Merge remote-tracking branch 'origin/unstable' into RELEASE_6

pkg/deb/conf/sentinel.conf

@@ -20,12 +20,12 @@
 # The port that this sentinel instance will run on
 port 26379
 
-# By default Redis Sentinel does not run as a daemon. Use 'yes' if you need it.
-# Note that Redis will write a pid file in /var/run/keydb-sentinel.pid when
+# By default KeyDB Sentinel does not run as a daemon. Use 'yes' if you need it.
+# Note that KeyDB will write a pid file in /var/run/keydb-sentinel.pid when
 # daemonized.
 daemonize yes
 
-# When running daemonized, Redis Sentinel writes a pid file in
+# When running daemonized, KeyDB Sentinel writes a pid file in
 # /var/run/keydb-sentinel.pid by default. You can specify a custom pid file
 # location here.
 pidfile /var/run/sentinel/keydb-sentinel.pid
@@ -59,7 +59,7 @@ logfile /var/log/keydb/keydb-sentinel.log
 
 # dir <working-directory>
 # Every long running process should have a well-defined working directory.
-# For Redis Sentinel to chdir to /tmp at startup is the simplest thing
+# For KeyDB Sentinel to chdir to /tmp at startup is the simplest thing
 # for the process to don't interfere with administrative tasks such as
 # unmounting filesystems.
 dir /var/lib/keydb
@@ -86,22 +86,34 @@ sentinel monitor mymaster 127.0.0.1 6379 2
 # sentinel auth-pass <master-name> <password>
 #
 # Set the password to use to authenticate with the master and replicas.
-# Useful if there is a password set in the Redis instances to monitor.
+# Useful if there is a password set in the KeyDB instances to monitor.
 #
 # Note that the master password is also used for replicas, so it is not
 # possible to set a different password in masters and replicas instances
 # if you want to be able to monitor these instances with Sentinel.
 #
-# However you can have Redis instances without the authentication enabled
-# mixed with Redis instances requiring the authentication (as long as the
+# However you can have KeyDB instances without the authentication enabled
+# mixed with KeyDB instances requiring the authentication (as long as the
 # password set is the same for all the instances requiring the password) as
-# the AUTH command will have no effect in Redis instances with authentication
+# the AUTH command will have no effect in KeyDB instances with authentication
 # switched off.
 #
 # Example:
 #
 # sentinel auth-pass mymaster MySUPER--secret-0123passw0rd
 
+# sentinel auth-user <master-name> <username>
+#
+# This is useful in order to authenticate to instances having ACL capabilities,
+# that is, running KeyDB 6.0 or greater. When just auth-pass is provided the
+# Sentinel instance will authenticate to KeyDB using the old "AUTH <pass>"
+# method. When also an username is provided, it will use "AUTH <user> <pass>".
+# In the KeyDB servers side, the ACL to provide just minimal access to
+# Sentinel instances, should be configured along the following lines:
+#
+#     user sentinel-user >somepassword +client +subscribe +publish \
+#                        +ping +info +multi +slaveof +config +client +exec on
+
 # sentinel down-after-milliseconds <master-name> <milliseconds>
 #
 # Number of milliseconds the master (or any attached replica or sentinel) should
@@ -112,6 +124,73 @@ sentinel monitor mymaster 127.0.0.1 6379 2
 # Default is 30 seconds.
 sentinel down-after-milliseconds mymaster 30000
 
+# IMPORTANT NOTE: starting with KeyDB 6.2 ACL capability is supported for
+# Sentinel mode, please refer to the Redis website https://redis.io/topics/acl
+# for more details.
+
+# Sentinel's ACL users are defined in the following format:
+#
+#   user <username> ... acl rules ...
+#
+# For example:
+#
+#   user worker +@admin +@connection ~* on >ffa9203c493aa99
+#
+# For more information about ACL configuration please refer to the Redis
+# website at https://redis.io/topics/acl and KeyDB server configuration 
+# template keydb.conf.
+
+# ACL LOG
+#
+# The ACL Log tracks failed commands and authentication events associated
+# with ACLs. The ACL Log is useful to troubleshoot failed commands blocked 
+# by ACLs. The ACL Log is stored in memory. You can reclaim memory with 
+# ACL LOG RESET. Define the maximum entry length of the ACL Log below.
+acllog-max-len 128
+
+# Using an external ACL file
+#
+# Instead of configuring users here in this file, it is possible to use
+# a stand-alone file just listing users. The two methods cannot be mixed:
+# if you configure users here and at the same time you activate the external
+# ACL file, the server will refuse to start.
+#
+# The format of the external ACL user file is exactly the same as the
+# format that is used inside keydb.conf to describe users.
+#
+# aclfile /etc/keydb/sentinel-users.acl
+
+# requirepass <password>
+#
+# You can configure Sentinel itself to require a password, however when doing
+# so Sentinel will try to authenticate with the same password to all the
+# other Sentinels. So you need to configure all your Sentinels in a given
+# group with the same "requirepass" password. Check the following documentation
+# for more info: https://redis.io/topics/sentinel
+#
+# IMPORTANT NOTE: starting with KeyDB 6.2 "requirepass" is a compatibility
+# layer on top of the ACL system. The option effect will be just setting
+# the password for the default user. Clients will still authenticate using
+# AUTH <password> as usually, or more explicitly with AUTH default <password>
+# if they follow the new protocol: both will work.
+#
+# New config files are advised to use separate authentication control for
+# incoming connections (via ACL), and for outgoing connections (via
+# sentinel-user and sentinel-pass) 
+#
+# The requirepass is not compatable with aclfile option and the ACL LOAD
+# command, these will cause requirepass to be ignored.
+
+# sentinel sentinel-user <username>
+#
+# You can configure Sentinel to authenticate with other Sentinels with specific
+# user name. 
+
+# sentinel sentinel-pass <password>
+#
+# The password for Sentinel to authenticate with other Sentinels. If sentinel-user
+# is not configured, Sentinel will use 'default' user with sentinel-pass to authenticate.
+
 # sentinel parallel-syncs <master-name> <numreplicas>
 #
 # How many replicas we can reconfigure to point to the new replica simultaneously
@@ -172,7 +251,7 @@ sentinel failover-timeout mymaster 180000
 # generated in the WARNING level (for instance -sdown, -odown, and so forth).
 # This script should notify the system administrator via email, SMS, or any
 # other messaging system, that there is something wrong with the monitored
-# Redis systems.
+# KeyDB systems.
 #
 # The script is called with just two arguments: the first is the event type
 # and the second the event description.
@@ -182,7 +261,7 @@ sentinel failover-timeout mymaster 180000
 #
 # Example:
 #
-# sentinel notification-script mymaster /var/redis/notify.sh
+# sentinel notification-script mymaster /var/keydb/notify.sh
 
 # CLIENTS RECONFIGURATION SCRIPT
 #
@@ -207,7 +286,7 @@ sentinel failover-timeout mymaster 180000
 #
 # Example:
 #
-# sentinel client-reconfig-script mymaster /var/redis/reconfig.sh
+# sentinel client-reconfig-script mymaster /var/keydb/reconfig.sh
 
 # SECURITY
 #
@@ -218,11 +297,11 @@ sentinel failover-timeout mymaster 180000
 
 sentinel deny-scripts-reconfig yes
 
-# REDIS COMMANDS RENAMING
+# KEYDB COMMANDS RENAMING
 #
-# Sometimes the Redis server has certain commands, that are needed for Sentinel
+# Sometimes the KeyDB server has certain commands, that are needed for Sentinel
 # to work correctly, renamed to unguessable strings. This is often the case
-# of CONFIG and SLAVEOF in the context of providers that provide Redis as
+# of CONFIG and SLAVEOF in the context of providers that provide KeyDB as
 # a service, and don't want the customers to reconfigure the instances outside
 # of the administration console.
 #
@@ -239,6 +318,24 @@ sentinel deny-scripts-reconfig yes
 # SENTINEL SET can also be used in order to perform this configuration at runtime.
 #
 # In order to set a command back to its original name (undo the renaming), it
-# is possible to just rename a command to itsef:
+# is possible to just rename a command to itself:
 #
 # SENTINEL rename-command mymaster CONFIG CONFIG
+
+# HOSTNAMES SUPPORT
+#
+# Normally Sentinel uses only IP addresses and requires SENTINEL MONITOR
+# to specify an IP address. Also, it requires the KeyDB replica-announce-ip
+# keyword to specify only IP addresses.
+#
+# You may enable hostnames support by enabling resolve-hostnames. Note
+# that you must make sure your DNS is configured properly and that DNS
+# resolution does not introduce very long delays.
+#
+SENTINEL resolve-hostnames no
+
+# When resolve-hostnames is enabled, Sentinel still uses IP addresses
+# when exposing instances to users, configuration files, etc. If you want
+# to retain the hostnames when announced, enable announce-hostnames below.
+#
+SENTINEL announce-hostnames no

pkg/deb/debian/zsh-completion/_keydb-cli

@@ -0,0 +1,53 @@
+#compdef keydb-cli
+local -a options
+options=(
+  '-h[Server hostname (default: 127.0.0.1).]: :_hosts'
+  '-p[Server port (default: 6379).]'
+  '-s[Server socket (overrides hostname and port).]'
+  '-a[Password to use when connecting to the server. You can also use the REDISCLI_AUTH environment variable to pass this password more safely (if both are used, this argument takes precedence).]'
+  '--user[Used to send ACL style "AUTH username pass". Needs -a.]'
+  '--pass[Alias of -a for consistency with the new --user option.]'
+  '--askpass[Force user to input password with mask from STDIN. If this argument is used, "-a" and REDISCLI_AUTH environment variable will be ignored.]'
+  '-u[Server URI.]'
+  '-r[Execute specified command N times.]'
+  '-i[When -r is used, waits <interval> seconds per command. It is possible to specify sub-second times like -i 0.1.]'
+  '-n[Database number.]'
+  '-3[Start session in RESP3 protocol mode.]'
+  '-x[Read last argument from STDIN.]'
+  '-d[Delimiter between response bulks for raw formatting (default: \n).]'
+  '-D[D <delimiter>     Delimiter between responses for raw formatting (default: \n).]'
+  '-c[Enable cluster mode (follow -ASK and -MOVED redirections).]'
+  '-e[Return exit error code when command execution fails.]'
+  '--raw[Use raw formatting for replies (default when STDOUT is not a tty).]'
+  '--no-raw[Force formatted output even when STDOUT is not a tty.]'
+  '--quoted-input[Force input to be handled as quoted strings.]'
+  '--csv[Output in CSV format.]'
+  '--show-pushes[Whether to print RESP3 PUSH messages.  Enabled by default when STDOUT is a tty but can be overriden with --show-pushes no.]'
+  '--stat[Print rolling stats about server: mem, clients, ...]'
+  '--latency[Enter a special mode continuously sampling latency. If you use this mode in an interactive session it runs forever displaying real-time stats. Otherwise if --raw or --csv is specified, or if you redirect the output to a non TTY, it samples the latency for 1 second (you can use -i to change the interval), then produces a single output and exits.]'
+  '--latency-history[Like --latency but tracking latency changes over time. Default time interval is 15 sec. Change it using -i.]'
+  '--latency-dist[Shows latency as a spectrum, requires xterm 256 colors. Default time interval is 1 sec. Change it using -i.]'
+  '--lru-test[Simulate a cache workload with an 80-20 distribution.]'
+  '--replica[Simulate a replica showing commands received from the master.]'
+  '--rdb[Transfer an RDB dump from remote server to local file.]'
+  '--pipe[Transfer raw KeyDB protocol from stdin to server.]'
+  '--pipe-timeout[In --pipe mode, abort with error if after sending all data. no reply is received within <n> seconds. Default timeout: 30. Use 0 to wait forever.]'
+  '--bigkeys[Sample KeyDB keys looking for keys with many elements (complexity).]'
+  '--memkeys[Sample KeyDB keys looking for keys consuming a lot of memory.]'
+  '--memkeys-samples[Sample KeyDB keys looking for keys consuming a lot of memory. And define number of key elements to sample]'
+  '--hotkeys[Sample KeyDB keys looking for hot keys. only works when maxmemory-policy is *lfu.]'
+  '--scan[List all keys using the SCAN command.]'
+  '--pattern[Keys pattern when using the --scan, --bigkeys or --hotkeys options (default: *).]'
+  '--quoted-pattern[Same as --pattern, but the specified string can be quoted, in order to pass an otherwise non binary-safe string.]'
+  '--intrinsic-latency[Run a test to measure intrinsic system latency. The test will run for the specified amount of seconds.]'
+  '--eval[Send an EVAL command using the Lua script at <file>.]'
+  '--ldb[Used with --eval enable the Redis Lua debugger.]'
+  '--ldb-sync-mode[Like --ldb but uses the synchronous Lua debugger, in this mode the server is blocked and script changes are not rolled back from the server memory.]'
+  '--cluster[<command> args... opts... Cluster Manager command and arguments (see below).]'
+  '--verbose[Verbose mode.]'
+  '--no-auth-warning[Dont show warning message when using password on command line interface.]'
+  '--help[Output this help and exit.]'
+   '--version[Output version and exit.]'
+)
+
+_arguments -s $options