Make authentication/SSL for redis sentinel optional
Change 4954e284b9
updated the redis
sentinel driver to apply auth/ssl settings for redis sentinel, based
on ones of redis, but this change broke the existing usage in kolla
deployments, which require redis with authentication enabled and
sentinel with authentication DISABLED.
This restores the old behavior, which do not enable authentication and
ssl for sentinel even when these for redis is enabled.
Closes-Bug: #2056656
Change-Id: I3047c80359df3dad64be041db6f4a3a6180479d6
This commit is contained in:
parent
29f9043b7b
commit
261138043a
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
The redis driver now supports the following options.
|
||||
|
||||
- ``sentinel_username``
|
||||
- ``sentinel_parameters``
|
||||
- ``sentinel_ssl``
|
||||
|
||||
fixes:
|
||||
- |
|
||||
The redis driver no longer enables authentication for redis sentinel when
|
||||
authentication is enabled in redis. This was the previous behavior before
|
||||
6.0.0, and was already required by some deployment tools like kolla. Now
|
||||
authentication for redis sentinel is controlled by a separate options
|
||||
(``sentinel_username`` and ``sentinel_password``).
|
||||
|
||||
- |
|
||||
The redis driver no longer enables SSL for redis sentinel when SSL is
|
||||
enabled in redis, to restore the compatibility with older versions. Now
|
||||
SSL for redis sentinel is controlled by the separate ``sentinel_ssl``
|
||||
option.
|
|
@ -267,6 +267,9 @@ class RedisDriver(coordination.CoordinationDriverCachedRunWatchers,
|
|||
'ssl_ca_certs',
|
||||
'sentinel',
|
||||
'sentinel_fallback',
|
||||
'sentinel_username',
|
||||
'sentinel_password',
|
||||
'sentinel_ssl'
|
||||
])
|
||||
"""
|
||||
Keys that we allow to proxy from the coordinator configuration into the
|
||||
|
@ -288,6 +291,7 @@ class RedisDriver(coordination.CoordinationDriverCachedRunWatchers,
|
|||
'retry_on_timeout',
|
||||
'socket_keepalive',
|
||||
'ssl',
|
||||
'sentinel_ssl',
|
||||
])
|
||||
|
||||
#: Client arguments that are expected to be int convertible.
|
||||
|
@ -474,9 +478,23 @@ return 1
|
|||
]
|
||||
sentinel_hosts.insert(0, (kwargs.pop('host'), kwargs.pop('port')))
|
||||
sentinel_name = kwargs.pop('sentinel')
|
||||
sentinel_kwargs = {}
|
||||
# NOTE(tkajinam): Copy socket_* options, according to the logic
|
||||
# in redis-py
|
||||
for key in kwargs:
|
||||
if key.startswith('socket_'):
|
||||
sentinel_kwargs[key] = kwargs[key]
|
||||
if kwargs.pop('sentinel_ssl', False):
|
||||
sentinel_kwargs['ssl'] = True
|
||||
for key in ('ssl_certfile', 'ssl_keyfile', 'ssl_cafile'):
|
||||
if key in kwargs:
|
||||
sentinel_kwargs[key] = kwargs[key]
|
||||
for key in ('username', 'password'):
|
||||
if 'sentinel_' + key in kwargs:
|
||||
sentinel_kwargs[key] = kwargs.pop('sentinel_' + key)
|
||||
sentinel_server = sentinel.Sentinel(
|
||||
sentinel_hosts,
|
||||
sentinel_kwargs=kwargs,
|
||||
sentinel_kwargs=sentinel_kwargs,
|
||||
**kwargs)
|
||||
master_client = sentinel_server.master_for(sentinel_name)
|
||||
# The master_client is a redis.Redis using a
|
||||
|
|
Loading…
Reference in New Issue