Redis: Enable Sentinel

Sentinel is a popular method to achieve high availability of Redis.
This is a prep work to test deployment with Redis Sentinel, and
deploys Sentinel service. Services still use Redis directly, but some
scenario may be updated to use Redis via Sentinel.

Change-Id: I728596ef20956537e38f082c9381266f8eaa686d
This commit is contained in:
Takashi Kajinami 2024-02-10 12:49:57 +09:00
parent 41003dc949
commit 8a93901ee5

View File

@ -7,7 +7,15 @@ class openstack_integration::redis {
}
$tls_port = $openstack_integration::config::ssl ? {
true => 6379,
default => 0
default => undef
}
$sentinel_port = $openstack_integration::config::ssl ? {
true => 0,
default => 26379
}
$sentinel_tls_port = $openstack_integration::config::ssl ? {
true => 26379,
default => undef
}
class { 'redis':
@ -21,6 +29,21 @@ class openstack_integration::redis {
requirepass => 'a_big_secret',
}
class { 'redis::sentinel':
auth_pass => 'a_big_secret',
redis_host => $::openstack_integration::config::host,
redis_port => 6379,
requirepass => 'a_big_secret',
quorum => 1,
sentinel_port => $sentinel_port,
sentinel_tls_port => $sentinel_tls_port,
sentinel_bind => $::openstack_integration::config::host,
tls_cert_file => $::openstack_integration::params::cert_path,
tls_key_file => "/etc/redis/ssl/private/${facts['networking']['fqdn']}.pem",
tls_ca_cert_file => $::openstack_integration::params::ca_bundle_cert_path,
tls_replication => $openstack_integration::config::ssl,
}
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'redis':
require => Package[$::redis::package_name],