Add documentation for "SENTINEL FAILOVER COORDINATED" #364
Conversation
topics/sentinel.md
Outdated
| Where `<username>` and `<password>` are the username and password for accessing the group's instances. These credentials should be provisioned on all of the group's Valkey instances with the minimal control permissions. For example: | ||
|
|
||
| 127.0.0.1:6379> ACL SETUSER sentinel-user ON >somepassword allchannels +multi +slaveaof +ping +exec +subscribe +config|rewrite +role +publish +info +client|setname +client|kill +script|kill | ||
| 127.0.0.1:6379> ACL SETUSER sentinel-user ON >somepassword allchannels +multi +slaveof +ping +exec +subscribe +config|rewrite +role +publish +info +failover +client|setname +client|kill +script|kill |
There was a problem hiding this comment.
Testing out the new coordinated failover approach, I do not think these ACLs are sufficient. Since Sentinel also issues CLIENT PAUSE and CLIENT UNPAUSE commands, at least +client|pause +client|unpause also need to be included here. Otherwise, the whole transaction for the switchover fails and no new primary is promoted.
There was a problem hiding this comment.
Thank you for testing this @marvin-roesch! Apparently, my manual tests were insufficient.
In order to be more consistent, I took the ACL from the current sentinel.conf as a basis and added the missing commands. It is a little bit more "coarse" than the previous version in the docs, but I think that's ok. I did the exact same change in my proposal to fix the regression (valkey-io/valkey#2780).
There was a problem hiding this comment.
Thanks, looks good to me! Agreed that aligning the website advice with the sentinel.conf docs is the way to go. Small note: I think +client is unnecessarily listed twice 😁 It's the same in the sentinel.conf comment.
Also thanks for submitting a fix for the regression!
There was a problem hiding this comment.
Interesting how often one can look at a single line of code without noticing the duplication. Thanks again!
gmbnomis
force-pushed
the
coord_fail_documentation
branch
from
f6c51e4 to
301eb9d
Compare
gmbnomis
force-pushed
the
coord_fail_documentation
branch
2 times, most recently
from
9f4cada to
0d6f979
Compare
* Add documentation for the new coordinated failover command * Update ACL documentation to reflect version 9.0 requirements. Use the ACL from the `sentinel.config` as a basis for consistency (see also valkey-io/valkey#2780) * Point out that ACL permissions need to be updated for Redis 9.0+ Signed-off-by: Simon Baatz <[email protected]>
gmbnomis
force-pushed
the
coord_fail_documentation
branch
from
0d6f979 to
815d961
Compare
3 participants
the ACL from the
sentinel.configas a basis for consistency(see also Sentinel: fix regression requiring "+failover" ACL in failover path valkey#2780)
This option was introduced by valkey-io/valkey#1292 and is part of Valkey 9.0