From 0047702aabdf53651e65cda8f1e7f7ed432353e7 Mon Sep 17 00:00:00 2001 From: Wen Hui Date: Mon, 19 Oct 2020 00:33:55 -0400 Subject: Support ACL for Sentinel Mode (#7888) This commit implements ACL for Sentinel mode, main work of this PR includes: - Update Sentinel command table in order to better support ACLs. - Fix couple of things which currently blocks the support for ACL on sentinel mode. - Provide "sentinel sentinel-user" and "sentinel sentinel-pass " configuration in order to let sentinel authenticate with a specific user in other sentinels. - requirepass is kept just for compatibility with old config files Co-authored-by: Oran Agra --- sentinel.conf | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'sentinel.conf') diff --git a/sentinel.conf b/sentinel.conf index b6ff05f25..50a36a314 100644 --- a/sentinel.conf +++ b/sentinel.conf @@ -131,6 +131,29 @@ sentinel down-after-milliseconds mymaster 30000 # other Sentinels. So you need to configure all your Sentinels in a given # group with the same "requirepass" password. Check the following documentation # for more info: https://redis.io/topics/sentinel +# +# IMPORTANT NOTE: starting with Redis 6.2 "requirepass" is a compatibility +# layer on top of the ACL system. The option effect will be just setting +# the password for the default user. Clients will still authenticate using +# AUTH as usually, or more explicitly with AUTH default +# if they follow the new protocol: both will work. +# +# New config files are advised to use separate authentication control for +# incoming connections (via ACL), and for outgoing connections (via +# sentinel-user and sentinel-pass) +# +# The requirepass is not compatable with aclfile option and the ACL LOAD +# command, these will cause requirepass to be ignored. + +# sentinel sentinel-user +# +# You can configure Sentinel to authenticate with other Sentinels with specific +# user name. + +# sentinel sentinel-pass +# +# The password for Sentinel to authenticate with other Sentinels. If sentinel-user +# is not configured, Sentinel will use 'default' user with sentinel-pass to authenticate. # sentinel parallel-syncs # -- cgit v1.2.1