This is an automated email from the ASF dual-hosted git repository. dgrove pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk.git
The following commit(s) were added to refs/heads/master by this push: new 6646237 Making Redis password protected (#4108) 6646237 is described below commit 66462371ab4266fb3db97cee13632424c6ed6811 Author: Pavel Kravchenko <kpa...@il.ibm.com> AuthorDate: Thu Dec 6 19:58:15 2018 +0200 Making Redis password protected (#4108) --- ansible/group_vars/all | 1 + ansible/roles/apigateway/tasks/deploy.yml | 1 + ansible/roles/redis/tasks/deploy.yml | 9 +++++++-- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/ansible/group_vars/all b/ansible/group_vars/all index 85ee6ff..fb10427 100755 --- a/ansible/group_vars/all +++ b/ansible/group_vars/all @@ -264,6 +264,7 @@ apigateway: redis: version: 4.0 port: 6379 + password: openwhisk linux: version: 4.4.0-31 diff --git a/ansible/roles/apigateway/tasks/deploy.yml b/ansible/roles/apigateway/tasks/deploy.yml index 67af893..5a1c169 100644 --- a/ansible/roles/apigateway/tasks/deploy.yml +++ b/ansible/roles/apigateway/tasks/deploy.yml @@ -14,6 +14,7 @@ env: "REDIS_HOST": "{{ groups['redis'] | first }}" "REDIS_PORT": "{{ redis.port }}" + "REDIS_PASS": "{{ redis.password }}" "PUBLIC_MANAGEDURL_HOST": "{{ ansible_host }}" "PUBLIC_MANAGEDURL_PORT": "{{ apigateway.port.mgmt }}" "TZ": "{{ docker.timezone }}" diff --git a/ansible/roles/redis/tasks/deploy.yml b/ansible/roles/redis/tasks/deploy.yml index 9110f43..5023e45 100644 --- a/ansible/roles/redis/tasks/deploy.yml +++ b/ansible/roles/redis/tasks/deploy.yml @@ -21,10 +21,15 @@ - "{{ redis.port }}:6379" env: TZ: "{{ docker.timezone }}" + command: + /bin/sh -c + "docker-entrypoint.sh --requirepass {{ redis.password }}" - name: wait until redis is up and running - action: shell (echo PING; sleep 1) | nc {{ ansible_host }} {{ redis.port }} +# using RESP protocol to set redis password and validate it's up +# inspired by: https://www.compose.com/articles/how-to-talk-raw-redis/ + action: shell (printf "*2\r\n\$4\r\nAUTH\r\n\${{redis.password|length}}\r\n{{ redis.password }}\r\n*1\r\n\$4\r\nPING\r\n"; sleep 1) | nc {{ ansible_host }} {{ redis.port }} register: result - until: (result.rc == 0) and (result.stdout == '+PONG') + until: (result.rc == 0) and (result.stdout == '+OK\r\n+PONG') retries: 12 delay: 5