Skip to content

B
beagle-rcache-image
Unverified Commit 97b3d641 authored by David Collom's avatar David Collom Committed by GitHub
Browse files
Options

Adding TLS Support and shellchecking all .sh (#8) 

Signed-off-by: default avatarDavid Collom <david.collom@jetstack.io>
parent eed5009b
Hide whitespace changes
Inline Side-by-side
Showing with 58 additions and 16 deletions
Dockerfile
View file @ 97b3d641
FROM alpine:3.9 FROM alpine:3.9 as builder
MAINTAINER Opstree Solutions MAINTAINER Opstree Solutions
...@@ -10,19 +10,31 @@ ARG REDIS_DOWNLOAD_URL="http://download.redis.io/" ...@@ -10,19 +10,31 @@ ARG REDIS_DOWNLOAD_URL="http://download.redis.io/"
ARG REDIS_VERSION="stable" ARG REDIS_VERSION="stable"
RUN addgroup -S -g 1001 redis && adduser -S -G redis -u 1001 redis && \ RUN apk add --no-cache su-exec tzdata make curl build-base linux-headers bash openssl-dev
apk add --no-cache su-exec tzdata make curl build-base linux-headers bash
RUN curl -fL -Lo /tmp/redis-${REDIS_VERSION}.tar.gz ${REDIS_DOWNLOAD_URL}/redis-${REDIS_VERSION}.tar.gz && \ RUN curl -fL -Lo /tmp/redis-${REDIS_VERSION}.tar.gz ${REDIS_DOWNLOAD_URL}/redis-${REDIS_VERSION}.tar.gz && \
cd /tmp && \ cd /tmp && \
tar xvzf redis-${REDIS_VERSION}.tar.gz && \ tar xvzf redis-${REDIS_VERSION}.tar.gz && \
cd redis-${REDIS_VERSION} && \ cd redis-${REDIS_VERSION} && \
make && \ make && \
make install && \ make install BUILD_TLS=yes && \
mkdir -p /etc/redis && \ mkdir -p /etc/redis && \
cp -f *.conf /etc/redis && \ cp -f *.conf /etc/redis
rm -rf /tmp/redis-${REDIS_VERSION}* && \
apk del curl make FROM alpine:3.9
MAINTAINER Opstree Solutions
LABEL VERSION=1.0 \
ARCH=AMD64 \
DESCRIPTION="A production grade performance tuned redis docker image created by Opstree Solutions"
COPY --from=builder /usr/local/bin/redis-server /usr/local/bin/redis-server
COPY --from=builder /usr/local/bin/redis-cli /usr/local/bin/redis-cli
COPY --from=builder /etc/redis /etc/redis
RUN addgroup -S -g 1001 redis && adduser -S -G redis -u 1001 redis && \
apk add --no-cache bash
COPY redis.conf /etc/redis/redis.conf COPY redis.conf /etc/redis/redis.conf
......
Makefile
View file @ 97b3d641
REDIS_VERSION ?= 6.2.5
EXPORTER_VERSION?=1.0
build-redis-image: build-redis-image:
docker build -t quay.io/opstree/redis:6.2.5 -f Dockerfile . docker build -t quay.io/opstree/redis:$(REDIS_VERSION) -f Dockerfile .
build-redis-exporter-image: build-redis-exporter-image:
docker build -t opstree/redis-exporter:1.0 -f Dockerfile.exporter . docker build -t opstree/redis-exporter:$(EXPORTER_VERSION) -f Dockerfile.exporter .
setup-standalone-server-compose: setup-standalone-server-compose:
docker-compose -f docker-compose-standalone.yaml up -d docker-compose -f docker-compose-standalone.yaml up -d
......
entrypoint.sh
View file @ 97b3d641
...@@ -50,6 +50,29 @@ redis_mode_setup() { ...@@ -50,6 +50,29 @@ redis_mode_setup() {
fi fi
} }
tls_setup() {
if [[ "${TLS_MODE}" == "true" ]]; then
{
echo port 0
echo tls-port 6379
echo tls-cert-file "${REDIS_TLS_CERT}"
echo tls-key-file "${REDIS_TLS_CERT_KEY}"
echo tls-ca-cert-file "${REDIS_TLS_CA_KEY}"
# echo tls-prefer-server-ciphers yes
echo tls-auth-clients optional
} >> /etc/redis/redis.conf
if [[ "${SETUP_MODE}" == "cluster" ]]; then
{
echo tls-replication yes
echo tls-cluster yes
} >> /etc/redis/redis.conf
fi
else
echo "Running without TLS mode"
fi
}
persistence_setup() { persistence_setup() {
if [[ "${PERSISTENCE_ENABLED}" == "true" ]]; then if [[ "${PERSISTENCE_ENABLED}" == "true" ]]; then
{ {
...@@ -87,6 +110,7 @@ main_function() { ...@@ -87,6 +110,7 @@ main_function() {
set_redis_password set_redis_password
redis_mode_setup redis_mode_setup
persistence_setup persistence_setup
tls_setup
start_redis start_redis
} }
......
healthcheck.sh
View file @ 97b3d641
#!/bin/bash #!/bin/bash
check_redis_health() { check_redis_health() {
if [[ -z "${REDIS_PASSWORD}" ]]; then if [[ -n "${REDIS_PASSWORD}" ]]; then
redis-cli ping export REDISCLI_AUTH="${REDIS_PASSWORD}"
fi
if [[ "${TLS_MODE}" == "true" ]]; then
redis-cli --tls --cert "${REDIS_TLS_CERT}" --key "${REDIS_TLS_CERT_KEY}" --cacert "${REDIS_TLS_CA_KEY}" -h "$(hostname)" ping
else else
redis-cli -a ${REDIS_PASSWORD} ping redis-cli ping
fi fi
} }
......
setupMasterSlave.sh
View file @ 97b3d641
...@@ -6,14 +6,14 @@ redis_server_mode() { ...@@ -6,14 +6,14 @@ redis_server_mode() {
if [[ -z "${REDIS_PASSWORD}" ]]; then if [[ -z "${REDIS_PASSWORD}" ]]; then
redis-cli --cluster create "${MASTER_LIST}" --cluster-yes redis-cli --cluster create "${MASTER_LIST}" --cluster-yes
else else
redis-cli --cluster create ${MASTER_LIST} --cluster-yes -a "${REDIS_PASSWORD}" redis-cli --cluster create "${MASTER_LIST}" --cluster-yes -a "${REDIS_PASSWORD}"
fi fi
elif [[ "${SERVER_MODE}" == "slave" ]]; then elif [[ "${SERVER_MODE}" == "slave" ]]; then
echo "Redis server mode is slave" echo "Redis server mode is slave"
if [[ -z "${REDIS_PASSWORD}" ]]; then if [[ -z "${REDIS_PASSWORD}" ]]; then
redis-cli --cluster add-node ${SLAVE_IP} ${MASTER_IP} --cluster-slave redis-cli --cluster add-node "${SLAVE_IP}" "${MASTER_IP}" --cluster-slave
else else
redis-cli --cluster add-node ${SLAVE_IP} ${MASTER_IP} --cluster-slave -a "${REDIS_PASSWORD}" redis-cli --cluster add-node "${SLAVE_IP}" "${MASTER_IP}" --cluster-slave -a "${REDIS_PASSWORD}"
fi fi
else else
echo "Redis server mode is standalone" echo "Redis server mode is standalone"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment