Add support for Sentinel usernames in Workhorse (!155209) · Merge requests · GitLab.org / GitLab

Stan Hu requested to merge sh-add-sentinel-username-workhorse into master Jun 04, 2024

What does this MR do and why?

!131490 (merged) added support for Sentinel passwords, but Redis can be configured with an Access Control List (ACL), which some admins might need. This commit adds support for specifying a Sentinel username.

Relates to omnibus-gitlab#8559

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Set up a Redis server and Sentinel:

redis.conf

port 6381
requirepass mypass
masterauth mypass

sentinel.conf

port 26379
dir "/tmp"
sentinel monitor mymaster 127.0.0.1 6381 2
sentinel auth-pass mymaster mypass
user default off
user testuser on >sentme +@all

Run:

redis-server redis.conf
redis-sentinel sentinel.conf

Update workhorse/config.toml accordingly. Here's my redis section:

[redis]
Sentinel = ["redis://localhost:26379"]
SentinelMaster = "mymaster"
SentinelUsername = "testuser"
SentinelPassword = "sentme"
Password = "mypass"
DB = 0

Start up Workhorse. If you use the wrong username or password, you'll see:

redis: 2024/06/04 01:24:12 sentinel.go:558: sentinel: GetMasterAddrByName master="mymaster" failed: WRONGPASS invalid username-password pair or user is disabled.
{"error":"keywatcher: redis: all sentinels specified in configuration are unreachable","level":"error","msg":"","time":"2024-06-04T01:24:12-07:00"}

Otherwise, you won't see any error messsages.

Edited Jun 05, 2024 by Stan Hu

Add support for Sentinel usernames in Workhorse

What does this MR do and why?

MR acceptance checklist

How to set up and validate locally

redis.conf

sentinel.conf

Merge request reports