we have a redis-sentinel cluster consisting of three VMs running redis and sentinel, and I am using redisson library to connect to it.However we are facing an issue when connecting to it.It seems that when it gets the list of sentinels, it gets the master as non ssl.
Versions:redis 6java 1.8redisson 3.16.4
here is the sentinel configuration on the VMs,
port 0tls-port 26379tls-cert-file "/etc/ssl/redis/redis.crt"tls-key-file "/etc/ssl/redis/redis.key"tls-ca-cert-file "/etc/ssl/redis/ca_uat.crt"tls-replication yestls-auth-clients yesdaemonize nopidfile "/var/run/redis-sentinel.pid"sentinel myid e93ca95c2bd17723461f3d2a84296934f560c46esentinel deny-scripts-reconfig yessentinel monitor redis-cluster 182.26.3.54 6379 2sentinel down-after-milliseconds redis-cluster 5000logfile "/var/log/redis/sentinel.log"dir "/tmp"requirepass password# Generated by CONFIG REWRITEprotected-mode nosupervised systemduser default on #1d38e11ad3cff25192a679ae05dd0cebaa746da9185a66f719ff19311472a02f ~* +@allsentinel failover-timeout redis-cluster 60000sentinel auth-pass redis-cluster passwordsentinel config-epoch redis-cluster 70sentinel leader-epoch redis-cluster 70sentinel known-replica redis-cluster 182.26.3.21 6379sentinel known-replica redis-cluster 182.26.3.51 6379sentinel known-sentinel redis-cluster 182.26.3.54 26379 2294c0239d9137af32e5d4b0fc2836e12727f13asentinel known-sentinel redis-cluster 182.26.3.51 26379 e69c7f50bb633a04981a20f54c7f5edcd46fc0c8sentinel current-epoch 70and here is the the non default redis config.
port 0tls-port 6379tls-cert-file /etc/ssl/redis/redis.crttls-key-file /etc/ssl/redis/redis.keytls-ca-cert-file /etc/ssl/redis/ca_uat.crttls-replication yestls-auth-clients yesmasterauth passwordrequirepass passwordhere is the redisson yaml config
---sentinelServersConfig: idleConnectionTimeout: 100000 connectTimeout: 100000 timeout: 30000 retryAttempts: 3 retryInterval: 1500 password: "password" subscriptionsPerConnection: 5 sslEnableEndpointIdentification: false sslProvider: "JDK" sslTruststore: "file:/resources/redis-cluster.jks" sslTruststorePassword: "Jpass" sslKeystore: "file:/resources/redis-cluster.jks" sslKeystorePassword: "Jpass" sslProtocols: - "TLSv1.2" pingConnectionInterval: 30000 keepAlive: false tcpNoDelay: true nameMapper: !<org.redisson.api.DefaultNameMapper> {} loadBalancer: !<org.redisson.connection.balancer.RoundRobinLoadBalancer> {} slaveConnectionMinimumIdleSize: 24 slaveConnectionPoolSize: 64 failedSlaveReconnectionInterval: 3000 failedSlaveCheckInterval: 180000 masterConnectionMinimumIdleSize: 24 masterConnectionPoolSize: 64 readMode: "SLAVE" subscriptionMode: "SLAVE" subscriptionConnectionMinimumIdleSize: 1 subscriptionConnectionPoolSize: 50 dnsMonitoringInterval: 5000 sentinelAddresses: - "rediss://redis03.corp.com:26379" - "rediss://redis02.corp.com:26379" - "rediss://redis01.corp.com:26379" natMapper: !<org.redisson.api.DefaultNatMapper> {} masterName: "redis-cluster" sentinelPassword: "password" database: 0 scanInterval: 1000 checkSentinelsList: true checkSlaveStatusWithSyncing: truethreads: 16nettyThreads: 32codec: !<org.redisson.codec.MarshallingCodec> {}referenceEnabled: truetransportMode: "NIO"lockWatchdogTimeout: 300000reliableTopicWatchdogTimeout: 6000000keepPubSubOrder: trueuseScriptCache: falseminCleanUpDelay: 5maxCleanUpDelay: 1800cleanUpKeysAmount: 100nettyHook: !<org.redisson.client.DefaultNettyHook> {}useThreadClassLoader: trueaddressResolverGroupFactory: !<org.redisson.connection.DnsAddressResolverGroupFactory> {}and here is the code to create the connection
try { reddisonConfig = Config.fromYAML(configFile); logger.warn(reddisonConfig.toYAML()); } catch (IOException e) { logger.warn("Unable to load configuration file"); logger.warn("file location is" + configFile.getAbsolutePath()); setConnected(false); utilityClass.logMe(logger, e); } try { Rclient = Redisson.create(reddisonConfig); setConnected(true); } catch (Exception e) { logger.warn("Problem connecting to redis "); setConnected(false); utilityClass.logMe(logger, e); }and here is the error I get when I start the service.
2021-11-15 12:36:20.652 [restartedMain] INFO org.redisson.Version : Redisson 3.16.42021-11-15 12:36:21.008 [restartedMain] INFO o.r.c.SentinelConnectionManager : master: redis://182.26.3.21:6379 added2021-11-15 12:36:21.016 [restartedMain] INFO o.r.c.SentinelConnectionManager : slave: rediss://182.26.3.54:6379 added2021-11-15 12:36:21.016 [restartedMain] INFO o.r.c.SentinelConnectionManager : slave: rediss://182.26.3.51:6379 added2021-11-15 12:36:21.094 [redisson-netty-11-10] INFO o.r.c.SentinelConnectionManager : sentinel: rediss://182.26.3.51:26379 added2021-11-15 12:36:21.094 [redisson-netty-11-11] INFO o.r.c.SentinelConnectionManager : sentinel: rediss://182.26.3.54:26379 added2021-11-15 12:36:21.102 [redisson-netty-11-9] INFO o.r.c.SentinelConnectionManager : sentinel: rediss://182.26.3.21:26379 added2021-11-15 12:36:51.244 [restartedMain] WARN c.b.p.utilities.CacheUtil : Problem connecting to redis server2021-11-15 12:36:51.245 [restartedMain] ERROR c.b.p.utilities.CacheUtil : Exception occurred at restartedMain Exception Messageorg.redisson.client.RedisConnectionException: Unable to connect to Redis server: 182.26.3.21/182.26.3.21:6379 at org.redisson.connection.pool.ConnectionPool$1.lambda$run$0(ConnectionPool.java:158) at org.redisson.misc.RedissonPromise.lambda$onComplete$0(RedissonPromise.java:183) at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:578) at io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:552) at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:491) at io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:616) at io.netty.util.concurrent.DefaultPromise.setFailure0(DefaultPromise.java:609) at io.netty.util.concurrent.DefaultPromise.tryFailure(DefaultPromise.java:117) at org.redisson.misc.RedissonPromise.tryFailure(RedissonPromise.java:96) at org.redisson.connection.pool.ConnectionPool.promiseFailure(ConnectionPool.java:313) at org.redisson.connection.pool.ConnectionPool.lambda$createConnection$3(ConnectionPool.java:279) at org.redisson.misc.RedissonPromise.lambda$onComplete$0(RedissonPromise.java:183) at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:578) at io.netty.util.concurrent.DefaultPromise.notifyListeners0(DefaultPromise.java:571) at io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:550) at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:491) at io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:616) at io.netty.util.concurrent.DefaultPromise.setFailure0(DefaultPromise.java:609) at io.netty.util.concurrent.DefaultPromise.tryFailure(DefaultPromise.java:117) at org.redisson.misc.RedissonPromise.tryFailure(RedissonPromise.java:96) at org.redisson.client.RedisClient$2$1.run(RedisClient.java:242) at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164) at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:472) at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:500) at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.lang.Thread.run(Thread.java:748)Caused by: org.redisson.client.RedisTimeoutException: Command execution timeout for command: (AUTH), params: (password masked), Redis client: [addr=redis://182.26.3.21:6379] at org.redisson.client.RedisConnection.lambda$async$1(RedisConnection.java:251) at io.netty.util.HashedWheelTimer$HashedWheelTimeout.expire(HashedWheelTimer.java:672) at io.netty.util.HashedWheelTimer$HashedWheelBucket.expireTimeouts(HashedWheelTimer.java:747) at io.netty.util.HashedWheelTimer$Worker.run(HashedWheelTimer.java:472) ... 2 common frames omittedI can that it tries to connect to the master redis using redis://182.26.3.21:6379 instead of rediss://182.26.3.21:6379 which I gather is needed for tls connection.
I used ssl scan tool to verify that ssl 1.2 is enabled and here is the output.
D:\Users\03856u\Documents\sslScan>sslscan 182.26.3.21:6379Version: 2.0.10 Windows 64-bit (Mingw)OpenSSL 1.1.1e-dev xx XXX xxxxConnected to 182.26.3.21Testing SSL server 182.26.3.21 on port 6379 using SNI name 182.26.3.21 SSL/TLS Protocols:SSLv2 disabledSSLv3 disabledTLSv1.0 disabledTLSv1.1 disabledTLSv1.2 enabledTLSv1.3 enabled TLS Fallback SCSV:Server supports TLS Fallback SCSV TLS renegotiation:Session renegotiation not supported TLS Compression:Compression disabled Heartbleed:TLSv1.3 not vulnerable to heartbleedTLSv1.2 not vulnerable to heartbleed Supported Server Cipher(s):Preferred TLSv1.3 128 bits TLS_AES_128_GCM_SHA256 Curve 25519 DHE 253Accepted TLSv1.3 256 bits TLS_AES_256_GCM_SHA384 Curve 25519 DHE 253Accepted TLSv1.3 256 bits TLS_CHACHA20_POLY1305_SHA256 Curve 25519 DHE 253Accepted TLSv1.3 128 bits TLS_AES_128_CCM_SHA256 Curve 25519 DHE 253 Server Key Exchange Group(s):TLSv1.3 128 bits secp256r1 (NIST P-256)TLSv1.3 192 bits secp384r1 (NIST P-384)TLSv1.3 260 bits secp521r1 (NIST P-521)TLSv1.3 128 bits x25519TLSv1.3 224 bits x448TLSv1.2 128 bits secp256r1 (NIST P-256)TLSv1.2 192 bits secp384r1 (NIST P-384)TLSv1.2 260 bits secp521r1 (NIST P-521)TLSv1.2 128 bits x25519TLSv1.2 224 bits x448 SSL Certificate:Signature Algorithm: sha256WithRSAEncryptionRSA Key Strength: 2048Subject: redis.corp.comAltnames: DNS:redis.corp.com, DNS:redis03.corp.com, DNS:redis01.corp.com, DNS:redis02.corp.com, IP Address:182.26.3.21, IP Address:182.26.3.54, IP Address:182.26.3.51Issuer: UAT-CANot valid before: Oct 4 05:19:14 2021 GMTNot valid after: Oct 3 05:19:14 2026 GMTI have opened an issue in github and I was told that there was no issue with the library in connecting to sentinel on SSL, so I am guessing its an issue in my configuration.I looked at the documentation on github and couldn't figure it out.any help is welcome.