Bitnami/containers
2
0
Fork 0
mirror of https://github.com/bitnami/containers.git synced 2026-03-20 23:10:53 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/redis-sentinel] Allow setting tls-ca-cert-dir via ENV variable (#79386)

Browse Source 
* [bitnami/redis-sentinel] Allow setting tls-ca-cert-dir via ENV variable

Similar to how it's done in bitnami/redis.

Signed-off-by: mueller-ma <mueller-ma@users.noreply.github.com>

* Apply suggestion

Signed-off-by: mueller-ma <mueller-ma@users.noreply.github.com>

---------

Signed-off-by: mueller-ma <mueller-ma@users.noreply.github.com>
This commit is contained in:
mueller-ma
2025-04-11 11:08:55 +02:00
committed by GitHub
parent 0a650b8aeb
commit 75c0ec1318
3 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
bitnami/redis-sentinel/7.4/debian-12/rootfs/opt/bitnami/scripts/libredissentinel.sh
View File

@@ -103,7 +103,11 @@ redis_validate() {
print_validation_error "The private key file in the specified path ${REDIS_SENTINEL_TLS_KEY_FILE} does not exist"
fi
if [[ -z "$REDIS_SENTINEL_TLS_CA_FILE" ]]; then
print_validation_error "You must provide a CA X.509 certificate in order to use TLS"
if [[ -z "$REDIS_SENTINEL_TLS_CA_DIR" ]]; then
print_validation_error "You must provide either a CA X.509 certificate or a CA certificates directory in order to use TLS"
elif [[ ! -d "$REDIS_SENTINEL_TLS_CA_DIR" ]]; then
print_validation_error "The CA certificates directory specified by path ${REDIS_SENTINEL_TLS_CA_DIR} does not exist"
fi
elif [[ ! -f "$REDIS_SENTINEL_TLS_CA_FILE" ]]; then
print_validation_error "The CA X.509 certificate file in the specified path ${REDIS_SENTINEL_TLS_CA_FILE} does not exist"
fi
@@ -247,7 +251,12 @@ redis_initialize() {
fi
redis_conf_set tls-cert-file "$REDIS_SENTINEL_TLS_CERT_FILE"
redis_conf_set tls-key-file "$REDIS_SENTINEL_TLS_KEY_FILE"
redis_conf_set tls-ca-cert-file "$REDIS_SENTINEL_TLS_CA_FILE"
if is_empty_value "$REDIS_SENTINEL_TLS_CA_FILE"; then
redis_conf_set tls-ca-cert-dir "$REDIS_SENTINEL_TLS_CA_DIR"
else
redis_conf_set tls-ca-cert-file "$REDIS_SENTINEL_TLS_CA_FILE"
fi
[[ -n "$REDIS_SENTINEL_TLS_DH_PARAMS_FILE" ]] && redis_conf_set tls-dh-params-file "$REDIS_SENTINEL_TLS_DH_PARAMS_FILE"
redis_conf_set tls-auth-clients "$REDIS_SENTINEL_TLS_AUTH_CLIENTS"
redis_conf_set tls-replication yes

2
bitnami/redis-sentinel/7.4/debian-12/rootfs/opt/bitnami/scripts/redis-sentinel-env.sh
View File

@@ -48,6 +48,7 @@ redis_sentinel_env_vars=(
REDIS_SENTINEL_TLS_CERT_FILE
REDIS_SENTINEL_TLS_KEY_FILE
REDIS_SENTINEL_TLS_CA_FILE
REDIS_SENTINEL_TLS_CA_DIR
REDIS_SENTINEL_TLS_DH_PARAMS_FILE
REDIS_SENTINEL_TLS_AUTH_CLIENTS
REDIS_MASTER_HOST
@@ -112,6 +113,7 @@ export REDIS_SENTINEL_TLS_PORT_NUMBER="${REDIS_SENTINEL_TLS_PORT_NUMBER:-26379}"
export REDIS_SENTINEL_TLS_CERT_FILE="${REDIS_SENTINEL_TLS_CERT_FILE:-}"
export REDIS_SENTINEL_TLS_KEY_FILE="${REDIS_SENTINEL_TLS_KEY_FILE:-}"
export REDIS_SENTINEL_TLS_CA_FILE="${REDIS_SENTINEL_TLS_CA_FILE:-}"
export REDIS_SENTINEL_TLS_CA_DIR="${REDIS_SENTINEL_TLS_CA_DIR:-}"
export REDIS_SENTINEL_TLS_DH_PARAMS_FILE="${REDIS_SENTINEL_TLS_DH_PARAMS_FILE:-}"
export REDIS_SENTINEL_TLS_AUTH_CLIENTS="${REDIS_SENTINEL_TLS_AUTH_CLIENTS:-yes}"

1
bitnami/redis-sentinel/README.md
View File

@@ -136,6 +136,7 @@ docker run -it --rm \
| `REDIS_SENTINEL_TLS_CERT_FILE` | Redis TLS certificate file | `nil` |
| `REDIS_SENTINEL_TLS_KEY_FILE` | Redis TLS key file | `nil` |
| `REDIS_SENTINEL_TLS_CA_FILE` | Redis TLS CA file | `nil` |
| `REDIS_SENTINEL_TLS_CA_DIR` | Directory containing TLS CA certificates | `nil` |
| `REDIS_SENTINEL_TLS_DH_PARAMS_FILE` | Redis TLS DH parameter file | `nil` |
| `REDIS_SENTINEL_TLS_AUTH_CLIENTS` | Enable Redis TLS client authentication | `yes` |
| `REDIS_MASTER_HOST` | Redis master host (used by slaves) | `redis` |