Closed pgnd closed 4 years ago
Reading the documentation, I see that you should use sock
instead server
parameter in the configuration.
Only the REDIS_SERVER
env can be use to configure TCP or socket connections, but here we don't use env, we directly use module parameters.
Saw the examples, and completely missed the prior sentence:
"Alternatively you can use the sock parameter to specify the path of the UNIX domain socket where the Redis server is listening."
switching
globalStorage: Apache::Session::Browseable::Redis
globalStorageOptions:
- server: unix:/run/redis/redis.sock
+ sock: unix:/run/redis/redis.sock
select: 1
index: whatToTrace ipAddr
& verifying in
/usr/libexec/lemonldap-ng/bin/lmConfigEditor
...
'globalStorage' => 'Apache::Session::Browseable::Redis',
'globalStorageOptions' => {
'index' => 'whatToTrace ipAddr',
'select' => 1,
'sock' => 'unix:/run/redis/redis.sock'
},
...
does remove the error reported above^^
in browser, after login @ LL:NG Portal, I now see:
"Apache::Session module failed"
and in logs
main::__ANON__('Could not connect to Redis server at unix:/run/redis/redis.sock: No such file or directory at /usr/share/perl5/vendor_perl/Apache/Session/Browseable/Store/Redis.pm line 35.^J') called at /usr/share/perl5/vendor_perl/Lemonldap/NG/Common/Session.pm line 186
switching
- sock: unix:/run/redis/redis.sock
+ sock: /run/redis/redis.sock
the "No such file ..." error is gone (looks like it handles just bare path, not the form with preceding 'unix:'), but still fails with
"Apache::Session module failed"
in browser, and in logs
...
Aug 23 07:44:04 srv003 LLNG[58491]: [debug] Store Doctor Who in session key cn
Aug 23 07:44:04 srv003 LLNG[58491]: [debug] Store 1598193844 in session key _utime
Aug 23 07:44:04 srv003 LLNG[58491]: [debug] Try to get a new SSO session
Aug 23 07:44:04 srv003 LLNG[58491]: [error] Session cannot be tied: [set] NOAUTH Authentication required., at /usr/share/perl5/vendor_perl/Apache/Session/Browseable/Store/Redis.pm line 52.
Aug 23 07:44:04 srv003 LLNG[58491]: [debug] Returned error: 8 (PE_APACHESESSIONERROR)
...
where
/usr/share/perl5/vendor_perl/Apache/Session/Browseable/Store/Redis.pm
...
my $id = $session->{data}->{_session_id};
52 $self->{cache}->set( $id, $session->{serialized} );
foreach my $i (@$index) {
...
re-checking config/setup, switch BACK to
globalStorage: Apache::Session::File
globalStorageOptions:
Directory: /var/lib/lemonldap-ng/sessions
LockDirectory: /var/lib/lemonldap-ng/sessions/lock
generateModule: Lemonldap::NG::Common::Apache::Session::Generate::SHA256
works OK, as expected.
https://serverfault.com/questions/722803/redis-error-noauth-authentication-required
reading there
"Setting the requirepass configuration directive causes the server to require password authentication with the AUTH command before sending other commands. The redis.conf file states that clearly:"
Require clients to issue AUTH before processing any other
commands. This might be useful in environments in which you do not trust
others with access to the host running redis-server."
here,
grep requirepass /etc/redis/redis.conf
requirepass ChangeMe
checking redis AUTH at cli,
redis-cli \
-s /run/redis/redis.sock \
-a ChangeMe \
INFO keyspace
1) "dir"
2) "/data/db/redis"
, is OK
reading,
per https://metacpan.org/pod/Redis#auth,
with LL:NG backend as
globalStorage: Apache::Session::Browseable::Redis
globalStorageOptions:
sock: /run/redis/redis.sock
auth: ChangeMe
select: 1
index: whatToTrace ipAddr
turns out to be incorrect, & still returns
...
2020/08/24 06:17:04 LLNG[39604] DEBUG: Try to get a new SSO session
2020/08/24 06:17:04 LLNG[39604] ERROR: Session cannot be tied: [set] NOAUTH Authentication required., at /usr/share/perl5/vendor_perl/Apache/Session/Browseable/Store/Redis.pm line 52.
2020/08/24 06:17:04 LLNG[39604] DEBUG: Returned error: 8 (PE_APACHESESSIONERROR)
...
The req'd fix is, per https://metacpan.org/pod/Redis#password,
globalStorage: Apache::Session::Browseable::Redis
globalStorageOptions:
sock: /run/redis/redis.sock
- auth: ChangeMe
+ password: ChangeMe
select: 1
index: whatToTrace ipAddr
with checking @ redis-cli --help
-a <password> Password to use when connecting to the server.
You can also use the REDISCLI_AUTH environment
variable to pass this password more safely
(if both are used, this argument takes predecence).
--user <username> Used to send ACL style 'AUTH username pass'. Needs -a.
--pass <password> Alias of -a for consistency with the new --user option.
--askpass Force user to input password with mask from STDIN.
If this argument is used, '-a' and REDISCLI_AUTH
environment variable will be ignored.
a bit confusing, but ... fixed
adding to the config example/options @ LL:NG docs -- specifically for 'sock' & 'password' usage -- would be useful.
thx!
Hello @pgnd, you can propose some modifications on this file: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/blob/v2.0/doc/sources/admin/nosqlsessionbackend.rst
I'm setting up Apache::Session::Browseable::Redis as LL:NG v2.0.8 session backend.
The doc page,
provides example params for a TCP connection
and further references,
@ that module's docs,
unix: socket support is claimed,
My redis db is up & available on unix socket, with 16 DBs configured,
I've allocated DB # : 1 for lemonldap use.
I've added to LL:NG config,
exec, after credential entry @ Portal login, fails @ error,
changing
has no effect; same result/error