mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Implement authentication for Redis/Sentinel (#14805)

Browse Source 
* Implement ACL support for redis (and sentinel)

Currently, sentinel only works with anonymous connections.
Some parameters are passed when using sentinel, however these are
dropped on the floor.
This encapsulates them as py-redis expects, and passes them correctly.

* Pass username

* Differentiate duplicate error messages

* Actually pass var

* Docs and requirement bump

* Lint

* Consistency

* More lint

* Lint harder

* Doc Updates
This commit is contained in:
AdamB
2023-04-14 13:11:44 +01:00
committed by GitHub
parent 3362e0ee7b
commit 55b167562e
5 changed files with 79 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
doc/Extensions/Dispatcher-Service.md
View File

@@ -18,7 +18,7 @@ behaviour only found in Python3.4+.
- PyMySQL is recommended as it requires no C compiler to
install. MySQLclient can also be used, but does require compilation.
- python-dotenv .env loader
- redis-py 3.0+ and Redis 5.0+ server (if using distributed polling)
- redis-py 4.0+ and Redis 5.0+ server (if using distributed polling)
- psutil
These can be obtained from your OS package manager, or from PyPI with the below commands.
@@ -76,20 +76,40 @@ DB_PASSWORD=
Once you have your Redis database set up, configure it in the .env file on each node. Configure the redis cache driver for distributed locking.
There are a number of options - most of them are optional if your redis instance is standalone and unauthenticated (neither recommended).
```dotenv
##
## Standalone
##
REDIS_HOST=127.0.0.1
REDIS_PORT=6379
# OR
REDIS_SENTINEL=192.0.2.1:26379
REDIS_SENTINEL_SERVICE=myservice
REDIS_DB=0
#REDIS_PASSWORD=
#REDIS_TIMEOUT=60
REDIS_TIMEOUT=60
CACHE_DRIVER=redis
# If requirepass is set in redis set everything above as well as: (recommended)
REDIS_PASSWORD=PasswordGoesHere
# If ACL's are in use, set everything above as well as: (highly recommended)
REDIS_USERNAME=UsernameGoesHere
##
## Sentinel
##
REDIS_SENTINEL=redis-001.example.org:26379,redis-002.example.org:26379,redis-003.example.org:26379
REDIS_SENTINEL_SERVICE=mymaster
# If requirepass is set in sentinel, set everything above as well as: (recommended)
REDIS_SENTINEL_PASSWORD=SentinelPasswordGoesHere
# If ACL's are in use, set everything above as well as: (highly recommended)
REDIS_SENTINEL_USERNAME=SentinelUsernameGoesHere
```
For more information on ACL's, see <https://redis.io/docs/management/security/acl/>
Note that if you use Sentinel, you may still need `REDIS_PASSWORD`, `REDIS_USERNAME`, `REDIS_DB` and `REDIS_TIMEOUT` - Sentinel just provides the address of the instance currently accepting writes and manages failover. It's possible (and recommended) to have authentication both on Sentinel and the managed Redis instances.
### Basic Configuration
Additional configuration settings can be set in `config.php` or