[bitnami/redis] PreStop Hook to Initiate Failover for Sentinel on PodTermination #5528
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
juan131
reviewed
Feb 18, 2021
There was a problem hiding this comment.
Thanks so much for this great contribution! @miguelaeh @rafariossaa could you please take a look too?
Co-authored-by: Juan Ariza Toledano <juanariza@vmware.com>
miguelaeh
suggested changes
Feb 18, 2021
| fi | ||
|
|
||
| if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then | ||
| sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" |
There was a problem hiding this comment.
Suggested change
| sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" | |
| sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a ${REDIS_PASSWORD} {{- end }} -h ${REDIS_SERVICE} -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" |
Also, using -a will show a warning becuase of using the password in the command, it would be better to set it with the env var REDISCLI_AUTH
There was a problem hiding this comment.
Is there an example? The other scripts in the ConfigMap works exactly the same way.
There was a problem hiding this comment.
The command itelf is correct, but there could be issues with variables expansions, that's why they should be in the way ${XXX} not $XXX
| if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then | ||
| sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" | ||
| else | ||
| sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" |
There was a problem hiding this comment.
Suggested change
| sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" | |
| sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a ${REDIS_PASSWORD} {{- end }} -h ${REDIS_SERVICE} -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" |
miguelaeh
reviewed
Feb 18, 2021
miguelaeh
suggested changes
Feb 18, 2021
|
Thanks for the PR! |
Co-authored-by: Miguel Ángel Cabrera Miñagorri <devgorri@gmail.com>
miguelaeh
suggested changes
Feb 19, 2021
Co-authored-by: Miguel Ángel Cabrera Miñagorri <devgorri@gmail.com>
miguelaeh
suggested changes
Feb 23, 2021
There was a problem hiding this comment.
Hi @0x46616c6b ,
Please check the comments again, you changed two lines that were correct.
There is a difference between "$VARIABLE" note the there are not {} and "substring${VARIABLE}substring2" note the {}
Co-authored-by: Miguel Ángel Cabrera Miñagorri <devgorri@gmail.com>
miguelaeh
suggested changes
Feb 24, 2021
There was a problem hiding this comment.
Hi @0x46616c6b,
Sorry to be picky with this, I think those are the last needed changes. I tried to edit the files myself but I don't have permissions to do it. Did you allow the file editing by maintainers?
Co-authored-by: Miguel Ángel Cabrera Miñagorri <devgorri@gmail.com>
|
Thanks for the good review and your patience. Yes, you can edit the PR or need you some permissions from me? |
miguelaeh
approved these changes
Feb 25, 2021
miguelaeh
added a commit
to miguelaeh/bitnami-charts
that referenced
this pull request
Apr 6, 2021
…Termination (bitnami#5528) * add prestop hook for redis sentinel to failover the master * Update bitnami/redis/templates/configmap-scripts.yaml Co-authored-by: Juan Ariza Toledano <juanariza@vmware.com> * fix indentation * remove duplicated line * Apply suggestions from code review Co-authored-by: Miguel Ángel Cabrera Miñagorri <devgorri@gmail.com> * Update bitnami/redis/templates/configmap-scripts.yaml Co-authored-by: Miguel Ángel Cabrera Miñagorri <devgorri@gmail.com> * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Miguel Ángel Cabrera Miñagorri <devgorri@gmail.com> * Apply suggestions from code review Co-authored-by: Miguel Ángel Cabrera Miñagorri <devgorri@gmail.com> Co-authored-by: Juan Ariza Toledano <juanariza@vmware.com> Co-authored-by: Miguel Ángel Cabrera Miñagorri <devgorri@gmail.com>
srueg
reviewed
Apr 12, 2021
| if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then | ||
| redis-cli {{- if .Values.usePassword }} -a "$REDIS_PASSWORD" {{- end }} -h "$REDIS_SERVICE" -p {{ .Values.sentinel.port }} --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel failover mymaster | ||
| else | ||
| redis-cli {{- if .Values.usePassword }} -a "$REDIS_PASSWORD" {{- end }} -h "$REDIS_SERVICE" -p {{ .Values.sentinel.port }} sentinel failover mymaster |
There was a problem hiding this comment.
Shouldn't this use the configured {{ .Values.sentinel.masterSet }} instead of hard-coding mymaster?
3 tasks
|
Hi guys, thank you for noticing this issue and opening a PR to fix it! We are taking care of it. |
Gregy
added a commit
to Gregy/charts
that referenced
this pull request
Apr 21, 2021
This improves on bitnami#5528 by checking and waiting until the failover is finished on both the redis and the sentinel container. This completely eliminates momentary service interruption during rollouts. As we cannot guarantee the failover will be successful the wait time is capped by the termination grace period - 10s.
bitnami-bot
added a commit
that referenced
this pull request
Apr 23, 2021
…rruption (#6080) * Wait until failover finishes during master pod shutdown This improves on #5528 by checking and waiting until the failover is finished on both the redis and the sentinel container. This completely eliminates momentary service interruption during rollouts. As we cannot guarantee the failover will be successful the wait time is capped by the termination grace period - 10s. * Separate terminationGracePeriod setings for each pod type * make the use of REDISCLI_AUTH clear * [bitnami/redis] Update components versions Signed-off-by: Bitnami Containers <containers@bitnami.com> Co-authored-by: Bitnami Containers <containers@bitnami.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of the change
We have encountered problems with Redis Sentinel and Rolling Upgrades. In this case, the Master Election takes several minutes, which ensures that the service does not work correctly during that time.
Therefore, we implemented a
PreStophook that checks if the pod is the master and initiates a failover.Benefits
Possible drawbacks
Applicable issues
#5418
#5400
Checklist
Chart.yamlaccording to semver.[bitnami/chart])