Redis: Enable Sentinel

Sentinel is a popular method to achieve high availability of Redis. This is a prep work to test deployment with Redis Sentinel, and deploys Sentinel service. Services still use Redis directly, but some scenario may be updated to use Redis via Sentinel. Change-Id: I728596ef20956537e38f082c9381266f8eaa686d
2024-02-10 12:49:57 +09:00 · 2024-02-10 12:49:57 +09:00 · 8a93901ee5
parent 41003dc949
commit 8a93901ee5
1 changed files with 24 additions and 1 deletions
--- a/manifests/redis.pp
+++ b/manifests/redis.pp
@ -7,7 +7,15 @@ class openstack_integration::redis {
  }
  $tls_port = $openstack_integration::config::ssl ? {
    true    => 6379,
-    default => 0
+    default => undef
+  }
+  $sentinel_port = $openstack_integration::config::ssl ? {
+    true    => 0,
+    default => 26379
+  }
+  $sentinel_tls_port = $openstack_integration::config::ssl ? {
+    true    => 26379,
+    default => undef
  }

  class { 'redis':
@ -21,6 +29,21 @@ class openstack_integration::redis {
    requirepass      => 'a_big_secret',
  }

+  class { 'redis::sentinel':
+    auth_pass         => 'a_big_secret',
+    redis_host        => $::openstack_integration::config::host,
+    redis_port        => 6379,
+    requirepass       => 'a_big_secret',
+    quorum            => 1,
+    sentinel_port     => $sentinel_port,
+    sentinel_tls_port => $sentinel_tls_port,
+    sentinel_bind     => $::openstack_integration::config::host,
+    tls_cert_file     => $::openstack_integration::params::cert_path,
+    tls_key_file      => "/etc/redis/ssl/private/${facts['networking']['fqdn']}.pem",
+    tls_ca_cert_file  => $::openstack_integration::params::ca_bundle_cert_path,
+    tls_replication   => $openstack_integration::config::ssl,
+  }
+
  if $::openstack_integration::config::ssl {
    openstack_integration::ssl_key { 'redis':
      require => Package[$::redis::package_name],