Sentinel auth-pass error when using redis 6.0.6 - redis

I don't want to set master redis password in the config file
So I found this command from the redis official website
sentinel auth-pass <master-group-name> <password>
but when i use the error occurs
like this
127.0.0.1:26378> sentinel auth-pass myMaster 123456
(error) ERR Unknown sentinel subcommand 'auth-user'
why!!!!
Search on Google
and
noting
Maybe I should upgrade to 6.2.0

Sentinel stated supporting auth-user from Redis version 6.2.x. So, it can not find the sub-command auth-user which is needed for the command sentinel auth-pass.
From Redis Sentinel Official Documentation :
Starting with Redis 6.2, the Access Control List (ACL) is available, whereas previous versions (starting with Redis 5.0.1) support password-only authentication.

Related

Redis Sentinel Rename-Command Ignored

I am trying to limit the allowed privileges for external redis sentinel users by renaming critical commands as follow:
sentinel rename-command mymaster FAILOVER failover-secret
However, the configurations are being ignored, and I still can trigger the renamed command using the original name:
127.0.0.1:26379> sentinel failover mymaster
OK
Redis Version:
Redis server v=6.0.9 sha=00000000:0 malloc=jemalloc-5.1.0 bits=64 build=e874f7259751a389
The best option would be to put this in your Redis server's config file as opposed to setting it via CLI. It sounds like setting it this way either only applies to that connection (so other connections won't have that config change) or it only persists until the server restarts. Putting it in the config file would persist for all connections, and across restarts.
Another option if you're using Redis v6 (or can upgrade to v6) is to create separate users and specify the available commands per user. This option is discussed in this answer.

Redis Sentinel Authentication

I have 3 Servers with Redis and Sentinel Running.
All instances have in the configuration
requirepass XXX
masterauth XXX
I can connect with redis-cli to the redis server but if I try to connect to the sentinel I can not authenticate.
root#ip-:/usr/lib/nagios/plugins# redis-cli -p 26379
127.0.0.1:26379> AUTH xxx
(error) ERR unknown command 'AUTH'
127.0.0.1:26379>
If I use the same command but with the redis port it works.
Thanks
best
You have to setup auth for sentinels, too. I mean requirepass=<password> in sentinel.conf. More info on this here and here. Be careful, as not every client supports this setup.
Also, you need to set sentinel auth-pass <master-name> <password> in that file, in order for the sentinels to be able to administrate secured redis servers. (But I'm guessing you already did that).

Sentinel work fail after rename config command of redis

I've installed stablest redis(ver 3.2). Everything work fine until I renamed CONFIG command of redis, sentinel could not promote slave to be master.
Think the problem is sentinel still use CONFIG command (has been renamed) to change configuration of redis.
Is there any way to change configuration of sentinel (via redis-cli or configuration files sentinel.conf) to adapt redis configuration (renamed config command). If there isn't, how about changing source code?
Thanks
After google, I found solution for this problem.
I replace redis/src/sentinel.c via this redis github, rebuild and install redis from source.
Then I could add a directive to sentinel.conf to configure sentinel use renamed config command.
sentinel config-command mymaster <renamed-command>

How to switch redis master in sentinel configuration

I have a redis sentinel configuration with one master, two slaves and 3 sentinels running. I noticed that at some point the sentinels may switch the master electing one of the slaves as master. This is causing problems to an application which is connecting to the master node as a standalone client(I'm working on changing the code to use sentinels). I wanted to know if it is possible to switch the master by connecting to the sentinel client i.e. through 'redis-cli'
Can somebody let me know if there is a command that I can use to switch the master IP?
The client applications should use a client library that supports sentinel in the case where a redis master goes down and the sentinels select a new master. Not sure how beneficial it is to have sentinel setup if your client applications are not taking advantage of it. A client application that supports sentinel will query sentinel for the master ip and should be somewhat tolerant to faults occurring with the master connection. You can trigger a manual failover like the other answer states:
redis-cli -h {sentinel-ip} -p {26379 or sentinel port} sentinel failover {mastername}
But you will not be able to pick which node it fails over to. You can control a configuration value slave_priority in the redis.conf file so that it prefers a node over the rest. A description of the slave priority can be found here: https://redis.io/topics/sentinel
You can manually trigger a failover by running:
redis-cli -a {password} -p {sentinel_port} SENTINEL failover {cluster_name}
If you are using Lettuce Client you can use masterSlaveStatefulConnection and pass the sentinel URI it will perform auto discovery in the background and will refresh the master node internally.
https://github.com/lettuce-io/lettuce-core/wiki/Master-Replica

Redis master/slave replication - single point of failure?

How does one upgrade to a newer version of Redis with zero downtime? Redis slaves are read-only, so it seems like you'd have to take down the master and your site would be read-only for 45 seconds or more while you waited for it to reload the DB.
Is there a way around this?
Redis Team has very good documentation on this
Core Steps:
Setup your new Redis instance as a slave for your current Redis instance. In order to do so you need a different server, or a server that has enough RAM to keep two instances of Redis running at the same time.
If you use a single server, make sure that the slave is started in a different port than the master instance, otherwise the slave will not be able to start at all.
Wait for the replication initial synchronization to complete (check the slave log file).
Make sure using INFO that there are the same number of keys in the master and in the slave. Check with redis-cli that the slave is working as you wish and is replying to your commands.
Configure all your clients in order to use the new instance (that is, the slave).
Once you are sure that the master is no longer receiving any query (you can check this with the MONITOR command), elect the slave to master using the SLAVEOF NO ONE command, and shut down your master.
Full Documentation:
Upgrading or restarting a Redis instance without downtime
When taking the node offline, promote the slave to master using the SLAVEOF command, then when you bring it back online you set it up as a slave and it will copy all data from the online node.
You may also need to make sure your client can handle changed/missing master nodes appropriately.
If you want to get really fancy, you can set up your client to promote a slave if it detects an error writing to the master.
You can use Redis Sentinel for doing this, the sentinel will automatically promote a slave as new master.
you can find more info here http://redis.io/topics/sentinel.
Sentinel is a system used to manage redis servers , it monitors the redis master and slaves continuously, and whenever a master goes down it will automatically promote a slave in to master. and when the old master is UP it will be made as slave of the new master.
Here there will be no downtime or manual configuration of config file is needed.
You can visit above link to find out how to configure sentinel for your redis servers.
Note, you may have to check and set the following config to write to your slave.
("Since Redis 2.6 by default slaves are read-only")
redis-cli config set slave-read-only no
-- Example
-bash-4.1$ redis-cli info
Server
redis_version:2.6.9
-bash-4.1$ redis-cli slaveof admin2.mypersonalsite.com 6379
OK
-bash-4.1$ redis-cli set temp 42
(error) READONLY You can't write against a read only slave.
-bash-4.1$ redis-cli slaveof no one
OK
-bash-4.1$ redis-cli set temp 42
OK
-bash-4.1$ redis-cli get temp
"42"
-bash-4.1$ redis-cli config set slave-read-only no
OK
-bash-4.1$ redis-cli slaveof admin2.mypersonalsite.com 6379
OK
-bash-4.1$ redis-cli set temp 42
OK
-bash-4.1$ redis-cli get temp
"42"