search

goharbor / harbor

An open source trusted cloud native registry project that stores, signs, and scans content.
https://goharbor.io
Apache License 2.0
23.19k stars 4.67k forks source link

should add redis sentinel password support #14757

Open bitsf opened 3 years ago

bitsf commented 3 years ago

old redis sentinel server version (4.x) doesn't support AUTH command, however current version (6.x) has already support this, we should also support it.

redis-server sentinel.conf --sentinel --requirepass 456 redis-cli -h redis-sentinel-1 AUTH 456

bitsf commented 3 years ago

consider add a new param sentinel_password in the redis url redis+sentinel://:pass1@host1:26379,host2:26379/mymaster/1?idle_timeout_seconds=30&sentinel_password=pass2

bitsf commented 3 years ago

well, this fix is a little complex, need first be supported in the upstream trivy and also need patch chartserver and registry and beego also not support.

not sure if this is really a strong requirement in community.

1224566146 commented 2 years ago

To solve this problem, do you have any plans to upgrade and repair in the near future? About supporting redis + sentinel to add passwords, we need to support this method now.

1224566146 commented 2 years ago

@wy65701436 @bitsf

github-actions[bot] commented 2 years ago

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

kzgrzendek commented 2 years ago

Hello @bitsf @wy65701436, facing the same issue here, is disabling AUTH the only way to use Harbor with Redis Sentinel right now? Is there any plan to support sentinel auth in the near future?

Thanks :)

RichardSufliarsky commented 1 year ago

Hello, any plans to implement Sentinel AUTH? I have tested goharbor/harbor v1.9.3 helm chart and it doesn't work (my config is here https://github.com/bitnami/charts/issues/11354#issuecomment-1199794508). Here https://github.com/goharbor/harbor/issues/16907#issuecomment-1153092617 it seems that with registry it should be working, but core and jobservice don't work. I also found another opened issue regarding sentinel auth: https://github.com/goharbor/harbor/issues/17244

Could you please amend title of this issue and add "AUTH" to it so it is more visible in searches?

RichardSufliarsky commented 1 year ago

Looking at the code, maybe there could be some parameter indicating to use AUTH with Sentinel and then use redisOptions instead of sentinelOptions https://github.com/goharbor/harbor/blob/41105b5191cd18ff1d35433bf908bffff7186abc/src/lib/redis/redisclient.go#L144 as password is appended to redisOptions here https://github.com/goharbor/harbor/blob/41105b5191cd18ff1d35433bf908bffff7186abc/src/lib/redis/redisclient.go#L123 Seems that it gets more complicated if Sentinel and Redis passwords are not the same but there is no such config option in values.yaml currently.

@zyyw, could you please look also at this issue?

kevinlmadison commented 1 year ago

I'm seeing this same thing as well.

shanaider commented 1 year ago

I'm facing on this issue as well.

helm chart: harbor-1.10.1
app version: 2.6.1

redis: 2022/10/18 07:25:48 sentinel.go:514: sentinel: GetMasterAddrByName master="harbor-redis" failed: NOAUTH Authentication required.
redis: 2022/10/18 07:25:48 sentinel.go:514: sentinel: GetMasterAddrByName master="harbor-redis" failed: NOAUTH Authentication required.
redis: 2022/10/18 07:25:48 sentinel.go:514: sentinel: GetMasterAddrByName master="harbor-redis" failed: NOAUTH Authentication required.
2022-10-18T07:25:48Z [ERROR] [/lib/cache/cache.go:114]: failed to ping redis+sentinel://redis-sentinel-node-0.redis-sentinel-headless.harbor2.svc.cluster.local:26379,redis-sentinel-node-1.redis-sentinel-headless.harbor2.svc.cluster.local:26379,redis-sentinel-node-2.redis-sentinel-headless.harbor2.svc.cluster.local:26379/harbor-redis/0?idle_timeout_seconds=30, retry after 10s : redis: all sentinels specified in configuration are unreachable
github-actions[bot] commented 1 year ago

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

cyvcloud commented 1 year ago

Still same problem with chart version 1.11.0.

github-actions[bot] commented 1 year ago

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

figaw commented 1 year ago

This issue is still relevant to us.

es-x commented 1 year ago

Same too

github-actions[bot] commented 1 year ago

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

n9 commented 1 year ago

Unstale.

davidpanic commented 11 months ago

How can you claim to support sentinel but then authentication just isn't supported??? Please implement this ASAP as harbor is currently unusable for us without AUTH support with sentinel.

GizzmoAsus commented 10 months ago

Still seeing the same issue with chart version harbor-17.1.1.

My only work arounds at the moment is to run 2 redis clusters within my ecosystem:

  1. one for all services except harbor
  2. an insecure, unauthenticated cluster for harbor or the internal redis cluster that comes with the helm chart (current choice for the short term)

Any news, given this has been open a while?

github-actions[bot] commented 8 months ago

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

davidpanic commented 8 months ago

Not stale, still an issue

pierreblais commented 8 months ago

I'm facing the same issue !

CoderYellow commented 6 months ago

i dont know how hard it is to fix this issue, can we just simply replace here with

o.SentinelUsername, o.SentinelPassword = getUserPassword(u)
jwojnarowicz commented 5 months ago

Still an issue for app version 2.10.0 installed using Helm chart. Please fix or don't claim the support of Sentinel as it is not working correctly and not providing basic, crucial functionality. Disabling AUTH should not be a solution for this.

olivierPaq commented 5 months ago

Hello, I'm facing the same issue, @zyyw can we have an update about that please ?

kzgrzendek commented 3 months ago

Hello @bitsf @wy65701436, facing the same issue here, is disabling AUTH the only way to use Harbor with Redis Sentinel right now? Is there any plan to support sentinel auth in the near future?

Thanks :)

Still an issue for us

github-actions[bot] commented 1 month ago

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

davidpanic commented 1 month ago

Not stale, still an issue, please fix :smile: