Add support for Sentinel usernames in Workhorse
What does this MR do and why?
!131490 (merged) added support for Sentinel passwords, but Redis can be configured with an Access Control List (ACL), which some admins might need. This commit adds support for specifying a Sentinel username.
Relates to omnibus-gitlab#8559
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- Set up a Redis server and Sentinel:
redis.conf
port 6381
requirepass mypass
masterauth mypass
sentinel.conf
port 26379
dir "/tmp"
sentinel monitor mymaster 127.0.0.1 6381 2
sentinel auth-pass mymaster mypass
user default off
user testuser on >sentme +@all
Run:
redis-server redis.conf
redis-sentinel sentinel.conf
- Update
workhorse/config.toml
accordingly. Here's myredis
section:
[redis]
Sentinel = ["redis://localhost:26379"]
SentinelMaster = "mymaster"
SentinelUsername = "testuser"
SentinelPassword = "sentme"
Password = "mypass"
DB = 0
- Start up Workhorse. If you use the wrong username or password, you'll see:
redis: 2024/06/04 01:24:12 sentinel.go:558: sentinel: GetMasterAddrByName master="mymaster" failed: WRONGPASS invalid username-password pair or user is disabled.
{"error":"keywatcher: redis: all sentinels specified in configuration are unreachable","level":"error","msg":"","time":"2024-06-04T01:24:12-07:00"}
Otherwise, you won't see any error messsages.
Edited by Stan Hu