Support usernames in password file

[pznamensky]

Describe the problem
redis_exporter supports multi-target approach which is a convenient way to monitor multiple Redis servers.
In case you use auth in those servers, you can either add --redis.user & --redis.password or create a password file (if credentials are not the same for all servers)
The problem is that the password file does not support usernames which are used in Redis 6+
Since there're no another way to set usernames in multi-target approach, it would be great to add usernames support into password file.

What version of redis_exporter are you running?
1.51.0

[oliver006]

I think that'd be useful but I wonder if you could try working the username into the URL schema and then supply the password via the password file.
Something like

{
  "redis://bob@redis:6379": "redis-password"
}

I haven't had a chance to try it but you could see if this works.

[pznamensky]

@oliver006 thanks for the quick reply!
Unfortunately, this workaround doesn't work.
I was able to find a workaround in case the same username is being used.
In this case, we can pass the global option --redis.user and use the password file with different passwords for each server.

[oliver006]

Ah yes, that works as long it's always the same user.

I think this issue has come up before, maybe it's worth expanding the json file to include usernames.

[SKYNE0]

you can set default user password.

[nicosistemas]

Hi guys!
I also have Multi-target Redis and I had the same problem. I solved it like this:

I used generic K8S secrets (base64 encrypted). In my case, I did the deployments with Helm,

https://artifacthub.io/packages/helm/prometheus-community/prometheus-redis-exporter

serviceMonitor:
  # When set true then use a ServiceMonitor to configure scraping
  enabled: true
  multipleTarget: true
  targets: 
  # for every targets, url and name must be set,
  # an individual additionalRelabeling can be set for every target
  - url: "redis://redis-standalone-cross-headless.s-redis.svc.cluster.local:6379"
    name: "s-cross"
  - url: "redis://redis-standalone-payroll-headless.s-redis.svc.cluster.local:6379"
    name: "s-payrioll"


auth:
  # Use password authentication
  enabled: true
  # Use existing secret (ignores redisPassword)
  secret:
    name: ""
    key: ""
  # Redis password (when not stored in a secret)
  redisPassword: ""
  # Redis user (version 6.X and above)
  redisUser: ""
  # Redis password file (e.g., https://github.com/oliver006/redis_exporter/blob/v1.27.0/contrib/sample-pwd-file.json)
  # secret (useful for multiple redis instances with different passwords). If secret name and key are set
  # this will ignore the single password auth.secret.*
  redisPasswordFile:
    # The secret key will be mounted into this path as a file
    # e.g., if secret key is pass.json, the env variable
    # REDIS_PASSWORD_FILE will be set to /auth/pass.json
    mountPath: /auth
    secret:
      name: "redis-host-s"
      key: "host.json"

host.json file to secrets deploy:

apiVersion: v1
kind: Secret
metadata:
  name: redis-host-s
  namespace: monitoring
type: Opaque
data:
  host.json: |
    2lpZ28tY3Jvc3MtaGVhZGxlc3Muc2lp (base64 encrypt)

json connection:

echo -n '    {
    "redis://redis-standalone-cross-headless.s-redis.svc.cluster.local:6379": "mmmmmmm",
    "redis://redis-standalone-payroll-headless.s-redis.svc.cluster.local:6379": "hhhhhhhhhh"
    }' | base64

Thank you Oliver!
Saludos desde Argentina 🇦🇷

[ArjonBu]

@nicosistemas your reply doesn't include usernames though.