Hi Kyle (and anyone else out there),
So while moving slowing on our tls implementation I find myself in a new quandary.
As mentioned earlier, we managed to implement tls on a stand-alone redis on Centos 8. We then created two new instances and implemented Sentinel between the three. It appears that (after some challenges — Actually on that for anybody else, the main issue was with some renames which were done to the redis.conf --), we can use the instance and it appears that all the inter node connections work.
Further, we can connect directly to the master with a Python script the connection being as follows:
from redis.sentinel import Sentinel
import redis
keyint = 1
print(“hello”)
redis_client = redis.StrictRedis(
host=xxx.yyy.zzz.com’,
port=‘6379’,
password=’########’,
ssl=True,
ssl_keyfile=‘C:/Users/ABJC587/Desktop/server.key’,
ssl_certfile=‘C:/Users/ABJC587/Desktop/server.crt’,
ssl_cert_reqs=‘required’,
ssl_ca_certs=‘C:/Users/ABJC587/Desktop/rootCA.crt’)
print(“Hello once more”)
redis_client.set(‘senttest11111’, ‘test 02’)
The set works fine here.
So the next step was to use sentinel from a python script. We had some issues here so we stripped it down just to do the discover as follows:
from redis.sentinel import Sentinel
import redis
keyint = 1
keyint1 = 1
sentinel = Sentinel([(‘host1’,26379),
(‘host2’,26379),
(‘host3’,26379)],
stream_timeout=0.1,
)
print(“hello”)
host, port = sentinel.discover_master(‘master01’)
It seems to fail on the discover with:
:\Users\ABJC587\AppData\Local\Programs\Python\Python38\python.exe C:/Users/ABJC587/PycharmProjects/newproj/venv/resissent6.py
hello
Traceback (most recent call last):
File “C:/Users/ABJC587/PycharmProjects/newproj/venv/resissent6.py”, line 16, in
host, port = sentinel.discover_master(‘master01’)
File “C:\Users\ABJC587\AppData\Local\Programs\Python\Python38\lib\site-packages\redis\sentinel.py”, line 219, in discover_master
raise MasterNotFoundError(“No master found for %r” % (service_name,))
redis.sentinel.MasterNotFoundError: No master found for ‘master01’
Process finished with exit code 1
Then in the sentinel log we see:
55755:X 20 Jul 2021 09:24:16.133 # Error accepting a client connection: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
I believe that the various parameters are correct (tls-replication) for both Sentinel. I have also tried running the Python program on another Linux box which also has Redis installed just in case this is because I was running in Windows but I receive the same error.
My thoughts are that the sentinel connection need some more parameters but I cannot find what they might be so any help appreciated.
) If once I, let’s say have three nodes completed with TLS installed, if then making a Sentinel cluster out of these has any issues.
CE, Sentinel, TLS mainly working well. Some of the issues I had are actually embarrassments such as not stopping the firewall, and even not restarting the Sentinel service after a config change. In any case my simple Python program is able to connect to Sentinel, determine the master etc. and work away!