Redis sentinel configuration

bitchkat · August 3, 2020, 10:05pm

Our redis is configured with authentication on both redis and sentinel. I have configured redis in the network server as

[redis]
url=“redis://:mypass@sentinelhost:26379”

cluster=false
master_name=“mymaster”

In the logs it seems like network server connects to sentinel and discovers the redis master just fine:

Aug 03 16:45:52 chirpstack-network-server[23455]: redis: 2020/08/03 16:45:52 sentinel.go:467: sentinel: discovered new sentinel=“99788e91e0c53f2833a190ad521b55631e79bb30” for master=“mymaster”
Aug 03 16:45:52 l chirpstack-network-server[23455]: redis: 2020/08/03 16:45:52 sentinel.go:467: sentinel: discovered new sentinel=“c1579f73e34385b36cf80c9bfd88c1efca167aed” for master=“mymaster”
Aug 03 16:45:52 chirpstack-network-server[23455]: redis: 2020/08/03 16:45:52 sentinel.go:435: sentinel: new master=“mymaster” addr=“10.100.234.79:6379”

However, when it talks to the discovered redis server, its not using authentication:

Aug 03 16:59:45 chirpstack-network-server[23455]: time=“2020-08-03T16:59:45-05:00” level=error msg=“gateway/mqtt: acquire lock error” error="acquire lock error: NOAUTH Authentication required. " key=“lora:ns:uplink:lock:647fdafffe00698a:912500000:0:0:40216ca50300320e01749e0e5705fca18d7a7b83c03f82b47c2ea588303ba143c813ad11bc9e3451c1” uplink_id=7561a5dd-78d7-41cb-aef2-c39999d4d5ee

brocaar · August 5, 2020, 2:03pm

Have you seen the config update in the latest release?

E.g. taken from the NS configuration: https://www.chirpstack.io/network-server/install/config/

# Redis settings
#
# Please note that Redis 2.6.0+ is required.
[redis]

# Server address or addresses.
#
# Set multiple addresses when connecting to a cluster.
servers=[
  "localhost:6379",
]

# Password.
#
# Set the password when connecting to Redis requires password authentication.
password=""

# Database index.
#
# By default, this can be a number between 0-15.
database=0

# Redis Cluster.
#
# Set this to true when the provided URLs are pointing to a Redis Cluster
# instance.
cluster=false

# Master name.
#
# Set the master name when the provided URLs are pointing to a Redis Sentinel
# instance.
master_name=""

# Connection pool size.
#
# Default (when set to 0) is 10 connections per every CPU.
pool_size=0

bitchkat · August 5, 2020, 2:41pm

I’ve followed the github issue where that was worked on. If I use servers and password instead of url, will it use the password when connecting to both sentinel and the discovered redis master?

If so, that should work since I’m currently using the same password for both sentinel and redis.

# our sentinel servers are load balanced via f5 for applications using a client api that
# supports redis-sentinel://:mypass@sentinel.mydomain.com:26379/1 uri scheme 
servers=[ "sentinel.mydomain.com:26379", ] 
password=:"mypass"
database=1
cluster=false
master_name="mymaster"
pool_size=0

If that works to authenticate sentinel and redis then it should be fine when I get them to upgrade from network server 3.9 and application server 3.10