[incubator-openwhisk] branch master updated: Making Redis password protected (#4108)

Thu, 06 Dec 2018 09:59:10 -0800 

This is an automated email from the ASF dual-hosted git repository.

dgrove pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk.git


The following commit(s) were added to refs/heads/master by this push:
     new 6646237  Making Redis password protected (#4108)
6646237 is described below

commit 66462371ab4266fb3db97cee13632424c6ed6811
Author: Pavel Kravchenko <[email protected]>
AuthorDate: Thu Dec 6 19:58:15 2018 +0200

    Making Redis password protected (#4108)
---
 ansible/group_vars/all                    | 1 +
 ansible/roles/apigateway/tasks/deploy.yml | 1 +
 ansible/roles/redis/tasks/deploy.yml      | 9 +++++++--
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index 85ee6ff..fb10427 100755
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -264,6 +264,7 @@ apigateway:
 redis:
   version: 4.0
   port: 6379
+  password: openwhisk 
 
 linux:
   version: 4.4.0-31
diff --git a/ansible/roles/apigateway/tasks/deploy.yml 
b/ansible/roles/apigateway/tasks/deploy.yml
index 67af893..5a1c169 100644
--- a/ansible/roles/apigateway/tasks/deploy.yml
+++ b/ansible/roles/apigateway/tasks/deploy.yml
@@ -14,6 +14,7 @@
     env:
       "REDIS_HOST": "{{ groups['redis'] | first }}"
       "REDIS_PORT": "{{ redis.port }}"
+      "REDIS_PASS": "{{ redis.password }}"
       "PUBLIC_MANAGEDURL_HOST": "{{ ansible_host }}"
       "PUBLIC_MANAGEDURL_PORT": "{{ apigateway.port.mgmt }}"
       "TZ": "{{ docker.timezone }}"
diff --git a/ansible/roles/redis/tasks/deploy.yml 
b/ansible/roles/redis/tasks/deploy.yml
index 9110f43..5023e45 100644
--- a/ansible/roles/redis/tasks/deploy.yml
+++ b/ansible/roles/redis/tasks/deploy.yml
@@ -21,10 +21,15 @@
       - "{{ redis.port }}:6379"
     env:
       TZ: "{{ docker.timezone }}"
+    command:
+      /bin/sh -c
+      "docker-entrypoint.sh --requirepass {{ redis.password }}"
 
 - name: wait until redis is up and running
-  action: shell (echo PING; sleep 1) | nc {{ ansible_host }} {{ redis.port }}
+# using RESP protocol to set redis password and validate it's up
+# inspired by: https://www.compose.com/articles/how-to-talk-raw-redis/
+  action: shell (printf 
"*2\r\n\$4\r\nAUTH\r\n\${{redis.password|length}}\r\n{{ redis.password 
}}\r\n*1\r\n\$4\r\nPING\r\n"; sleep 1) | nc {{ ansible_host }} {{ redis.port }}
   register: result
-  until: (result.rc == 0) and (result.stdout == '+PONG')
+  until: (result.rc == 0) and (result.stdout == '+OK\r\n+PONG')
   retries: 12
   delay: 5

Reply via email to