Ah, okay, now it's completely clear for me. Very thanks ! 

Michal Arbet
Openstack Engineer

Ultimum Technologies a.s.
Na Poříčí 1047/26, 11000 Praha 1
Czech Republic

+420 604 228 897 
michal.arbet@ultimum.io
https://ultimum.io



po 11. 3. 2024 v 8:11 odesílatel kajinamit <kajinamit@oss.nttdata.com> napsal:
No. We still need revert.

You can workaround the problem with tooz by enabling auth in Redis
Sentinel,
but there are a few more implementations which currently do not support
authentication
for sentinel even when you enable authentication for Redis.

  - Redis jobboard backend in Octavia
  - Redis incoming storage driver in Gnocchi

If you enable authentication in Sentinel then these components may no
longer be able
to use Redis Sentinel.

I'll work on updating these implementations to support auth/SSL for
Sentinel, but
at this stage we have not clear guarantee that the required changes will
be part
of 2024.1. Especially gnocchi is maintained outside of OpenStack and I'm
not sure
if the version with the required changes will be picked up by distros
like RDO or Ubuntu.

On 2024-03-11 16:03, Michal Arbet wrote:
> Hi Takashi,
>
> Correct me if I am wrong, but revert  is not needed anymore or is it ?
>
>
> In kolla-ansible I hope I fixed authentication for redis sentinel [1]
> and now
> everything is working fine.
>
> [1] https://review.opendev.org/c/openstack/kolla-ansible/+/912341
>
> Thanks,
> Michal Arbet ( kevko )
>
> Michal Arbet
> Openstack Engineer
>
> Ultimum Technologies a.s.
> Na Poříčí 1047/26, 11000 Praha 1
> Czech Republic
>
> +420 604 228 897
> michal.arbet@ultimum.io
> https://ultimum.io [1]
>
> LinkedIn [2] | Twitter [3] | Facebook [4]
>
> po 11. 3. 2024 v 2:38 odesílatel Takashi Kajinami
> <kajinamit@oss.nttdata.com> napsal:
>
>> Hello,
>>
>> During this cycle we updated the redis support implementations to
>> support authentication
>> and SSL for redis sentinel, following the new implementation in
>> oslo.cache. However later
>> it turned out this change breaks kolla because it has been using
>> redis sentinel without
>> authentication while it enables authentication in redis[1].
>>
>> I've submitted the changes[2] to restore the old behavior (not to
>> enable AUTH or SSL for
>> sentinel even when one is enabled in redis). Once these are merged
>> in master then I'll
>> propose backports to stable/2024.1 and propose new stable/2024.1
>> release.
>>
>> I'd like to request approval about the release and also bumping tooz
>> and taksflow
>> version in stable/2024.1 requirements to unblock kolla and any other
>> deployments using
>> the partial authentication for redis sentinel.
>>
>> Thank you,
>> Takashi
>>
>> [1]
>> https://bugs.launchpad.net/python-tooz/+bug/2056656
>>
>> [2]
>> https://review.opendev.org/c/openstack/taskflow/+/912346
>> https://review.opendev.org/c/openstack/tooz/+/912344/
>>
>> --
>> Takashi Kajinami
>> irc: tkajinam
>> github: https://github.com/kajinamit
>> launchpad: https://launchpad.net/~kajinamit
>
>
> Links:
> ------
> [1] https://ultimum.io/
> [2] https://www.linkedin.com/company/ultimum-technologies
> [3] https://twitter.com/ultimumtech
> [4] https://www.facebook.com/ultimumtechnologies/timeline