Ah, okay, now it's completely clear for me. Very thanks ! Michal Arbet Openstack Engineer Ultimum Technologies a.s. Na Poříčí 1047/26, 11000 Praha 1 Czech Republic +420 604 228 897 michal.arbet@ultimum.io *https://ultimum.io <https://ultimum.io/>* LinkedIn <https://www.linkedin.com/company/ultimum-technologies> | Twitter <https://twitter.com/ultimumtech> | Facebook <https://www.facebook.com/ultimumtechnologies/timeline> po 11. 3. 2024 v 8:11 odesílatel kajinamit <kajinamit@oss.nttdata.com> napsal:
No. We still need revert.
You can workaround the problem with tooz by enabling auth in Redis Sentinel, but there are a few more implementations which currently do not support authentication for sentinel even when you enable authentication for Redis.
- Redis jobboard backend in Octavia - Redis incoming storage driver in Gnocchi
If you enable authentication in Sentinel then these components may no longer be able to use Redis Sentinel.
I'll work on updating these implementations to support auth/SSL for Sentinel, but at this stage we have not clear guarantee that the required changes will be part of 2024.1. Especially gnocchi is maintained outside of OpenStack and I'm not sure if the version with the required changes will be picked up by distros like RDO or Ubuntu.
On 2024-03-11 16:03, Michal Arbet wrote:
Hi Takashi,
Correct me if I am wrong, but revert is not needed anymore or is it ?
In kolla-ansible I hope I fixed authentication for redis sentinel [1] and now everything is working fine.
[1] https://review.opendev.org/c/openstack/kolla-ansible/+/912341
Thanks, Michal Arbet ( kevko )
Michal Arbet Openstack Engineer
Ultimum Technologies a.s. Na Poříčí 1047/26, 11000 Praha 1 Czech Republic
+420 604 228 897 michal.arbet@ultimum.io https://ultimum.io [1]
LinkedIn [2] | Twitter [3] | Facebook [4]
po 11. 3. 2024 v 2:38 odesílatel Takashi Kajinami <kajinamit@oss.nttdata.com> napsal:
Hello,
During this cycle we updated the redis support implementations to support authentication and SSL for redis sentinel, following the new implementation in oslo.cache. However later it turned out this change breaks kolla because it has been using redis sentinel without authentication while it enables authentication in redis[1].
I've submitted the changes[2] to restore the old behavior (not to enable AUTH or SSL for sentinel even when one is enabled in redis). Once these are merged in master then I'll propose backports to stable/2024.1 and propose new stable/2024.1 release.
I'd like to request approval about the release and also bumping tooz and taksflow version in stable/2024.1 requirements to unblock kolla and any other deployments using the partial authentication for redis sentinel.
Thank you, Takashi
[1] https://bugs.launchpad.net/python-tooz/+bug/2056656
[2] https://review.opendev.org/c/openstack/taskflow/+/912346 https://review.opendev.org/c/openstack/tooz/+/912344/
-- Takashi Kajinami irc: tkajinam github: https://github.com/kajinamit launchpad: https://launchpad.net/~kajinamit
Links: ------ [1] https://ultimum.io/ [2] https://www.linkedin.com/company/ultimum-technologies [3] https://twitter.com/ultimumtech [4] https://www.facebook.com/ultimumtechnologies/timeline