Error connecting to redis gitlab

GitLab Community Edition

Troubleshooting Redis (FREE SELF)

There are a lot of moving parts that must be taken care carefully
in order for the HA setup to work as expected.

Before proceeding with the troubleshooting below, check your firewall rules:

  • Redis machines
    • Accept TCP connection in 6379
    • Connect to the other Redis machines via TCP in 6379
  • Sentinel machines
    • Accept TCP connection in 26379
    • Connect to other Sentinel machines via TCP in 26379
    • Connect to the Redis machines via TCP in 6379

Basic Redis activity check

Start Redis troubleshooting with a basic Redis activity check:

  1. Open a terminal on your GitLab server.
  2. Run gitlab-redis-cli --stat and observe the output while it runs.
  3. Go to your GitLab UI and browse to a handful of pages. Any page works, like
    group or project overviews, issues, files in repositories, and so on.
  4. Check the stat output again and verify that the values for keys, clients,
    requests, and connections increases as you browse. If the numbers go up,
    basic Redis functionality is working and GitLab can connect to it.

Troubleshooting Redis replication

You can check if everything is correct by connecting to each server using
redis-cli application, and sending the info replication command as below.

/opt/gitlab/embedded/bin/redis-cli -h <redis-host-or-ip> -a '<redis-password>' info replication

When connected to a Primary Redis, you see the number of connected
replicas, and a list of each with connection details:

# Replication
role:master
connected_replicas:1
replica0:ip=10.133.5.21,port=6379,state=online,offset=208037514,lag=1
master_repl_offset:208037658
repl_backlog_active:1
repl_backlog_size:1048576
repl_backlog_first_byte_offset:206989083
repl_backlog_histlen:1048576

When it’s a replica, you see details of the primary connection and if
its up or down:

# Replication
role:replica
master_host:10.133.1.58
master_port:6379
master_link_status:up
master_last_io_seconds_ago:1
master_sync_in_progress:0
replica_repl_offset:208096498
replica_priority:100
replica_read_only:1
connected_replicas:0
master_repl_offset:0
repl_backlog_active:0
repl_backlog_size:1048576
repl_backlog_first_byte_offset:0
repl_backlog_histlen:0

Troubleshooting Sentinel

If you get an error like: Redis::CannotConnectError: No sentinels available.,
there may be something wrong with your configuration files or it can be related
to this issue.

You must make sure you are defining the same value in redis['master_name']
and redis['master_password'] as you defined for your sentinel node.

The way the Redis connector redis-rb works with sentinel is a bit
non-intuitive. We try to hide the complexity in omnibus, but it still requires
a few extra configurations.

To make sure your configuration is correct:

  1. SSH into your GitLab application server

  2. Enter the Rails console:

    # For Omnibus installations
sudo gitlab-rails console

# For source installations
sudo -u git rails console -e production

  3. Run in the console:

    redis = Redis.new(Gitlab::Redis::SharedState.params)
redis.info

    Keep this screen open and try to simulate a failover below.

  4. To simulate a failover on primary Redis, SSH into the Redis server and run:

    # port must match your primary redis port, and the sleep time must be a few seconds bigger than defined one
 redis-cli -h localhost -p 6379 DEBUG sleep 20

  5. Then back in the Rails console from the first step, run:

    You should see a different port after a few seconds delay
    (the failover/reconnect time).

Troubleshooting a non-bundled Redis with an installation from source

If you get an error in GitLab like Redis::CannotConnectError: No sentinels available.,
there may be something wrong with your configuration files or it can be related
to this upstream issue.

You must make sure that resque.yml and sentinel.conf are configured correctly,
otherwise redis-rb does not work properly.

The master-group-name (gitlab-redis) defined in (sentinel.conf)
must be used as the hostname in GitLab (resque.yml):

# sentinel.conf:
sentinel monitor gitlab-redis 10.0.0.1 6379 2
sentinel down-after-milliseconds gitlab-redis 10000
sentinel config-epoch gitlab-redis 0
sentinel leader-epoch gitlab-redis 0
# resque.yaml
production:
  url: redis://:myredispassword@gitlab-redis/
  sentinels:
    -
      host: 10.0.0.1
      port: 26379  # point to sentinel, not to redis port
    -
      host: 10.0.0.2
      port: 26379  # point to sentinel, not to redis port
    -
      host: 10.0.0.3
      port: 26379  # point to sentinel, not to redis port

When in doubt, read the Redis Sentinel documentation.

Источник

I am currently using serverless framework and setting up gitlab ci using shared runner.

Following is my gitlab-ci.yml:

image: node:latest

services:
  - redis

cache:
  paths:
    - node_modules/
    - java/

stages:
  - build
  - test
  - review
  - staging
  - production

build:
  stage: build
  script:
      - npm install
  artifacts:
    paths:
      - node_modules/

install:java:
  stage: build
  script:
      - apt-get update
      - apt-get install -y default-jre default-jdk openjdk-7-jre openjdk-7-jdk
      - apt-get update
      - sls dynamodb install
  artifacts:
    paths:
      - java/

connect:
  image: redis
  script:
  - redis-cli -h redis PING

unit test:
  stage: test
  script:
    - sls dynamodb start
    - babel-node ./aws/createDB.js
    - npm run unit
  dependencies:
    - build
    - install:java

unit test job requires redis and is not able to connect. Following error gets thrown, when unit test job starts:

Error while creating redis client: Error: Redis connection to
127.0.0.1:6379 failed — connect ECONNREFUSED 127.0.0.1:6379

Can someone point out what’s wrong with current config file, thanks!

asked Oct 25, 2017 at 9:01

ankit's user avatar

ankitankit

1252 silver badges6 bronze badges

1

The host address of the redis service is redis not 127.0.0.1 or localhost.

So make sure you set the host for the redis service to redis in all of your scripts and configuration files.

answered Oct 25, 2017 at 16:30

Jawad's user avatar

JawadJawad

4,3271 gold badge25 silver badges29 bronze badges

1

Just to make people’s life easier, I list an example .gitlab-ci.yml to configure Redis in Gitlab CI.

services:
  - redis:latest

stages:
  - test

test:
 script:
   - echo "hello world!"
 stage: test
 variables:
    REDIS_PORT: 6379
    REDIS_HOST: redis
    REDIS_URL: redis://redis:6379

answered May 12, 2022 at 10:59

xxks-kkk's user avatar

xxks-kkkxxks-kkk

2,1613 gold badges24 silver badges45 bronze badges

Источник
stage group info

Systems

Distribution

To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments

Configuring Redis (FREE SELF)

Using an alternate local Redis instance

Omnibus GitLab includes Redis by default. To direct the GitLab
application to your own locally running Redis instance:

  1. Edit /etc/gitlab/gitlab.rb:

    # Disable the bundled Redis
redis['enable'] = false

# Redis via TCP
gitlab_rails['redis_host'] = '127.0.0.1'
gitlab_rails['redis_port'] = 6379

# OR Redis via Unix domain sockets
gitlab_rails['redis_socket'] = '/tmp/redis.sock' # defaults to /var/opt/gitlab/redis/redis.socket

# Password to Authenticate to alternate local Redis if required
gitlab_rails['redis_password'] = '<redis_password>'

  2. Reconfigure GitLab for the changes to take effect:

    sudo gitlab-ctl reconfigure

Making the bundled Redis reachable via TCP

Use the following settings if you want to make the Redis instance
managed by Omnibus GitLab reachable via TCP:

  1. Edit /etc/gitlab/gitlab.rb:

    redis['port'] = 6379
redis['bind'] = '127.0.0.1'

  2. Save the file and reconfigure GitLab for the changes to take effect:

    sudo gitlab-ctl reconfigure

Setting up a Redis-only server using Omnibus GitLab

If you’d like to set up Redis in a separate server than the GitLab application,
you can use the
bundled Redis in Omnibus GitLab.

Running with multiple Redis instances

See https://docs.gitlab.com/ee/administration/redis/replication_and_failover.html#running-multiple-redis-clusters.

Redis Sentinel

See https://docs.gitlab.com/ee/administration/redis/replication_and_failover.html.

Using Redis in a failover setup

See https://docs.gitlab.com/ee/administration/redis/replication_and_failover.html.

Using Google Cloud Memorystore

Google Cloud Memorystore does not support the Redis CLIENT command.
By default, Sidekiq will attempt to set the CLIENT for debugging
purposes. This can be disabled via the following configuration setting:

gitlab_rails['redis_enable_client'] = false

Increasing the number of Redis connections beyond the default

By default Redis will only accept 10,000 client connections. If you need
more that 10,000 connections set the maxclients attribute to suit your needs.
Be advised that adjusting the maxclients attribute means that you will also need
to take into account your systems settings for fs.file-max (for example sysctl -w fs.file-max=20000)

redis['maxclients'] = 20000

Tuning the TCP stack for Redis

The following settings are to enable a more performant Redis server instance. tcp_timeout is
a value set in seconds that the Redis server waits before terminating an idle TCP connection.
The tcp_keepalive is a tunable setting in seconds to TCP ACKs to clients in absence of
communication.

redis['tcp_timeout'] = "60"
redis['tcp_keepalive'] = "300"

Announce ip from hostname

Currently the only way to enable hostnames in Redis is by setting redis['announce_ip']. However,
this would need to be set uniquely per Redis instance. announce_ip_from_hostname is a boolean that allows us to turn this on or off.
It fetches the hostname dynamically, inferring the hostname from hostname -f command.

redis['announce_ip_from_hostname'] = true

Setting the Redis Cache instance as an LRU

Using multiple Redis instances allows you to configure Redis as a
Least Recently Used cache. Note you should only
do this for the Redis cache, rate-limiting, and repository cache instances; the Redis queues, shared
state instances, and tracechunks instances should never be configured as an LRU,
since they contain data (e.g. Sidekiq jobs) that is expected to be persistent.

To cap memory usage at 32GB, you can use:

redis['maxmemory'] = "32gb"
redis['maxmemory_policy'] = "allkeys-lru"
redis['maxmemory_samples'] = 5

Using Secure Sockets Layer (SSL)

You can configure Redis to run behind SSL.

Running Redis server behind SSL

  1. To run Redis server behind SSL, you can use the following settings in
    /etc/gitlab/gitlab.rb. See the TLS/SSL section of
    redis.conf.erb
    to learn about the possible values:

    redis['tls_port']
redis['tls_cert_file']
redis['tls_key_file']

  2. After specifying the required values, reconfigure GitLab for the changes to take
    effect:

    sudo gitlab-ctl reconfigure

NOTE:
Some redis-cli binaries are not built with support for directly connecting to a Redis server over TLS.
If your redis-cli doesn’t support the --tls flag, you will have to use something like
stunnel to connect to the
Redis server using redis-cli for any debugging purposes.

Make GitLab client connect to Redis server over SSL

To activate GitLab client support for SSL:

  1. Add the following line to /etc/gitlab/gitlab.rb:

    gitlab_rails['redis_ssl'] = true

  2. Reconfigure GitLab for the changes to take effect:

    sudo gitlab-ctl reconfigure

SSL certificates

If you’re using custom SSL certificates for Redis, be sure to add them
to the trusted certificates.

Renamed commands

By default, the KEYS command is disabled as a security measure.

If you’d like to obfuscate or disable this command, or other commands, edit the redis['rename_commands'] setting in /etc/gitlab/gitlab.rb to look like:

redis['rename_commands'] = {
  'KEYS': '',
  'OTHER_COMMAND': 'VALUE'
}
  • OTHER_COMMAND is the command you want to modify
  • VALUE should be one of:
    1. A new command name.
    2. '', which completely disables the command.

To disable this functionality:

  1. Set redis['rename_commands'] = {} in your /etc/gitlab/gitlab.rb file
  2. Run sudo gitlab-ctl reconfigure

Lazy freeing

Redis 4 introduced lazy freeing. This can improve performance when freeing large values.

This setting defaults to false. To enable it, you can use:

redis['lazyfree_lazy_eviction'] = true
redis['lazyfree_lazy_expire'] = true
redis['lazyfree_lazy_server_del'] = true
redis['replica_lazy_flush'] = true

Threaded I/O

Redis 6 introduced threaded I/O. This allow writes to scale across multiple cores.

This setting is disabled by default. To enable it, you can use:

redis['io_threads'] = 4
redis['io_threads_do_reads'] = true

Troubleshooting

x509: certificate signed by unknown authority

This error message suggests that the SSL certificates have not been
properly added to the list of trusted certificates for the server. To
check whether this is an issue:

  1. Check Workhorse logs in /var/log/gitlab/gitlab-workhorse/current.

  2. If you see messages that look like:

    2018-11-14_05:52:16.71123 time="2018-11-14T05:52:16Z" level=info msg="redis: dialing" address="redis-server:6379" scheme=rediss
2018-11-14_05:52:16.74397 time="2018-11-14T05:52:16Z" level=error msg="unknown error" error="keywatcher: x509: certificate signed by unknown authority"

    The first line should show rediss as the scheme with the address
    of the Redis server. The second line indicates the certificate is
    not properly trusted on this server. See the previous section.

  3. Verify that the SSL certificate is working via these troubleshooting steps.

NOAUTH Authentication required

A Redis server may require a password sent via an AUTH message before
commands are accepted. A NOAUTH Authentication required error message
suggests the client is not sending a password. GitLab logs may help
troubleshoot this error:

  1. Check Workhorse logs in /var/log/gitlab/gitlab-workhorse/current.

  2. If you see messages that look like:

    2018-11-14_06:18:43.81636 time="2018-11-14T06:18:43Z" level=info msg="redis: dialing" address="redis-server:6379" scheme=rediss
2018-11-14_06:18:43.86929 time="2018-11-14T06:18:43Z" level=error msg="unknown error" error="keywatcher: pubsub receive: NOAUTH Authentication required."

  3. Check that the Redis client password specified in /etc/gitlab/gitlab.rb is correct:

    gitlab_rails['redis_password'] = 'your-password-here'

  4. If you are using the Omnibus-provided Redis server, check that the server has the same password:

    redis['password'] = 'your-password-here'

Redis connection reset (ECONNRESET)

If you see Redis::ConnectionError: Connection lost (ECONNRESET) in the
GitLab Rails logs (/var/log/gitlab-rails/production.log), this might
indicate that the server is expecting SSL but the client is not
configured to use it.

  1. Check that the server is actually listening to the port via SSL.
    For example:

    /opt/gitlab/embedded/bin/openssl s_client -connect redis-server:6379

  2. Check /var/opt/gitlab/gitlab-rails/etc/resque.yml. You
    should see something like:

    production:
  url: rediss://:mypassword@redis-server:6379/

  3. If redis:// is present instead of rediss://, the redis_ssl
    parameter may not have been configured properly, or the reconfigure
    step may not have been run.

Connecting to Redis via the CLI

When connecting to Redis for troubleshooting you can use:

  • Redis via Unix domain sockets:

    sudo /opt/gitlab/embedded/bin/redis-cli -s /var/opt/gitlab/redis/redis.socket

  • Redis via TCP:

    sudo /opt/gitlab/embedded/bin/redis-cli -h 127.0.0.1 -p 6379

  • Password to authenticate to Redis if required:

    sudo /opt/gitlab/embedded/bin/redis-cli -h 127.0.0.1 -p 6379 -a <password>
Источник

I had a similar issue but on a derivative of Arch Linux.

Redis had to be installed for OpenVAS and I was getting a permission error after attempting to start the service like this:

systemctl start redis.service

The error was visible using:

journalctl -xeu redis.service

as recommended by the systemctl command output.

When it attempted to create the Unix socket in /run (also linked from /var/run) it would fail because it could not create the file. I could manually created a redis subdirectory under /run using sudo and change the owner to the redis user then started redis but the directory kept disappearing later.

I tried re-installing with pacman because I was a bit lost but that didn’t seem to help.

Solution in my case

After running

sudo systemctl enable redis.service

I can start the service and /run/redis (also linked as /var/run/redis) is present with a PID and Unix socket file as configured with the unixsocket entry in my config file.

I can confirm it’s accessible with:

redis-cli -s /run/redis/redis.sock

After a reboot it’s still good.

Источник

Понравилась статья? Поделить с друзьями:

Читайте также:

  • Error connecting to master mysql
  • Error compacting database
  • Error comp cannot be used as a function
  • Error communication to tpm chip
  • Error communication base

    • 0 0 голоса
    Рейтинг статьи
    Подписаться
    Уведомить о
    guest

    0 комментариев
    Старые
    Новые Популярные
    Межтекстовые Отзывы
    Посмотреть все комментарии