summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGiulio Fidente <gfidente@redhat.com>2016-03-22 17:22:59 +0100
committerGiulio Fidente <gfidente@redhat.com>2016-03-23 11:38:05 +0100
commit410b9f96c0ec156ffeb00f31293735b120eaa260 (patch)
tree5332d8d2d8e18346eabd620ae8c753806aec18b8
parent85e3c3e979be3dbfe98ce8a72b5a8cbf411102ed (diff)
Allow the Redis specific monitor to use authentication
When accessing Redis, if password protected, we need to update the HAProxy checks so that they use a password or we won't be able to gather which node is the replica master. Also adds PING/PONG and QUIT/OK sequence before and after the info command is sent. More at https://bugzilla.redhat.com/show_bug.cgi?id=1320036 Change-Id: Ia9e61e66c5426061eab8172f0a25820989597780
-rw-r--r--manifests/loadbalancer.pp13
1 files changed, 12 insertions, 1 deletions
diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp
index 0d70f32..d61eea6 100644
--- a/manifests/loadbalancer.pp
+++ b/manifests/loadbalancer.pp
@@ -303,6 +303,11 @@
# (optional) Enable or not Redis binding
# Defaults to false
#
+# [*redis_password*]
+# (optional) Password for Redis authentication, eventually needed by the
+# specific monitoring we do from HAProxy for Redis
+# Defaults to undef
+#
# [*midonet_api*]
# (optional) Enable or not MidoNet API binding
# Defaults to false
@@ -408,6 +413,7 @@ class tripleo::loadbalancer (
$mysql_clustercheck = false,
$rabbitmq = false,
$redis = false,
+ $redis_password = undef,
$midonet_api = false,
$service_ports = {}
) {
@@ -1344,12 +1350,17 @@ class tripleo::loadbalancer (
}
if $redis {
+ if $redis_password {
+ $redis_tcp_check_options = ["send AUTH\\ ${redis_password}\\r\\n"]
+ } else {
+ $redis_tcp_check_options = []
+ }
haproxy::listen { 'redis':
bind => $redis_bind_opts,
options => {
'balance' => 'first',
'option' => ['tcp-check',],
- 'tcp-check' => ['send info\ replication\r\n','expect string role:master'],
+ 'tcp-check' => union($redis_tcp_check_options, ['send PING\r\n','expect string +PONG','send info\ replication\r\n','expect string role:master','send QUIT\r\n','expect string +OK']),
},
collect_exported => false,
}