From 7835da4fc72f1b1674538e6c0c2d57150992c48b Mon Sep 17 00:00:00 2001 From: drivebyer Date: Tue, 26 Dec 2023 17:44:12 +0800 Subject: [PATCH] temp --- arm64/images/ot-redis/Dockerfile-release | 1 + arm64/images/ot-redis/entrypoint.sh | 134 ++++++++++++++++------- arm64/images/ot-redis/healthcheck.sh | 11 +- 3 files changed, 100 insertions(+), 46 deletions(-) diff --git a/arm64/images/ot-redis/Dockerfile-release b/arm64/images/ot-redis/Dockerfile-release index 04eb76a76..dabeb512e 100644 --- a/arm64/images/ot-redis/Dockerfile-release +++ b/arm64/images/ot-redis/Dockerfile-release @@ -15,6 +15,7 @@ RUN chmod +x /usr/bin/setupMasterSlave.sh RUN chmod +x /usr/bin/healthcheck.sh VOLUME ["/data"] +VOLUME ["/node-conf"] WORKDIR /data diff --git a/arm64/images/ot-redis/entrypoint.sh b/arm64/images/ot-redis/entrypoint.sh index ead4e2fc7..da6215c0f 100644 --- a/arm64/images/ot-redis/entrypoint.sh +++ b/arm64/images/ot-redis/entrypoint.sh @@ -2,30 +2,31 @@ set -a -CLUSTER_DIRECTORY=${CLUSTER_DIRECTORY:-"/opt/redis"} PERSISTENCE_ENABLED=${PERSISTENCE_ENABLED:-"false"} DATA_DIR=${DATA_DIR:-"/data"} -EXTERNAL_CONFIG_FILE=${EXTERNAL_CONFIG_FILE:-"/etc/redis/external.conf.d/redis-external.conf"} +NODE_CONF_DIR=${NODE_CONF_DIR:-"/node-conf"} +EXTERNAL_CONFIG_FILE=${EXTERNAL_CONFIG_FILE:-"/etc/redis/external.conf.d/redis-additional.conf"} +REDIS_MAJOR_VERSION=${REDIS_MAJOR_VERSION:-"v7"} apply_permissions() { - chgrp -R 0 /etc/redis + chgrp -R 1000 /etc/redis chmod -R g=u /etc/redis - chgrp -R 0 /opt - chmod -R g=u /opt } common_operation() { - mkdir -p "${CLUSTER_DIRECTORY}" mkdir -p "${DATA_DIR}" + mkdir -p "${NODE_CONF_DIR}" } set_redis_password() { if [[ -z "${REDIS_PASSWORD}" ]]; then echo "Redis is running without password which is not recommended" + echo "protected-mode no" >> /etc/redis/redis.conf else { echo masterauth "${REDIS_PASSWORD}" echo requirepass "${REDIS_PASSWORD}" + echo protected-mode yes } >> /etc/redis/redis.conf fi } @@ -37,22 +38,52 @@ redis_mode_setup() { echo cluster-node-timeout 5000 echo cluster-require-full-coverage no echo cluster-migration-barrier 1 - echo cluster-config-file "${DATA_DIR}/nodes.conf" + echo cluster-config-file "${NODE_CONF_DIR}/nodes.conf" } >> /etc/redis/redis.conf - if [[ -z "${POD_IP}" ]]; then - POD_IP=$(hostname -i) - fi - local nodePortConf=$(grep "$(hostname)" "${EXTERNAL_CONFIG_FILE}") - if [[ -z "${nodePortConf}" ]]; then - echo "No nodeport config found for $(hostname)" - sed -i -e "/myself/ s/[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/${POD_IP}/" "${DATA_DIR}/nodes.conf" - fi + POD_HOSTNAME=$(hostname) + POD_IP=$(hostname -i) + sed -i -e "/myself/ s/[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/${POD_IP}/" "${NODE_CONF_DIR}/nodes.conf" else echo "Setting up redis in standalone mode" fi } +tls_setup() { + if [[ "${TLS_MODE}" == "true" ]]; then + { + echo port 0 + echo tls-port 6379 + echo tls-cert-file "${REDIS_TLS_CERT}" + echo tls-key-file "${REDIS_TLS_CERT_KEY}" + echo tls-ca-cert-file "${REDIS_TLS_CA_KEY}" + # echo tls-prefer-server-ciphers yes + echo tls-auth-clients optional + } >> /etc/redis/redis.conf + + if [[ "${SETUP_MODE}" == "cluster" ]]; then + { + echo tls-replication yes + echo tls-cluster yes + echo cluster-preferred-endpoint-type hostname + } >> /etc/redis/redis.conf + fi + else + echo "Running without TLS mode" + fi +} + +acl_setup(){ + if [[ "$ACL_MODE" == "true" ]]; then + { + echo aclfile /etc/redis/user.acl + } >> /etc/redis/redis.conf + + else + echo "ACL_MODE is not true, skipping ACL file modification" + fi +} + persistence_setup() { if [[ "${PERSISTENCE_ENABLED}" == "true" ]]; then { @@ -68,49 +99,68 @@ persistence_setup() { fi } +port_setup() { + { + echo port "${REDIS_PORT}" + } >> /etc/redis/redis.conf + + if [[ "${NODEPORT}" == "true" ]]; then + CLUSTER_ANNOUNCE_PORT_VAR="announce_port_$(hostname | tr '-' '_')" + CLUSTER_ANNOUNCE_BUS_PORT_VAR="announce_bus_port_$(hostname | tr '-' '_')" + CLUSTER_ANNOUNCE_PORT="${!CLUSTER_ANNOUNCE_PORT_VAR}" + CLUSTER_ANNOUNCE_BUS_PORT="${!CLUSTER_ANNOUNCE_BUS_PORT_VAR}" + { + echo cluster-announce-port "${CLUSTER_ANNOUNCE_PORT}" + echo cluster-announce-bus-port "${CLUSTER_ANNOUNCE_BUS_PORT}" + } >> /etc/redis/redis.conf + fi +} + external_config() { - # nodeport config content in /etc/redis/external.conf.d/redis-external.conf like: - # $(hostname) ip port bus-port - # we need to find the line which contains the hostname of current pod - # and append it to /etc/redis/redis.conf - # append: - # 1. cluster-announce-ip - # 2. cluster-announce-port - # 3. cluster-announce-bus-port - local nodePortConf=$(grep "$(hostname)" "${EXTERNAL_CONFIG_FILE}") - if [[ -z "${nodePortConf}" ]]; then - echo "No nodeport config found for $(hostname)" - echo "include ${EXTERNAL_CONFIG_FILE}" >> /etc/redis/redis.conf - else - echo "Found nodeport config for $(hostname)" - local ip=$(echo "${nodePortConf}" | awk '{print $2}') - local port=$(echo "${nodePortConf}" | awk '{print $3}') - local bus_port=$(echo "${nodePortConf}" | awk '{print $4}') - echo "cluster-announce-ip ${ip}" >> /etc/redis/redis.conf - echo "cluster-announce-port ${port}" >> /etc/redis/redis.conf - echo "cluster-announce-bus-port ${bus_port}" >> /etc/redis/redis.conf - fi + echo "include ${EXTERNAL_CONFIG_FILE}" >> /etc/redis/redis.conf } start_redis() { if [[ "${SETUP_MODE}" == "cluster" ]]; then echo "Starting redis service in cluster mode....." - redis-server /etc/redis/redis.conf "--ignore-warnings" "ARM64-COW-BUG" + if [[ "${NODEPORT}" == "true" ]]; then + CLUSTER_ANNOUNCE_IP_VAR="HOST_IP" + CLUSTER_ANNOUNCE_IP="${!CLUSTER_ANNOUNCE_IP_VAR}" + else + CLUSTER_ANNOUNCE_IP="${POD_IP}" + fi + + if [[ "${REDIS_MAJOR_VERSION}" != "v7" ]]; then + exec redis-server /etc/redis/redis.conf \ + --cluster-announce-ip "${CLUSTER_ANNOUNCE_IP}" \ + --cluster-announce-hostname "${POD_HOSTNAME}" + else + { + echo cluster-announce-ip "${CLUSTER_ANNOUNCE_IP}" + echo cluster-announce-hostname "${POD_HOSTNAME}" + } >> /etc/redis/redis.conf + + exec redis-server /etc/redis/redis.conf + fi + else echo "Starting redis service in standalone mode....." - redis-server /etc/redis/redis.conf "--ignore-warnings" "ARM64-COW-BUG" + exec redis-server /etc/redis/redis.conf fi } main_function() { - if [[ -f "${EXTERNAL_CONFIG_FILE}" ]]; then - external_config - fi common_operation set_redis_password redis_mode_setup persistence_setup + tls_setup + acl_setup + port_setup + if [[ -f "${EXTERNAL_CONFIG_FILE}" ]]; then + external_config + fi start_redis } -main_function \ No newline at end of file +main_function diff --git a/arm64/images/ot-redis/healthcheck.sh b/arm64/images/ot-redis/healthcheck.sh index 078b374f7..bda05099c 100644 --- a/arm64/images/ot-redis/healthcheck.sh +++ b/arm64/images/ot-redis/healthcheck.sh @@ -1,11 +1,14 @@ #!/bin/bash check_redis_health() { - if [[ -z "${REDIS_PASSWORD}" ]]; then - redis-cli ping + if [[ -n "${REDIS_PASSWORD}" ]]; then + export REDISCLI_AUTH="${REDIS_PASSWORD}" + fi + if [[ "${TLS_MODE}" == "true" ]]; then + redis-cli --tls --cert "${REDIS_TLS_CERT}" --key "${REDIS_TLS_CERT_KEY}" --cacert "${REDIS_TLS_CA_KEY}" -h "$(hostname)" -p "${REDIS_PORT}" ping else - redis-cli -a ${REDIS_PASSWORD} ping + redis-cli -h "$(hostname)" -p "${REDIS_PORT}" ping fi } -check_redis_health \ No newline at end of file +check_redis_health