I installed bitnami/redis using helm with default parameters. However, I was refused to use it with NOAUTH error. It gived me tips to get an ACL name and password, but I don't know how?
I issued the cmd
helm install redis bitnami/redis
,and tried like this
127.0.0.1:6379> auth ""
(error) WRONGPASS invalid username-password pair or user is disabled.
127.0.0.1:6379> auth default ""
(error) WRONGPASS invalid username-password pair or user is disabled.
127.0.0.1:6379> ACL list
(error) NOAUTH Authentication required.```
For anyone else struggling with this, you can disable authentication when deploying redis using helm.
helm install redis bitnami/redis --set auth.enabled=false
Related
I am facing a peculiar issue.
In my redis.conf file, at first I enable a password authentication by setting:
requirepass admin
When I connect to Redis via CLI, I am required to authenticate myself before continuing any operation, so all good so far:
127.0.0.1:6379> get name
(error) NOAUTH Authentication required.
127.0.0.1:6379> auth admin
OK
127.0.0.1:6379> get name
"sahay"
Now, I try to create a ACL user by running:
127.0.0.1:6379> acl setuser nonadminuser on >generalpassword +#all -#dangerous ~*
OK
So far so good, now I want to persist this new user to a ACL file, so I run:
127.0.0.1:6379> acl save
(error) ERR This Redis instance is not configured to use an ACL file. You may want to specify users via the ACL SETUSER command and then issue a CONFIG REWRITE (assuming you have a Redis configuration file set) in order to store users in the Redis configuration.
This is also OK, since I have not set any configuration of aclfile in my redis.conf.
So, I stop my redis server and add this line in my redis.conf file:
aclfile /Ankit/redis_installation/redis-stable/acl_users.acl
I also create a acl_users.acl file in the above mentioned directory, because without it Redis throws an error that no such file exists.
Now comes the peculiar part. When I start redis, and connect to it via CLI, it doesn't ask me to authenticate! Even though
requirepass admin
is set in the redis.conf file. In fact, it throws error when I try to run a password.
127.0.0.1:6379> get name
"sahay"
127.0.0.1:6379> auth admin
(error) ERR AUTH <password> called without any password configured for the default user. Are you sure your configuration is correct?
Also, when I do an ACL save now (after creating the new user), that new user is created and persisted in acl file but the strange thing is default user is stored with "nopass"
Why is default user configured as nopass even when config file has a requirepass clause?
requirepass is not compatible with ACL feature. If you config with ACL rules, requirepass is ignored. That's why you can operate Redis as the default user without sending auth command.
With ACL feature, you need to explicitly set a rule for default user.
user default on +#all ~* >password
I have been researching this Redis error for days now...
I created a GCP Memorystore Redis instance and received the following internal IP endpoint:
10.xxx.xxx.xxx:6378
I created a small GCE instance and made sure that zone matched the Redis instance:
us-central1-f
However, I when I ssh into the VM, connect to Redis, and issue a PING, I get the following error response
Protocol error, got "\x15" as reply type byte
Any idea why I am getting this error?
If the Redis instance was configured with an AUTH string and/or TLS encryption, you would need to pass these credentials when connecting to it.
I received the same error when using your command to connect to my encrypted instance. This can be done in two ways as far as I tested (from a GCE instance in the same VPC as Redis):
1. Using the redis-cli, you could use the following command to authenticate (see here for information on the flags used in the command):
redis-cli -h <ip_addres> -p <port> -a <auth_string> --tls --cacert <path/to/certificate_file.pem>
Note: the certificate file would need to be installed to your VM.
2. The GCP Memorystore documentation recommends using telnet and Stunnel to connect to a secured and encrypted instance.
Something not included in the documentation is that after running telnet localhost 6378 in step 4, you would need to pass the AUTH string in the telnet console:
AUTH <auth_string>
+OK
PING
+PONG
After that, you can PING the instance in step 5, skipping sending the AUTH string will return this error: -NOAUTH Authentication required. Besides that, you should follow as documented the rest of the steps.
I need to get an certificate for my domain hosted on AWS Route 53 from LetsEncrypt. I do not have any port 80 or 443 exposed since the server is used for VPN and does not have a public access.
So the only way to do this is via DNS validation of route 53.
So far I have installed certbot and dns-route53 plugin
sudo snap install --beta --classic certbot
sudo snap set certbot trust-plugin-with-root=ok
sudo snap install --beta certbot-dns-route53
sudo snap connect certbot:plugin certbot-dns-route53
I have created a special user in my AWS account who has access to Route53 and I have added the access key id and secret access key in the ~/.aws/config and also ~/.aws/credentials which looks something like this
[default]
aws_access_key_id=foo
aws_secret_access_key=bar
Basically followed every step given here: https://certbot-dns-route53.readthedocs.io/en/stable/
Now when I run the following command:
sudo certbot certonly -d mydomain.com --dns-route53
It gives the following output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-route53, Installer None
Requesting a certificate for mydomain.com
Performing the following challenges:
dns-01 challenge for mydomain.com
Cleaning up challenges
Unable to locate credentials
To use certbot-dns-route53, configure credentials as described at https://boto3.readthedocs.io/en/latest/guide/configuration.html#best-practices-for-configuring-credentials and add the necessary permissions for Route53 access.
I went to the documentation given in the error message: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html#best-practices-for-configuring-credentials
but I do not think there is anything wrong I am doing
I even went to the root level by doing sudo su and exported the AWS keys as env vars there and even exported the AWS keys in the home as well but it still throws me the same error.
so I also ran into this same issue, and it's likely because of you running certbot with sudo, when do you do that, whatever user you've used as ~/, is ignored, as instead, it's looking in /root/.
I fixed it by (centos) is my user where I have the .aws/ directory with config and credential files.
sudo -s
ln -s /home/centos/.aws/ ~/.aws
ls -lsa ~/.aws
... /root/.aws -> /home/centos/.aws/
I have a 3-instance high availability redis deployed. On each server I have redis and sentinel installed. I am trying to set a password
so that it requests it at the moment of entering with the command "redis-cli".
I am modifying the value of the "requirepass" parameter of the "redis.conf" file.
requirepass password123
Also inside the redis terminal, I am setting the password with the following commands
config set requirepass password123
auth password123
When I connect with the following command
redis-cli --tls --cert /<path>/redis.crt --key /<path>/redis.key --cacert /<path>/ca.crt -a password123
It works fine, my problem is when I restart the redis service, for some reason the password settings are not kept and I get the following message
Warning: AUTH failed
I do not know what configuration I need to do so that the change is maintained after restarting the redis service.
The version of redis that I have installed is "Redis server v=6.0.6"
Check your ACL configuration,Your requirepass configuration will be ignored with ACL operation. I get follow infomation from redis.conf example file.
IMPORTANT NOTE: starting with Redis 6 "requirepass" is just a compatibility
layer on top of the new ACL system. The option effect will be just setting
the password for the default user. Clients will still authenticate using
AUTH as usually, or more explicitly with AUTH default
if they follow the new protocol: both will work.
The requirepass is not compatable with aclfile option and the ACL LOAD
command, these will cause requirepass to be ignored.
config rewrite
This command will solve your issue of nopass after restart.
After setting the requirepass from redis cli.
I want to set a password in Redis. First I modified the configuration file of Redis. Remove '#' in front of requirepass foobared. And set requirepass kingredis.
I restarted Redis.
sudo /etc/init.d/redis-server restart
But it doesn't work.
hadoop#master:~$ redis-cli
127.0.0.1:6379> set b "sss"
OK
127.0.0.1:6379> auth kingredis
(error) ERR Client sent AUTH, but no password is set
My Ubuntu is 14.04.
You can try something like this.
redis 127.0.0.1:6379> AUTH PASSWORD
(error) ERR Client sent AUTH, but no password is set
redis 127.0.0.1:6379> CONFIG SET requirepass "mypass"
OK
redis 127.0.0.1:6379> AUTH mypass
Ok