From 7c5591500083b03d569a72583331b8c309dd48b1 Mon Sep 17 00:00:00 2001 From: Marc 'risson' Schmitt Date: Tue, 30 Sep 2025 18:21:17 +0200 Subject: [PATCH 1/7] *: remove Redis leftovers Signed-off-by: Marc 'risson' Schmitt --- authentik/api/v3/config.py | 2 -- authentik/lib/config.py | 1 - authentik/lib/default.yml | 10 ------- authentik/lib/logging.py | 1 - authentik/lib/sentry.py | 14 ---------- authentik/lib/tests/test_config.py | 3 --- authentik/root/monitoring.py | 9 +------ authentik/sources/kerberos/models.py | 2 +- authentik/tasks/middleware.py | 6 +---- schema.yml | 3 --- website/docs/core/architecture.md | 12 --------- .../setup/full-dev-environment.mdx | 5 +--- website/docs/install-config/air-gapped.mdx | 1 - .../configuration/configuration.mdx | 27 +------------------ website/docs/install-config/install/aws.md | 1 - .../docs/install-config/install/kubernetes.md | 2 -- website/docs/sys-mgmt/ops/backup-restore.md | 18 ------------- website/docs/sys-mgmt/ops/monitoring.md | 6 ++--- website/docs/sys-mgmt/tenancy.md | 2 -- 19 files changed, 8 insertions(+), 117 deletions(-) diff --git a/authentik/api/v3/config.py b/authentik/api/v3/config.py index 151796afc494..36505093020b 100644 --- a/authentik/api/v3/config.py +++ b/authentik/api/v3/config.py @@ -56,7 +56,6 @@ class ConfigSerializer(PassiveSerializer): cache_timeout = IntegerField(required=True) cache_timeout_flows = IntegerField(required=True) cache_timeout_policies = IntegerField(required=True) - cache_timeout_reputation = IntegerField(required=True) class ConfigView(APIView): @@ -103,7 +102,6 @@ def get_config(self) -> ConfigSerializer: "cache_timeout": CONFIG.get_int("cache.timeout"), "cache_timeout_flows": CONFIG.get_int("cache.timeout_flows"), "cache_timeout_policies": CONFIG.get_int("cache.timeout_policies"), - "cache_timeout_reputation": CONFIG.get_int("cache.timeout_reputation"), } ) diff --git a/authentik/lib/config.py b/authentik/lib/config.py index 6146db2c2aae..3e94bfeb4627 100644 --- a/authentik/lib/config.py +++ b/authentik/lib/config.py @@ -45,7 +45,6 @@ "redis.cache_timeout": "cache.timeout", "redis.cache_timeout_flows": "cache.timeout_flows", "redis.cache_timeout_policies": "cache.timeout_policies", - "redis.cache_timeout_reputation": "cache.timeout_reputation", } diff --git a/authentik/lib/default.yml b/authentik/lib/default.yml index 92393a39a851..f39a02020739 100644 --- a/authentik/lib/default.yml +++ b/authentik/lib/default.yml @@ -47,16 +47,6 @@ listen: - fe80::/10 - ::1/128 -redis: - host: localhost - port: 6379 - db: 0 - username: "" - password: "" - tls: false - tls_reqs: "none" - tls_ca_cert: null - http_timeout: 30 cache: diff --git a/authentik/lib/logging.py b/authentik/lib/logging.py index 8f750da07ecb..5a5583daf320 100644 --- a/authentik/lib/logging.py +++ b/authentik/lib/logging.py @@ -104,7 +104,6 @@ def get_logger_config(): "daphne": "WARNING", "kubernetes": "INFO", "asyncio": "WARNING", - "redis": "WARNING", "fsevents": "WARNING", "uvicorn": "WARNING", "gunicorn": "INFO", diff --git a/authentik/lib/sentry.py b/authentik/lib/sentry.py index 4de8bc89d8ec..17b8959421f6 100644 --- a/authentik/lib/sentry.py +++ b/authentik/lib/sentry.py @@ -3,19 +3,15 @@ from asyncio.exceptions import CancelledError from typing import Any -from channels_redis.core import ChannelFull from django.conf import settings from django.core.exceptions import ImproperlyConfigured, SuspiciousOperation, ValidationError from django.db import DatabaseError, InternalError, OperationalError, ProgrammingError from django.http.response import Http404 -from django_redis.exceptions import ConnectionInterrupted from docker.errors import DockerException from dramatiq.errors import Retry from h11 import LocalProtocolError from ldap3.core.exceptions import LDAPException from psycopg.errors import Error -from redis.exceptions import ConnectionError as RedisConnectionError -from redis.exceptions import RedisError, ResponseError from rest_framework.exceptions import APIException from sentry_sdk import HttpTransport, get_current_scope from sentry_sdk import init as sentry_sdk_init @@ -23,7 +19,6 @@ from sentry_sdk.integrations.argv import ArgvIntegration from sentry_sdk.integrations.django import DjangoIntegration from sentry_sdk.integrations.dramatiq import DramatiqIntegration -from sentry_sdk.integrations.redis import RedisIntegration from sentry_sdk.integrations.socket import SocketIntegration from sentry_sdk.integrations.stdlib import StdlibIntegration from sentry_sdk.integrations.threading import ThreadingIntegration @@ -59,13 +54,7 @@ class SentryIgnoredException(Exception): ProgrammingError, SuspiciousOperation, ValidationError, - # Redis errors - RedisConnectionError, - ConnectionInterrupted, - RedisError, - ResponseError, # websocket errors - ChannelFull, WebSocketException, LocalProtocolError, # rest_framework error @@ -112,7 +101,6 @@ def sentry_init(**sentry_init_kwargs): ArgvIntegration(), DjangoIntegration(transaction_style="function_name", cache_spans=True), DramatiqIntegration(), - RedisIntegration(), SocketIntegration(), StdlibIntegration(), ThreadingIntegration(propagate_hub=True), @@ -159,9 +147,7 @@ def before_send(event: dict, hint: dict) -> dict | None: if event["logger"] in [ "asyncio", "multiprocessing", - "django_redis", "django.security.DisallowedHost", - "django_redis.cache", "paramiko.transport", ]: return None diff --git a/authentik/lib/tests/test_config.py b/authentik/lib/tests/test_config.py index 3e076b71a8d3..fbd744fbfbc1 100644 --- a/authentik/lib/tests/test_config.py +++ b/authentik/lib/tests/test_config.py @@ -27,7 +27,6 @@ class TestConfig(TestCase): ENV_PREFIX + "_REDIS__CACHE_TIMEOUT": "124s", ENV_PREFIX + "_REDIS__CACHE_TIMEOUT_FLOWS": "32m", ENV_PREFIX + "_REDIS__CACHE_TIMEOUT_POLICIES": "3920ns", - ENV_PREFIX + "_REDIS__CACHE_TIMEOUT_REPUTATION": "298382us", } @mock.patch.dict(environ, {ENV_PREFIX + "_test__test": "bar"}) @@ -179,12 +178,10 @@ def test_check_deprecations(self): self.assertEqual(config.get("redis.cache_timeout", UNSET), UNSET) self.assertEqual(config.get("redis.cache_timeout_flows", UNSET), UNSET) self.assertEqual(config.get("redis.cache_timeout_policies", UNSET), UNSET) - self.assertEqual(config.get("redis.cache_timeout_reputation", UNSET), UNSET) self.assertEqual(config.get("worker.threads"), 2) self.assertEqual(config.get("cache.timeout"), "124s") self.assertEqual(config.get("cache.timeout_flows"), "32m") self.assertEqual(config.get("cache.timeout_policies"), "3920ns") - self.assertEqual(config.get("cache.timeout_reputation"), "298382us") def test_get_keys(self): """Test get_keys""" diff --git a/authentik/root/monitoring.py b/authentik/root/monitoring.py index f038778b73a2..e0ef789a15a3 100644 --- a/authentik/root/monitoring.py +++ b/authentik/root/monitoring.py @@ -11,8 +11,6 @@ from django.http import HttpRequest, HttpResponse from django.views import View from django_prometheus.exports import ExportToDjangoView -from django_redis import get_redis_connection -from redis.exceptions import RedisError monitoring_set = Signal() @@ -44,7 +42,7 @@ def dispatch(self, request: HttpRequest) -> HttpResponse: class ReadyView(View): - """View for readiness probe, always returns Http 200, unless sql or redis is down""" + """View for readiness probe, always returns Http 200, unless sql is down""" def dispatch(self, request: HttpRequest) -> HttpResponse: try: @@ -54,9 +52,4 @@ def dispatch(self, request: HttpRequest) -> HttpResponse: _ = db_conn.cursor() except OperationalError: # pragma: no cover return HttpResponse(status=503) - try: - redis_conn = get_redis_connection() - redis_conn.ping() - except RedisError: # pragma: no cover - return HttpResponse(status=503) return HttpResponse(status=200) diff --git a/authentik/sources/kerberos/models.py b/authentik/sources/kerberos/models.py index d05d71b3d4ad..1a9e3950a9a4 100644 --- a/authentik/sources/kerberos/models.py +++ b/authentik/sources/kerberos/models.py @@ -188,7 +188,7 @@ def ui_user_settings(self) -> UserSettingSerializer | None: @property def sync_lock(self) -> pglock.advisory: - """Redis lock for syncing Kerberos to prevent multiple parallel syncs happening""" + """Lock for syncing Kerberos to prevent multiple parallel syncs happening""" return pglock.advisory( lock_id=f"goauthentik.io/{connection.schema_name}/sources/kerberos/sync/{self.slug}", timeout=0, diff --git a/authentik/tasks/middleware.py b/authentik/tasks/middleware.py index bffa6bdf8c0c..0606f5a77283 100644 --- a/authentik/tasks/middleware.py +++ b/authentik/tasks/middleware.py @@ -10,12 +10,10 @@ from django_dramatiq_postgres.middleware import ( MetricsMiddleware as BaseMetricsMiddleware, ) -from django_redis import get_redis_connection from dramatiq.broker import Broker from dramatiq.message import Message from dramatiq.middleware import Middleware from psycopg.errors import Error -from redis.exceptions import RedisError from structlog.stdlib import get_logger from authentik import authentik_full_version @@ -28,7 +26,7 @@ LOGGER = get_logger() HEALTHCHECK_LOGGER = get_logger("authentik.worker").bind() -DB_ERRORS = (OperationalError, Error, RedisError) +DB_ERRORS = (OperationalError, Error) class TenantMiddleware(Middleware): @@ -179,8 +177,6 @@ def do_HEAD(self): # Force connection reload db_conn.connect() _ = db_conn.cursor() - redis_conn = get_redis_connection() - redis_conn.ping() self.send_response(200) except DB_ERRORS: # pragma: no cover self.send_response(503) diff --git a/schema.yml b/schema.yml index 1aeb2f07f648..5a97aa5aa9c8 100644 --- a/schema.yml +++ b/schema.yml @@ -40710,13 +40710,10 @@ components: type: integer cache_timeout_policies: type: integer - cache_timeout_reputation: - type: integer required: - cache_timeout - cache_timeout_flows - cache_timeout_policies - - cache_timeout_reputation - capabilities - error_reporting ConnectionToken: diff --git a/website/docs/core/architecture.md b/website/docs/core/architecture.md index 7cf30364676d..632959a14571 100644 --- a/website/docs/core/architecture.md +++ b/website/docs/core/architecture.md @@ -10,9 +10,7 @@ graph LR ak_server --> ak_server_core(authentik Server Core) ak_server --> ak_outpost(Embedded outpost) ak_server_core --> db(PostgreSQL) - ak_server_core --> cache(Redis) ak_worker(Background Worker) --> db(PostgreSQL) - ak_worker(Background Worker) --> cache(Redis) ``` ### Server @@ -49,13 +47,3 @@ authentik uses PostgreSQL to store all of its configuration and other data (excl - `/var/lib/postgresql/data` is used to store the PostgreSQL database On Kubernetes, with the default Helm chart and using the packaged PostgreSQL sub-chart, persistent data is stored in a PVC. - -### Redis - -authentik uses Redis as a message-queue and a cache. Data in Redis is not required to be persistent. - -#### Persistence - -- `/data` is used to store the Redis data - -On Kubernetes, with the default Helm chart and using the packaged Redis sub-chart, persistent data is stored in a PVC. diff --git a/website/docs/developer-docs/setup/full-dev-environment.mdx b/website/docs/developer-docs/setup/full-dev-environment.mdx index 358102725f8a..3212f94ec75a 100644 --- a/website/docs/developer-docs/setup/full-dev-environment.mdx +++ b/website/docs/developer-docs/setup/full-dev-environment.mdx @@ -29,7 +29,6 @@ Before you begin, ensure you have the following tools installed: authentik depends on several external services: -- [Redis](https://redis.io/) for caching - [PostgreSQL](https://www.postgresql.org/) for database storage - [Zenko CloudServer (S3)](https://www.zenko.io/cloudserver/) for object storage - [Sentry Spotlight](https://spotlightjs.com/) for error tracking and visualization @@ -64,7 +63,6 @@ libpq \ pkg-config \ uv \ postgresql \ -redis \ node@24 \ golangci-lint \ krb5 @@ -82,8 +80,7 @@ libgss-dev \ krb5-config \ libkrb5-dev \ postgresql-server-dev-all \ -postgresql \ -redis +postgresql ``` For other distributions (Red Hat, SUSE, Arch), adjust the package names as needed. diff --git a/website/docs/install-config/air-gapped.mdx b/website/docs/install-config/air-gapped.mdx index 2c268c96c73c..948af0993840 100644 --- a/website/docs/install-config/air-gapped.mdx +++ b/website/docs/install-config/air-gapped.mdx @@ -79,7 +79,6 @@ authentik deployments require access to the following container images. In an ai #### Supporting services - PostgreSQL -- Redis ### Helm repositories diff --git a/website/docs/install-config/configuration/configuration.mdx b/website/docs/install-config/configuration/configuration.mdx index 221ac30efcda..f9fb9afc8d3a 100644 --- a/website/docs/install-config/configuration/configuration.mdx +++ b/website/docs/install-config/configuration/configuration.mdx @@ -177,36 +177,11 @@ When your PostgreSQL databases are running behind a connection pooler (like PgBo - `AUTHENTIK_POSTGRESQL__USE_PGBOUNCER`: Adjusts the database configuration to support connections to a PgBouncer connection pooler. This setting is deprecated and will be removed in a future version. Instead, use the configuration described in the [Using a PostgreSQL Connection Pooler](#using-a-postgresql-connection-pooler) section. - `AUTHENTIK_POSTGRESQL__USE_PGPOOL`: Adjusts the database configuration to support connections to a Pgpool connection pooler. This setting is deprecated and will be removed in a future version. Instead, use the configuration described in the [Using a PostgreSQL Connection Pooler](#using-a-postgresql-connection-pooler) section. -## Redis Settings - -- `AUTHENTIK_REDIS__HOST`: Redis server host when not using configuration URL -- `AUTHENTIK_REDIS__PORT`: Redis server port when not using configuration URL -- `AUTHENTIK_REDIS__DB`: Redis server database when not using configuration URL -- `AUTHENTIK_REDIS__USERNAME`: Redis server username when not using configuration URL -- `AUTHENTIK_REDIS__PASSWORD`: Redis server password when not using configuration URL -- `AUTHENTIK_REDIS__TLS`: Redis server connection using TLS when not using configuration URL -- `AUTHENTIK_REDIS__TLS_REQS`: Redis server TLS connection requirements when not using configuration URL. Defaults to `"none"`. Allowed values are `"none"` and `"required"`. -- `AUTHENTIK_REDIS__TLS_CA_CERT`: Path to the Redis server TLS CA root when not using configuration URL. Defaults to `null`. - -## Result Backend Settings - -- `AUTHENTIK_RESULT_BACKEND__URL`: Result backend configuration URL, uses [the Redis Settings](#redis-settings) by default - ## Cache Settings -- `AUTHENTIK_CACHE__URL`: Cache configuration URL, uses [the Redis Settings](#redis-settings) by default - `AUTHENTIK_CACHE__TIMEOUT`: Timeout for cached data until it expires in seconds, defaults to 300 - `AUTHENTIK_CACHE__TIMEOUT_FLOWS`: Timeout for cached flow plans until they expire in seconds, defaults to 300 - `AUTHENTIK_CACHE__TIMEOUT_POLICIES`: Timeout for cached policies until they expire in seconds, defaults to 300 -- `AUTHENTIK_CACHE__TIMEOUT_REPUTATION`: Timeout for cached reputation until they expire in seconds, defaults to 300 - - :::info - `AUTHENTIK_CACHE__TIMEOUT_REPUTATION` only applies to the cache expiry, see [`AUTHENTIK_REPUTATION__EXPIRY`](#authentik_reputation__expiry) to control how long reputation is persisted for. - ::: - -## Channel Layer Settings (inter-instance communication) - -- `AUTHENTIK_CHANNEL__URL`: Channel layers configuration URL, uses [the Redis Settings](#redis-settings) by default ## Worker settings @@ -496,7 +471,7 @@ Defaults to `null`. ### `AUTHENTIK_REPUTATION__EXPIRY` -Configure how long reputation scores should be saved for in seconds. Note that this is different than [`AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION`](#redis-settings), as reputation is saved to the database every 5 minutes. +Configure how long reputation scores should be saved for in seconds. Defaults to `86400`. diff --git a/website/docs/install-config/install/aws.md b/website/docs/install-config/install/aws.md index fca6ade3143c..3e36232fcc14 100644 --- a/website/docs/install-config/install/aws.md +++ b/website/docs/install-config/install/aws.md @@ -20,7 +20,6 @@ This stack will create the following resources: - AWS SSM secrets for the PostgreSQL user and the authentik secret key - A VPC for all other resources - A RDS PostgreSQL Multi-AZ cluster -- An ElastiCache Redis Multi-AZ cluster - An ECS cluster with two tasks: - One for the authentik server - One for the authentik worker diff --git a/website/docs/install-config/install/kubernetes.md b/website/docs/install-config/install/kubernetes.md index 0f68e5808e2f..3c9797b63178 100644 --- a/website/docs/install-config/install/kubernetes.md +++ b/website/docs/install-config/install/kubernetes.md @@ -52,8 +52,6 @@ postgresql: enabled: true auth: password: "ThisIsNotASecurePassword" -redis: - enabled: true ``` See all configurable values on [ArtifactHub](https://artifacthub.io/packages/helm/goauthentik/authentik). diff --git a/website/docs/sys-mgmt/ops/backup-restore.md b/website/docs/sys-mgmt/ops/backup-restore.md index b603d06c2cbb..7ed62f60cd1a 100644 --- a/website/docs/sys-mgmt/ops/backup-restore.md +++ b/website/docs/sys-mgmt/ops/backup-restore.md @@ -22,24 +22,6 @@ This guide outlines the critical components to back up and restore in authentik. - **Restoration Guidance:** - Use PostgreSQL's [`pg_restore`](https://www.postgresql.org/docs/current/app-pgrestore.html) or other official methods. -## Redis database - -### Backup - -- **Role:** Manages temporary data: - - Pending tasks (e.g., queued emails, outpost syncs). - - Cache -- **Impact of Loss:** Temporary performance loss (while cache gets rebuilt), and potential permanent data loss (e.g., queued emails). -- **Backup Guidance:** - - Use Redis' [`SAVE`](https://redis.io/commands/save) or [`BGSAVE`](https://redis.io/commands/bgsave). -- **Official Documentation:** [Redis Persistence](https://redis.io/docs/management/persistence/) - -### Restore - -- **Restoration Importance:** Service impact but no permanent data loss. -- **Restoration Guidance:** - - Follow [Redis' Import Data Guide](https://redis.io/learn/guides/import#restore-an-rdb-file) to restore an RDB file. - ## Static directories These directories are mounted as volumes in containerized installations and must be restored if they were part of the backup to maintain authentik’s expected functionality. diff --git a/website/docs/sys-mgmt/ops/monitoring.md b/website/docs/sys-mgmt/ops/monitoring.md index b0351d7fc4dc..5a67efc9d41c 100644 --- a/website/docs/sys-mgmt/ops/monitoring.md +++ b/website/docs/sys-mgmt/ops/monitoring.md @@ -6,13 +6,13 @@ authentik can be easily monitored in multiple ways. ## Server monitoring -Configure your monitoring software to send requests to `/-/health/live/`, which will return a `HTTP 200` response as long as authentik is running. You can also send HTTP requests to `/-/health/ready/`, which will return `HTTP 200` if both PostgreSQL and Redis connections can be established correctly. +Configure your monitoring software to send requests to `/-/health/live/`, which will return a `HTTP 200` response as long as authentik is running. You can also send HTTP requests to `/-/health/ready/`, which will return `HTTP 200` if a PostgreSQL connection can be established correctly. ## Worker monitoring -The worker container can be monitored by running `ak healthcheck` in the worker container. This will check that the worker is running and ensure that both PostgreSQL and Redis connections can be established correctly. +The worker container can be monitored by running `ak healthcheck` in the worker container. This will check that the worker is running and ensure that a PostgreSQL connection can be established correctly. -You can also send HTTP requests to `/-/health/ready/`, which will return `HTTP 200` if both PostgreSQL and Redis connections can be established correctly. +You can also send HTTP requests to `/-/health/ready/`, which will return `HTTP 200` if a PostgreSQL connection can be established correctly. ## Outpost monitoring diff --git a/website/docs/sys-mgmt/tenancy.md b/website/docs/sys-mgmt/tenancy.md index 667b585f14ec..9a42e199151f 100644 --- a/website/docs/sys-mgmt/tenancy.md +++ b/website/docs/sys-mgmt/tenancy.md @@ -35,8 +35,6 @@ Learn more in our documentation about [Enterprise licenses](../enterprise/manage - Upon creating another tenant, a new schema will be created by cloning the `template` schema. This special schema is like a tenant with no data created in it. Cloning an existing schema instead of creating a new one and running migrations on it is done for efficiency purposes. -- In a typical deployment, all data stored in Redis (such as tasks, locks, and cached objects) will have its keys prefixed by the `schema_name`. - - Files are isolated on a per-tenant basis, with each tenant folder named according to the schema_name. For example, `/media/t_example`. The same is true regardless of the storage backend. - Using an [embedded outpost](../add-secure-apps/outposts/embedded/embedded.mdx) with multi-tenancy is not currently supported. Disable the embedded outpost with `AUTHENTIK_OUTPOSTS__DISABLE_EMBEDDED_OUTPOST=true` configuration setting. From 954bd3216f6129c1defff857c93dc6daf97e4e61 Mon Sep 17 00:00:00 2001 From: Marc 'risson' Schmitt Date: Tue, 30 Sep 2025 18:31:55 +0200 Subject: [PATCH 2/7] more removal Signed-off-by: Marc 'risson' Schmitt --- .gitignore | 2 +- Makefile | 2 - docker-compose.yml | 22 ------ lifecycle/aws/app.py | 51 ------------- lifecycle/aws/template.yaml | 75 ------------------- .../system_migrations/to_0_13_authentik.py | 17 ----- lifecycle/wait_for_db.py | 24 +----- scripts/docker-compose.yml | 6 -- scripts/generate_docker_compose.py | 31 +++----- scripts/test_docker.sh | 2 +- 10 files changed, 13 insertions(+), 219 deletions(-) diff --git a/.gitignore b/.gitignore index 6062eb1bd15d..3fe47726ea4e 100644 --- a/.gitignore +++ b/.gitignore @@ -72,7 +72,7 @@ unittest.xml # Translations # Have to include binary mo files as they are annoying to compile at build time -# since a full postgres and redis instance are required +# since a full postgres instance is required # *.mo # Django stuff: diff --git a/Makefile b/Makefile index efd072a6b26f..e809f004121c 100644 --- a/Makefile +++ b/Makefile @@ -16,7 +16,6 @@ GEN_API_GO = gen-go-api pg_user := $(shell uv run python -m authentik.lib.config postgresql.user 2>/dev/null) pg_host := $(shell uv run python -m authentik.lib.config postgresql.host 2>/dev/null) pg_name := $(shell uv run python -m authentik.lib.config postgresql.name 2>/dev/null) -redis_db := $(shell uv run python -m authentik.lib.config redis.db 2>/dev/null) UNAME := $(shell uname) @@ -107,7 +106,6 @@ dev-drop-db: dropdb -U ${pg_user} -h ${pg_host} ${pg_name} || true # Also remove the test-db if it exists dropdb -U ${pg_user} -h ${pg_host} test_${pg_name} || true - redis-cli -n ${redis_db} flushall dev-create-db: createdb -U ${pg_user} -h ${pg_host} ${pg_name} diff --git a/docker-compose.yml b/docker-compose.yml index 9d087f6e17bc..80bba2367117 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -18,27 +18,11 @@ services: restart: unless-stopped volumes: - database:/var/lib/postgresql/data - redis: - command: --save 60 1 --loglevel warning - healthcheck: - interval: 30s - retries: 5 - start_period: 20s - test: - - CMD-SHELL - - redis-cli ping | grep PONG - timeout: 3s - image: docker.io/library/redis:alpine - restart: unless-stopped - volumes: - - redis:/data server: command: server depends_on: postgresql: condition: service_healthy - redis: - condition: service_healthy env_file: - .env environment: @@ -46,7 +30,6 @@ services: AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} - AUTHENTIK_REDIS__HOST: redis AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required} image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.10.0-rc1} ports: @@ -61,8 +44,6 @@ services: depends_on: postgresql: condition: service_healthy - redis: - condition: service_healthy env_file: - .env environment: @@ -70,7 +51,6 @@ services: AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} - AUTHENTIK_REDIS__HOST: redis AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required} image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.10.0-rc1} restart: unless-stopped @@ -83,5 +63,3 @@ services: volumes: database: driver: local - redis: - driver: local diff --git a/lifecycle/aws/app.py b/lifecycle/aws/app.py index 6a8d087e6450..50b8d06aa866 100755 --- a/lifecycle/aws/app.py +++ b/lifecycle/aws/app.py @@ -20,9 +20,6 @@ from aws_cdk import ( aws_efs as efs, ) -from aws_cdk import ( - aws_elasticache as elasticache, -) from aws_cdk import ( aws_elasticloadbalancingv2 as elbv2, ) @@ -62,21 +59,6 @@ def __init__(self, scope: Construct, id: str, **kwargs): description="RDS PostgreSQL storage size in GB", ) - redis_instance_type = CfnParameter( - self, - "RedisInstanceType", - type="String", - default="cache.t4g.medium", - description="ElastiCache Redis instance type (with the leading cache.)", - ) - redis_version = CfnParameter( - self, - "RedisVersion", - type="String", - default="7.1", - description="ElastiCache Redis version", - ) - authentik_image = CfnParameter( self, "AuthentikImage", @@ -156,9 +138,6 @@ def __init__(self, scope: Construct, id: str, **kwargs): db_security_group = ec2.SecurityGroup( self, "DatabaseSG", vpc=vpc, description="Security Group for authentik RDS PostgreSQL" ) - redis_security_group = ec2.SecurityGroup( - self, "RedisSG", vpc=vpc, description="Security Group for authentik ElastiCache Redis" - ) authentik_security_group = ec2.SecurityGroup( self, "AuthentikSG", vpc=vpc, description="Security Group for authentik services" ) @@ -167,11 +146,6 @@ def __init__(self, scope: Construct, id: str, **kwargs): connection=ec2.Port.tcp(5432), description="Allow authentik to connect to RDS PostgreSQL", ) - redis_security_group.add_ingress_rule( - peer=authentik_security_group, - connection=ec2.Port.tcp(6379), - description="Allow authentik to connect to ElastiCache Redis", - ) # Generated secrets @@ -212,30 +186,6 @@ def __init__(self, scope: Construct, id: str, **kwargs): removal_policy=RemovalPolicy.SNAPSHOT, ) - # Redis - - redis_subnet_group = elasticache.CfnSubnetGroup( - self, - "AuthentikRedisSubnetGroup", - subnet_ids=vpc.select_subnets( - subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS - ).subnet_ids, - description="Subnet group for authentik ElastiCache Redis", - ) - - redis = elasticache.CfnReplicationGroup( - self, - "AuthentikRedis", - replication_group_description="Redis cluster for authentik", - engine="redis", - engine_version=redis_version.value_as_string, - cache_node_type=redis_instance_type.value_as_string, - num_cache_clusters=2, - automatic_failover_enabled=True, - security_group_ids=[redis_security_group.security_group_id], - cache_subnet_group_name=redis_subnet_group.ref, - ) - # Storage media_fs = efs.FileSystem( @@ -270,7 +220,6 @@ def __init__(self, scope: Construct, id: str, **kwargs): environment = { "AUTHENTIK_POSTGRESQL__HOST": database.instance_endpoint.hostname, "AUTHENTIK_POSTGRESQL__USER": "authentik", - "AUTHENTIK_REDIS__HOST": redis.attr_primary_end_point_address, } secrets = { diff --git a/lifecycle/aws/template.yaml b/lifecycle/aws/template.yaml index cc502247367d..0e720d9555ba 100644 --- a/lifecycle/aws/template.yaml +++ b/lifecycle/aws/template.yaml @@ -12,14 +12,6 @@ Parameters: Default: 10 Description: RDS PostgreSQL storage size in GB MinValue: 10 - RedisInstanceType: - Type: String - Default: cache.t4g.medium - Description: ElastiCache Redis instance type (with the leading cache.) - RedisVersion: - Type: String - Default: "7.1" - Description: ElastiCache Redis version AuthentikImage: Type: String Default: ghcr.io/goauthentik/server @@ -342,35 +334,6 @@ Resources: ToPort: 5432 Metadata: aws:cdk:path: AuthentikStack/DatabaseSG/from AuthentikStackAuthentikSG23C19B28:5432 - RedisSGEA80AC17: - Type: AWS::EC2::SecurityGroup - Properties: - GroupDescription: Security Group for authentik ElastiCache Redis - SecurityGroupEgress: - - CidrIp: 0.0.0.0/0 - Description: Allow all outbound traffic by default - IpProtocol: "-1" - VpcId: - Ref: AuthentikVpcA1ABE6C2 - Metadata: - aws:cdk:path: AuthentikStack/RedisSG/Resource - RedisSGfromAuthentikStackAuthentikSG23C19B2863790C4BCCDE: - Type: AWS::EC2::SecurityGroupIngress - Properties: - Description: Allow authentik to connect to ElastiCache Redis - FromPort: 6379 - GroupId: - Fn::GetAtt: - - RedisSGEA80AC17 - - GroupId - IpProtocol: tcp - SourceSecurityGroupId: - Fn::GetAtt: - - AuthentikSG3040E46F - - GroupId - ToPort: 6379 - Metadata: - aws:cdk:path: AuthentikStack/RedisSG/from AuthentikStackAuthentikSG23C19B28:6379 AuthentikSG3040E46F: Type: AWS::EC2::SecurityGroup Properties: @@ -481,34 +444,6 @@ Resources: DeletionPolicy: Snapshot Metadata: aws:cdk:path: AuthentikStack/AuthentikDB/Resource - AuthentikRedisSubnetGroup: - Type: AWS::ElastiCache::SubnetGroup - Properties: - Description: Subnet group for authentik ElastiCache Redis - SubnetIds: - - Ref: AuthentikVpcPrivateSubnet1Subnet6748EEA3 - - Ref: AuthentikVpcPrivateSubnet2Subnet6B8E7123 - Metadata: - aws:cdk:path: AuthentikStack/AuthentikRedisSubnetGroup - AuthentikRedis: - Type: AWS::ElastiCache::ReplicationGroup - Properties: - AutomaticFailoverEnabled: true - CacheNodeType: - Ref: RedisInstanceType - CacheSubnetGroupName: - Ref: AuthentikRedisSubnetGroup - Engine: redis - EngineVersion: - Ref: RedisVersion - NumCacheClusters: 2 - ReplicationGroupDescription: Redis cluster for authentik - SecurityGroupIds: - - Fn::GetAtt: - - RedisSGEA80AC17 - - GroupId - Metadata: - aws:cdk:path: AuthentikStack/AuthentikRedis AuthentikMediaEFSSecurityGroup1840BA29: Type: AWS::EC2::SecurityGroup Properties: @@ -653,11 +588,6 @@ Resources: - Endpoint.Address - Name: AUTHENTIK_POSTGRESQL__USER Value: authentik - - Name: AUTHENTIK_REDIS__HOST - Value: - Fn::GetAtt: - - AuthentikRedis - - PrimaryEndPoint.Address Essential: true HealthCheck: Command: @@ -874,11 +804,6 @@ Resources: - Endpoint.Address - Name: AUTHENTIK_POSTGRESQL__USER Value: authentik - - Name: AUTHENTIK_REDIS__HOST - Value: - Fn::GetAtt: - - AuthentikRedis - - PrimaryEndPoint.Address Essential: true HealthCheck: Command: diff --git a/lifecycle/system_migrations/to_0_13_authentik.py b/lifecycle/system_migrations/to_0_13_authentik.py index c56d3b2d1f01..e0eb6a0bf3bf 100644 --- a/lifecycle/system_migrations/to_0_13_authentik.py +++ b/lifecycle/system_migrations/to_0_13_authentik.py @@ -1,7 +1,4 @@ # flake8: noqa -from redis import Redis - -from authentik.lib.config import CONFIG from lifecycle.migrate import BaseMigration SQL_STATEMENT = """BEGIN TRANSACTION; @@ -106,17 +103,3 @@ def needs_migration(self) -> bool: def run(self): with self.con.transaction(): self.cur.execute(SQL_STATEMENT) - # We also need to clean the cache to make sure no pickeled objects still exist - for db in [ - CONFIG.get("redis.message_queue_db"), - CONFIG.get("redis.cache_db"), - CONFIG.get("redis.ws_db"), - ]: - redis = Redis( - host=CONFIG.get("redis.host"), - port=6379, - db=db, - username=CONFIG.get("redis.username"), - password=CONFIG.get("redis.password"), - ) - redis.flushall() diff --git a/lifecycle/wait_for_db.py b/lifecycle/wait_for_db.py index 2c193c24c420..e0d8c1860e86 100755 --- a/lifecycle/wait_for_db.py +++ b/lifecycle/wait_for_db.py @@ -1,14 +1,13 @@ #!/usr/bin/env python """This file needs to be run from the root of the project to correctly import authentik. This is done by the dockerfile.""" + from sys import exit as sysexit from time import sleep from psycopg import OperationalError, connect -from redis import Redis -from redis.exceptions import RedisError -from authentik.lib.config import CONFIG, redis_url +from authentik.lib.config import CONFIG CHECK_THRESHOLD = 30 @@ -40,24 +39,6 @@ def check_postgres(): CONFIG.log("info", "PostgreSQL connection successful") -def check_redis(): - url = CONFIG.get("cache.url") or redis_url(CONFIG.get("redis.db")) - attempt = 0 - while True: - if attempt >= CHECK_THRESHOLD: - sysexit(1) - try: - redis = Redis.from_url(url) - redis.ping() - break - except RedisError as exc: - sleep(1) - CONFIG.log("info", f"Redis Connection failed, retrying... ({exc})") - finally: - attempt += 1 - CONFIG.log("info", "Redis Connection successful") - - def wait_for_db(): CONFIG.log("info", "Starting authentik bootstrap") # Sanity check, ensure SECRET_KEY is set before we even check for database connectivity @@ -69,7 +50,6 @@ def wait_for_db(): CONFIG.log("info", "----------------------------------------------------------------------") sysexit(1) check_postgres() - check_redis() CONFIG.log("info", "Finished authentik bootstrap") diff --git a/scripts/docker-compose.yml b/scripts/docker-compose.yml index 618072e84c9c..225733510b00 100644 --- a/scripts/docker-compose.yml +++ b/scripts/docker-compose.yml @@ -12,12 +12,6 @@ services: ports: - 127.0.0.1:5432:5432 restart: always - redis: - container_name: redis - image: docker.io/library/redis - ports: - - 127.0.0.1:6379:6379 - restart: always s3: container_name: s3 image: docker.io/zenko/cloudserver diff --git a/scripts/generate_docker_compose.py b/scripts/generate_docker_compose.py index 7fd1fd7d493b..17bb08cae270 100644 --- a/scripts/generate_docker_compose.py +++ b/scripts/generate_docker_compose.py @@ -12,38 +12,24 @@ "env_file": [".env"], "environment": { "POSTGRES_DB": "${PG_DB:-authentik}", - "POSTGRES_PASSWORD": "${PG_PASS:?database " "password " "required}", + "POSTGRES_PASSWORD": "${PG_PASS:?database password required}", "POSTGRES_USER": "${PG_USER:-authentik}", }, "healthcheck": { "interval": "30s", "retries": 5, "start_period": "20s", - "test": ["CMD-SHELL", "pg_isready -d " "$${POSTGRES_DB} -U " "$${POSTGRES_USER}"], + "test": ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"], "timeout": "5s", }, "image": "docker.io/library/postgres:16-alpine", "restart": "unless-stopped", "volumes": ["database:/var/lib/postgresql/data"], }, - "redis": { - "command": "--save 60 1 --loglevel warning", - "healthcheck": { - "interval": "30s", - "retries": 5, - "start_period": "20s", - "test": ["CMD-SHELL", "redis-cli ping | grep PONG"], - "timeout": "3s", - }, - "image": "docker.io/library/redis:alpine", - "restart": "unless-stopped", - "volumes": ["redis:/data"], - }, "server": { "command": "server", "depends_on": { "postgresql": {"condition": "service_healthy"}, - "redis": {"condition": "service_healthy"}, }, "env_file": [".env"], "environment": { @@ -51,8 +37,7 @@ "AUTHENTIK_POSTGRESQL__NAME": "${PG_DB:-authentik}", "AUTHENTIK_POSTGRESQL__PASSWORD": "${PG_PASS}", "AUTHENTIK_POSTGRESQL__USER": "${PG_USER:-authentik}", - "AUTHENTIK_REDIS__HOST": "redis", - "AUTHENTIK_SECRET_KEY": "${AUTHENTIK_SECRET_KEY:?secret " "key " "required}", + "AUTHENTIK_SECRET_KEY": "${AUTHENTIK_SECRET_KEY:?secret key required}", }, "image": authentik_image, "ports": ["${COMPOSE_PORT_HTTP:-9000}:9000", "${COMPOSE_PORT_HTTPS:-9443}:9443"], @@ -63,7 +48,6 @@ "command": "worker", "depends_on": { "postgresql": {"condition": "service_healthy"}, - "redis": {"condition": "service_healthy"}, }, "env_file": [".env"], "environment": { @@ -71,8 +55,7 @@ "AUTHENTIK_POSTGRESQL__NAME": "${PG_DB:-authentik}", "AUTHENTIK_POSTGRESQL__PASSWORD": "${PG_PASS}", "AUTHENTIK_POSTGRESQL__USER": "${PG_USER:-authentik}", - "AUTHENTIK_REDIS__HOST": "redis", - "AUTHENTIK_SECRET_KEY": "${AUTHENTIK_SECRET_KEY:?secret " "key " "required}", + "AUTHENTIK_SECRET_KEY": "${AUTHENTIK_SECRET_KEY:?secret key required}", }, "image": authentik_image, "restart": "unless-stopped", @@ -85,7 +68,11 @@ ], }, }, - "volumes": {"database": {"driver": "local"}, "redis": {"driver": "local"}}, + "volumes": { + "database": { + "driver": "local", + }, + }, } with open("docker-compose.yml", "w") as _compose: diff --git a/scripts/test_docker.sh b/scripts/test_docker.sh index ed7e3557789a..f511a06e4856 100755 --- a/scripts/test_docker.sh +++ b/scripts/test_docker.sh @@ -28,6 +28,6 @@ if [[ -v BUILD ]]; then fi docker compose up --no-start -docker compose start postgresql redis +docker compose start postgresql docker compose run -u root server test-all docker compose down -v From 8c01c5670b34e273df77e0c31bb16134f2d171b6 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 2 Oct 2025 00:58:34 +0200 Subject: [PATCH 3/7] fix leftover Signed-off-by: Jens Langhammer --- internal/outpost/ak/test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/internal/outpost/ak/test.go b/internal/outpost/ak/test.go index d0a869174817..4de4642a7666 100644 --- a/internal/outpost/ak/test.go +++ b/internal/outpost/ak/test.go @@ -24,7 +24,6 @@ func MockConfig() api.Config { 100, 100, 100, - 100, ) } From 3840acd2ce7ad339189e28c81ba6b910ecf507d0 Mon Sep 17 00:00:00 2001 From: Marc 'risson' Schmitt Date: Thu, 2 Oct 2025 17:12:25 +0200 Subject: [PATCH 4/7] more removal Signed-off-by: Marc 'risson' Schmitt --- .github/actions/setup/docker-compose.yml | 5 ---- .github/workflows/release-publish.yml | 2 +- authentik/lib/config.py | 33 ------------------------ authentik/lib/tests/test_config.py | 11 +------- 4 files changed, 2 insertions(+), 49 deletions(-) diff --git a/.github/actions/setup/docker-compose.yml b/.github/actions/setup/docker-compose.yml index df6cd068dfd3..6458f618d0ab 100644 --- a/.github/actions/setup/docker-compose.yml +++ b/.github/actions/setup/docker-compose.yml @@ -11,11 +11,6 @@ services: ports: - 5432:5432 restart: always - redis: - image: docker.io/library/redis:7 - ports: - - 6379:6379 - restart: always volumes: db-data: diff --git a/.github/workflows/release-publish.yml b/.github/workflows/release-publish.yml index 545e02f85fdb..6b1727fc7e0f 100644 --- a/.github/workflows/release-publish.yml +++ b/.github/workflows/release-publish.yml @@ -209,7 +209,7 @@ jobs: echo "AUTHENTIK_SECRET_KEY=$(openssl rand 32 | base64 -w 0)" >> .env docker compose pull -q docker compose up --no-start - docker compose start postgresql redis + docker compose start postgresql docker compose run -u root server test-all sentry-release: needs: diff --git a/authentik/lib/config.py b/authentik/lib/config.py index 3e94bfeb4627..d7dc67aa5dd3 100644 --- a/authentik/lib/config.py +++ b/authentik/lib/config.py @@ -28,23 +28,10 @@ ENV_PREFIX = "AUTHENTIK" ENVIRONMENT = os.getenv(f"{ENV_PREFIX}_ENV", "local") -REDIS_ENV_KEYS = [ - f"{ENV_PREFIX}_REDIS__HOST", - f"{ENV_PREFIX}_REDIS__PORT", - f"{ENV_PREFIX}_REDIS__DB", - f"{ENV_PREFIX}_REDIS__USERNAME", - f"{ENV_PREFIX}_REDIS__PASSWORD", - f"{ENV_PREFIX}_REDIS__TLS", - f"{ENV_PREFIX}_REDIS__TLS_REQS", -] - # Old key -> new key DEPRECATIONS = { "geoip": "events.context_processors.geoip", "worker.concurrency": "worker.threads", - "redis.cache_timeout": "cache.timeout", - "redis.cache_timeout_flows": "cache.timeout_flows", - "redis.cache_timeout_policies": "cache.timeout_policies", } @@ -331,26 +318,6 @@ def set(self, path: str, value: Any, sep="."): CONFIG = ConfigLoader() -def redis_url(db: int) -> str: - """Helper to create a Redis URL for a specific database""" - _redis_protocol_prefix = "redis://" - _redis_tls_requirements = "" - if CONFIG.get_bool("redis.tls", False): - _redis_protocol_prefix = "rediss://" - _redis_tls_requirements = f"?ssl_cert_reqs={CONFIG.get('redis.tls_reqs')}" - if _redis_ca := CONFIG.get("redis.tls_ca_cert", None): - _redis_tls_requirements += f"&ssl_ca_certs={_redis_ca}" - _redis_url = ( - f"{_redis_protocol_prefix}" - f"{quote_plus(CONFIG.get('redis.username'))}:" - f"{quote_plus(CONFIG.get('redis.password'))}@" - f"{quote_plus(CONFIG.get('redis.host'))}:" - f"{CONFIG.get_int('redis.port')}" - f"/{db}{_redis_tls_requirements}" - ) - return _redis_url - - def django_db_config(config: ConfigLoader | None = None) -> dict: if not config: config = CONFIG diff --git a/authentik/lib/tests/test_config.py b/authentik/lib/tests/test_config.py index fbd744fbfbc1..a1d85f23569b 100644 --- a/authentik/lib/tests/test_config.py +++ b/authentik/lib/tests/test_config.py @@ -24,9 +24,6 @@ class TestConfig(TestCase): check_deprecations_env_vars = { ENV_PREFIX + "_WORKER__CONCURRENCY": "2", - ENV_PREFIX + "_REDIS__CACHE_TIMEOUT": "124s", - ENV_PREFIX + "_REDIS__CACHE_TIMEOUT_FLOWS": "32m", - ENV_PREFIX + "_REDIS__CACHE_TIMEOUT_POLICIES": "3920ns", } @mock.patch.dict(environ, {ENV_PREFIX + "_test__test": "bar"}) @@ -142,7 +139,7 @@ def test_get_dict_from_b64_json_invalid(self): def test_attr_json_encoder(self): """Test AttrEncoder""" - test_attr = Attr("foo", Attr.Source.ENV, "AUTHENTIK_REDIS__USERNAME") + test_attr = Attr("foo", Attr.Source.ENV, "AUTHENTIK_POSTGRESQL__USERNAME") json_attr = dumps(test_attr, indent=4, cls=AttrEncoder) self.assertEqual(json_attr, '"foo"') @@ -175,13 +172,7 @@ def test_check_deprecations(self): config.update_from_env() config.check_deprecations() self.assertEqual(config.get("worker.concurrency", UNSET), UNSET) - self.assertEqual(config.get("redis.cache_timeout", UNSET), UNSET) - self.assertEqual(config.get("redis.cache_timeout_flows", UNSET), UNSET) - self.assertEqual(config.get("redis.cache_timeout_policies", UNSET), UNSET) self.assertEqual(config.get("worker.threads"), 2) - self.assertEqual(config.get("cache.timeout"), "124s") - self.assertEqual(config.get("cache.timeout_flows"), "32m") - self.assertEqual(config.get("cache.timeout_policies"), "3920ns") def test_get_keys(self): """Test get_keys""" From 4faa5cce96b573f1a411786497b6dc958647074e Mon Sep 17 00:00:00 2001 From: Marc 'risson' Schmitt Date: Thu, 2 Oct 2025 17:23:05 +0200 Subject: [PATCH 5/7] lint Signed-off-by: Marc 'risson' Schmitt --- authentik/lib/config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authentik/lib/config.py b/authentik/lib/config.py index d7dc67aa5dd3..7b5a1d6cdcd2 100644 --- a/authentik/lib/config.py +++ b/authentik/lib/config.py @@ -15,7 +15,7 @@ from sys import argv, stderr from time import time from typing import Any -from urllib.parse import quote_plus, urlparse +from urllib.parse import urlparse import yaml from django.conf import ImproperlyConfigured From e92f52297c51f69ffadf955ea5b6650f627ed708 Mon Sep 17 00:00:00 2001 From: Marc 'risson' Schmitt Date: Thu, 2 Oct 2025 17:23:35 +0200 Subject: [PATCH 6/7] fix broken anchor Signed-off-by: Marc 'risson' Schmitt --- website/docs/releases/2024/v2024.2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/releases/2024/v2024.2.md b/website/docs/releases/2024/v2024.2.md index e7b32690f14b..153fabc6eb3c 100644 --- a/website/docs/releases/2024/v2024.2.md +++ b/website/docs/releases/2024/v2024.2.md @@ -55,7 +55,7 @@ slug: /releases/2024.2 Cache settings have been moved from the `redis` top-level config key to their own `cache` top-level config key. - Settings have also been added to configure the Redis instance/database used for tasks and websockets separately from cache. See [here](../../install-config/configuration/configuration.mdx#redis-settings). + Settings have also been added to configure the Redis instance/database used for tasks and websockets separately from cache. See [here](../../install-config/configuration/configuration.mdx). Typically, _no changes to the configuration are required_. From 4c881877da6c354f742ebd284b900c2a7a8f0e44 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 9 Oct 2025 17:58:05 +0200 Subject: [PATCH 7/7] re-add redis for previous version migrations Signed-off-by: Jens Langhammer --- .github/actions/setup/docker-compose.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/actions/setup/docker-compose.yml b/.github/actions/setup/docker-compose.yml index 6458f618d0ab..df6cd068dfd3 100644 --- a/.github/actions/setup/docker-compose.yml +++ b/.github/actions/setup/docker-compose.yml @@ -11,6 +11,11 @@ services: ports: - 5432:5432 restart: always + redis: + image: docker.io/library/redis:7 + ports: + - 6379:6379 + restart: always volumes: db-data: