fix redis: update the password of sentinels

update the password of sentinels Relates: <HIDDEN_URL> commit_hash:34df0ccf1faa6d250954c46981b8c85db5d2de20
userver-framework · Jan 22, 2025 · 62fa4e1 · 62fa4e1
1 parent 99e8260
commit 62fa4e1
Show file tree

Hide file tree

Showing 7 changed files with 45 additions and 12 deletions.
diff --git a/redis/src/storages/redis/component.cpp b/redis/src/storages/redis/component.cpp
@@ -334,11 +334,11 @@ void Redis::OnSecdistUpdate(const storages::secdist::SecdistConfig& cfg) {
         std::vector<storages::redis::ConnectionInfo> cii;
         for (const auto& host_port : settings.sentinels) {
             storages::redis::ConnectionInfo ci(host_port.host, host_port.port, settings.password);
-
             cii.push_back(ci);
         }
 
-        sentinels_.at(db)->SetConnectionInfo(cii);
+        sentinel->SetConnectionInfo(cii);
+        sentinel->UpdatePassword(settings.password);
     }
 }
 

diff --git a/redis/src/storages/redis/impl/cluster_sentinel_impl.cpp b/redis/src/storages/redis/impl/cluster_sentinel_impl.cpp
@@ -360,6 +360,16 @@ class ClusterTopologyHolder : public std::enable_shared_from_this<ClusterTopolog
 
     boost::signals2::signal<void(size_t)>& GetSignalTopologyChanged() { return signal_topology_changed_; }
 
+    void UpdatePassword(const Password& password) {
+        auto lock = password_.UniqueLock();
+        *lock = password;
+    }
+
+    Password GetPassword() {
+        const auto lock = password_.Lock();
+        return *lock;
+    }
+
 private:
     void ProcessStateUpdate() { sentinels_->ProcessStateUpdate(); }
     std::shared_ptr<RedisConnectionHolder> CreateRedisInstance(const HostPort& host_port);
@@ -368,7 +378,7 @@ class ClusterTopologyHolder : public std::enable_shared_from_this<ClusterTopolog
     std::shared_ptr<engine::ev::ThreadPool> redis_thread_pool_;
 
     std::string shard_group_name_;
-    Password password_;
+    concurrent::Variable<Password, std::mutex> password_;
     std::shared_ptr<const std::vector<std::string>> shards_names_;
     std::vector<ConnectionInfo> conns_;
     std::shared_ptr<Shard> sentinels_;
@@ -652,7 +662,7 @@ std::shared_ptr<RedisConnectionHolder> ClusterTopologyHolder::CreateRedisInstanc
         redis_thread_pool_,
         host,
         port,
-        password_,
+        GetPassword(),
         buffering_settings_ptr->value_or(CommandsBufferingSettings{}),
         *replication_monitoring_settings_ptr,
         *retry_budget_settings_ptr
@@ -682,7 +692,7 @@ void ClusterTopologyHolder::UpdateClusterTopology() {
     /// ...
     ProcessGetClusterHostsRequest(
         shards_names_,
-        GetClusterHostsRequest(*sentinels_, password_),
+        GetClusterHostsRequest(*sentinels_, GetPassword()),
         [this, reset{std::move(reset_update_cluster_slots_)}](
             ClusterShardHostInfos shard_infos, size_t requests_sent, size_t responses_parsed, bool is_non_cluster_error
         ) {
@@ -785,7 +795,6 @@ ClusterSentinelImpl::ClusterSentinelImpl(
       ready_callback_(std::move(ready_callback)),
       redis_thread_pool_(redis_thread_pool),
       client_name_(client_name),
-      password_(password),
       dynamic_config_source_(std::move(dynamic_config_source)) {
     // https://github.com/boostorg/signals2/issues/59
     // NOLINTNEXTLINE(clang-analyzer-cplusplus.NewDelete)
@@ -1058,6 +1067,8 @@ void ClusterSentinelImpl::SetConnectionInfo(const std::vector<ConnectionInfoInt>
     topology_holder_->SetConnectionInfo(info_array);
 }
 
+void ClusterSentinelImpl::UpdatePassword(const Password& password) { topology_holder_->UpdatePassword(password); }
+
 PublishSettings ClusterSentinelImpl::GetPublishSettings() {
     return PublishSettings{kUnknownShard, false, CommandControl::Strategy::kEveryDc};
 }

diff --git a/redis/src/storages/redis/impl/cluster_sentinel_impl.hpp b/redis/src/storages/redis/impl/cluster_sentinel_impl.hpp
@@ -71,6 +71,8 @@ class ClusterSentinelImpl : public SentinelImplBase {
 
     void SetConnectionInfo(const std::vector<ConnectionInfoInt>& info_array) override;
 
+    void UpdatePassword(const Password& password) override;
+
 private:
     void AsyncCommandFailed(const SentinelCommand& scommand);
     void EnqueueCommand(const SentinelCommand& command);
@@ -91,7 +93,6 @@ class ClusterSentinelImpl : public SentinelImplBase {
     std::shared_ptr<engine::ev::ThreadPool> redis_thread_pool_;
 
     std::string client_name_;
-    Password password_{std::string()};
 
     std::vector<SentinelCommand> commands_;
     std::mutex command_mutex_;

diff --git a/redis/src/storages/redis/impl/sentinel.cpp b/redis/src/storages/redis/impl/sentinel.cpp
@@ -417,6 +417,8 @@ void Sentinel::SetConfigDefaultCommandControl(const std::shared_ptr<CommandContr
 
 const std::string& Sentinel::ShardGroupName() const { return shard_group_name_; }
 
+void Sentinel::UpdatePassword(const Password& password) { impl_->UpdatePassword(password); }
+
 void Sentinel::SetConnectionInfo(std::vector<ConnectionInfo> info_array) {
     std::vector<ConnectionInfoInt> cii;
     cii.reserve(info_array.size());

diff --git a/redis/src/storages/redis/impl/sentinel.hpp b/redis/src/storages/redis/impl/sentinel.hpp
@@ -187,6 +187,8 @@ class Sentinel {
     void SetConnectionInfo(std::vector<ConnectionInfo> info_array);
     const std::string& ShardGroupName() const;
 
+    void UpdatePassword(const Password& password);
+
     using UserMessageCallback = std::function<Outcome(const std::string& channel, const std::string& message)>;
     using UserPmessageCallback =
         std::function<Outcome(const std::string& pattern, const std::string& channel, const std::string& message)>;

diff --git a/redis/src/storages/redis/impl/sentinel_impl.cpp b/redis/src/storages/redis/impl/sentinel_impl.cpp
@@ -89,7 +89,7 @@ SentinelImpl::SentinelImpl(
         connected_statuses_.push_back(std::make_unique<ConnectedStatus>());
     }
     client_name_ = client_name;
-    password_ = password;
+    UpdatePassword(password);
 
     Init();
     InitKeyShard();
@@ -593,7 +593,7 @@ void SentinelImpl::DoUpdateClusterSlots(ReplyPtr reply) {
 
 void SentinelImpl::ReadSentinels() {
     ProcessGetHostsRequest(
-        GetHostsRequest(*sentinels_, password_),
+        GetHostsRequest(*sentinels_, GetPassword()),
         [this](const ConnInfoByShard& info, size_t requests_sent, size_t responses_parsed) {
             if (!CheckQuorum(requests_sent, responses_parsed)) {
                 LOG_WARNING() << "Too many 'sentinel masters' requests failed: requests_sent=" << requests_sent
@@ -634,7 +634,7 @@ void SentinelImpl::ReadSentinels() {
             for (const auto& shard_conn : watcher->masters) {
                 const auto& shard = shard_conn.Name();
                 ProcessGetHostsRequest(
-                    GetHostsRequest(*sentinels_, shard_conn.Name(), password_),
+                    GetHostsRequest(*sentinels_, shard_conn.Name(), GetPassword()),
                     [this, watcher, shard](const ConnInfoByShard& info, size_t requests_sent, size_t responses_parsed) {
                         if (!CheckQuorum(requests_sent, responses_parsed)) {
                             LOG_WARNING() << "Too many 'sentinel slaves' requests "
@@ -671,7 +671,7 @@ void SentinelImpl::ReadSentinels() {
 void SentinelImpl::ReadClusterHosts() {
     ProcessGetClusterHostsRequest(
         init_shards_,
-        GetClusterHostsRequest(*sentinels_, password_),
+        GetClusterHostsRequest(*sentinels_, GetPassword()),
         [this](
             ClusterShardHostInfos shard_infos, size_t requests_sent, size_t responses_parsed, bool is_non_cluster_error
         ) {
@@ -854,6 +854,11 @@ void SentinelImpl::ProcessWaitingCommands() {
     }
 }
 
+Password SentinelImpl::GetPassword() {
+    const auto lock = password_.Lock();
+    return *lock;
+}
+
 SentinelStatistics SentinelImpl::GetStatistics(const MetricsSettings& settings) const {
     SentinelStatistics stats(settings, statistics_internal_);
     std::lock_guard<std::mutex> lock(sentinels_mutex_);
@@ -1033,6 +1038,11 @@ void SentinelImpl::SetConnectionInfo(const std::vector<ConnectionInfoInt>& info_
     sentinels_->SetConnectionInfo(info_array);
 }
 
+void SentinelImpl::UpdatePassword(const Password& password) {
+    auto lock = password_.UniqueLock();
+    *lock = password;
+}
+
 }  // namespace storages::redis::impl
 
 USERVER_NAMESPACE_END
diff --git a/redis/src/storages/redis/impl/sentinel_impl.hpp b/redis/src/storages/redis/impl/sentinel_impl.hpp
@@ -15,6 +15,7 @@
 
 #include <engine/ev/thread_control.hpp>
 #include <engine/ev/thread_pool.hpp>
+#include <userver/concurrent/variable.hpp>
 #include <userver/dynamic_config/source.hpp>
 #include <userver/engine/deadline.hpp>
 #include <userver/engine/impl/condition_variable_any.hpp>
@@ -86,6 +87,8 @@ class SentinelImplBase {
 
     virtual PublishSettings GetPublishSettings() = 0;
     virtual void SetConnectionInfo(const std::vector<ConnectionInfoInt>& info_array) = 0;
+
+    virtual void UpdatePassword(const Password& password) = 0;
 };
 
 bool AdjustDeadline(const SentinelImplBase::SentinelCommand& scommand, const dynamic_config::Snapshot& config);
@@ -144,6 +147,8 @@ class SentinelImpl : public SentinelImplBase {
 
     void SetConnectionInfo(const std::vector<ConnectionInfoInt>& info_array) override;
 
+    void UpdatePassword(const Password& password) override;
+
 private:
     static constexpr const std::chrono::milliseconds cluster_slots_timeout_ = std::chrono::milliseconds(4000);
 
@@ -237,6 +242,8 @@ class SentinelImpl : public SentinelImplBase {
 
     void ProcessWaitingCommands();
 
+    Password GetPassword();
+
     Sentinel& sentinel_obj_;
     engine::ev::ThreadControl ev_thread_;
 
@@ -260,7 +267,7 @@ class SentinelImpl : public SentinelImplBase {
     std::map<std::string, size_t> shards_;
     ShardInfo shard_info_;
     std::string client_name_;
-    Password password_{std::string()};
+    concurrent::Variable<Password, std::mutex> password_{std::string()};
     ConnectionSecurity connection_security_;
     double check_interval_;
     std::atomic<bool> update_cluster_slots_flag_;