Closed joshbartley closed 6 months ago
Have you ran these commands for redi2.example.com and redi3.example.com yet?
replica-announce-ip <hostname>
sentinel announce-ip <hostname>
p/s:
You should use hostnames everywhere and avoid mixing hostnames and IP addresses. To do that, use replica-announce-ip
In the sentinel config, every server has
sentinel resolve-hostnames yes
sentinel announce-ip "redis1.example.com"
sentinel announce-hostnames yes
Also at the bottom of the sentinel.config it lists the sentinel known-replica
and sentinel known-sentinel
using their hostnames and not their IPs. replica-announce-ip
is already set according to the redis.conf and listed above in the example.
I think I figured it out though replicating it will be tough.
I think what happened is that a redis primary was already picked, and it was the old IP. Since a failover never happened, it never updated the primary to the hostname. I forced a failover and hostnames started to come back for the SENTINEL get-master-addr-by-name
command. I rotated all through every host and verified that all are back to hostname and was able to drop the ssl override. Looks like this was a redis issue from an order of operations not a client issue. Apologies for that.
Glad you have found the way to solve it.
I have a new Redis Cluster using Sentinel setup to only allow for TLS. Certificates a wildcards issued from a public CA and expire in 6 months.
I've set the following options on all the servers.
sentinel.conf (hostnames changed to example.com)
redis.conf (hostnames changed to example.com)
From the ILoggerFactory I get success messages at first.
Then things take a turn and I'm not sure where the code is getting the IPs instead of the hostnames.
AuthenticationFailure on 192.168.2.103:6379/Interactive, Initializing/NotStarted, last: NONE, origin: ConnectedAsync, outstanding: 0, last-read: 0s ago, last-write: 0s ago, keep-alive: 60s, state: Connecting, mgr: 10 of 10 available, last-heartbeat: never, last-mbeat: 0s ago, global: 0s ago, v: 2.7.10.12442 StackExchange.Redis.RedisConnectionException: AuthenticationFailure on 192.168.2.103:6379/Interactive, Initializing/NotStarted, last: NONE, origin: ConnectedAsync, outstanding: 0, last-read: 0s ago, last-write: 0s ago, keep-alive: 60s, state: Connecting, mgr: 10 of 10 available, last-heartbeat: never, last-mbeat: 0s ago, global: 0s ago, v: 2.7.10.12442 ---> System.Security.Authentication.AuthenticationException: The remote certificate was rejected by the provided RemoteCertificateValidationCallback.
I connected to Sentinel and ran the below commands and both come back with the hostnames instead of the IP except for
get-master-addr-by-name
which returns an IP but I think it's supposed to?SENTINEL replicas
SENTINEL sentinels
If I set the connection string to the below. Everything seems to work.
redi1.example.com,ssl=true,serviceName=redis1,user=app,password=xxxxxxxxxxxxxxxxxxxx"
If I add the other nodes in, this is when errors start to occur.
redi1.example.com,redi2.example.com,redi3.example.com,ssl=true,serviceName=redis1,user=app,password=xxxxxxxxxxxxxxxxxxxx"
It is very likely I have some config line messed up on the redis server side but I don't know where to find it or how those IPs are being used instead of the hostname.
Testing code using .net8