Mk_redis with authentication

To be able to use the cmk plugin mk_redis with redis ACL users and permissions, the plugin should send also username and password authentication to redis.

I patched the existing mk_redis agent plugin on a cmk 2.2.0p35 to get this working. Maybe this could be added into the cmk release.

$ diff mk_redis mk_redis.orig 
45d44
<     USER="REDIS_USER_$INSTANCE"
60,64c59
<     	if [[ "${!USER}" ]] && [[ "${!USER}" != "None" ]]; then
< 	        REDIS_CLI_COMMAND="REDISCLI_AUTH='${!PASSWORD}' redis-cli --user ${!USER}"
< 	else
<         	REDIS_CLI_COMMAND="REDISCLI_AUTH='${!PASSWORD}' redis-cli"
< 	fi
---
>         REDIS_CLI_COMMAND="REDISCLI_AUTH='${!PASSWORD}' redis-cli"

To create a redis monitoring user use the redis-cli:

acl setuser monitoring on >SecretPassWord ~ +info

the mk_redis plugin is only using the info redis command. So we restrict the user only to this cmd and do not allow any redis key access.

In /etc/check_mk/mk_redis.cfg add:

REDIS_HOST_myinstance="127.0.0.1"
REDIS_PORT_myinstance="4711"
REDIS_USER_myinstance='monitoring'
REDIS_PASSWORD_myinstance='SecretPassWord'

br

1 Like

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.