Docker Redis 3.2 protected mode

716 views
Skip to first unread message

mic...@schefczyk.net

unread,
May 31, 2016, 6:34:26 AM5/31/16
to Redis DB

Dear All,


I was used to running the official Redis docker container in a kubernetes cluster. I only need Redis in a very limited way: I am operating two owncloud servers which share file locking information via Redis. To get Redis as highly available as possible while keeping things simple (or at least trying to), I was running one container in a cluster using NFS storage. Should the container or its host fail, the scheduler would restart the container on another host based on persistent NFS storage. HAProxy is to ensure that the container is reachable wherever it runs. That did work with no issues until Redis 3.0.7.


With Redis 3.2, I find - after reading the issues on github and the like - no way to effectively disable the protected mode. Please note that within kubernetes, one does not usually pass a lot of parameters to the container except for ports and volumes. I must confess that I am rather a user than a docker and/or Redis insider, but I did try what I could to get the protected mode of. One way was to build a container based on the following simple dockerfile:


FROM debian:latest

RUN echo "deb http://http.debian.net/debian jessie-backports main" >> /etc/apt/sources.list
RUN apt-get update && apt-get -t jessie-backports install redis-server -y \
 && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
 && mkdir /data && chown redis:redis /data

COPY redis.conf /etc/redis/

EXPOSE 6379

VOLUME /data

WORKDIR /data

ENTRYPOINT ["/usr/bin/redis-server", "/etc/redis/redis.conf"]


The redis.conf does contain the usual settings plus:

protected-mode no

bind 0.0.0.0

 

Nevertheless, when telneting to the resulting container running in a kubernetes cluster, it responds with the usual error message: "(error) DENIED Redis is running in protected mode because protected mode is enabled, no bind address was specified, no authentication password is requested to clients."


Is there a way to build a container where the protected mode is disabled in a more fundamental way?


Regards,


Michael Schefczyk

Reply all
Reply to author
Forward
0 new messages