From fa675256c127963c74ea68f8bab22ef105bada02 Mon Sep 17 00:00:00 2001 From: antirez Date: Wed, 31 Oct 2018 12:56:47 +0100 Subject: [PATCH] Add support for Sentinel authentication. So far it was not possible to setup Sentinel with authentication enabled. This commit introduces this feature: every Sentinel will try to authenticate with other sentinels using the same password it is configured to accept clients with. So for instance if a Sentinel has a "requirepass" configuration statemnet set to "foo", it will use the "foo" password to authenticate with every other Sentinel it connects to. So basically to add the "requirepass" to all the Sentinels configurations is enough in order to make sure that: 1) Clients will require the password to access the Sentinels instances. 2) Each Sentinel will use the same password to connect and authenticate with every other Sentinel in the group. Related to #3279 and #3329. --- src/sentinel.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/src/sentinel.c b/src/sentinel.c index f0901eeb6..adff9d4fa 100644 --- a/src/sentinel.c +++ b/src/sentinel.c @@ -452,7 +452,8 @@ struct redisCommand sentinelcmds[] = { {"info",sentinelInfoCommand,-1,"",0,NULL,0,0,0,0,0}, {"role",sentinelRoleCommand,1,"l",0,NULL,0,0,0,0,0}, {"client",clientCommand,-2,"rs",0,NULL,0,0,0,0,0}, - {"shutdown",shutdownCommand,-1,"",0,NULL,0,0,0,0,0} + {"shutdown",shutdownCommand,-1,"",0,NULL,0,0,0,0,0}, + {"auth",authCommand,2,"sltF",0,NULL,0,0,0,0,0} }; /* This function overwrites a few normal Redis config default with Sentinel @@ -1942,12 +1943,25 @@ werr: /* Send the AUTH command with the specified master password if needed. * Note that for slaves the password set for the master is used. * + * In case this Sentinel requires a password as well, via the "requirepass" + * configuration directive, we assume we should use the local password in + * order to authenticate when connecting with the other Sentinels as well. + * So basically all the Sentinels share the same password and use it to + * authenticate reciprocally. + * * We don't check at all if the command was successfully transmitted * to the instance as if it fails Sentinel will detect the instance down, * will disconnect and reconnect the link and so forth. */ void sentinelSendAuthIfNeeded(sentinelRedisInstance *ri, redisAsyncContext *c) { - char *auth_pass = (ri->flags & SRI_MASTER) ? ri->auth_pass : - ri->master->auth_pass; + char *auth_pass = NULL; + + if (ri->flags & SRI_MASTER) { + auth_pass = ri->auth_pass; + } else if (ri->flags & SRI_SLAVE) { + auth_pass = ri->master->auth_pass; + } else if (ri->flags & SRI_SENTINEL) { + if (server.requirepass) auth_pass = server.requirepass; + } if (auth_pass) { if (redisAsyncCommand(c, sentinelDiscardReplyCallback, ri, "%s %s",