RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1251484 - the redis resource agent should allow for use of a password to connect to redis
Summary: the redis resource agent should allow for use of a password to connect to redis
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: resource-agents
Version: 7.3
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Fabio Massimo Di Nitto
QA Contact: Udi Shkalim
URL:
Whiteboard:
Depends On:
Blocks: 1252081 1259595
TreeView+ depends on / blocked
 
Reported: 2015-08-07 12:38 UTC by Giulio Fidente
Modified: 2015-11-19 04:48 UTC (History)
11 users (show)

Fixed In Version: resource-agents-3.9.5-54.el7
Doc Type: Enhancement
Doc Text:
In order to support authenticated communication between Redis and its clients, the Redis resource agent now supports client password communication by auto-detecting the settings from Redis configuration file.
Clone Of:
: 1259595 (view as bug list)
Environment:
Last Closed: 2015-11-19 04:48:46 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
proposed patch (960 bytes, text/plain)
2015-08-13 13:42 UTC, Fabio Massimo Di Nitto 		no flags Details
new patch with David´s magic (993 bytes, patch)
2015-08-13 14:16 UTC, Fabio Massimo Di Nitto 		no flags Details | Diff
Show Obsolete (1) View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:2190 0 normal SHIPPED_LIVE resource-agents bug fix and enhancement update 2015-11-19 08:06:48 UTC

Description Giulio Fidente 2015-08-07 12:38:24 UTC 
Description of problem:
the redis resource agent uses redis-cli to perform live config changes on the running instances but it doesn't allow to specify a password to connect to redis; the redis-cli binary expects that with -a password


Version-Release number of selected component (if applicable):
resource-agents-3.9.6-2.fc21.x86_64
Comment 2 Giulio Fidente 2015-08-07 13:08:50 UTC 
This is needed by https://review.openstack.org/#/c/210405 , where we try to enforce use of a password to connect to Redis
Comment 3 Fabio Massimo Di Nitto 2015-08-13 13:42:00 UTC 
Created attachment 1062588 [details]
proposed patch

Tested by setting:

masterauth foobared

and

requirepass foobared

in redis.conf on all nodes.

Start/configure redis as we do in OSP:

pcs resource create redis redis wait_last_known_master=true --master meta notify=true ordered=true interleave=true

verify that the client requires passwd:

[root@rhel7-ha-node1 ~]# redis-cli info 
NOAUTH Authentication required.

[root@rhel7-ha-node1 ~]# redis-cli -a foobared info 
....
Comment 4 Fabio Massimo Di Nitto 2015-08-13 14:16:13 UTC 
Created attachment 1062612 [details]
new patch with David´s magic
Comment 5 David Vossel 2015-08-13 20:57:49 UTC 
pull request with my magic upstream.

https://github.com/ClusterLabs/resource-agents/pull/661
Comment 12 Leonid Natapov 2015-10-20 10:53:14 UTC 
Tested on RHEL 7.2 per Dean Jansa's request
Manually upgraded resoure-agents to resource-agents-3.9.5-54.el7.x86_64.

masterauth and requirepass were set in redis.conf on all nodes
restart redis. (deleted and created resource again)

[root@overcloud-controller-2 heat-admin]# redis-cli -h overcloud-controller-2  -p 6379 info
NOAUTH Authentication required.

[root@overcloud-controller-2 heat-admin]# redis-cli -h overcloud-controller-2  -p 6379 -a lesik info
# Server
redis_version:2.8.21
redis_git_sha1:00000000
redis_git_dirty:0
redis_build_id:b33b557c4bcc5a9f
redis_mode:standalone
os:Linux 3.10.0-229.14.1.el7.x86_64 x86_64
arch_bits:64
multiplexing_api:epoll
gcc_version:4.8.3
process_id:38359
run_id:981e264921b4117b88d522de58b6cde11f5130c3
tcp_port:6379
uptime_in_seconds:1534
uptime_in_days:0
hz:10
lru_clock:2497574
config_file:/etc/redis.conf
Comment 14 errata-xmlrpc 2015-11-19 04:48:46 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2190.html
Note You need to log in before you can comment on or make changes to this bug.