Enable unique password configuration for redis and sentinels
Enable unique password configuration for redis and sentinels
Allow workhorse to be configured with different passwords
for the redis and sentinels services.
Related https://gitlab.com/gitlab-org/gitlab/-/issues/422820
Changelog: fixed
Signed-off-by: Balasankar "Balu" C <balasankar@gitlab.com>
What does this MR do?
Enable specifying SentinelPassword
in Workhorse configuration, so that Redis and Sentinel can have different passwords. Related to gitlab#422820 (closed)
Testing
-
Use the following Docker compose config
docker-compose.yml
version: '3.8' name: 'gitlab-test' x-default_settings: &default_settings image: "${GITLAB_IMAGE:-gitlab/gitlab-ee:nightly}" privileged: true shm_size: '256m' restart: always services: redis-primary-sentinel: <<: *default_settings environment: GITLAB_OMNIBUS_CONFIG: | roles ['redis_sentinel_role', 'redis_master_role'] # Redis configuration redis['bind'] = '10.0.0.2' redis['port'] = 6379 redis['password'] = 'toomanysecrets-redis' # Sentinel Configuration sentinel['bind'] = '10.0.0.2' sentinel['quorum'] = 1 sentinel['port'] = 26379 sentinel['password'] = 'toomanysecrets-sentinel' # Information about the primary redis['master_ip'] = '10.0.0.2' redis['master_port'] = '6379' redis['master_name'] = 'gitlab-redis' redis['master_password'] = 'toomanysecrets-redis' # This is a pure Redis node. We don't need Rails stuff. gitlab_rails['enable'] = false networks: default: ipv4_address: 10.0.0.2 healthcheck: test: ["CMD", "gitlab-redis-cli", "ping"] start_period: 60s gitlab: <<: *default_settings environment: GITLAB_OMNIBUS_CONFIG: | external_url "http://127.0.0.1" # Redis related information redis['enable'] = false redis['master_name'] = 'gitlab-redis' redis['master_password'] = 'toomanysecrets-redis' gitlab_rails['redis_sentinels'] = [ { 'host' => '10.0.0.2', 'port' => 26379 }, ] gitlab_rails['redis_sentinels_password'] = 'toomanysecrets-sentinel' ports: - "80:80" - "443:443" - "22:22" healthcheck: disable: true networks: default: ipv4_address: 10.0.0.3 depends_on: redis-primary-sentinel: condition: service_healthy networks: default: ipam: config: - subnet: 10.0.0.0/24
-
Deploy using the image from this MR (specify
GITLAB_IMAGE
variable), and confirm that Workhorse is running without any issues.
Related issues
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion.
Required
-
MR title and description are up to date, accurate, and descriptive. -
MR targeting the appropriate branch. -
Latest Merge Result pipeline is green. -
When ready for review, MR is labeled "~workflow::ready for review" per the Distribution MR workflow.
For GitLab team members
If you don't have access to this, the reviewer should trigger these jobs for you during the review process.
-
The manual Trigger:ee-package
jobs have a green pipeline running against latest commit. -
If config/software
orconfig/patches
directories are changed, make sure thebuild-package-on-all-os
job within theTrigger:ee-package
downstream pipeline succeeded. -
If you are changing anything SSL related, then the Trigger:package:fips
manual job within theTrigger:ee-package
downstream pipeline must succeed. -
If CI configuration is changed, the branch must be pushed to dev.gitlab.org
to confirm regular branch builds aren't broken.
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes. -
Documentation created/updated. -
Tests added. -
Integration tests added to GitLab QA. -
Equivalent MR/issue for the GitLab Chart opened. -
Validate potential values for new configuration settings. Formats such as integer 10
, duration10s
, URIscheme://user:passwd@host:port
may require quotation or other special handling when rendered in a template and written to a configuration file.
Edited by Robert Marshall