Skip to content

Redis in cluster mode requires overlapping hostname fields #6280

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
troll-os opened this issue Mar 6, 2024 · 3 comments · May be fixed by #10978
Open

Redis in cluster mode requires overlapping hostname fields #6280

troll-os opened this issue Mar 6, 2024 · 3 comments · May be fixed by #10978
Assignees
@aHenryJard
Labels
bug use for describing something not working as expected
Milestone
Bugs backlog

Comments

@troll-os
Copy link
Contributor

troll-os commented Mar 6, 2024

Description

When trying to deploy an instance while in cluster mode, the connection fails with a database error because the tls option in the Redis setup requires redis.hostname while this var should be required when in cluster mode (at least this is not explicit in the doc)

Environment

  1. OS (where OpenCTI server runs): Some Kubernetes instance

  2. OpenCTI version: 5.12.33

  3. OpenCTI client: not relevant

  4. Other environment details:

    REDIS__HOSTNAME: blabla.somedomain.com ⬅️ This is a workaround needed to make it work, in theory it shouldn't be there, or the doc should reflect why its needed in all cases
    REDIS__HOSTNAMES: ["blabla.somedomain.com:6379"]
    REDIS__TRIMMING: 1000000
    REDIS__NAMESPACE: xxxxxx
    REDIS__MODE: cluster
    REDIS__USE_SSL: true
    REDIS__USERNAME: xxxxxxx
    REDIS__PASSWORD: xxxxxxxx

Reproducible Steps

Setup an opencti instance with the above variables, but without REDIS__HOSTNAME

Expected Output

The connection to the cluster should be flawless

Actual Output

{"category":"APP","errors":[{"attributes":{"genre":"TECHNICAL","http_status":500,"provider":"base"},"message":"Redis client connection fail","name":"DATABASE_ERROR","stack":"DATABASE_ERROR: Redis client connection fail\n    at error (/opt/opencti/build/src/config/errors.js:8:10)\n    at DatabaseError (/opt/opencti/build/src/config/errors.js:58:48)\n    at EventEmitter.<anonymous> (/opt/opencti/build/src/database/redis.ts:102:44)\n    at EventEmitter.emit (node:events:518:28)\n    at EventEmitter.silentEmit (/opt/opencti/build/node_modules/ioredis/built/Redis.js:464:30)\n    at callback (/opt/opencti/build/node_modules/ioredis/built/cluster/index.js:169:62)\n    at wrapper (/opt/opencti/build/node_modules/ioredis/built/cluster/index.js:301:17)\n    at tryNode (/opt/opencti/build/node_modules/ioredis/built/cluster/index.js:309:24)\n    at callback (/opt/opencti/build/node_modules/ioredis/built/cluster/index.js:325:21)\n    at /opt/opencti/build/node_modules/ioredis/built/cluster/index.js:662:24\n    at run (/opt/opencti/build/node_modules/ioredis/built/utils/index.js:117:22)\n    at tryCatcher (/opt/opencti/build/node_modules/standard-as-callback/built/utils.js:12:23)\n    at /opt/opencti/build/node_modules/standard-as-callback/built/index.js:33:50\n    at processTicksAndRejections (node:internal/process/task_queues:95:5)"},{"message":"Failed to refresh slots cache.","name":"ClusterAllFailedError","stack":"ClusterAllFailedError: Failed to refresh slots cache.\n    at tryNode (/opt/opencti/build/node_modules/ioredis/built/cluster/index.js:308:31)\n    at callback (/opt/opencti/build/node_modules/ioredis/built/cluster/index.js:325:21)\n    at /opt/opencti/build/node_modules/ioredis/built/cluster/index.js:662:24\n    at run (/opt/opencti/build/node_modules/ioredis/built/utils/index.js:117:22)\n    at tryCatcher (/opt/opencti/build/node_modules/standard-as-callback/built/utils.js:12:23)\n    at /opt/opencti/build/node_modules/standard-as-callback/built/index.js:33:50\n    at processTicksAndRejections (node:internal/process/task_queues:95:5)"}],"level":"error","message":"Redis client connection fail","timestamp":"2024-03-06T16:10:40.227Z","version":"5.12.33"}
{"category":"APP","level":"info","message":"[REDIS] Redis 'base' client closed","timestamp":"2024-03-06T16:10:40.228Z","version":"5.12.33"}
{"category":"APP","level":"info","message":"[REDIS] 'base' Redis client reconnecting","timestamp":"2024-03-06T16:10:40.228Z","version":"5.12.33"}

Additional information

The relevant piece of code is at opencti-platform/opencti-graphql/src/database/redis.ts, line 42

Screenshots (optional)
@troll-os troll-os added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Mar 6, 2024
@richard-julien
Copy link
Member

Nice catch.
Not really sure if servername is really mandatory in cluster mode.
We need to to some testing to see if this one is mandatory and so we need to adapt the doc or if we need to adapt the platform code to prevent using the servername in the TLS config of the cluster mode.

@SamuelHassine SamuelHassine added this to the Release 6.0.6 milestone Mar 7, 2024
@jborozco jborozco removed the needs triage use to identify issue needing triage from Filigran Product team label Mar 11, 2024
@Jipegien Jipegien modified the milestones: Release 6.0.8, Release 6.0.9 Mar 20, 2024
@SamuelHassine SamuelHassine modified the milestones: Release 6.0.9, Release 6.0.10, Release 6.1.0 Apr 3, 2024
@troll-os
Copy link
Contributor Author

For reference, the issue and mitigation (same as provided here) are also traced in the lib repo

redis/ioredis#1800

@aHenryJard aHenryJard assigned aHenryJard and unassigned aHenryJard May 13, 2024
@SamuelHassine SamuelHassine added critical use to identify critical bug to fix ASAP needs triage use to identify issue needing triage from Filigran Product team labels Mar 20, 2025
@nino-filigran nino-filigran removed needs triage use to identify issue needing triage from Filigran Product team critical use to identify critical bug to fix ASAP labels Mar 24, 2025
@aHenryJard aHenryJard self-assigned this Apr 15, 2025
@aHenryJard
Copy link
Member

Note: https://github.com/redis/ioredis?tab=readme-ov-file#special-note-aws-elasticache-clusters-with-tls

@aHenryJard aHenryJard mentioned this issue Apr 15, 2025
Draft
@aHenryJard aHenryJard linked a pull request May 13, 2025 that will close this issue
Draft
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aHenryJard aHenryJard

Labels
bug use for describing something not working as expected
Projects
None yet
Milestone
Bugs backlog
7 participants
@richard-julien @SamuelHassine @aHenryJard @jborozco @troll-os @Jipegien @nino-filigran