From 1b9089e9eb54fcb09464a2a0bd469525023c8495 Mon Sep 17 00:00:00 2001 From: Stallman Date: Sun, 21 Jun 2020 09:18:12 +0800 Subject: [PATCH] Add redis auth support #1026 auto commit --- README.md | 3 ++- assets/runtime/config/gitlabhq/resque.yml | 2 +- assets/runtime/functions | 13 +++++++++++-- docker-compose.yml | 1 + 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index bb58de797..45996c85e 100644 --- a/README.md +++ b/README.md @@ -327,11 +327,12 @@ The internal redis server has been removed from the image. Please use a [linked The image can be configured to use an external redis server. The configuration should be specified using environment variables while starting the GitLab image. -*Assuming that the redis server host is 192.168.1.100* +*Assuming that the redis server host is 192.168.1.100*, and configured to use authentication* ```bash docker run --name gitlab -it --rm \ --env 'REDIS_HOST=192.168.1.100' --env 'REDIS_PORT=6379' \ + --env 'REDIS_PASSWORD=p4ssw0rd' \ sameersbn/gitlab:13.0.6 ``` diff --git a/assets/runtime/config/gitlabhq/resque.yml b/assets/runtime/config/gitlabhq/resque.yml index 7a6681536..0557f122f 100644 --- a/assets/runtime/config/gitlabhq/resque.yml +++ b/assets/runtime/config/gitlabhq/resque.yml @@ -14,7 +14,7 @@ test: url: redis://localhost:6379 production: # Redis (single instance) - url: redis://{{REDIS_HOST}}:{{REDIS_PORT}}/{{REDIS_DB_NUMBER}} + url: redis://{{REDIS_PASSWORD}}{{REDIS_HOST}}:{{REDIS_PORT}}/{{REDIS_DB_NUMBER}} ## # Redis + Sentinel (for HA) # diff --git a/assets/runtime/functions b/assets/runtime/functions index 449acd321..b290336c6 100644 --- a/assets/runtime/functions +++ b/assets/runtime/functions @@ -205,8 +205,12 @@ gitlab_finalize_redis_parameters() { } gitlab_check_redis_connection() { + REDIS_FLAG="" + if [[ -n ${REDIS_PASSWORD} ]]; then + REDIS_FLAG="-a ${REDIS_PASSWORD}" + fi timeout=60 - while ! redis-cli -h ${REDIS_HOST} -p ${REDIS_PORT} -n ${REDIS_DB_NUMBER} ping >/dev/null 2>&1 + while ! redis-cli -h ${REDIS_HOST} ${REDIS_FLAG} -p ${REDIS_PORT} -n ${REDIS_DB_NUMBER} ping >/dev/null 2>&1 do timeout=$(expr $timeout - 1) if [[ $timeout -eq 0 ]]; then @@ -226,10 +230,15 @@ gitlab_configure_redis() { gitlab_finalize_redis_parameters gitlab_check_redis_connection + if [[ -n ${REDIS_PASSWORD} ]]; then + REDIS_PASSWORD=':'${REDIS_PASSWORD}'@' + fi + update_template ${GITLAB_RESQUE_CONFIG} \ REDIS_HOST \ REDIS_PORT \ - REDIS_DB_NUMBER + REDIS_DB_NUMBER \ + REDIS_PASSWORD } gitlab_configure_gitaly() { diff --git a/docker-compose.yml b/docker-compose.yml index 6f6d3e725..407bbaa02 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,6 +6,7 @@ services: image: redis:5.0.9 command: - --loglevel warning + - --requirepass "p4ssw0rd" volumes: - redis-data:/var/lib/redis:Z