2931aa9bd6
This is both a bugfix and an enhancement. Internally, Sentinel relies entirely on IP addresses to identify instances. When configured with a new master, it also requires users to specify and IP and not hostname. However, replicas may use the replica-announce-ip configuration to announce a hostname. When that happens, Sentinel fails to match the announced hostname with the expected IP and considers that a different instance, triggering reconfiguration, etc. Another use case is where TLS is used and clients are expected to match the hostname to connect to with the certificate's SAN attribute. To properly implement this configuration, it is necessary for Sentinel to redirect clients to a hostname rather than an IP address. The new 'resolve-hostnames' configuration parameter determines if Sentinel is willing to accept hostnames. It is set by default to no, which maintains backwards compatibility and avoids unexpected DNS resolution delays on systems with DNS configuration issues. Internally, Sentinel continues to identify instances by their resolved IP address and will also report the IP by default. The new 'announce-hostnames' parameter determines if Sentinel should prefer to announce a hostname, when available, rather than an IP address. This applies to addresses returned to clients, as well as their representation in the configuration file, REPLICAOF configuration commands, etc. This commit also introduces SENTINEL CONFIG GET and SENTINEL CONFIG SET which can be used to introspect or configure global Sentinel configuration that was previously was only possible by directly accessing the configuration file and possibly restarting the instance. Co-authored-by: myl1024 <myl92916@qq.com> Co-authored-by: sundb <sundbcn@gmail.com>
51 lines
1.3 KiB
Tcl
51 lines
1.3 KiB
Tcl
|
|
source "../tests/includes/init-tests.tcl"
|
|
|
|
set ::user "testuser"
|
|
set ::password "secret"
|
|
|
|
proc setup_acl {} {
|
|
foreach_sentinel_id id {
|
|
assert_equal {OK} [S $id ACL SETUSER $::user >$::password +@all on]
|
|
assert_equal {OK} [S $id ACL SETUSER default off]
|
|
|
|
S $id CLIENT KILL USER default SKIPME no
|
|
assert_equal {OK} [S $id AUTH $::user $::password]
|
|
}
|
|
}
|
|
|
|
proc teardown_acl {} {
|
|
foreach_sentinel_id id {
|
|
assert_equal {OK} [S $id ACL SETUSER default on]
|
|
assert_equal {1} [S $id ACL DELUSER $::user]
|
|
|
|
S $id SENTINEL CONFIG SET sentinel-user ""
|
|
S $id SENTINEL CONFIG SET sentinel-pass ""
|
|
}
|
|
}
|
|
|
|
test "(post-init) Set up ACL configuration" {
|
|
setup_acl
|
|
assert_equal $::user [S 1 ACL WHOAMI]
|
|
}
|
|
|
|
test "SENTINEL CONFIG SET handles on-the-fly credentials reconfiguration" {
|
|
# Make sure we're starting with a broken state...
|
|
after 5000
|
|
catch {S 1 SENTINEL CKQUORUM mymaster} err
|
|
assert_match {*NOQUORUM*} $err
|
|
|
|
foreach_sentinel_id id {
|
|
assert_equal {OK} [S $id SENTINEL CONFIG SET sentinel-user $::user]
|
|
assert_equal {OK} [S $id SENTINEL CONFIG SET sentinel-pass $::password]
|
|
}
|
|
|
|
after 5000
|
|
assert_match {*OK*} [S 1 SENTINEL CKQUORUM mymaster]
|
|
}
|
|
|
|
test "(post-cleanup) Tear down ACL configuration" {
|
|
teardown_acl
|
|
}
|
|
|