Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[bitnami/redis] User Environmental Variables #72276

Closed
wants to merge 3 commits into from
Closed

[bitnami/redis] User Environmental Variables #72276

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
227148a
[bitnami/dremio] Release dremio-25.0.0-debian-12-r14 (#72026)
bitnami-bot Sep 5, 2024
8551926
Added new user/pass environmental variables.
seppo498573908457 Sep 5, 2024
896a259
Updated README.md with new environmental variables and a chapter abou…
seppo498573908457 Sep 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions bitnami/dremio/25/debian-12/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,11 @@ ARG TARGETARCH

LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \
org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
org.opencontainers.image.created="2024-09-02T00:24:00Z" \
org.opencontainers.image.created="2024-09-05T07:12:50Z" \
org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/dremio/README.md" \
org.opencontainers.image.licenses="Apache-2.0" \
org.opencontainers.image.ref.name="25.0.0-debian-12-r13" \
org.opencontainers.image.ref.name="25.0.0-debian-12-r14" \
org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/dremio" \
org.opencontainers.image.title="dremio" \
org.opencontainers.image.vendor="Broadcom, Inc." \
Expand Down
42 changes: 31 additions & 11 deletions bitnami/redis/7.4/debian-12/rootfs/opt/bitnami/scripts/libredis.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ redis_conf_unset() {
# Redis versoon
#########################
redis_version() {
# Auth not needed.
"${REDIS_BASE_DIR}/bin/redis-cli" --version | grep -E -o "[0-9]+.[0-9]+.[0-9]+"
}

Expand Down Expand Up @@ -148,22 +149,19 @@ is_redis_not_running() {
# None
#########################
redis_stop() {
local pass
local port
local args

! is_redis_running && return
pass="$(redis_conf_get "requirepass")"
is_boolean_yes "$REDIS_TLS_ENABLED" && port="$(redis_conf_get "tls-port")" || port="$(redis_conf_get "port")"

[[ -n "$pass" ]] && args+=("-a" "$pass")
[[ "$port" != "0" ]] && args+=("-p" "$port")

debug "Stopping Redis"
if am_i_root; then
run_as_user "$REDIS_DAEMON_USER" "${REDIS_BASE_DIR}/bin/redis-cli" "${args[@]}" shutdown
run_as_user "$REDIS_DAEMON_USER" "${REDIS_BASE_DIR}/bin/redis-cli" $(get_rediscli_auth) "${args[@]}" shutdown
else
"${REDIS_BASE_DIR}/bin/redis-cli" "${args[@]}" shutdown
"${REDIS_BASE_DIR}/bin/redis-cli" $(get_rediscli_auth) "${args[@]}" shutdown
fi
}

Expand Down Expand Up @@ -263,12 +261,13 @@ redis_configure_replication() {
redis_conf_set tls-replication yes
fi
if [[ "$REDIS_REPLICATION_MODE" = "master" ]]; then
if [[ -n "$REDIS_PASSWORD" ]]; then
redis_conf_set masterauth "$REDIS_PASSWORD"
if [[ -n $REDIS_MASTER_USER ]] && [[ -n "$REDIS_MASTER_PASSWORD" ]]; then
redis_conf_set masteruser "$REDIS_MASTER_USER"
redis_conf_set masterauth "$REDIS_MASTER_PASSWORD"
fi
elif [[ "$REDIS_REPLICATION_MODE" =~ ^(slave|replica)$ ]]; then
if [[ -n "$REDIS_SENTINEL_HOST" ]]; then
local -a sentinel_info_command=("redis-cli" "-h" "${REDIS_SENTINEL_HOST}" "-p" "${REDIS_SENTINEL_PORT_NUMBER}")
local -a sentinel_info_command=("redis-cli" $(get_rediscli_auth) "-h" "${REDIS_SENTINEL_HOST}" "-p" "${REDIS_SENTINEL_PORT_NUMBER}")
is_boolean_yes "$REDIS_TLS_ENABLED" && sentinel_info_command+=("--tls" "--cert" "${REDIS_TLS_CERT_FILE}" "--key" "${REDIS_TLS_KEY_FILE}")
# shellcheck disable=SC2015
is_empty_value "$REDIS_TLS_CA_FILE" && sentinel_info_command+=("--cacertdir" "${REDIS_TLS_CA_DIR}") || sentinel_info_command+=("--cacert" "${REDIS_TLS_CA_FILE}")
Expand All @@ -278,14 +277,35 @@ redis_configure_replication() {
REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}
fi
wait-for-port --host "$REDIS_MASTER_HOST" "$REDIS_MASTER_PORT_NUMBER"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && redis_conf_set masterauth "$REDIS_MASTER_PASSWORD"
if [[ -n $REDIS_MASTER_USER ]] && [[ -n "$REDIS_MASTER_PASSWORD" ]]; then
redis_conf_set masteruser "$REDIS_MASTER_USER"
redis_conf_set masterauth "$REDIS_MASTER_PASSWORD"
fi
# Starting with Redis 5, use 'replicaof' instead of 'slaveof'. Maintaining both for backward compatibility
local parameter="replicaof"
[[ $(redis_major_version) -lt 5 ]] && parameter="slaveof"
redis_conf_set "$parameter" "$REDIS_MASTER_HOST $REDIS_MASTER_PORT_NUMBER"
fi
}

########################
# Gets redis-cli authentication parameters.
# Globals:
# REDIS_USER REDIS_PASSWORD REDISCLI_AUTH
# Returns:
# String with a --user and maybe --pass and --no-auth-warning parameters.
#########################
get_rediscli_auth() {
local str
if [[ -n "${REDIS_USER}" ]] then
str+=" --user ${REDIS_USER} "
fi
if [[ -n "${REDIS_PASSWORD}" ]] && [[ -z "${REDISCLI_AUTH-}" ]]; then
str+=" --pass ${REDIS_PASSWORD} --no-auth-warning "
fi
echo "${str}"
}

########################
# Disable Redis command(s)
# Globals:
Expand Down Expand Up @@ -447,8 +467,8 @@ redis_configure_default() {
! is_empty_value "$REDIS_IO_THREADS_DO_READS" && redis_conf_set "io-threads-do-reads" "$REDIS_IO_THREADS_DO_READS"
! is_empty_value "$REDIS_IO_THREADS" && redis_conf_set "io-threads" "$REDIS_IO_THREADS"

if [[ -n "$REDIS_PASSWORD" ]]; then
redis_conf_set requirepass "$REDIS_PASSWORD"
if [[ -n "$REDIS_REQUIREPASS" ]]; then
redis_conf_set requirepass "$REDIS_REQUIREPASS"
else
redis_conf_unset requirepass
fi
Expand Down
8 changes: 8 additions & 0 deletions bitnami/redis/7.4/debian-12/rootfs/opt/bitnami/scripts/redis-env.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,10 @@ redis_env_vars=(
REDIS_REPLICA_PORT
REDIS_EXTRA_FLAGS
ALLOW_EMPTY_PASSWORD
REDIS_REQUIREPASS
REDIS_USER
REDIS_PASSWORD
REDIS_MASTER_USER
REDIS_MASTER_PASSWORD
REDIS_ACLFILE
REDIS_IO_THREADS_DO_READS
Expand Down Expand Up @@ -108,7 +111,12 @@ export REDIS_REPLICA_IP="${REDIS_REPLICA_IP:-}"
export REDIS_REPLICA_PORT="${REDIS_REPLICA_PORT:-}"
export REDIS_EXTRA_FLAGS="${REDIS_EXTRA_FLAGS:-}"
export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}"
[[ -z "${REDIS_USER-}" ]] && REDIS_REQUIREPASS="${REDIS_REQUIREPASS:-"${REDIS_PASSWORD-}"}"
[[ -z "${REDIS_MASTER_USER-}" ]] && REDIS_MASTER_PASSWORD="${REDIS_MASTER_PASSWORD:-"${REDIS_PASSWORD-}"}"
export REDIS_REQUIREPASS="${REDIS_REQUIREPASS:-}"
export REDIS_USER="${REDIS_USER:-default}"
export REDIS_PASSWORD="${REDIS_PASSWORD:-}"
export REDIS_MASTER_USER="${REDIS_MASTER_USER:-"${REDIS_USER}"}"
export REDIS_MASTER_PASSWORD="${REDIS_MASTER_PASSWORD:-}"
export REDIS_ACLFILE="${REDIS_ACLFILE:-}"
export REDIS_IO_THREADS_DO_READS="${REDIS_IO_THREADS_DO_READS:-}"
Expand Down
79 changes: 43 additions & 36 deletions bitnami/redis/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,41 +172,44 @@ docker-compose up -d

#### Customizable environment variables

| Name | Description | Default Value |
|----------------------------------|--------------------------------------------------|--------------------------------------------|
| `REDIS_DATA_DIR` | Redis data directory | `${REDIS_VOLUME_DIR}/data` |
| `REDIS_OVERRIDES_FILE` | Redis config overrides file | `${REDIS_MOUNTED_CONF_DIR}/overrides.conf` |
| `REDIS_DISABLE_COMMANDS` | Commands to disable in Redis | `nil` |
| `REDIS_DATABASE` | Default Redis database | `redis` |
| `REDIS_AOF_ENABLED` | Enable AOF | `yes` |
| `REDIS_RDB_POLICY` | Enable RDB policy persitence | `nil` |
| `REDIS_RDB_POLICY_DISABLED` | Allows to enable RDB policy persistence | `no` |
| `REDIS_MASTER_HOST` | Redis master host (used by slaves) | `nil` |
| `REDIS_MASTER_PORT_NUMBER` | Redis master host port (used by slaves) | `6379` |
| `REDIS_PORT_NUMBER` | Redis port number | `$REDIS_DEFAULT_PORT_NUMBER` |
| `REDIS_ALLOW_REMOTE_CONNECTIONS` | Allow remote connection to the service | `yes` |
| `REDIS_REPLICATION_MODE` | Redis replication mode (values: master, slave) | `nil` |
| `REDIS_REPLICA_IP` | The replication announce ip | `nil` |
| `REDIS_REPLICA_PORT` | The replication announce port | `nil` |
| `REDIS_EXTRA_FLAGS` | Additional flags pass to 'redis-server' commands | `nil` |
| `ALLOW_EMPTY_PASSWORD` | Allow password-less access | `no` |
| `REDIS_PASSWORD` | Password for Redis | `nil` |
| `REDIS_MASTER_PASSWORD` | Redis master node password | `nil` |
| `REDIS_ACLFILE` | Redis ACL file | `nil` |
| `REDIS_IO_THREADS_DO_READS` | Enable multithreading when reading socket | `nil` |
| `REDIS_IO_THREADS` | Number of threads | `nil` |
| `REDIS_TLS_ENABLED` | Enable TLS | `no` |
| `REDIS_TLS_PORT_NUMBER` | Redis TLS port (requires REDIS_ENABLE_TLS=yes) | `6379` |
| `REDIS_TLS_CERT_FILE` | Redis TLS certificate file | `nil` |
| `REDIS_TLS_CA_DIR` | Directory containing TLS CA certificates | `nil` |
| `REDIS_TLS_KEY_FILE` | Redis TLS key file | `nil` |
| `REDIS_TLS_KEY_FILE_PASS` | Redis TLS key file passphrase | `nil` |
| `REDIS_TLS_CA_FILE` | Redis TLS CA file | `nil` |
| `REDIS_TLS_DH_PARAMS_FILE` | Redis TLS DH parameter file | `nil` |
| `REDIS_TLS_AUTH_CLIENTS` | Enable Redis TLS client authentication | `yes` |
| `REDIS_SENTINEL_MASTER_NAME` | Redis Sentinel master name | `nil` |
| `REDIS_SENTINEL_HOST` | Redis Sentinel host | `nil` |
| `REDIS_SENTINEL_PORT_NUMBER` | Redis Sentinel host port (used by slaves) | `26379` |
| Name | Description | Default Value |
|----------------------------------|---------------------------------------------------|--------------------------------------------|
| `REDIS_DATA_DIR` | Redis data directory | `${REDIS_VOLUME_DIR}/data` |
| `REDIS_OVERRIDES_FILE` | Redis config overrides file | `${REDIS_MOUNTED_CONF_DIR}/overrides.conf` |
| `REDIS_DISABLE_COMMANDS` | Commands to disable in Redis | `nil` |
| `REDIS_DATABASE` | Default Redis database | `redis` |
| `REDIS_AOF_ENABLED` | Enable AOF | `yes` |
| `REDIS_RDB_POLICY` | Enable RDB policy persitence | `nil` |
| `REDIS_RDB_POLICY_DISABLED` | Allows to enable RDB policy persistence | `no` |
| `REDIS_MASTER_HOST` | Redis master host (used by slaves) | `nil` |
| `REDIS_MASTER_PORT_NUMBER` | Redis master host port (used by slaves) | `6379` |
| `REDIS_PORT_NUMBER` | Redis port number | `$REDIS_DEFAULT_PORT_NUMBER` |
| `REDIS_ALLOW_REMOTE_CONNECTIONS` | Allow remote connection to the service | `yes` |
| `REDIS_REPLICATION_MODE` | Redis replication mode (values: master, slave) | `nil` |
| `REDIS_REPLICA_IP` | The replication announce ip | `nil` |
| `REDIS_REPLICA_PORT` | The replication announce port | `nil` |
| `REDIS_EXTRA_FLAGS` | Additional flags pass to 'redis-server' commands | `nil` |
| `ALLOW_EMPTY_PASSWORD` | Allow password-less access | `no` |
| `REDIS_REQUIREPASS` | Password for default user | `$REDIS_PASSWORD` when `$REDIS_USER` is not explicitly set |
| `REDIS_USER` | User name for Redis ACL | `default` |
| `REDIS_PASSWORD` | Password for Redis | `nil` |
| `REDIS_MASTER_USER` | Redis master node user name, used for replication | `$REDIS_USER` |
| `REDIS_MASTER_PASSWORD` | Redis master node password, used for replication | `$REDIS_PASSWORD` when `$REDIS_MASTER_USER` is not explicitly set |
| `REDIS_ACLFILE` | Redis ACL file | `nil` |
| `REDIS_IO_THREADS_DO_READS` | Enable multithreading when reading socket | `nil` |
| `REDIS_IO_THREADS` | Number of threads | `nil` |
| `REDIS_TLS_ENABLED` | Enable TLS | `no` |
| `REDIS_TLS_PORT_NUMBER` | Redis TLS port (requires REDIS_ENABLE_TLS=yes) | `6379` |
| `REDIS_TLS_CERT_FILE` | Redis TLS certificate file | `nil` |
| `REDIS_TLS_CA_DIR` | Directory containing TLS CA certificates | `nil` |
| `REDIS_TLS_KEY_FILE` | Redis TLS key file | `nil` |
| `REDIS_TLS_KEY_FILE_PASS` | Redis TLS key file passphrase | `nil` |
| `REDIS_TLS_CA_FILE` | Redis TLS CA file | `nil` |
| `REDIS_TLS_DH_PARAMS_FILE` | Redis TLS DH parameter file | `nil` |
| `REDIS_TLS_AUTH_CLIENTS` | Enable Redis TLS client authentication | `yes` |
| `REDIS_SENTINEL_MASTER_NAME` | Redis Sentinel master name | `nil` |
| `REDIS_SENTINEL_HOST` | Redis Sentinel host | `nil` |
| `REDIS_SENTINEL_PORT_NUMBER` | Redis Sentinel host port (used by slaves) | `26379` |

#### Read-only environment variables

Expand Down Expand Up @@ -353,7 +356,7 @@ services:

### Enabling Access Control List

Redis(R) offers [ACL](https://redis.io/topics/acl) since 6.0 which allows certain connections to be limited in terms of the commands that can be executed and the keys that can be accessed. We strongly recommend enabling ACL in production by specifiying the `REDIS_ACLFILE`.
Redis(R) offers [ACL](https://redis.io/topics/acl) since 6.0 which allows certain connections to be limited in terms of the commands that can be executed and the keys that can be accessed. We strongly recommend enabling ACL in production by specifiying the `REDIS_ACLFILE`. The ACL system provides a fine-grained user access and security configuration. The environmental variables in this image provide a way to use ACL system and also `requirepass` option with compatibility for older configurations. The ACL file can be created with a Redis instance and then configured to be used. The same ACL file can be copied to each node in a Redis cluster. If ACL file is set to provide a custom administrator user, the `default` user can be disabled.

```console
docker run -name redis -e REDIS_ACLFILE=/opt/bitnami/redis/mounted-etc/users.acl -v /path/to/users.acl:/opt/bitnami/redis/mounted-etc/users.acl bitnami/redis:latest
Expand All @@ -372,6 +375,10 @@ services:
...
```

The environmental variable `REDIS_REQUIREPASS` can be used to explicitly set `requirepass` configuration option. Redis service will set a `default` user with the given password to its ACL system. The `REDIS_REQUIREPASS` option inherits the value of `REDIS_PASSWORD` when `REDIS_USER` is not set for compatibilitys sake. When using ACL system, set `REDIS_USER` and `REDIS_PASSWORD` with administrator credentials to allow proper set up of Redis service. Optionally set `REDIS_MASTER_USER` and `REDIS_MASTER_PASSWORD` if you wish to use a different user for cluster replication. The `REDIS_MASTER_PASSWORD` option inherits the value of `REDIS_PASSWORD` when `REDIS_MASTER_USER` is not set for compatibilitys sake.

For more information, see [Redis ACL documentation](https://redis.io/docs/latest/operate/oss_and_stack/management/security/acl/) for reference.

### Setting up a standalone instance

By default, this image is set up to launch Redis(R) in standalone mode on port 6379. Should you need to change this behavior, setting the `REDIS_PORT_NUMBER` environment variable will modify the port number. This is not to be confused with `REDIS_MASTER_PORT_NUMBER` or `REDIS_REPLICA_PORT` environment variables that are applicable in replication mode.
Expand Down
Loading