[jira] [Commented] (NIFI-8128) RedisDistributedMapCacheClientService doesn't work with password protected sentinel

Thu, 05 Aug 2021 04:54:36 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-8128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17393914#comment-17393914
 ] 

Jens M Kofoed commented on NIFI-8128:
-------------------------------------

Hi [~DamD]

I have a working 3 node Redis Sentinel cluster running with password. I had to 
set the same password for both redis and sentinel. But is is working. See 
config below:

redis.conf
bind 192.168.1.1 127.0.0.1
protected-mode yes
port 6379
tcp-backlog 511
timeout 0
tcp-keepalive 300
daemonize yes
supervised auto
pidfile "/var/run/redis/redis-server.pid"
loglevel notice
logfile "/var/log/redis/redis-server.log"
databases 16
always-show-logo yes
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename "dump.rdb"
dir "/var/lib/redis"
masterauth "SOMEPASSWORD"
replica-serve-stale-data yes
replica-read-only yes
repl-diskless-sync no
repl-diskless-sync-delay 5
repl-disable-tcp-nodelay no
replica-priority 100
min-replicas-to-write 1
min-replicas-max-lag 10
requirepass "SOMEPASSWORD"
maxmemory-policy allkeys-lru
lazyfree-lazy-eviction no
lazyfree-lazy-expire no
lazyfree-lazy-server-del no
replica-lazy-flush no
appendonly no
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
aof-use-rdb-preamble no
lua-time-limit 5000
slowlog-log-slower-than 10000
slowlog-max-len 128
latency-monitor-threshold 0
notify-keyspace-events ""
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-size -2
list-compress-depth 0
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
hll-sparse-max-bytes 3000
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit replica 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
aof-rewrite-incremental-fsync yes
replicaof 192.168.1.2 6379


sentinel.conf
daemonize yes
pidfile "/var/run/sentinel/redis-sentinel.pid"
logfile "/var/log/redis/redis-sentinel.log"
bind 192.168.1.1
protected-mode yes
port 26379
dir "/var/lib/redis"
sentinel myid 01c53508d72fc00fc8455563f9665c6276ff901c
sentinel deny-scripts-reconfig yes
sentinel monitor mymaster 192.168.1.2 6379 2
sentinel down-after-milliseconds mymaster 5000
sentinel failover-timeout mymaster 10000
sentinel auth-pass mymaster SOMEPASSWORD
sentinel config-epoch mymaster 44
sentinel leader-epoch mymaster 44
sentinel known-replica mymaster 192.168.1.1 6379
sentinel known-replica mymaster 192.168.1.3 6379
sentinel known-sentinel mymaster 192.168.1.1 26379 
5d9e486fcf38a7899a84034b9207c15483bebc8d
sentinel known-sentinel mymaster 192.168.1.2 26379 
f8692ee1c25cc04a1acd8771f82fe7cb1b256027
sentinel current-epoch 44

> RedisDistributedMapCacheClientService doesn't work with password protected 
> sentinel
> -----------------------------------------------------------------------------------
>
>                 Key: NIFI-8128
>                 URL: https://issues.apache.org/jira/browse/NIFI-8128
>             Project: Apache NiFi
>          Issue Type: Bug
>    Affects Versions: 1.11.4
>            Reporter: DEOM Damien
>            Priority: Major
>
>  
> RedisDistributedMapCacheClientService doesn't work with password protected 
> sentinel .
> Standalone mode with password works fine.
> Removing password in sentinel solves the issue
>  
>  
> NB: if redis has authentification, Nifi expects the password to be that of 
> redis, not that of sentinel
> If redis has pwd but not sentinel, and no pwd is specified in nifi, we get 
> this message:
>  
> {{org.springframework.data.redis.RedisConnectionFailureException: Cannot get 
> Jedis connection; nested exception is 
> redis.clients.jedis.exceptions.JedisException: Could not get a resource from 
> the pool}}
>  
> If both redis and sentinel have the same pwd, we get this message:
>  
> {{ failed to process session due to All sentinels down, cannot determine 
> where is mymaster master is running...; Processor Administratively Yielded 
> for 1 sec: redis.clients.jedis.exceptions.JedisConnectionException: All 
> sentinels down, cannot determine where is mymaster master is running...}}
>  
> The documentation should be updated to facilitate the establishment of a 
> working, secured cluster.
>  
> Original discussion
> [https://stackoverflow.com/questions/65412299/nifi-redis-sentinel-integration]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to