diff options
author | Giulio Fidente <gfidente@redhat.com> | 2016-03-22 17:22:59 +0100 |
---|---|---|
committer | Giulio Fidente <gfidente@redhat.com> | 2016-03-23 11:38:05 +0100 |
commit | 410b9f96c0ec156ffeb00f31293735b120eaa260 (patch) | |
tree | 5332d8d2d8e18346eabd620ae8c753806aec18b8 | |
parent | 85e3c3e979be3dbfe98ce8a72b5a8cbf411102ed (diff) |
Allow the Redis specific monitor to use authentication
When accessing Redis, if password protected, we need to update
the HAProxy checks so that they use a password or we won't be able
to gather which node is the replica master.
Also adds PING/PONG and QUIT/OK sequence before and after the info
command is sent.
More at https://bugzilla.redhat.com/show_bug.cgi?id=1320036
Change-Id: Ia9e61e66c5426061eab8172f0a25820989597780
-rw-r--r-- | manifests/loadbalancer.pp | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index 0d70f32..d61eea6 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -303,6 +303,11 @@ # (optional) Enable or not Redis binding # Defaults to false # +# [*redis_password*] +# (optional) Password for Redis authentication, eventually needed by the +# specific monitoring we do from HAProxy for Redis +# Defaults to undef +# # [*midonet_api*] # (optional) Enable or not MidoNet API binding # Defaults to false @@ -408,6 +413,7 @@ class tripleo::loadbalancer ( $mysql_clustercheck = false, $rabbitmq = false, $redis = false, + $redis_password = undef, $midonet_api = false, $service_ports = {} ) { @@ -1344,12 +1350,17 @@ class tripleo::loadbalancer ( } if $redis { + if $redis_password { + $redis_tcp_check_options = ["send AUTH\\ ${redis_password}\\r\\n"] + } else { + $redis_tcp_check_options = [] + } haproxy::listen { 'redis': bind => $redis_bind_opts, options => { 'balance' => 'first', 'option' => ['tcp-check',], - 'tcp-check' => ['send info\ replication\r\n','expect string role:master'], + 'tcp-check' => union($redis_tcp_check_options, ['send PING\r\n','expect string +PONG','send info\ replication\r\n','expect string role:master','send QUIT\r\n','expect string +OK']), }, collect_exported => false, } |