mirror of https://github.com/redis/redis.git
870b6bd487
The PR introduces a new shared secret that is shared over all the nodes on the Redis cluster. The main idea is to leverage the cluster bus to share a secret between all the nodes such that later the nodes will be able to authenticate using this secret and send internal commands to each other (see #13740 for more information about internal commands). The way the shared secret is chosen is the following: 1. Each node, when start, randomly generate its own internal secret. 2. Each node share its internal secret over the cluster ping messages. 3. If a node gets a ping message with secret smaller then his current secret, it embrace it. 4. Eventually all nodes should embrace the minimal secret The converges of the secret is as good as the topology converges. To extend the ping messages to contain the secret, we leverage the extension mechanism. Nodes that runs an older Redis version will just ignore those extensions. Specific tests were added to verify that eventually all nodes see the secrets. In addition, a verification was added to the test infra to verify the secret on `cluster_config_consistent` and to `assert_cluster_state`. |
||
|---|---|---|
| .. | ||
| announced-endpoints.tcl | ||
| cli.tcl | ||
| cluster-response-tls.tcl | ||
| failure-marking.tcl | ||
| hostnames.tcl | ||
| human-announced-nodename.tcl | ||
| internal-secret.tcl | ||
| links.tcl | ||
| misc.tcl | ||
| multi-slot-operations.tcl | ||
| scripting.tcl | ||
| sharded-pubsub.tcl | ||
| slot-ownership.tcl | ||