Closed pgnd closed 4 years ago
coudot
commented
4 years ago Reading the documentation, I see that you should use sock instead server parameter in the configuration.
Only the REDIS_SERVER env can be use to configure TCP or socket connections, but here we don't use env, we directly use module parameters.
pgnd
commented
4 years ago Saw the examples, and completely missed the prior sentence:
"Alternatively you can use the sock parameter to specify the path of the UNIX domain socket where the Redis server is listening."switching
globalStorage: Apache::Session::Browseable::Redis
globalStorageOptions:
- server: unix:/run/redis/redis.sock
+ sock: unix:/run/redis/redis.sock
select: 1
index: whatToTrace ipAddr& verifying in
/usr/libexec/lemonldap-ng/bin/lmConfigEditor
...
'globalStorage' => 'Apache::Session::Browseable::Redis',
'globalStorageOptions' => {
'index' => 'whatToTrace ipAddr',
'select' => 1,
'sock' => 'unix:/run/redis/redis.sock'
},
...does remove the error reported above^^
in browser, after login @ LL:NG Portal, I now see:
"Apache::Session module failed"and in logs
main::__ANON__('Could not connect to Redis server at unix:/run/redis/redis.sock: No such file or directory at /usr/share/perl5/vendor_perl/Apache/Session/Browseable/Store/Redis.pm line 35.^J') called at /usr/share/perl5/vendor_perl/Lemonldap/NG/Common/Session.pm line 186switching
- sock: unix:/run/redis/redis.sock
+ sock: /run/redis/redis.sockthe "No such file ..." error is gone (looks like it handles just bare path, not the form with preceding 'unix:'), but still fails with
"Apache::Session module failed"in browser, and in logs
...
Aug 23 07:44:04 srv003 LLNG[58491]: [debug] Store Doctor Who in session key cn
Aug 23 07:44:04 srv003 LLNG[58491]: [debug] Store 1598193844 in session key _utime
Aug 23 07:44:04 srv003 LLNG[58491]: [debug] Try to get a new SSO session
Aug 23 07:44:04 srv003 LLNG[58491]: [error] Session cannot be tied: [set] NOAUTH Authentication required., at /usr/share/perl5/vendor_perl/Apache/Session/Browseable/Store/Redis.pm line 52.
Aug 23 07:44:04 srv003 LLNG[58491]: [debug] Returned error: 8 (PE_APACHESESSIONERROR)
...where
/usr/share/perl5/vendor_perl/Apache/Session/Browseable/Store/Redis.pm
...
my $id = $session->{data}->{_session_id};
52 $self->{cache}->set( $id, $session->{serialized} );
foreach my $i (@$index) {
...re-checking config/setup, switch BACK to
globalStorage: Apache::Session::File
globalStorageOptions:
Directory: /var/lib/lemonldap-ng/sessions
LockDirectory: /var/lib/lemonldap-ng/sessions/lock
generateModule: Lemonldap::NG::Common::Apache::Session::Generate::SHA256works OK, as expected.
coudot
commented
4 years ago pgnd
commented
4 years ago https://serverfault.com/questions/722803/redis-error-noauth-authentication-required
reading there
"Setting the requirepass configuration directive causes the server to require password authentication with the AUTH command before sending other commands. The redis.conf file states that clearly:"
Require clients to issue AUTH before processing any other
commands. This might be useful in environments in which you do not trust
others with access to the host running redis-server."here,
grep requirepass /etc/redis/redis.conf
requirepass ChangeMechecking redis AUTH at cli,
redis-cli \
-s /run/redis/redis.sock \
-a ChangeMe \
INFO keyspace
1) "dir"
2) "/data/db/redis", is OK
reading,
per https://metacpan.org/pod/Redis#auth,with LL:NG backend as
globalStorage: Apache::Session::Browseable::Redis
globalStorageOptions:
sock: /run/redis/redis.sock
auth: ChangeMe
select: 1
index: whatToTrace ipAddrturns out to be incorrect, & still returns
...
2020/08/24 06:17:04 LLNG[39604] DEBUG: Try to get a new SSO session
2020/08/24 06:17:04 LLNG[39604] ERROR: Session cannot be tied: [set] NOAUTH Authentication required., at /usr/share/perl5/vendor_perl/Apache/Session/Browseable/Store/Redis.pm line 52.
2020/08/24 06:17:04 LLNG[39604] DEBUG: Returned error: 8 (PE_APACHESESSIONERROR)
...The req'd fix is, per https://metacpan.org/pod/Redis#password,
globalStorage: Apache::Session::Browseable::Redis
globalStorageOptions:
sock: /run/redis/redis.sock
- auth: ChangeMe
+ password: ChangeMe
select: 1
index: whatToTrace ipAddrwith checking @ redis-cli --help
-a <password> Password to use when connecting to the server.
You can also use the REDISCLI_AUTH environment
variable to pass this password more safely
(if both are used, this argument takes predecence).
--user <username> Used to send ACL style 'AUTH username pass'. Needs -a.
--pass <password> Alias of -a for consistency with the new --user option.
--askpass Force user to input password with mask from STDIN.
If this argument is used, '-a' and REDISCLI_AUTH
environment variable will be ignored.a bit confusing, but ... fixed
adding to the config example/options @ LL:NG docs -- specifically for 'sock' & 'password' usage -- would be useful.
thx!
coudot
commented
4 years ago Hello @pgnd, you can propose some modifications on this file: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/v2.0/doc/sources/admin/nosqlsessionbackend.rst
I'm setting up Apache::Session::Browseable::Redis as LL:NG v2.0.8 session backend.
The doc page,
provides example params for a TCP connection
and further references,
@ that module's docs,
unix: socket support is claimed,
My redis db is up & available on unix socket, with 16 DBs configured,
I've allocated DB # : 1 for lemonldap use.
I've added to LL:NG config,
exec, after credential entry @ Portal login, fails @ error,
changing
has no effect; same result/error