Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add tls settings to the redis::sentinel class and the redis-sentinel.conf template #443

Merged
merged 1 commit into from Mar 30, 2022
Merged

Add tls settings to the redis::sentinel class and the redis-sentinel.conf template #443

merged 1 commit into from Mar 30, 2022

Conversation

tparkercbn
Copy link
Contributor

Pull Request (PR) description

Added tls settings to the redis sentinel submodule. If you have tls only enabled for redis not having tls on the sentinels makes them useless.

root-expert
root-expert reviewed Mar 24, 2022
View reviewed changes
Copy link
Member

@root-expert root-expert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR!
Please add some unit tests for the new parameters 😄

metadata.json Outdated Show resolved Hide resolved
@root-expert root-expert added the enhancement New feature or request label Mar 24, 2022
@tparkercbn
Copy link
Contributor Author

Thanks @root-expert is there somewhere I can get a pointer on writing unit tests. That's where my puppet knowledge falls down.

@root-expert
Copy link
Member

The unit tests should be added in the redis_sentinel_spec file.

You can add your new parameters with a random value in this block and check that the random value is rendered correctly in this block.

For more in depth knowledge for testing puppet you can check rspec-puppet.com and our CONTRIBUTING.md for instructions on how to run unit tests. (You can always just push and let our CI do the hard job 😄 )

@tparkercbn
Copy link
Contributor Author

Perfect! Will do. Might be on Monday but it looks straightforward.

root-expert
root-expert reviewed Mar 28, 2022
View reviewed changes
manifests/sentinel.pp Outdated Show resolved Hide resolved
@bastelfreak bastelfreak changed the title Added tls settings to the redis::sentinel class and the redis-sentinel.conf template Add tls settings to the redis::sentinel class and the redis-sentinel.conf template Mar 28, 2022
bastelfreak
bastelfreak reviewed Mar 28, 2022
View reviewed changes
manifests/sentinel.pp Outdated Show resolved Hide resolved
@tparkercbn
Copy link
Contributor Author

I changed tls_replication to use the Enum['yes', 'no'] but that makes it not the same as the identical variable in the redis class. Which way do you prefer?

@tparkercbn
Copy link
Contributor Author

I changed tls_replication to use the Enum['yes', 'no'] but that makes it not the same as the identical variable in the redis class. Which way do you prefer?

I think I am going to put this back to a boolean. It would be very confusing the people to have the same variable as a Boolean for one module and an Enum for the submodule.

@root-expert
Copy link
Member

I changed tls_replication to use the Enum['yes', 'no'] but that makes it not the same as the identical variable in the redis class. Which way do you prefer?

I think I am going to put this back to a boolean. It would be very confusing the people to have the same variable as a Boolean for one module and an Enum for the submodule.

I believe the new options should follow Enum style, but I agree it can be confusing.
@bastelfreak any opinion here? 😄

root-expert
root-expert reviewed Mar 29, 2022
View reviewed changes
manifests/sentinel.pp Outdated Show resolved Hide resolved
@tparkercbn
Copy link
Contributor Author

I have been thinking about the default values for the tls_ options in the sentinel class. Does it make sense to default them to the values from the redis class?

For most instalations they should be in sync all the time.

That would mean that the cert paths, and replcation values default to undef still but pulled from redis::tls_*

@tparkercbn
Copy link
Contributor Author

I have been thinking about the default values for the tls_ options in the sentinel class. Does it make sense to default them to the values from the redis class?

For most instalations they should be in sync all the time.

That would mean that the cert paths, and replcation values default to undef still but pulled from redis::tls_*

This works in puppet on my servers, however doesn't pass the spec tests because the $redis:: variables are not defined. Is there a way to define a more complete precondition so that we can consume those values? The redis class is required in the sentinel code so there will never be a case where we can have the redis::sentinel without redis already being in the catalog.

@root-expert
Copy link
Member

I have been thinking about the default values for the tls_ options in the sentinel class. Does it make sense to default them to the values from the redis class?
For most instalations they should be in sync all the time.
That would mean that the cert paths, and replcation values default to undef still but pulled from redis::tls_*

This works in puppet on my servers, however doesn't pass the spec tests because the $redis:: variables are not defined. Is there a way to define a more complete precondition so that we can consume those values? The redis class is required in the sentinel code so there will never be a case where we can have the redis::sentinel without redis already being in the catalog.

Take a look here

root-expert
root-expert reviewed Mar 29, 2022
View reviewed changes
manifests/sentinel.pp Outdated Show resolved Hide resolved
@tparkercbn
Copy link
Contributor Author

I have been thinking about the default values for the tls_ options in the sentinel class. Does it make sense to default them to the values from the redis class?
For most instalations they should be in sync all the time.
That would mean that the cert paths, and replcation values default to undef still but pulled from redis::tls_*

This works in puppet on my servers, however doesn't pass the spec tests because the $redis:: variables are not defined. Is there a way to define a more complete precondition so that we can consume those values? The redis class is required in the sentinel code so there will never be a case where we can have the redis::sentinel without redis already being in the catalog.

Take a look here

Thanks! I was confused because it already had that set for the custom params. I hadn't noticed it was failing for the default params case.

@tparkercbn
Copy link
Contributor Author

I have been thinking about the default values for the tls_ options in the sentinel class. Does it make sense to default them to the values from the redis class?
For most instalations they should be in sync all the time.
That would mean that the cert paths, and replcation values default to undef still but pulled from redis::tls_*

This works in puppet on my servers, however doesn't pass the spec tests because the $redis:: variables are not defined. Is there a way to define a more complete precondition so that we can consume those values? The redis class is required in the sentinel code so there will never be a case where we can have the redis::sentinel without redis already being in the catalog.

Take a look here

Thanks! I was confused because it already had that set for the custom params. I hadn't noticed it was failing for the default params case.

I am still not able to get the spec tests to work. Have I missed something?

@root-expert
Copy link
Member

Let's use plain defaults @tparkercbn 😄

@tparkercbn
Copy link
Contributor Author

Let's use plain defaults @tparkercbn smile

Yep. That's what I think too.

I am going to keep the tls_replication setting a Boolean and tls_auth_clients with the default to 'no' so that the types are consistent between the main and sentinel classes.

root-expert
root-expert approved these changes Mar 30, 2022
View reviewed changes
Copy link
Member

@root-expert root-expert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank for the contribution!

@root-expert root-expert merged commit d6afb26 into voxpupuli:master Mar 30, 2022
@tparkercbn
Copy link
Contributor Author

Thank for the contribution!

Thank you for all your help! :)

@tparkercbn tparkercbn deleted the sentinel_tls branch March 30, 2022 15:46
cegeka-jenkins pushed a commit to cegeka/puppet-redis that referenced this pull request Feb 26, 2024
@root-expert
Merge pull request voxpupuli#443 from cbntss/sentinel_tls
827a0ec
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bastelfreak bastelfreak bastelfreak left review comments

@root-expert root-expert root-expert approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@tparkercbn @root-expert @bastelfreak