harbor
harbor copied to clipboard
goharbor
should add redis sentinel password support
old redis sentinel server version (4.x) doesn't support AUTH command, however current version (6.x) has already support this, we should also support it.
redis-server sentinel.conf --sentinel --requirepass 456
redis-cli -h redis-sentinel-1
AUTH 456
consider add a new param sentinel_password in the redis url
redis+sentinel://:pass1@host1:26379,host2:26379/mymaster/1?idle_timeout_seconds=30&sentinel_password=pass2
well, this fix is a little complex, need first be supported in the upstream trivy and also need patch chartserver and registry and beego also not support.
not sure if this is really a strong requirement in community.
To solve this problem, do you have any plans to upgrade and repair in the near future? About supporting redis + sentinel to add passwords, we need to support this method now.
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hello @bitsf @wy65701436, facing the same issue here, is disabling AUTH the only way to use Harbor with Redis Sentinel right now? Is there any plan to support sentinel auth in the near future?
Thanks :)
Hello, any plans to implement Sentinel AUTH? I have tested goharbor/harbor v1.9.3 helm chart and it doesn't work (my config is here https://github.com/bitnami/charts/issues/11354#issuecomment-1199794508). Here https://github.com/goharbor/harbor/issues/16907#issuecomment-1153092617 it seems that with registry it should be working, but core and jobservice don't work. I also found another opened issue regarding sentinel auth: https://github.com/goharbor/harbor/issues/17244
Could you please amend title of this issue and add "AUTH" to it so it is more visible in searches?
Looking at the code, maybe there could be some parameter indicating to use AUTH with Sentinel and then use redisOptions instead of sentinelOptions https://github.com/goharbor/harbor/blob/41105b5191cd18ff1d35433bf908bffff7186abc/src/lib/redis/redisclient.go#L144 as password is appended to redisOptions here https://github.com/goharbor/harbor/blob/41105b5191cd18ff1d35433bf908bffff7186abc/src/lib/redis/redisclient.go#L123 Seems that it gets more complicated if Sentinel and Redis passwords are not the same but there is no such config option in values.yaml currently.
@zyyw, could you please look also at this issue?
I'm facing on this issue as well.
helm chart: harbor-1.10.1
app version: 2.6.1
redis: 2022/10/18 07:25:48 sentinel.go:514: sentinel: GetMasterAddrByName master="harbor-redis" failed: NOAUTH Authentication required.
redis: 2022/10/18 07:25:48 sentinel.go:514: sentinel: GetMasterAddrByName master="harbor-redis" failed: NOAUTH Authentication required.
redis: 2022/10/18 07:25:48 sentinel.go:514: sentinel: GetMasterAddrByName master="harbor-redis" failed: NOAUTH Authentication required.
2022-10-18T07:25:48Z [ERROR] [/lib/cache/cache.go:114]: failed to ping redis+sentinel://redis-sentinel-node-0.redis-sentinel-headless.harbor2.svc.cluster.local:26379,redis-sentinel-node-1.redis-sentinel-headless.harbor2.svc.cluster.local:26379,redis-sentinel-node-2.redis-sentinel-headless.harbor2.svc.cluster.local:26379/harbor-redis/0?idle_timeout_seconds=30, retry after 10s : redis: all sentinels specified in configuration are unreachable
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.
How can you claim to support sentinel but then authentication just isn't supported??? Please implement this ASAP as harbor is currently unusable for us without AUTH support with sentinel.
Still seeing the same issue with chart version harbor-17.1.1.
My only work arounds at the moment is to run 2 redis clusters within my ecosystem:
- one for all services except harbor
- an insecure, unauthenticated cluster for harbor or the internal redis cluster that comes with the helm chart (current choice for the short term)
Any news, given this has been open a while?
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.
I'm facing the same issue !
- Chart version: 1.13.0
- Harbor version: v2.9.1
i dont know how hard it is to fix this issue, can we just simply replace here with
o.SentinelUsername, o.SentinelPassword = getUserPassword(u)
Still an issue for app version 2.10.0 installed using Helm chart. Please fix or don't claim the support of Sentinel as it is not working correctly and not providing basic, crucial functionality. Disabling AUTH should not be a solution for this.
Hello, I'm facing the same issue, @zyyw can we have an update about that please ?
Hello @bitsf @wy65701436, facing the same issue here, is disabling AUTH the only way to use Harbor with Redis Sentinel right now? Is there any plan to support sentinel auth in the near future?
Thanks :)
Still an issue for us