.cloud.redislabs.com:14654"

entryPoints:
  http: # web
    address: ":8181"
    forwardedHeaders:
      insecure: true
    proxyProtocol:
      insecure: true
    transport:
      respondingTimeouts:
        readTimeout: 60s  
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
          
  https:
    address: ":8443"
    proxyProtocol:
      insecure: true
    transport:
      respondingTimeouts:
        readTimeout: 60s

  traefik:
    address: ":8282"

api:
  insecure: true
  debug: true
  dashboard: true

traefik.log

time="2022-10-12T22:04:58+08:00" level=info msg="Traefik version 2.9.1 built on 2022-10-03T14:22:13Z"
time="2022-10-12T22:04:58+08:00" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
time="2022-10-12T22:04:58+08:00" level=info msg="Enabling ProxyProtocol without trusted IPs: Insecure" entryPointName=http
time="2022-10-12T22:04:58+08:00" level=info msg="Enabling ProxyProtocol without trusted IPs: Insecure" entryPointName=https
time="2022-10-12T22:08:50+08:00" level=info msg="Traefik version 2.9.1 built on 2022-10-03T14:22:13Z"
time="2022-10-12T22:08:50+08:00" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
time="2022-10-12T22:08:50+08:00" level=info msg="Enabling ProxyProtocol without trusted IPs: Insecure" entryPointName=http
time="2022-10-12T22:08:50+08:00" level=info msg="Enabling ProxyProtocol without trusted IPs: Insecure" entryPointName=https
time="2022-10-12T22:08:50+08:00" level=info msg="Starting provider aggregator aggregator.ProviderAggregator"
time="2022-10-12T22:08:50+08:00" level=info msg="Starting provider *file.Provider"
time="2022-10-12T22:08:50+08:00" level=info msg="Starting provider *traefik.Provider"
time="2022-10-12T22:08:50+08:00" level=info msg="Starting provider *acme.ChallengeTLSALPN"
time="2022-10-12T22:08:50+08:00" level=info msg="Starting provider *redis.Provider"
time="2022-10-12T22:08:50+08:00" level=error msg="KV connection error: KV store connection error: NOAUTH Authentication required, retrying in 619.568247ms" providerName=redis
time="2022-10-12T22:08:51+08:00" level=error msg="KV connection error: KV store connection error: NOAUTH Authentication required, retrying in 809.331073ms" providerName=redis
time="2022-10-12T22:08:52+08:00" level=error msg="KV connection error: KV store connection error: NOAUTH Authentication required, retrying in 1.098028431s" providerName=redis
time="2022-10-12T22:08:53+08:00" level=error msg="KV connection error: KV store connection error: NOAUTH Authentication required, retrying in 1.559602842s" providerName=redis
time="2022-10-12T22:08:55+08:00" level=error msg="KV connection error: KV store connection error: NOAUTH Authentication required, retrying in 3.066236807s" providerName=redis

Step By Step

### Mac

sudo mkdir /opt/traefik-test
sudo chown -R $(whoami) /opt/traefik-test
sudo chmod +wrx /opt/traefik-test

cd /opt/traefik-test

wget https://github.com/traefik/traefik/releases/download/v2.9.1/traefik_v2.9.1_darwin_amd64.tar.gz

tar -zxvf ./traefik_v2.9.1_darwin_amd64.tar.gz
rm -f ./traefik_v2.9.1_darwin_amd64.tar.gz

sudo mkdir /opt/traefik-test/conf
sudo chown -R $(whoami) /opt/traefik-test/conf
sudo chmod +wr /opt/traefik-test/conf

cp -r $HOME/.../traefik.yml ./conf/

sudo mkdir /opt/traefik-test/log
sudo chown -R $(whoami) /opt/traefik-test/log
sudo chmod +wr /opt/traefik-test/log

sudo ./traefik --configFile=/opt/traefik-test/conf/traefik.yml

ps -ef | grep traefik
netstat -ant | grep 8181
netstat -ant | grep 8282
netstat -ant | grep 8443

curl -v -w "\n" http://127.0.0.1:8282

tail -200f /opt/traefik-test/log/traefik.log
tail -200f /opt/traefik-test/log/access.log

[leotu]

Redis GUI tool login screenshot

• https://redis.com/redis-enterprise/redis-insight/

[ldez]

I don't have Redis Enterprise, I just have the open-source version, so I'm looking for a redis.conf file.

[leotu]

redis.conf

#protected-mode no
requirepass "_default_pwd~"

user traefik-user on >~treafik-Test-109! ~* +@all

Step by step

sudo mkdir /opt/redis-test
sudo chown -R $(whoami) /opt/redis-test
sudo chmod +wr /opt/redis-test

cd /opt/redis-test
cp -r $HOME/.../redis.conf /opt/redis-test

docker run -v /opt/redis-test:/usr/local/etc/redis -d --name redis-test -p 14654:6379 --restart always redis:6 /usr/local/etc/redis/redis.conf

traefik.yml

# ...
providers:
  file:
    watch: true
    directory: "./conf"
    debugLogGeneratedTemplate: true
 
  redis: 
    rootKey: "traefik"
    username: "traefik-user"
    password: "~treafik-Test-109!"  
    endpoints:
      #- "redis-14654.c289.us-west-1-2.ec2.cloud.redislabs.com:14654"
      - "127.0.0.1:14654"
# ...

Make sure endpoint "Endpoint:127.0.0.1:14654" login required AUTH

• screenshot

[leotu]

GUI Tool login default user success, traefik login failed

providers:
  # ...
  redis: 
    rootKey: "traefik"
    #username: "traefik-user"
    #password: "~treafik-Test-109!"
    username: "default"
    password: "_default_pwd~"
    endpoints:
      - "127.0.0.1:14654"
  #...

[ldez]

@leotu thank you for the configuration, I was able to reproduce the problem, and I fixed it.

[traefiker]

Closed by #9435.