search

oliver006 / redis_exporter

Prometheus Exporter for ValKey & Redis Metrics. Supports ValKey and Redis 2.x, 3.x, 4.x, 5.x, 6.x, and 7.x
https://github.com/oliver006/redis_exporter
MIT License
3.03k stars 859 forks source link

Support usernames in password file #820

Open pznamensky opened 11 months ago

pznamensky commented 11 months ago

Describe the problem redis_exporter supports multi-target approach which is a convenient way to monitor multiple Redis servers. In case you use auth in those servers, you can either add --redis.user & --redis.password or create a password file (if credentials are not the same for all servers) The problem is that the password file does not support usernames which are used in Redis 6+ Since there're no another way to set usernames in multi-target approach, it would be great to add usernames support into password file.

What version of redis_exporter are you running? 1.51.0

oliver006 commented 11 months ago

I think that'd be useful but I wonder if you could try working the username into the URL schema and then supply the password via the password file. Something like

{
  "redis://bob@redis:6379": "redis-password"
}

I haven't had a chance to try it but you could see if this works.

pznamensky commented 11 months ago

@oliver006 thanks for the quick reply! Unfortunately, this workaround doesn't work. I was able to find a workaround in case the same username is being used. In this case, we can pass the global option --redis.user and use the password file with different passwords for each server.

oliver006 commented 11 months ago

Ah yes, that works as long it's always the same user.

I think this issue has come up before, maybe it's worth expanding the json file to include usernames.

SKYNE0 commented 6 months ago

you can set default user password.

nicosistemas commented 2 months ago

Hi guys! I also have Multi-target Redis and I had the same problem. I solved it like this:

I used generic K8S secrets (base64 encrypted). In my case, I did the deployments with Helm,

https://artifacthub.io/packages/helm/prometheus-community/prometheus-redis-exporter

serviceMonitor:
  # When set true then use a ServiceMonitor to configure scraping
  enabled: true
  multipleTarget: true
  targets: 
  # for every targets, url and name must be set,
  # an individual additionalRelabeling can be set for every target
  - url: "redis://redis-standalone-cross-headless.s-redis.svc.cluster.local:6379"
    name: "s-cross"
  - url: "redis://redis-standalone-payroll-headless.s-redis.svc.cluster.local:6379"
    name: "s-payrioll"

auth:
  # Use password authentication
  enabled: true
  # Use existing secret (ignores redisPassword)
  secret:
    name: ""
    key: ""
  # Redis password (when not stored in a secret)
  redisPassword: ""
  # Redis user (version 6.X and above)
  redisUser: ""
  # Redis password file (e.g., https://github.com/oliver006/redis_exporter/blob/v1.27.0/contrib/sample-pwd-file.json)
  # secret (useful for multiple redis instances with different passwords). If secret name and key are set
  # this will ignore the single password auth.secret.*
  redisPasswordFile:
    # The secret key will be mounted into this path as a file
    # e.g., if secret key is pass.json, the env variable
    # REDIS_PASSWORD_FILE will be set to /auth/pass.json
    mountPath: /auth
    secret:
      name: "redis-host-s"
      key: "host.json"

host.json file to secrets deploy:

apiVersion: v1
kind: Secret
metadata:
  name: redis-host-s
  namespace: monitoring
type: Opaque
data:
  host.json: |
    2lpZ28tY3Jvc3MtaGVhZGxlc3Muc2lp (base64 encrypt)

json connection:

echo -n '    {
    "redis://redis-standalone-cross-headless.s-redis.svc.cluster.local:6379": "mmmmmmm",
    "redis://redis-standalone-payroll-headless.s-redis.svc.cluster.local:6379": "hhhhhhhhhh"
    }' | base64

Thank you Oliver! Saludos desde Argentina 🇦🇷

ArjonBu commented 1 week ago

@nicosistemas your reply doesn't include usernames though.