Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(#527) Add masteruser and auth_user parameters #529

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,16 @@ class { 'redis':
}
```

With ACL authentication

```puppet
class { 'redis':
bind => '10.0.1.1',
masterauth => 'secret',
masteruser => 'username',
}
```

### Slave node

```puppet
Expand Down
31 changes: 29 additions & 2 deletions REFERENCE.md
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,7 @@ The following parameters are available in the `redis` class:
* [`manage_package`](#-redis--manage_package)
* [`managed_by_cluster_manager`](#-redis--managed_by_cluster_manager)
* [`masterauth`](#-redis--masterauth)
* [`masteruser`](#-redis--masteruser)
* [`maxclients`](#-redis--maxclients)
* [`maxmemory`](#-redis--maxmemory)
* [`maxmemory_policy`](#-redis--maxmemory_policy)
Expand Down Expand Up @@ -532,7 +533,15 @@ Default value: `false`

Data type: `Optional[Variant[String[1], Sensitive[String[1]], Deferred]]`

If the master is password protected (using the "requirepass" configuration
If the master is password protected (using the "requirepass" configuration)

Default value: `undef`

##### <a name="-redis--masteruser"></a>`masteruser`

Data type: `Optional[String[1]]`

If the master is password protected and a user is defined (using the "user" configuration)

Default value: `undef`

Expand Down Expand Up @@ -1514,6 +1523,7 @@ class {'redis::sentinel':
The following parameters are available in the `redis::sentinel` class:

* [`auth_pass`](#-redis--sentinel--auth_pass)
* [`auth_user`](#-redis--sentinel--auth_user)
* [`config_file`](#-redis--sentinel--config_file)
* [`config_file_orig`](#-redis--sentinel--config_file_orig)
* [`config_file_mode`](#-redis--sentinel--config_file_mode)
Expand Down Expand Up @@ -1563,6 +1573,14 @@ The password to use to authenticate with the master and slaves.

Default value: `undef`

##### <a name="-redis--sentinel--auth_user"></a>`auth_user`

Data type: `Optional[String[1]]`

The username to use to authenticate with the master and slaves.

Default value: `undef`

##### <a name="-redis--sentinel--config_file"></a>`config_file`

Data type: `Stdlib::Absolutepath`
Expand Down Expand Up @@ -1953,6 +1971,7 @@ The following parameters are available in the `redis::instance` defined type:
* [`managed_by_cluster_manager`](#-redis--instance--managed_by_cluster_manager)
* [`manage_service_file`](#-redis--instance--manage_service_file)
* [`masterauth`](#-redis--instance--masterauth)
* [`masteruser`](#-redis--instance--masteruser)
* [`maxclients`](#-redis--instance--maxclients)
* [`maxmemory`](#-redis--instance--maxmemory)
* [`maxmemory_policy`](#-redis--instance--maxmemory_policy)
Expand Down Expand Up @@ -2305,10 +2324,18 @@ Default value: `true`

Data type: `Optional[Variant[String[1], Sensitive[String[1]], Deferred]]`

If the master is password protected (using the "requirepass" configuration
If the master is password protected (using the "requirepass" configuration)

Default value: `$redis::masterauth`

##### <a name="-redis--instance--masteruser"></a>`masteruser`

Data type: `Optional[String[1]]`

If the master is password protected and a user is defined (using the "user" configuration)

Default value: `$redis::masteruser`

##### <a name="-redis--instance--maxclients"></a>`maxclients`

Data type: `Integer[1]`
Expand Down
5 changes: 4 additions & 1 deletion manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,9 @@
# @param managed_by_cluster_manager
# Choose if redis will be managed by a cluster manager such as pacemaker or rgmanager
# @param masterauth
# If the master is password protected (using the "requirepass" configuration
# If the master is password protected (using the "requirepass" configuration)
# @param masteruser
# If the master is password protected and a user is defined (using the "user" configuration)
# @param maxclients
# Set the max number of connected clients at the same time.
# @param maxmemory
Expand Down Expand Up @@ -392,6 +394,7 @@
Boolean $manage_package = true,
Boolean $manage_repo = false,
Optional[Variant[String[1], Sensitive[String[1]], Deferred]] $masterauth = undef,
Optional[String[1]] $masteruser = undef,
Integer[1] $maxclients = 10000,
$maxmemory = undef,
Optional[Redis::MemoryPolicy] $maxmemory_policy = undef,
Expand Down
6 changes: 5 additions & 1 deletion manifests/instance.pp
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,9 @@
# @param manage_service_file
# Determine if the systemd service file should be managed
# @param masterauth
# If the master is password protected (using the "requirepass" configuration
# If the master is password protected (using the "requirepass" configuration)
# @param masteruser
# If the master is password protected and a user is defined (using the "user" configuration)
# @param maxclients
# Set the max number of connected clients at the same time.
# @param maxmemory
Expand Down Expand Up @@ -325,6 +327,7 @@
Stdlib::Filemode $log_dir_mode = $redis::log_dir_mode,
Redis::LogLevel $log_level = $redis::log_level,
Optional[Variant[String[1], Sensitive[String[1]], Deferred]] $masterauth = $redis::masterauth,
Optional[String[1]] $masteruser = $redis::masteruser,
Integer[1] $maxclients = $redis::maxclients,
Optional[Variant[Integer, String]] $maxmemory = $redis::maxmemory,
Optional[Redis::MemoryPolicy] $maxmemory_policy = $redis::maxmemory_policy,
Expand Down Expand Up @@ -526,6 +529,7 @@
slaveof => $slaveof,
replicaof => $replicaof,
masterauth => $masterauth,
masteruser => $masteruser,
slave_serve_stale_data => $slave_serve_stale_data,
slave_read_only => $slave_read_only,
repl_announce_ip => $repl_announce_ip,
Expand Down
4 changes: 4 additions & 0 deletions manifests/sentinel.pp
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,9 @@
# @param auth_pass
# The password to use to authenticate with the master and slaves.
#
# @param auth_user
# The username to use to authenticate with the master and slaves.
#
# @param config_file
# The location and name of the sentinel config file.
#
Expand Down Expand Up @@ -147,6 +150,7 @@
#
class redis::sentinel (
Optional[Variant[String[1], Sensitive[String[1]]]] $auth_pass = undef,
Optional[String[1]] $auth_user = undef,
Stdlib::Absolutepath $config_file = $redis::params::sentinel_config_file,
Stdlib::Absolutepath $config_file_orig = $redis::params::sentinel_config_file_orig,
Stdlib::Filemode $config_file_mode = '0644',
Expand Down
4 changes: 4 additions & 0 deletions spec/classes/redis_sentinel_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,7 @@ class { 'redis':
{
sentinel_tls_port: 26_380,
auth_pass: 'password',
auth_user: 'username',
sentinel_bind: '192.0.2.10',
protected_mode: false,
master_name: 'cow',
Expand Down Expand Up @@ -151,6 +152,7 @@ class { 'redis':
sentinel parallel-syncs cow 1
sentinel failover-timeout cow 28000
sentinel auth-pass cow password
sentinel auth-user cow username
sentinel notification-script cow /path/to/bar.sh
sentinel client-reconfig-script cow /path/to/foo.sh

Expand All @@ -177,6 +179,7 @@ class { 'redis':
let(:params) do
{
auth_pass: 'password',
auth_user: 'username',
sentinel_bind: ['192.0.2.10', '192.168.1.1'],
master_name: 'cow',
down_after: 6000,
Expand All @@ -203,6 +206,7 @@ class { 'redis':
sentinel parallel-syncs cow 1
sentinel failover-timeout cow 28000
sentinel auth-pass cow password
sentinel auth-user cow username
sentinel notification-script cow /path/to/bar.sh
sentinel client-reconfig-script cow /path/to/foo.sh

Expand Down
14 changes: 14 additions & 0 deletions spec/classes/redis_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -523,6 +523,20 @@ class { 'redis':
}
end

describe 'with parameter masteruser' do
let(:params) do
{
masteruser: '_VALUE_'
}
end

it {
is_expected.to contain_file(config_file_orig).with(
'content' => %r{masteruser.*_VALUE_}
)
}
end

describe 'with parameter maxclients' do
let(:params) do
{
Expand Down
3 changes: 3 additions & 0 deletions templates/redis-sentinel.conf.erb
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,9 @@ sentinel failover-timeout <%= @master_name %> <%= @failover_timeout %>
<% if @auth_pass_unsensitive -%>
sentinel auth-pass <%= @master_name %> <%= @auth_pass_unsensitive %>
<% end -%>
<% if @auth_user -%>
sentinel auth-user <%= @master_name %> <%= @auth_user %>
<% end -%>
<% if @notification_script -%>
sentinel notification-script <%= @master_name %> <%= @notification_script %>
<% end -%>
Expand Down
13 changes: 13 additions & 0 deletions templates/redis.conf.epp
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
Optional[String[1]] $slaveof,
Optional[String[1]] $replicaof,
Optional[Variant[String[1], Sensitive[String[1]]]] $masterauth,
Optional[String[1]] $masteruser,
Boolean $slave_serve_stale_data,
Boolean $slave_read_only,
Optional[Stdlib::Host] $repl_announce_ip,
Expand Down Expand Up @@ -411,6 +412,18 @@ dir <%= $workdir %>
# masterauth <master-password>
<% if $masterauth { -%>masterauth <%= $masterauth %><% } -%>

# However this is not enough if you are using Redis ACLs (for Redis version
# 6 or greater), and the default user is not capable of running the PSYNC
# command and/or other commands needed for replication. In this case it's
# better to configure a special user to use with replication, and specify the
# username configuration as such:
#
# masteruser <master-username>
<% if $masteruser { -%>masteruser <%= $masteruser %><% } -%>

# When username is specified, the replica will authenticate against its
# master using the new AUTH form: AUTH <username> <password>.

# When a slave loses the connection with the master, or when the replication
# is still in progress, the slave can act in two different ways:
#
Expand Down