Enabling cache and configuring drupal to use it causes an error with authentication.

lando / pantheon

The Official Lando Pantheon plugin.

https://docs.lando.dev/pantheon

GNU General Public License v3.0

11 stars 18 forks source link

Enabling cache and configuring drupal to use it causes an error with authentication. #147

Closed awm086 closed 1 year ago

awm086 commented 1 year ago

ERR AUTH <password> called without any password configured for the default user. Are you sure your configuration is correct?

melissaevans commented 1 year ago

Not sure where I found the answer but this was happened to me to.

My workaround is the following (I'm using lando v3.8.1)

I manually set the password in my settings.local.php $settings['redis.connection']['password'] = 'pantheon';

And every time I'm rebuilding lando I need to set the redis password using teh following commands.

lando redis-cli config set requirepass pantheon exit

AaronFeledy commented 1 year ago

Looks like this message is introduced in Redis 6 when an empty password is sent from the client. If you are running an M1/M2 Mac, Lando uses Redis 6 instead of the usual Redis 2.8 because the later image is compatible with the ARM processor.

Lando does not set a password for Redis, so the CACHE_PASSWORD environment variable will be empty. If your settings.php is using the value of this environment variable to set the Redis password config, the Redis module will send an empty string as the password, which will be rejected with the aforementioned error. A workaround is to find the $settings['redis.connection']['password'] = $_ENV['CACHE_PASSWORD']; line in your settings.php and wrap it in a conditional so that it doesn't get set to an empty value.

  if (!empty($_ENV['CACHE_PASSWORD'])) {
    $settings['redis.connection']['password'] = $_ENV['CACHE_PASSWORD'];
  }

AaronFeledy commented 1 year ago

It actually might be worth testing whether Redis 2.8 works now that Docker has x64 emulation. Lando may not need to update you to v6 anymore. You can test that by adding the following to your .lando.yml and then running a lando rebuild.

services:
  cache:
    type: redis:2.8

If after the lando rebuild, Drupal reports that Redis is working, we can likely update Lando so that it no longer upgrades M1/M2 Mac environments to Redis 6. I don't have a Mac, so I can't test this myself

AaronFeledy commented 1 year ago

Another workaround could be done in your .lando.yml or your .lando.local.yml by setting a password on the redis server startup command and updating the CACHE_PASSWORD variable to the same value. This config change takes effect after a lando rebuild.

services:
  cache:
    overrides:
      command: 'docker-entrypoint.sh redis-server /usr/local/etc/redis/redis.conf --requirepass pantheon'
  appserver:
    overrides:
      environment:
        CACHE_PASSWORD: pantheon

reynoldsalec commented 1 year ago

Experienced this on my M1 as well, checking it out to see if we can implement something more stable in the recipe...noticed it tripped someone else on a WP app as well

nickmaine commented 1 year ago

I'm also experiencing the same issue but with the Pantheon WordPress recipe. @AaronFeledy's solution worked for me. I was having a chat with the WP Redis team and they pointed me to this thread. I'm M1 Mac/Pantheon recipe.

I have another issue related to the Pantheon recipe I opened in September, it hasn't been addressed. I have other ways to sync files/databases. I tried again today and lando pull still fails, this works on my colleagues computers who don't have an M1.

https://github.com/lando/pantheon/issues/141

Thank You

reynoldsalec commented 1 year ago

Ok, checking this out on my M1, moving to redis:2.8 didn't seem to work, seeing errors with the Docker image that I believe are due to the AMD64 emulation.

Trying to decide if it would be better to insert @AaronFeledy's suggested env var workaround into the Pantheon recipe or if we should add a default password in the redis.conf for the Lando Redis plugin (requirepass yourpassword).

AaronFeledy commented 1 year ago

I think the best path is to, by default, set the password to the name of the recipe like what's done in other services. Make this the default behavior in Lando v4 for Redis v6+. However, for Lando v3, it's probably a breaking change for some users to introduce a password. Since ARM doesn't work at all right now with the Pantheon recipe it might be safe to implement that in Lando v3 behind a conditional with that "armed" variable.

reynoldsalec commented 1 year ago

Talking with @pirog, he was suggesting...

putting a password value for the config of the upstream redis Lando plugin, blank by default (thus maintaining the default behavior expected), make sure that it works for all redis versions (or make it version specific). Start redis with the password.
Set a default password in the Pantheon recipe, pass it to redis via the config value and set the env var.

That should prevent breaking changes and follows the pattern other services (like MySQL) use with credential configuration.

reynoldsalec commented 1 year ago

This issue should be resolved if you upgrade to Lando 3.18.0 or above!