[DATAREDIS-1045] Redis Sentinel Authentication not supported Created: 10/Oct/19  Updated: 05/Jan/20  Resolved: 30/Oct/19

Status: Closed
Project: Spring Data Redis
Component/s: Lettuce Driver
Affects Version/s: 2.2 GA (Moore)
Fix Version/s: 2.2.1 (Moore SR1), 2.3 M1 (Neumann)

Type: Bug Priority: Major
Reporter: Chris Assignee: Mark Paluch
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relate
relates to DATAREDIS-946 Add support for sentinel authentication Closed
is related to DATAREDIS-1060 Redis password should not automatical... Closed
Reference URL: https://github.com/lettuce-io/lettuce-core/issues/1002
Last updater: Mark Paluch
Pull Request URL: https://github.com/spring-projects/spring-data-redis/pull/490/files
Sprint: Moore SR1

 Description   

It looks like spring-data-redis 2.2 with lettuce-core 5.2.0 added support for Authentication on Redis when using Sentinel, but only when the authentication is enabled on the Redis node. In my setup, where both the Redis and Sentinel node have authentication enabled, I cannot seem to get it to work.

For simplicity let's assume the same password is set on both, but in reality this could of course be different.

For more details, see the latest discussion on this ticket on lettuce-core where it discusses the support for authentication:

To quote Mark Paluch there:

I took a look, LettuceConnectionFactory sets only the password on the RedisURI but not the Sentinel URI's. The bug should probably be fixed there.

Preferably, the spring.redis.password is used for both Redis and Sentinel nodes by default, while also adding a new spring.redis.sentinel.password property to deal with scenarios where the Sentinel and Redis node passwords are different.



 Comments   
Comment by James Howe [ 08/Nov/19 ]

This has broken any setup where sentinel doesn't have a password but redis does.

In particular, Redis before v5 (such as available in Ubuntu LTS) doesn't support sentinel auth at all.

Comment by cverges-medallia [ 05/Jan/20 ]

I'm also experiencing the same issue as James Howe.  The PR appears to have made an assumption that the Redis and Sentinel passwords would be set the same, versus being independently controlled.  Is there a workaround?

Comment by Mark Paluch [ 05/Jan/20 ]

The issue was addressed with DATAREDIS-1060 where we rolled back the change that both passwords are assumed the same. We introduced a sentinel password configuration option in SentinelConfiguration.

Generated at Sun Jul 05 23:48:38 UTC 2020 using Jira 8.5.4#805004-sha1:0444eab799707f9ad7b248d69f858774aadfd250.