Redis cluster creating cannot connect to the server, what's wrong?

1
votes

I have 3 different servers deployed on Aliyun, each of them is running 2 redis instances with port 6379 and 6380.

I was trying to build a redis cluster with these 6 nodes.(Redis version 3.2.0). But it failed and said "Sorry, cannot connect to the node 10.161.94.215:6379" (10.161.94.215 is the lan ip address of my first server.)

While obviously the servers were running quite well, and I could get it by redis-cli.

Gem is installed.

Requirepass is banned, no auth is needed.

No ip bind

No protected-mode as well.

error pic

All the configuration options about cluster are well set.

What's wrong with this?

4
linuxdatabaseredisredis-cluster

4 Answers

0
votes

I think i know why now.

Use the IP of the local host.

src/redis-trib.rb create 127.0.0.1:6379 127.0.0.1:6380 h2:p1 h2:p2 h3:p1 h3:p2
0
votes

I think you are creating cluster from a different subnet. That might be a problem.

0
votes

Looks like protected mode is a new security feature in redis 3.2. The short version is if you don't explicitly bind to an ip address it will only allow access to localhost.

If you only wish to create a cluster on a single host, this may be ok. If you're using multiple hosts to create a cluster you'll either need to turn off protected mode or explicitly bind to an ip address.

From redis.conf file:

# Protected mode is a layer of security protection, in order to avoid    that
# Redis instances left open on the internet are accessed and exploited.
#
# When protected mode is on and if:
#
# 1) The server is not binding explicitly to a set of addresses using the
#    "bind" directive.
# 2) No password is configured.

# The server only accepts connections from clients connecting from the
# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain
# sockets.
#
# By default protected mode is enabled. You should disable it only if
# you are sure you want clients from other hosts to connect to Redis
# even if no authentication is configured, nor a specific set of interfaces
# are explicitly listed using the "bind" directive.
protected-mode yes

There are instructions on how to correct this if you attempt to connect to it using something aside from the loopback interface:

DENIED Redis is running in protected mode because protected mode is enabled, no bind address was specified, no authentication password is requested to clients. In this mode connections are only accepted from the loopback interface. If you want to connect from external computers to Redis you may adopt one of the following solutions: 1) Just disable protected mode sending the command 'CONFIG SET protected-mode no' from the loopback interface by connecting to Redis from the same host the server is running, however MAKE SURE Redis is not publicly accessible from internet if you do so. Use CONFIG REWRITE to make this change permanent. 2) Alternatively you can just disable the protected mode by editing the Redis configuration file, and setting the protected mode option to 'no', and then restarting the server. 3) If you started the server manually just for testing, restart it with the '--protected-mode no' option. 4) Setup a bind address or an authentication password. NOTE: You only need to do one of the above things in order for the server to start accepting connections from the outside.

The output of redis-trib.rb is fairly terse (probably appropriately so).

0
votes

sudo nano /etc/redis/6379.conf

Replace #bind 127.0.0.1 or bind 127.0.0.1 with bind 0.0.0.0   

sudo service redis_6379 restart

Allow to access redis anywhere.