diff options
author | Wen Hui <wen.hui.ware@gmail.com> | 2020-10-19 00:33:55 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-10-19 07:33:55 +0300 |
commit | 0047702aabdf53651e65cda8f1e7f7ed432353e7 (patch) | |
tree | 5126f39799c555224f731a1cbd1db50b884eb9ca /sentinel.conf | |
parent | 457b7073b5d512c10aaeeb0dbf1763f0cb10462c (diff) | |
download | redis-0047702aabdf53651e65cda8f1e7f7ed432353e7.tar.gz |
Support ACL for Sentinel Mode (#7888)
This commit implements ACL for Sentinel mode, main work of this PR includes:
- Update Sentinel command table in order to better support ACLs.
- Fix couple of things which currently blocks the support for ACL on sentinel mode.
- Provide "sentinel sentinel-user" and "sentinel sentinel-pass " configuration in order to let sentinel authenticate with a specific user in other sentinels.
- requirepass is kept just for compatibility with old config files
Co-authored-by: Oran Agra <oran@redislabs.com>
Diffstat (limited to 'sentinel.conf')
-rw-r--r-- | sentinel.conf | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/sentinel.conf b/sentinel.conf index b6ff05f25..50a36a314 100644 --- a/sentinel.conf +++ b/sentinel.conf @@ -131,6 +131,29 @@ sentinel down-after-milliseconds mymaster 30000 # other Sentinels. So you need to configure all your Sentinels in a given # group with the same "requirepass" password. Check the following documentation # for more info: https://redis.io/topics/sentinel +# +# IMPORTANT NOTE: starting with Redis 6.2 "requirepass" is a compatibility +# layer on top of the ACL system. The option effect will be just setting +# the password for the default user. Clients will still authenticate using +# AUTH <password> as usually, or more explicitly with AUTH default <password> +# if they follow the new protocol: both will work. +# +# New config files are advised to use separate authentication control for +# incoming connections (via ACL), and for outgoing connections (via +# sentinel-user and sentinel-pass) +# +# The requirepass is not compatable with aclfile option and the ACL LOAD +# command, these will cause requirepass to be ignored. + +# sentinel sentinel-user <username> +# +# You can configure Sentinel to authenticate with other Sentinels with specific +# user name. + +# sentinel sentinel-pass <password> +# +# The password for Sentinel to authenticate with other Sentinels. If sentinel-user +# is not configured, Sentinel will use 'default' user with sentinel-pass to authenticate. # sentinel parallel-syncs <master-name> <numreplicas> # |