我能否更改Redis集群中正在运行的Redis实例上的MASTERAUTH值？

Question

根据http://redis.io/topics/security，我可以在Redis配置文件中设置一个requirepass值，例如requirepass foobared。

但是，我不希望这在我的配置文件中。

基本上，我希望将这个密码保留在.conf文件之外，并使用redis-cli设置它。

################################## SECURITY ###################################

# Require clients to issue AUTH <PASSWORD> before processing any other
# commands.  This might be useful in environments in which you do not trust
# others with access to the host running redis-server.
#
# This should stay commented out for backward compatibility and because most
# people do not need auth (e.g. they run their own servers).
#
# Warning: since Redis is pretty fast an outside user can try up to
# 150k passwords per second against a good box. This means that you should
# use a very strong password otherwise it will be very easy to break.
#
# 2015.12.14 nbasanes: Although I prefer enabling this, I'm not 
# sure it buys us much, since a clear password in a config 
# file is bad for security:
# requirepass foobared

# 2015.12.14  nbasanes: This could be interesting, although 
#   I don't put much weight in security-by-obscurity:
# Command renaming.
#
# It is possible to change the name of dangerous commands in a shared
# environment. For instance the CONFIG command may be renamed into something
# hard to guess so that it will still be available for internal-use tools
# but not available for general clients.
#
# Example:
#
# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
#
# It is also possible to completely kill a command by renaming it into
# an empty string:
#
# rename-command CONFIG ""
#
# Please note that changing the name of commands that are logged into the
# AOF file or transmitted to slaves may cause problems.

Answer 1

是的，可以在运行时更改auth。(请参阅内森·巴萨尼斯的回答)。

此外，请确保启动配置重写命令以使身份验证持久存在。如果Redis实例重新启动，它可能会丢失。

CONFIG REWRITE

您可以通过对Redis实例运行CONFIG GET *获得在运行时可以更改的所有参数的列表。

  127.0.0.1:6379> CONFIG GET *
  1) "dbfilename"
  2) "dump.rdb"
  3) "requirepass"
  4) ""
  5) "masterauth"
  6) ""
  7) "unixsocket"
  8) ""