Support for clustered redis?

[kabalman]

Can this plugin be used to enable dynamic credential generation for a clustered redis implementation? i.e. Redis cluster has multi-master setup with data sharding across the masters?

[kabalman]

I can see some documentation in a feature branch called cluster-support, but that doesn't look like it has been merged to the main branch. Is this not officially available to use?

[Zlaticanin]

Hello @kabalman, thank you for submitting this! For others who are interested in this, please stick a 👍 on this issue. We’re currently developing an internal process to review and prioritize feature requests. We would welcome a PR if this is something you are interested in as well.

[rdxmb]

Another use-case is to use this with redis-sentinels

[fhitchen]

Hello @kabalman, clusters are fully supported, I remember working on the cluster-support branch and it did make it's way into the master branch. Clusters are dynamic though, and if you provision a new user or make credential changes and one of the cluster members is unavailable, then that cluster member will be out of sync when it comes back.

[ausmartway]

hi @fhitchen , thanks for confirming that clusters are fully supported. do you know if since which version it is supported, or can you point out the PR so I can find more details?

[fhitchen]

Oh no, I thought I had merged the cluster-support branch into main before Hashicorp accepted the code. Looks like I did not. You will have to checkout that branch and see if it will build with the latest Vault SDK. The README.md has full details. It will add a bit more complexity to the automated testing as well, spinning up a redis cluster, I can't remember how easy that was.

[fmartinou]

Hello,

Any news regarding the support of Redis clusters?
(clusters don't replicate ACL from a node to the others so this plugin is unfortunately usable with single-node Redis instances only 😢 ).

[fhitchen]

Hello fmartinou,

why don't you check out the cluster-support branch and try it out? It was working at the time Hashicorp took over the code. In the mean time I will take a look and see what needs to be done to merge it into the main branch.

Regards, Francis.

[fmartinou]

Hello Francis,

Thank you for your quick answer! 👍

I can see this branch is 3 years old 😨 !
I'll give it a try but anyways, I'm eager to see Hashicorp provide an official support because we use the Vault "Enterprise edition").

Regards,

[fhitchen]

Hello fmartinou,

I looked at merging the cluster-support branch into the main branch, but the Radix V4 upgrade has made it a non-trivial action. In the new V4 Golang redis api, a distinction has been made between single
Redis instance clients and Cluster or Sentinel clients. I think that the client needs to be moved to a MultiClient to support all of the installation types. I will keep investigating and let you know.

Regards, Francis.

[heatherezell]

Hello Francis,

Thank you for your quick answer! 👍

I can see this branch is 3 years old 😨 ! I'll give it a try but anyways, I'm eager to see Hashicorp provide an official support because we use the Vault "Enterprise edition").

Regards,

I would highly encourage you to raise this to your sales/support team! They can escalate it internally with our product and engineering teams. :)

[fhitchen]

Hi hsimon, fmartinou,

I have merged the cluster support branch into main on my fork of this repo, it needs cleaning up but is mostly working. The branch also supports persisting the ACL updates, either to an ACL file with ACL SAVE or to the config file with CONFIG REWRITE, you get to choose. This is an important step missing in the original.

I have found the bitnami redis docker images to be the best resource for using to setup test installations. I have a cluster working. I will next add support for a redis server plus replica[s] which is also missing, but with cluster implemented should be straightforward. After that I will tackle Redis Sentinel and then the plugin will be more production grade.

Regards, Francis.

[fmartinou]

Thank you very much for all your work @fhitchen !👏

[fhitchen]

Hello Francis,
Thank you for your quick answer! 👍
I can see this branch is 3 years old 😨 ! I'll give it a try but anyways, I'm eager to see Hashicorp provide an official support because we use the Vault "Enterprise edition").
Regards,

I would highly encourage you to raise this to your sales/support team! They can escalate it internally with our product and engineering teams. :)

Hi hsimon,

I have submitted a pull request with the cluster support along with several other improvements. Would you be able to get the maintainers to take a look?

Regards, Francis.

[heatherezell]

Hi @fhitchen! Thanks for the heads-up. I've pinged our engineers to take a peek at it. :)

[popdaniel942]

Hello. Is there any update on this? We are also interested in the persistence_mode flag so it automatically does an acl save on rotation. For now we have some code to do an acl save every 10 seconds but this would be a much cleaner solution. Thank you.

[fhitchen]

Hi @popdaniel942, I created a pull request for this some time ago but I don't think the support team has looked at it yet. I have added an X86-64 Linux binary to my fork if you want to try it out for yourself whilst waiting for Hashicorp or is it IBM now! If you are using another platform, Mac, Windows, ARM, let me know and I can add that binary for you. See https://github.com/fhitchen/vault-plugin-database-redis/releases. I would appreciate your feedback. It has been well tested, but if you have a test Redis & Vault setup it would be really helpful to get some other testing done on it as all my work has been done with a docker hosted cluster