From 48cbb9c0ed94fdc134d623fe7ee11bbfddb74a7d Mon Sep 17 00:00:00 2001 From: zhanghongtong Date: Fri, 9 Apr 2021 09:34:31 +0000 Subject: [PATCH] chore(CI): cts support redis sentinel ssl --- .../docker-compose-redis-sentinel-tls.yaml | 12 ++++++++++ .ci/docker-compose-file/redis/redis-tls.conf | 2 ++ .ci/docker-compose-file/redis/redis.sh | 23 +++++++++++++++++++ .github/workflows/run_cts_tests.yaml | 2 -- 4 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 .ci/docker-compose-file/docker-compose-redis-sentinel-tls.yaml diff --git a/.ci/docker-compose-file/docker-compose-redis-sentinel-tls.yaml b/.ci/docker-compose-file/docker-compose-redis-sentinel-tls.yaml new file mode 100644 index 000000000..7c7f46ce2 --- /dev/null +++ b/.ci/docker-compose-file/docker-compose-redis-sentinel-tls.yaml @@ -0,0 +1,12 @@ +version: '3.9' + +services: + redis_server: + container_name: redis + image: redis:${REDIS_TAG} + volumes: + - ../../apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs:/tls + - ./redis/:/data/conf + command: bash -c "/bin/bash /data/conf/redis.sh --node sentinel --tls-enabled && tail -f /var/log/redis-server.log" + networks: + - emqx_bridge diff --git a/.ci/docker-compose-file/redis/redis-tls.conf b/.ci/docker-compose-file/redis/redis-tls.conf index 30559e487..584399a29 100644 --- a/.ci/docker-compose-file/redis/redis-tls.conf +++ b/.ci/docker-compose-file/redis/redis-tls.conf @@ -4,5 +4,7 @@ logfile /var/log/redis-server.log tls-cert-file /tls/redis.crt tls-key-file /tls/redis.key tls-ca-cert-file /tls/ca.crt +tls-replication yes +protected-mode no requirepass public masterauth public diff --git a/.ci/docker-compose-file/redis/redis.sh b/.ci/docker-compose-file/redis/redis.sh index faa9e37e0..ceca7e2c3 100755 --- a/.ci/docker-compose-file/redis/redis.sh +++ b/.ci/docker-compose-file/redis/redis.sh @@ -49,12 +49,22 @@ if [ "${node}" = "cluster" ] ; then redis-server /data/conf/redis.conf --port 7002 --cluster-config-file /data/conf/nodes.7002.conf --cluster-enabled yes; fi elif [ "${node}" = "sentinel" ] ; then + if $tls ; then + redis-server /data/conf/redis-tls.conf --port 7000 --cluster-config-file /data/conf/nodes.7000.conf \ + --tls-port 8000 --cluster-enabled no; + redis-server /data/conf/redis-tls.conf --port 7001 --cluster-config-file /data/conf/nodes.7001.conf \ + --tls-port 8001 --cluster-enabled no --slaveof "$LOCAL_IP" 8000; + redis-server /data/conf/redis-tls.conf --port 7002 --cluster-config-file /data/conf/nodes.7002.conf \ + --tls-port 8002 --cluster-enabled no --slaveof "$LOCAL_IP" 8000; + + else redis-server /data/conf/redis.conf --port 7000 --cluster-config-file /data/conf/nodes.7000.conf \ --cluster-enabled no; redis-server /data/conf/redis.conf --port 7001 --cluster-config-file /data/conf/nodes.7001.conf \ --cluster-enabled no --slaveof "$LOCAL_IP" 7000; redis-server /data/conf/redis.conf --port 7002 --cluster-config-file /data/conf/nodes.7002.conf \ --cluster-enabled no --slaveof "$LOCAL_IP" 7000; + fi fi REDIS_LOAD_FLG=true; @@ -88,8 +98,21 @@ bind 0.0.0.0 :: daemonize yes logfile /var/log/redis-server.log dir /tmp +EOF + if $tls ; then + cat >>/_sentinel.conf<>/_sentinel.conf<