redis配置密码
在redis.conf配置
requirepass youredispassword
2. 配置salt-master
在/etc/salt/master中增加:
master_job_cache: redis
redis.db: '0'
redis.host: 'redis-host-addr'
redis.port: 6379
redis.password: "youredispassword"
3. 修改salt源码retrun_redis.py
需要修改3处地方
def _get_options(ret=None):
"""
Get the redis options from salt.
"""
attrs = {
"host": "host",
"port": "port",
"unix_socket_path": "unix_socket_path",
"db": "db",
"password": "password", #新增第1处
"cluster_mode": "cluster_mode",
"startup_nodes": "cluster.startup_nodes",
"skip_full_coverage_check": "cluster.skip_full_coverage_check",
}
if salt.utils.platform.is_proxy():
return {
"host": __opts__.get("redis.host", "salt"),
"port": __opts__.get("redis.port", 6379),
"unix_socket_path": __opts__.get("redis.unix_socket_path", None),
"db": __opts__.get("redis.db", "0"),
"password": __opts__.get("redis.password", ""), # 新增第2处
"cluster_mode": __opts__.get("redis.cluster_mode", False),
"startup_nodes": __opts__.get("redis.cluster.startup_nodes", {}),
"skip_full_coverage_check": __opts__.get(
"redis.cluster.skip_full_coverage_check", False
),
}
_options = salt.returners.get_returner_options(
__virtualname__, ret, attrs, __salt__=__salt__, __opts__=__opts__
)
return _options
def _get_serv(ret=None):
"""
Return a redis server object
"""
_options = _get_options(ret)
global REDIS_POOL
if REDIS_POOL:
return REDIS_POOL
elif _options.get("cluster_mode"):
REDIS_POOL = StrictRedisCluster(
startup_nodes=_options.get("startup_nodes"),
skip_full_coverage_check=_options.get("skip_full_coverage_check"),
decode_responses=True,
)
else:
REDIS_POOL = redis.StrictRedis(
host=_options.get("host"),
port=_options.get("port"),
unix_socket_path=_options.get("unix_socket_path", None),
db=_options.get("db"),
password=_options.get("passwd", ""), # 新增第3处
decode_responses=True,
)
return REDIS_POOL
错误问题1:redis加了密码后,salt-master写入不了返回数据到redis
解决办法: 根据排查,是在/etc/salt/master中配置出现冲突导致:
master_job_cache: redis
ext_job_cache: redis
如果同时配置master_job_cache和ext_job_cache后,同时开启身份验证,则salt链接redis认证正常,但是会出现returner不写返回值到redis。