starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-01-13 13:53:31 +01:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity

Redis Sential Connection Doesn't Work With SSL #7101

New Issue
Closed
opened 2025-12-29 20:19:17 +01:00 by adam · 1 comment
adam commented 2025-12-29 20:19:17 +01:00
Owner
Copy Link

Originally created by @M3r1 on GitHub (Oct 13, 2022).

NetBox version

v3.3.4

Python version

3.10

Steps to Reproduce

When running Netbox with the following Redis configuration:

REDIS =
'tasks': {
        'SENTINELS': [
             ('ip_1', 26379),
             ('ip_2', 26379),
             ('ip_3', 26379),
        ],
        'SENTINEL_SERVICE': 'master'
        'PASSWORD': 'password',
        'DATABASE': 0,
        'SSL': True,
        'INSECURE_SKIP_TLS_VERIFY': True,
    },
    'caching': {
        'SENTINELS': [
             ('ip_4', 26379),
             ('ip_5', 26379),
             ('ip_6', 26379),
        ],
        'SENTINEL_SERVICE': 'master'
        'PASSWORD': 'password',
        'DATABASE': 0,
        'SSL': True,
        'INSECURE_SKIP_TLS_VERIFY': True,
    }
}

The RQWorker Netbox container enters a crush loop with the following error:

No master found for 'master'

When looking at logs from the Redis Sentinel container the following error log is printed:

Error accepting a client connection: error:1408F10B:SSL routines:ssl3_get_record:wrong version number (conn: fd=16)

My Redis Sentinel configuration:

port 0
sentinel monitor master ip_of_master 6379 2
sentinel auth-pass master password
sentinel down-after milliseconds master 3000
sentinel failover-timeout master 6000

protected-mode no

tls-port 26379
tls-cert-file /path/to/crt
tls-key-file /path/to/key
tls-ca-cert-file /path/to/ca
tls-replication yes
tls-auth-clients no

My Redis configuration:

bind 0.0.0.0
requirepass password
masterauth password
protected-mode yes
port 0

tls-port 6379
tls-cert-file /path/to/crt
tls-key-file /path/to/key
tls-ca-cert-file /path/to/ca
tls-replication yes
tls-auth-clients no

tcp-keepalive 0
maxmemory 2gb
maxmemory-policy volatile-lru

I have an HA Netbox deployment, it is container based, it runs on 3 VMs using Podman version 4.0.2

Expected Behavior

I expect Netbox to be able to successfully connect to the Redis Sentinels.

Observed Behavior

Without changing any Redis related configuration, when running the following Netbox configuration:

REDIS =
'tasks': {
        'HOST': 'ip_of_master',
        'PORT': 6379,
        'PASSWORD': 'password',
        'DATABASE': 0,
        'SSL': True,
        'INSECURE_SKIP_TLS_VERIFY': True,
    },
    'caching': {
        'HOST': 'ip_of_other_master',
        'PORT': 6379,
        'PASSWORD': 'password',
        'DATABASE': 0,
        'SSL': True,
        'INSECURE_SKIP_TLS_VERIFY': True,
    }
}

The worker container successfully starts and is able to connect to Redis using SSL.

Originally created by @M3r1 on GitHub (Oct 13, 2022). ### NetBox version v3.3.4 ### Python version 3.10 ### Steps to Reproduce When running Netbox with the following Redis configuration: ``` REDIS = 'tasks': { 'SENTINELS': [ ('ip_1', 26379), ('ip_2', 26379), ('ip_3', 26379), ], 'SENTINEL_SERVICE': 'master' 'PASSWORD': 'password', 'DATABASE': 0, 'SSL': True, 'INSECURE_SKIP_TLS_VERIFY': True, }, 'caching': { 'SENTINELS': [ ('ip_4', 26379), ('ip_5', 26379), ('ip_6', 26379), ], 'SENTINEL_SERVICE': 'master' 'PASSWORD': 'password', 'DATABASE': 0, 'SSL': True, 'INSECURE_SKIP_TLS_VERIFY': True, } } ``` The RQWorker Netbox container enters a crush loop with the following error: ``` No master found for 'master' ```` When looking at logs from the Redis Sentinel container the following error log is printed: ``` Error accepting a client connection: error:1408F10B:SSL routines:ssl3_get_record:wrong version number (conn: fd=16) ``` My Redis Sentinel configuration: ``` port 0 sentinel monitor master ip_of_master 6379 2 sentinel auth-pass master password sentinel down-after milliseconds master 3000 sentinel failover-timeout master 6000 protected-mode no tls-port 26379 tls-cert-file /path/to/crt tls-key-file /path/to/key tls-ca-cert-file /path/to/ca tls-replication yes tls-auth-clients no ``` My Redis configuration: ``` bind 0.0.0.0 requirepass password masterauth password protected-mode yes port 0 tls-port 6379 tls-cert-file /path/to/crt tls-key-file /path/to/key tls-ca-cert-file /path/to/ca tls-replication yes tls-auth-clients no tcp-keepalive 0 maxmemory 2gb maxmemory-policy volatile-lru ``` I have an HA Netbox deployment, it is container based, it runs on 3 VMs using Podman version 4.0.2 ### Expected Behavior I expect Netbox to be able to successfully connect to the Redis Sentinels. ### Observed Behavior Without changing any Redis related configuration, when running the following Netbox configuration: ``` REDIS = 'tasks': { 'HOST': 'ip_of_master', 'PORT': 6379, 'PASSWORD': 'password', 'DATABASE': 0, 'SSL': True, 'INSECURE_SKIP_TLS_VERIFY': True, }, 'caching': { 'HOST': 'ip_of_other_master', 'PORT': 6379, 'PASSWORD': 'password', 'DATABASE': 0, 'SSL': True, 'INSECURE_SKIP_TLS_VERIFY': True, } } ``` The worker container successfully starts and is able to connect to Redis using SSL.
adam added the type: bugstatus: needs owner labels 2025-12-29 20:19:17 +01:00
adam closed this issue 2025-12-29 20:19:17 +01:00
adam commented 2025-12-29 20:19:18 +01:00
Author
Owner
Copy Link

@jeremystretch commented on GitHub (May 2, 2023):

Closing this as stale. Happy to revisit if someone in a position to reproduce the bug can identify the change(s) necessary.

@jeremystretch commented on GitHub (May 2, 2023): Closing this as stale. Happy to revisit if someone in a position to reproduce the bug can identify the change(s) necessary.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
beta
breaking change
complexity: high
complexity: low
complexity: medium
needs milestone
netbox
pending closure
plugin candidate
pull-request
Mirrored from GitHub Pull Request
 severity: high
severity: low
severity: medium
status: accepted
status: backlog
status: blocked
status: duplicate
status: needs owner
status: needs triage
status: revisions needed
status: under review
topic: GraphQL
topic: Internationalization
topic: OpenAPI
topic: UI/UX
topic: cabling
topic: event rules
topic: htmx navigation
topic: industrialization
topic: migrations
topic: plugins
topic: scripts
topic: templating
topic: testing
type: bug
type: deprecation
type: documentation
type: feature
type: housekeeping
type: translation
No Label status: needs owner type: bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/netbox#7101
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?