Merge pull request echocat#89 from obliadp/protected_mode

dwerder · web-flow · commit f7037f62f2ed · 2016-11-15T14:13:30.000+01:00
Protected mode
diff --git a/manifests/sentinel.pp b/manifests/sentinel.pp
@@ -15,6 +15,11 @@
 #   Path for pid file. Full pid path is <sentinel_pid_dir>/redis-sentinel_<redis_name>.pid. Default: /var/run
 # [*monitors*]
 #   Default is
+#
+# [*protected_mode*]
+#   If no password and/or no bind address is set, sentinel defaults to being reachable only
+#   on the loopback interface. Turn this behaviour off by setting protected mode to 'no'.
+#
 # {
 #   'mymaster' => {
 #     master_host             => '127.0.0.1',
@@ -50,6 +55,7 @@
   $sentinel_log_dir = '/var/log',
   $sentinel_pid_dir = '/var/run',
   $sentinel_run_dir = '/var/run/redis',
+  $protected_mode   = undef,
   $monitors         = {
     'mymaster' => {
       master_host             => '127.0.0.1',
@@ -80,6 +86,10 @@
   validate_bool($enabled)
   validate_bool($manage_logrotate)
 
+  if $protected_mode {
+    validate_re($protected_mode,['^no$', '^yes$'])
+  }
+
   $redis_install_dir = $::redis::install::redis_install_dir
   $sentinel_init_script = $::operatingsystem ? {
     /(Debian|Ubuntu)/                                          => 'redis/etc/init.d/debian_redis-sentinel.erb',
diff --git a/manifests/server.pp b/manifests/server.pp
@@ -78,6 +78,10 @@
 # [*hash_max_ziplist_value*]
 #   Threshold for ziplist value. Default: 64
 #
+# [*protected_mode*]
+#   If no password and/or no bind address is set, redis defaults to being reachable only
+#   on the loopback interface. Turn this behaviour off by setting protected mode to 'no'.
+#
 # [*redis_run_dir*]
 #
 #   Default: `/var/run/redis`
@@ -159,6 +163,7 @@
   $cluster_slave_validity_factor = undef,
   $cluster_migration_barrier     = undef,
   $cluster_require_full_coverage = true,
+  $protected_mode                = undef,
 ) {
   $redis_user              = $::redis::install::redis_user
   $redis_group             = $::redis::install::redis_group
diff --git a/templates/etc/redis.conf.erb b/templates/etc/redis.conf.erb
@@ -22,6 +22,10 @@ daemonize no
 daemonize yes
 <% end -%>
 
+<% if @protected_mode then -%>
+protected-mode <%= @protected_mode %>
+<% end -%>
+
 # When running daemonized, Redis writes a pid file in <%= @redis_pid_dir %>/redis.pid by
 # default. You can specify a custom pid file location here.
 pidfile <%= @redis_pid_dir %>/redis_<%= @redis_name %>.pid
diff --git a/templates/etc/sentinel.conf.erb b/templates/etc/sentinel.conf.erb
@@ -18,6 +18,11 @@ bind <%= @sentinel_ip %>
 <% end -%>
 port <%= @sentinel_port %>
 
+<% if @protected_mode then -%>
+protected-mode <%= @protected_mode %>
+
+<% end -%>
+
 <%
   #rules = scope.lookupvar('redis::sentinel::monitors')
   @monitors.sort.each do |name, rule| -%>
