Allow the Redis specific monitor to use authentication

When accessing Redis, if password protected, we need to update
the HAProxy checks so that they use a password or we won't be able
to gather which node is the replica master.

Also adds PING/PONG and QUIT/OK sequence before and after the info
command is sent.

More at https://bugzilla.redhat.com/show_bug.cgi?id=1320036

Change-Id: Ia9e61e66c5426061eab8172f0a25820989597780

diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp
index 0d70f32..d61eea6 100644 (file)
--- a/manifests/loadbalancer.pp
+++ b/manifests/loadbalancer.pp
@@ -303,6 +303,11 @@
 #  (optional) Enable or not Redis binding
 #  Defaults to false
 #
+# [*redis_password*]
+#  (optional) Password for Redis authentication, eventually needed by the
+#  specific monitoring we do from HAProxy for Redis
+#  Defaults to undef
+#
 # [*midonet_api*]
 #  (optional) Enable or not MidoNet API binding
 #  Defaults to false
@@ -408,6 +413,7 @@ class tripleo::loadbalancer (
   $mysql_clustercheck        = false,
   $rabbitmq                  = false,
   $redis                     = false,
+  $redis_password            = undef,
   $midonet_api               = false,
   $service_ports             = {}
 ) {
@@ -1344,12 +1350,17 @@ class tripleo::loadbalancer (
   }
 
   if $redis {
+    if $redis_password {
+      $redis_tcp_check_options = ["send AUTH\\ ${redis_password}\\r\\n"]
+    } else {
+      $redis_tcp_check_options = []
+    }
     haproxy::listen { 'redis':
       bind             => $redis_bind_opts,
       options          => {
         'balance'   => 'first',
         'option'    => ['tcp-check',],
-        'tcp-check' => ['send info\ replication\r\n','expect string role:master'],
+        'tcp-check' => union($redis_tcp_check_options, ['send PING\r\n','expect string +PONG','send info\ replication\r\n','expect string role:master','send QUIT\r\n','expect string +OK']),
       },
       collect_exported => false,
     }