Skip to content

Reinstate "Add TLS support for Redis Sentinel"

Vasilii Iakliushin requested to merge 421656-reinstate-tls-support-for-redis into master

What does this MR do and why?

Recreates Add TLS support for Redis Sentinel (!162132 - merged) with a fix.

This MR adds TLS support when configuring Redis Sentinel.

Related: Add TLS support for redis sentinel in workhorse (#421656 - closed)

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

The following steps set up a new Redis Sentinel cluster (with TLS and TLS replication) using https://gitlab.com/ashmckenzie/redis-sentinel and configure Workhorse to connect directly to it. It's a bit of a cheat as the Rails app won't be connecting to it, but will suffice for this MR:

  1. Clone https://gitlab.com/ashmckenzie/redis-sentinel locally into /tmp: 
    cd /tmp
git clone https://gitlab.com/ashmckenzie/redis-sentinel.git
  2. Run the following to ensure Redis will be built with TLS support and then make setup to install necessary software and create SSL certs: 
    cd redis-sentinel
make setup
  3. Start up the Redis Sentinel cluster by running make run: 
    make run
  4. You can test the Redis Sentinel cluster is running correctly by running make test: 
    make test
  5. Check out this branch 421656-add-tls-support-for-redis-sentinel-in-workhorse
  6. Ensure your GDK is up and running and you can sign in / projects load etc
  7. Change into the workhorse dir: 
    cd gitlab/workhorse
  8. Update your config.toml to be: 
    [redis]
# URL = "unix:/<YOUR-GDK-ROOT>/redis/redis.socket"
DB = 0
Sentinel = [ "tcp://localhost:26379", "tcp://localhost:26380" ]
SentinelMaster = "sentinel-cluster"
[Sentinel.tls]
  certificate = "/tmp/redis-sentinel/certs/server.crt"
  key = "/tmp/redis-sentinel/certs/server.key"
  ca_certificate = "/tmp/redis-sentinel/certs/ca.crt"
  9. Build a new workhorse by running: 
    make && gdk restart workhorse
  10. Run gdk tail workhorse and ensure you see something similar to the following, with no errors: 
    2024-08-08_08:07:34.81008 gitlab-workhorse      : redis: 2024/08/08 18:07:34 sentinel.go:706: sentinel: new master="sentinel-cluster" addr="127.0.0.1:63791"
  11. Back in /tmp/redis-sentinel in the Makefile there are configured targets to kill the primary/secondary and sentinels to test. There is however an issue where the primary doesn't correctly begin replicating after killed due to a TLS error? It's beyond the scope of this MR, but it would be nice to fix 😉
Edited by Vasilii Iakliushin

Merge request reports