jan/openreplay
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openreplay/scripts/helm/db/redis/templates/configmap-scripts.yaml

430 lines
19 KiB
YAML
Raw Blame History

apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "redis.fullname" . }}-scripts
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "redis.name" . }}
chart: {{ template "redis.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
{{- if and .Values.cluster.enabled .Values.sentinel.enabled }}
start-node.sh: |
#!/bin/bash
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libvalidations.sh
not_exists_dns_entry() {
myip=$(hostname -i)
if [[ -z "$(getent ahosts "$HEADLESS_SERVICE" | grep "^${myip}" )" ]]; then
warn "$HEADLESS_SERVICE does not contain the IP of this pod: ${myip}"
return 1
fi
info "$HEADLESS_SERVICE has my IP: ${myip}"
return 0
}
HEADLESS_SERVICE="{{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
REDIS_SERVICE="{{ template "redis.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
# Waits for DNS to add this ip to the service DNS entry
retry_while not_exists_dns_entry
export REDIS_REPLICATION_MODE="slave"
if [[ -z "$(getent ahosts "$HEADLESS_SERVICE" | grep -v "^$(hostname -i) ")" ]]; then
export REDIS_REPLICATION_MODE="master"
fi
{{- if and .Values.securityContext.runAsUser (eq (.Values.securityContext.runAsUser | int) 0) }}
useradd redis
chown -R redis {{ .Values.slave.persistence.path }}
{{- end }}
if [[ -n $REDIS_PASSWORD_FILE ]]; then
password_aux=`cat ${REDIS_PASSWORD_FILE}`
export REDIS_PASSWORD=$password_aux
fi
if [[ -n $REDIS_MASTER_PASSWORD_FILE ]]; then
password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
export REDIS_MASTER_PASSWORD=$password_aux
fi
if [[ "$REDIS_REPLICATION_MODE" == "master" ]]; then
echo "I am master"
if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
fi
else
if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
fi
if is_boolean_yes "$REDIS_TLS_ENABLED"; then
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
else
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
fi
REDIS_SENTINEL_INFO=($($sentinel_info_command))
REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]}
REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}
# Immediately attempt to connect to the reported master. If it doesn't exist the connection attempt will either hang
# or fail with "port unreachable" and give no data. The liveness check will then timeout waiting for the redis
# container to be ready and restart the it. By then the new master will likely have been elected
if is_boolean_yes "$REDIS_TLS_ENABLED"; then
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
else
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
fi
if [[ ! ($($sentinel_info_command)) ]]; then
# master doesn't actually exist, this probably means the remaining pods haven't elected a new one yet
# and are reporting the old one still. Once this happens the container will get stuck and never see the new
# master. We stop here to allow the container to not pass the liveness check and be restarted.
exit 1
fi
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
{{- if .Values.tls.enabled }}
ARGS=("--port" "0")
ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
ARGS+=("--tls-replication" "yes")
{{- if .Values.tls.dhParamsFilename }}
ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
{{- end }}
{{- else }}
ARGS=("--port" "${REDIS_PORT}")
{{- end }}
if [[ "$REDIS_REPLICATION_MODE" == "slave" ]]; then
ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
fi
{{- if .Values.usePassword }}
ARGS+=("--requirepass" "${REDIS_PASSWORD}")
ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
{{- else }}
ARGS+=("--protected-mode" "no")
{{- end }}
if [[ "$REDIS_REPLICATION_MODE" == "master" ]]; then
ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
else
ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
fi
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
{{- if .Values.slave.extraFlags }}
{{- range .Values.slave.extraFlags }}
ARGS+=({{ . | quote }})
{{- end }}
{{- end }}
{{- if .Values.slave.preExecCmds }}
{{ .Values.slave.preExecCmds | nindent 4}}
{{- end }}
{{- if .Values.slave.command }}
exec {{ .Values.slave.command }} "${ARGS[@]}"
{{- else }}
exec redis-server "${ARGS[@]}"
{{- end }}
start-sentinel.sh: |
#!/bin/bash
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/libfile.sh
sentinel_conf_set() {
local -r key="${1:?missing key}"
local value="${2:-}"
# Sanitize inputs
value="${value//\\/\\\\}"
value="${value//&/\\&}"
value="${value//\?/\\?}"
[[ "$value" = "" ]] && value="\"$value\""
replace_in_file "/opt/bitnami/redis-sentinel/etc/sentinel.conf" "^#*\s*${key} .*" "${key} ${value}" false
}
sentinel_conf_add() {
echo $'\n'"$@" >> "/opt/bitnami/redis-sentinel/etc/sentinel.conf"
}
host_id() {
echo "$1" | openssl sha1 | awk '{print $2}'
}
not_exists_dns_entry() {
myip=$(hostname -i)
if [[ -z "$(getent ahosts "$HEADLESS_SERVICE" | grep "^${myip}" )" ]]; then
warn "$HEADLESS_SERVICE does not contain the IP of this pod: ${myip}"
return 1
fi
info "$HEADLESS_SERVICE has my IP: ${myip}"
return 0
}
HEADLESS_SERVICE="{{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
REDIS_SERVICE="{{ template "redis.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
if [[ -n $REDIS_PASSWORD_FILE ]]; then
password_aux=`cat ${REDIS_PASSWORD_FILE}`
export REDIS_PASSWORD=$password_aux
fi
if [[ ! -f /opt/bitnami/redis-sentinel/etc/sentinel.conf ]]; then
cp /opt/bitnami/redis-sentinel/mounted-etc/sentinel.conf /opt/bitnami/redis-sentinel/etc/sentinel.conf
{{- if .Values.usePassword }}
printf "\nsentinel auth-pass %s %s" "{{ .Values.sentinel.masterSet }}" "$REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
{{- if .Values.sentinel.usePassword }}
printf "\nrequirepass %s" "$REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
{{- end }}
{{- end }}
{{- if .Values.sentinel.staticID }}
printf "\nsentinel myid %s" "$(host_id "$HOSTNAME")" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
{{- end }}
fi
export REDIS_REPLICATION_MODE="slave"
# Waits for DNS to add this ip to the service DNS entry
retry_while not_exists_dns_entry
if [[ -z "$(getent ahosts "$HEADLESS_SERVICE" | grep -v "^$(hostname -i)")" ]]; then
export REDIS_REPLICATION_MODE="master"
fi
# Clean sentineles from the current sentinel nodes
for node in $( getent ahosts "$HEADLESS_SERVICE" | grep -v "^$(hostname -i)" | cut -f 1 -d ' ' | uniq ); do
info "Cleaning sentinels in sentinel node: $node"
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $node -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel reset "*"
else
redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $node -p {{ .Values.sentinel.port }} sentinel reset "*"
fi
sleep {{ .Values.sentinel.cleanDelaySeconds }}
done
info "Sentinels clean up done"
if [[ "$REDIS_REPLICATION_MODE" == "master" ]]; then
REDIS_MASTER_HOST="$(hostname -i)"
REDIS_MASTER_PORT_NUMBER="{{ .Values.redisPort }}"
else
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
else
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
fi
REDIS_SENTINEL_INFO=($($sentinel_info_command))
REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]}
REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}
# Immediately attempt to connect to the reported master. If it doesn't exist the connection attempt will either hang
# or fail with "port unreachable" and give no data. The liveness check will then timeout waiting for the sentinel
# container to be ready and restart the it. By then the new master will likely have been elected
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
else
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_MASTER_HOST -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
fi
if [[ ! ($($sentinel_info_command)) ]]; then
# master doesn't actually exist, this probably means the remaining pods haven't elected a new one yet
# and are reporting the old one still. Once this happens the container will get stuck and never see the new
# master. We stop here to allow the container to not pass the liveness check and be restarted.
exit 1
fi
fi
sentinel_conf_set "sentinel monitor" "{{ .Values.sentinel.masterSet }} "$REDIS_MASTER_HOST" "$REDIS_MASTER_PORT_NUMBER" {{ .Values.sentinel.quorum }}"
add_replica() {
if [[ "$1" != "$REDIS_MASTER_HOST" ]]; then
sentinel_conf_add "sentinel known-replica {{ .Values.sentinel.masterSet }} $1 {{ .Values.redisPort }}"
fi
}
{{- if .Values.sentinel.staticID }}
# remove generated known sentinels and replicas
tmp="$(sed -e '/^sentinel known-/d' -e '/^$/d' /opt/bitnami/redis-sentinel/etc/sentinel.conf)"
echo "$tmp" > /opt/bitnami/redis-sentinel/etc/sentinel.conf
for node in $(seq 0 {{ .Values.cluster.slaveCount }}); do
NAME="{{ template "redis.fullname" . }}-node-$node"
IP="$(getent hosts "$NAME.$HEADLESS_SERVICE" | awk ' {print $1 }')"
if [[ "$NAME" != "$HOSTNAME" && -n "$IP" ]]; then
sentinel_conf_add "sentinel known-sentinel {{ .Values.sentinel.masterSet }} $IP {{ .Values.sentinel.port }} $(host_id "$NAME")"
add_replica "$IP"
fi
done
add_replica "$(hostname -i)"
{{- end }}
{{- if .Values.tls.enabled }}
ARGS=("--port" "0")
ARGS+=("--tls-port" "${REDIS_SENTINEL_TLS_PORT_NUMBER}")
ARGS+=("--tls-cert-file" "${REDIS_SENTINEL_TLS_CERT_FILE}")
ARGS+=("--tls-key-file" "${REDIS_SENTINEL_TLS_KEY_FILE}")
ARGS+=("--tls-ca-cert-file" "${REDIS_SENTINEL_TLS_CA_FILE}")
ARGS+=("--tls-replication" "yes")
ARGS+=("--tls-auth-clients" "${REDIS_SENTINEL_TLS_AUTH_CLIENTS}")
{{- if .Values.tls.dhParamsFilename }}
ARGS+=("--tls-dh-params-file" "${REDIS_SENTINEL_TLS_DH_PARAMS_FILE}")
{{- end }}
{{- end }}
{{- if .Values.sentinel.preExecCmds }}
{{ .Values.sentinel.preExecCmds | nindent 4 }}
{{- end }}
exec redis-server /opt/bitnami/redis-sentinel/etc/sentinel.conf --sentinel {{- if .Values.tls.enabled }} "${ARGS[@]}" {{- end }}
prestop-sentinel.sh: |
#!/bin/bash
. /opt/bitnami/scripts/libvalidations.sh
REDIS_SERVICE="{{ include "redis.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
if [[ -n "$REDIS_PASSWORD_FILE" ]]; then
password_aux=$(cat "$REDIS_PASSWORD_FILE")
export REDIS_PASSWORD="$password_aux"
fi
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a ${REDIS_PASSWORD} {{- end }} -h ${REDIS_SERVICE} -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
else
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a ${REDIS_PASSWORD} {{- end }} -h ${REDIS_SERVICE} -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
fi
REDIS_SENTINEL_INFO=($($sentinel_info_command))
REDIS_MASTER_HOST="${REDIS_SENTINEL_INFO[0]}"
if [[ "$REDIS_MASTER_HOST" == "$(hostname -i)" ]]; then
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
redis-cli {{- if .Values.usePassword }} -a "$REDIS_PASSWORD" {{- end }} -h "$REDIS_SERVICE" -p {{ .Values.sentinel.port }} --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel failover mymaster
else
redis-cli {{- if .Values.usePassword }} -a "$REDIS_PASSWORD" {{- end }} -h "$REDIS_SERVICE" -p {{ .Values.sentinel.port }} sentinel failover mymaster
fi
fi
{{- else }}
start-master.sh: |
#!/bin/bash
{{- if and .Values.securityContext.runAsUser (eq (.Values.securityContext.runAsUser | int) 0) }}
useradd redis
chown -R redis {{ .Values.master.persistence.path }}
{{- end }}
if [[ -n $REDIS_PASSWORD_FILE ]]; then
password_aux=`cat ${REDIS_PASSWORD_FILE}`
export REDIS_PASSWORD=$password_aux
fi
if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
{{- if .Values.tls.enabled }}
ARGS=("--port" "0")
ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
{{- if .Values.tls.dhParamsFilename }}
ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
{{- end }}
{{- else }}
ARGS=("--port" "${REDIS_PORT}")
{{- end }}
{{- if .Values.usePassword }}
ARGS+=("--requirepass" "${REDIS_PASSWORD}")
ARGS+=("--masterauth" "${REDIS_PASSWORD}")
{{- else }}
ARGS+=("--protected-mode" "no")
{{- end }}
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
{{- if .Values.master.extraFlags }}
{{- range .Values.master.extraFlags }}
ARGS+=({{ . | quote }})
{{- end }}
{{- end }}
{{- if .Values.master.preExecCmds }}
{{ .Values.master.preExecCmds | nindent 4}}
{{- end }}
{{- if .Values.master.command }}
exec {{ .Values.master.command }} "${ARGS[@]}"
{{- else }}
exec redis-server "${ARGS[@]}"
{{- end }}
{{- if .Values.cluster.enabled }}
start-slave.sh: |
#!/bin/bash
{{- if and .Values.securityContext.runAsUser (eq (.Values.securityContext.runAsUser | int) 0) }}
useradd redis
chown -R redis {{ .Values.slave.persistence.path }}
{{- end }}
if [[ -n $REDIS_PASSWORD_FILE ]]; then
password_aux=`cat ${REDIS_PASSWORD_FILE}`
export REDIS_PASSWORD=$password_aux
fi
if [[ -n $REDIS_MASTER_PASSWORD_FILE ]]; then
password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
export REDIS_MASTER_PASSWORD=$password_aux
fi
if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
{{- if .Values.tls.enabled }}
ARGS=("--port" "0")
ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
ARGS+=("--tls-replication" "yes")
{{- if .Values.tls.dhParamsFilename }}
ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
{{- end }}
{{- else }}
ARGS=("--port" "${REDIS_PORT}")
{{- end }}
ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
{{- if .Values.usePassword }}
ARGS+=("--requirepass" "${REDIS_PASSWORD}")
ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
{{- else }}
ARGS+=("--protected-mode" "no")
{{- end }}
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
{{- if .Values.slave.extraFlags }}
{{- range .Values.slave.extraFlags }}
ARGS+=({{ . | quote }})
{{- end }}
{{- end }}
{{- if .Values.slave.preExecCmds }}
{{ .Values.slave.preExecCmds | nindent 4}}
{{- end }}
{{- if .Values.slave.command }}
exec {{ .Values.slave.command }} "${ARGS[@]}"
{{- else }}
exec redis-server "${ARGS[@]}"
{{- end }}
{{- end }}
{{- end -}}
Reference in a new issue View git blame Copy permalink