[Redis] 使用 redis-py 連線 Redis Sentinel 時,出現 No master found for ‘mymaster’ 錯誤訊息?
今天在幫忙同事看一個 redis-py 連線 Redis Sentinel,
可是卻出現 No master found for ‘mymaster’ 錯誤訊息的問題…
下面是建立
Sentinel
Sentinel 物件,以及用它來跑 discover_master()
discover_master() 的主體程式:
ssl = True
ssl_cert_reqs = "required"
redis_sentinel = redis.sentinel.Sentinel(
[('127.0.0.1', 26379)],
sentinel_kwargs={
"ssl": ssl,
"ssl_cert_reqs": ssl_cert_reqs,
},
ssl=ssl,
connection_class=redis.sentinel.SentinelManagedSSLConnection,
ssl_cert_reqs=ssl_cert_reqs,
)
redis_master = redis_sentinel.discover_master("mymaster")
ssl = True
ssl_cert_reqs = "required"
redis_sentinel = redis.sentinel.Sentinel(
[('127.0.0.1', 26379)],
sentinel_kwargs={
"ssl": ssl,
"ssl_cert_reqs": ssl_cert_reqs,
},
ssl=ssl,
connection_class=redis.sentinel.SentinelManagedSSLConnection,
ssl_cert_reqs=ssl_cert_reqs,
)
redis_master = redis_sentinel.discover_master("mymaster")
ssl = True
ssl_cert_reqs = "required"
redis_sentinel = redis.sentinel.Sentinel(
[('127.0.0.1', 26379)],
sentinel_kwargs={
"ssl": ssl,
"ssl_cert_reqs": ssl_cert_reqs,
},
ssl=ssl,
connection_class=redis.sentinel.SentinelManagedSSLConnection,
ssl_cert_reqs=ssl_cert_reqs,
)
redis_master = redis_sentinel.discover_master("mymaster")
因為我們的 Redis Sentinel 和 Redis server 都有開 TLS,
所以 ssl 是設定成 True 的,光看程式似乎沒有問題,
那就用 pdb 來跑跑看吧~
跑到 redis-py 底層的
get_connection()
get_connection() 時,
看到它傳出一個 [SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: self signed certificate in certificate chain 的 exception:
(Pdb) n
> /usr/local/lib/python3.10/site-packages/redis/client.py(1255)execute_command()
-> conn = self.connection or pool.get_connection(command_name, **options)
(Pdb) n
redis.exceptions.ConnectionError: Error 1 connecting to 127.0.0.1:26379. [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997).
> /usr/local/lib/python3.10/site-packages/redis/client.py(1255)execute_command()
-> conn = self.connection or pool.get_connection(command_name, **options)
(Pdb) n
> /usr/local/lib/python3.10/site-packages/redis/client.py(1255)execute_command()
-> conn = self.connection or pool.get_connection(command_name, **options)
(Pdb) n
redis.exceptions.ConnectionError: Error 1 connecting to 127.0.0.1:26379. [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997).
> /usr/local/lib/python3.10/site-packages/redis/client.py(1255)execute_command()
-> conn = self.connection or pool.get_connection(command_name, **options)
(Pdb) n > /usr/local/lib/python3.10/site-packages/redis/client.py(1255)execute_command() -> conn = self.connection or pool.get_connection(command_name, **options) (Pdb) n redis.exceptions.ConnectionError: Error 1 connecting to 127.0.0.1:26379. [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997). > /usr/local/lib/python3.10/site-packages/redis/client.py(1255)execute_command() -> conn = self.connection or pool.get_connection(command_name, **options)
看起來是因為我們建的 Redis Sentinel 本身是用 self-signed certificate,
而我們又沒有在 redis-py 裡指定相關的 CA,
因此 TLS 驗證失敗造成的…
比較懶 (不安全) 的改法是關閉 certificate 的驗證:
ssl_cert_reqs = "none"
ssl_cert_reqs = "none"
ssl_cert_reqs = "none"
這時就可以成功跑完
discover_master()
discover_master() 的部分,
拿到 Redis master node 的資訊了:
(Pdb) redis_master
('10.0.233.199', 6379)
(Pdb) redis_master
('10.0.233.199', 6379)
(Pdb) redis_master
('10.0.233.199', 6379)
不過正式的改法,應該還是將 ssl_cert_reqs 設成 “required”,
然後要正確的設定 ssl_keyfile, ssl_certfile, ssl_ca_certs 這些參數囉~
(本頁面已被瀏覽過 268 次)