temp

ksmartdata · Dec 26, 2023 · 7835da4 · 7835da4
1 parent 435759c
commit 7835da4
Show file tree

Hide file tree

Showing 3 changed files with 100 additions and 46 deletions.
diff --git a/arm64/images/ot-redis/Dockerfile-release b/arm64/images/ot-redis/Dockerfile-release
@@ -15,6 +15,7 @@ RUN chmod +x /usr/bin/setupMasterSlave.sh
 RUN chmod +x /usr/bin/healthcheck.sh
 
 VOLUME ["/data"]
+VOLUME ["/node-conf"]
 
 WORKDIR /data
 

diff --git a/arm64/images/ot-redis/entrypoint.sh b/arm64/images/ot-redis/entrypoint.sh
@@ -2,30 +2,31 @@
 
 set -a
 
-CLUSTER_DIRECTORY=${CLUSTER_DIRECTORY:-"/opt/redis"}
 PERSISTENCE_ENABLED=${PERSISTENCE_ENABLED:-"false"}
 DATA_DIR=${DATA_DIR:-"/data"}
-EXTERNAL_CONFIG_FILE=${EXTERNAL_CONFIG_FILE:-"/etc/redis/external.conf.d/redis-external.conf"}
+NODE_CONF_DIR=${NODE_CONF_DIR:-"/node-conf"}
+EXTERNAL_CONFIG_FILE=${EXTERNAL_CONFIG_FILE:-"/etc/redis/external.conf.d/redis-additional.conf"}
+REDIS_MAJOR_VERSION=${REDIS_MAJOR_VERSION:-"v7"}
 
 apply_permissions() {
-    chgrp -R 0 /etc/redis
+    chgrp -R 1000 /etc/redis
     chmod -R g=u /etc/redis
-    chgrp -R 0 /opt
-    chmod -R g=u /opt
 }
 
 common_operation() {
-    mkdir -p "${CLUSTER_DIRECTORY}"
     mkdir -p "${DATA_DIR}"
+    mkdir -p "${NODE_CONF_DIR}"
 }
 
 set_redis_password() {
     if [[ -z "${REDIS_PASSWORD}" ]]; then
         echo "Redis is running without password which is not recommended"
+        echo "protected-mode no" >> /etc/redis/redis.conf
     else
         {
             echo masterauth "${REDIS_PASSWORD}"
             echo requirepass "${REDIS_PASSWORD}"
+            echo protected-mode yes
         } >> /etc/redis/redis.conf
     fi
 }
@@ -37,22 +38,52 @@ redis_mode_setup() {
             echo cluster-node-timeout 5000
             echo cluster-require-full-coverage no
             echo cluster-migration-barrier 1
-            echo cluster-config-file "${DATA_DIR}/nodes.conf"
+            echo cluster-config-file "${NODE_CONF_DIR}/nodes.conf"
         } >> /etc/redis/redis.conf
 
-        if [[ -z "${POD_IP}" ]]; then
-            POD_IP=$(hostname -i)
-        fi
-        local nodePortConf=$(grep "$(hostname)" "${EXTERNAL_CONFIG_FILE}")
-        if [[ -z "${nodePortConf}" ]]; then
-            echo "No nodeport config found for $(hostname)"
-            sed -i -e "/myself/ s/[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/${POD_IP}/" "${DATA_DIR}/nodes.conf"
-        fi
+        POD_HOSTNAME=$(hostname)
+        POD_IP=$(hostname -i)
+        sed -i -e "/myself/ s/[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/${POD_IP}/" "${NODE_CONF_DIR}/nodes.conf"
     else
         echo "Setting up redis in standalone mode"
     fi
 }
 
+tls_setup() {
+    if [[ "${TLS_MODE}" == "true" ]]; then
+        {
+            echo port 0
+            echo tls-port 6379
+            echo tls-cert-file "${REDIS_TLS_CERT}"
+            echo tls-key-file "${REDIS_TLS_CERT_KEY}"
+            echo tls-ca-cert-file "${REDIS_TLS_CA_KEY}"
+            # echo tls-prefer-server-ciphers yes
+            echo tls-auth-clients optional
+        } >> /etc/redis/redis.conf
+
+        if [[ "${SETUP_MODE}" == "cluster" ]]; then
+            {
+                echo tls-replication yes
+                echo tls-cluster yes
+                echo cluster-preferred-endpoint-type hostname
+            } >> /etc/redis/redis.conf
+        fi
+    else
+        echo "Running without TLS mode"
+    fi
+}
+
+acl_setup(){
+    if [[ "$ACL_MODE" == "true" ]]; then
+        {
+            echo aclfile /etc/redis/user.acl
+            } >> /etc/redis/redis.conf
+
+    else
+        echo "ACL_MODE is not true, skipping ACL file modification"
+    fi
+}
+
 persistence_setup() {
     if [[ "${PERSISTENCE_ENABLED}" == "true" ]]; then
         {
@@ -68,49 +99,68 @@ persistence_setup() {
     fi
 }
 
+port_setup() {
+        {
+            echo port "${REDIS_PORT}"
+        } >> /etc/redis/redis.conf
+
+        if [[ "${NODEPORT}" == "true" ]]; then
+            CLUSTER_ANNOUNCE_PORT_VAR="announce_port_$(hostname | tr '-' '_')"
+            CLUSTER_ANNOUNCE_BUS_PORT_VAR="announce_bus_port_$(hostname | tr '-' '_')"
+            CLUSTER_ANNOUNCE_PORT="${!CLUSTER_ANNOUNCE_PORT_VAR}"
+            CLUSTER_ANNOUNCE_BUS_PORT="${!CLUSTER_ANNOUNCE_BUS_PORT_VAR}"
+            {
+                echo cluster-announce-port "${CLUSTER_ANNOUNCE_PORT}"
+                echo cluster-announce-bus-port "${CLUSTER_ANNOUNCE_BUS_PORT}"
+            } >> /etc/redis/redis.conf
+        fi
+}
+
 external_config() {
-    # nodeport config content in /etc/redis/external.conf.d/redis-external.conf like:
-    # $(hostname) ip port bus-port
-    # we need to find the line which contains the hostname of current pod
-    # and append it to /etc/redis/redis.conf
-    # append:
-    # 1. cluster-announce-ip
-    # 2. cluster-announce-port
-    # 3. cluster-announce-bus-port
-    local nodePortConf=$(grep "$(hostname)" "${EXTERNAL_CONFIG_FILE}")
-    if [[ -z "${nodePortConf}" ]]; then
-        echo "No nodeport config found for $(hostname)"
-        echo "include ${EXTERNAL_CONFIG_FILE}" >> /etc/redis/redis.conf
-    else
-        echo "Found nodeport config for $(hostname)"
-        local ip=$(echo "${nodePortConf}" | awk '{print $2}')
-        local port=$(echo "${nodePortConf}" | awk '{print $3}')
-        local bus_port=$(echo "${nodePortConf}" | awk '{print $4}')
-        echo "cluster-announce-ip ${ip}" >> /etc/redis/redis.conf
-        echo "cluster-announce-port ${port}" >> /etc/redis/redis.conf
-        echo "cluster-announce-bus-port ${bus_port}" >> /etc/redis/redis.conf
-    fi
+    echo "include ${EXTERNAL_CONFIG_FILE}" >> /etc/redis/redis.conf
 }
 
 start_redis() {
     if [[ "${SETUP_MODE}" == "cluster" ]]; then
         echo "Starting redis service in cluster mode....."
-        redis-server /etc/redis/redis.conf "--ignore-warnings" "ARM64-COW-BUG"
+        if [[ "${NODEPORT}" == "true" ]]; then
+            CLUSTER_ANNOUNCE_IP_VAR="HOST_IP"
+            CLUSTER_ANNOUNCE_IP="${!CLUSTER_ANNOUNCE_IP_VAR}"
+        else
+            CLUSTER_ANNOUNCE_IP="${POD_IP}"
+        fi
+
+        if [[ "${REDIS_MAJOR_VERSION}" != "v7" ]]; then
+          exec redis-server /etc/redis/redis.conf \
+          --cluster-announce-ip "${CLUSTER_ANNOUNCE_IP}" \
+          --cluster-announce-hostname "${POD_HOSTNAME}"
+        else
+          {
+            echo cluster-announce-ip "${CLUSTER_ANNOUNCE_IP}"
+            echo cluster-announce-hostname "${POD_HOSTNAME}"
+          } >> /etc/redis/redis.conf
+
+          exec redis-server /etc/redis/redis.conf
+        fi
+
     else
         echo "Starting redis service in standalone mode....."
-        redis-server /etc/redis/redis.conf "--ignore-warnings" "ARM64-COW-BUG"
+        exec redis-server /etc/redis/redis.conf
     fi
 }
 
 main_function() {
-    if [[ -f "${EXTERNAL_CONFIG_FILE}" ]]; then
-        external_config
-    fi
     common_operation
     set_redis_password
     redis_mode_setup
     persistence_setup
+    tls_setup
+    acl_setup
+    port_setup
+    if [[ -f "${EXTERNAL_CONFIG_FILE}" ]]; then
+        external_config
+    fi
     start_redis
 }
 
-main_function
+main_function
diff --git a/arm64/images/ot-redis/healthcheck.sh b/arm64/images/ot-redis/healthcheck.sh
@@ -1,11 +1,14 @@
 #!/bin/bash
 
 check_redis_health() {
-    if [[ -z "${REDIS_PASSWORD}" ]]; then
-        redis-cli ping
+    if [[ -n "${REDIS_PASSWORD}" ]]; then
+        export REDISCLI_AUTH="${REDIS_PASSWORD}"
+    fi
+    if [[ "${TLS_MODE}" == "true" ]]; then
+        redis-cli --tls --cert "${REDIS_TLS_CERT}" --key "${REDIS_TLS_CERT_KEY}" --cacert "${REDIS_TLS_CA_KEY}" -h "$(hostname)" -p "${REDIS_PORT}" ping
     else
-        redis-cli -a ${REDIS_PASSWORD} ping
+        redis-cli -h "$(hostname)" -p "${REDIS_PORT}" ping
     fi
 }
 
-check_redis_health
+check_redis_health