Closed mpihlak closed 1 year ago
Update. The issue with incorrect AUTH message was actually caused by having a newline at the end of the password.
AUTH failed: WRONGPASS invalid username-password pair or user is disabled.
The above message actually originated from the readiness check, not the liveness. It became obvious that the extra newline was there after running sh -x /redis-readiness/ready.sh
on one of the Redis nodes. After the fixing the secret the Redis pods started up and become ready.
The liveness probe still has the incorrect command line. However it does not fail because redis-cli
incorrectly returns exit code 0 on authentication failure:
/data $ redis-cli -h localhost -p 6379 ping --user pinger --pass pingpass --no-auth-warning
(error) NOAUTH Authentication required.
/data $ echo $?
0
Suggest replacing that with something like:
sh -c "redis-cli -h localhost -p 6379 ping --user pinger --pass pingpass --no-auth-warning | grep PONG"
Expected behaviour
After enabling authentication on
RedisFailover
, expecting the pods to become ready and the cluster to become operational.Actual behaviour
The pods are are created but never become ready:
The problem appears to be failing liveness probe:
The liveness probe is defined by the Redis Operator as:
Running this on one of the redis pods:
However when changing the order of arguments so that the command comes last, it succeeds:
So the thinking is that the command line arguments for the liveness check are passed in the wrong order by the operator. If this previously used to work then maybe the behavior has changed with later Redis version.
Steps to reproduce the behaviour
Create a secret:
Add the auth clause to the redisfailover yaml file:
kubectl apply
the yaml.Environment