|
 |
a89620 |
From 6303448af77d2ed64c7436a84b30cf7fa4941e19 Mon Sep 17 00:00:00 2001
|
|
|
a89620 |
From: Michele Baldessari <michele@acksyn.org>
|
|
|
a89620 |
Date: Wed, 30 Jan 2019 21:36:17 +0100
|
|
|
a89620 |
Subject: [PATCH] redis: Filter warning from stderr when calling 'redis-cli -a'
|
|
|
a89620 |
|
|
|
a89620 |
In some versions of redis (starting with 4.0.10) we have commits [1] and
|
|
|
a89620 |
[2] which add a warning on stderr which will be printed out every single
|
|
|
a89620 |
time a monitor operation takes place:
|
|
|
a89620 |
|
|
|
a89620 |
foo pacemaker-remoted[57563]: notice: redis_monitor_20000:1930:stderr
|
|
|
a89620 |
[ Warning: Using a password with '-a' option on the command line interface may not be safe. ]
|
|
|
a89620 |
|
|
|
a89620 |
Later on commit [3] (merged with 5.0rc4) was merged which added the option
|
|
|
a89620 |
'--no-auth-warning' to disable said warning since it broke a bunch of
|
|
|
a89620 |
scripts [4]. I tried to forcibly either try the command twice (first
|
|
|
a89620 |
with --no-auth-warning and then without in case of errors) but it is
|
|
|
a89620 |
impossible to distinguish between error due to missing param and other
|
|
|
a89620 |
errors.
|
|
|
a89620 |
|
|
|
a89620 |
So instead of inspecting the version of the redis-cli tool and do the following:
|
|
|
a89620 |
- >= 5.0.0 use --no-auth-warning all the time
|
|
|
a89620 |
- >= 4.0.10 & < 5.0.0 filter the problematic line from stderr only
|
|
|
a89620 |
- else do it like before
|
|
|
a89620 |
|
|
|
a89620 |
We simply filter out from stderr the 'Using a password' message
|
|
|
a89620 |
unconditionally while making sure we keep stdout just the same.
|
|
|
a89620 |
|
|
|
a89620 |
Tested on a redis 4.0.10 cluster and confirmed that it is working as
|
|
|
a89620 |
intended.
|
|
|
a89620 |
|
|
|
a89620 |
All this horror and pain is due to the fact that redis does not support
|
|
|
a89620 |
any other means to pass a password (we could in theory first connect to
|
|
|
a89620 |
the server and then issue an AUTH command, but that seems even more
|
|
|
a89620 |
complex and error prone). See [5] for more info (or [6] for extra fun)
|
|
|
a89620 |
|
|
|
a89620 |
[1] https://github.com/antirez/redis/commit/c082221aefbb2a472c7193dbdbb90900256ce1a2
|
|
|
a89620 |
[2] https://github.com/antirez/redis/commit/ef931ef93e909b4f504e8c6fbed350ed70c1c67c
|
|
|
a89620 |
[3] https://github.com/antirez/redis/commit/a4ef94d2f71a32f73ce4ebf154580307a144b48f
|
|
|
a89620 |
[4] https://github.com/antirez/redis/issues/5073
|
|
|
a89620 |
[5] https://github.com/antirez/redis/issues/3483
|
|
|
a89620 |
[6] https://github.com/antirez/redis/pull/2413
|
|
|
a89620 |
|
|
|
a89620 |
Signed-off-by: Michele Baldessari <michele@acksyn.org>
|
|
|
a89620 |
---
|
|
|
a89620 |
heartbeat/redis.in | 4 +++-
|
|
|
a89620 |
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
a89620 |
|
|
|
a89620 |
diff --git a/heartbeat/redis.in b/heartbeat/redis.in
|
|
|
a89620 |
index 1dff067e9..e257bcc5e 100644
|
|
|
a89620 |
--- a/heartbeat/redis.in
|
|
|
a89620 |
+++ b/heartbeat/redis.in
|
|
|
a89620 |
@@ -302,7 +302,9 @@ set_score()
|
|
|
a89620 |
redis_client() {
|
|
|
a89620 |
ocf_log debug "redis_client: '$REDIS_CLIENT' -s '$REDIS_SOCKET' $*"
|
|
|
a89620 |
if [ -n "$clientpasswd" ]; then
|
|
|
a89620 |
- "$REDIS_CLIENT" -s "$REDIS_SOCKET" -a "$clientpasswd" "$@" | sed 's/\r//'
|
|
|
a89620 |
+ # Starting with 4.0.10 there is a warning on stderr when using a pass
|
|
|
a89620 |
+ # Once we stop supporting versions < 5.0.0 we can add --no-auth-warning here
|
|
|
a89620 |
+ ("$REDIS_CLIENT" -s "$REDIS_SOCKET" -a "$clientpasswd" "$@" 2>&1 >&3 3>&- | grep -v "Using a password" >&2 3>&-) 3>&1 | sed 's/\r//'
|
|
|
a89620 |
else
|
|
|
a89620 |
"$REDIS_CLIENT" -s "$REDIS_SOCKET" "$@" | sed 's/\r//'
|
|
|
a89620 |
fi
|