fix bug

wangyelei · wangyelei · commit ce3ddfcce91b · 2026-01-07T10:11:31.000+08:00
diff --git a/addons/redis/scripts/redis-account-provision.sh b/addons/redis/scripts/redis-account-provision.sh
@@ -1,10 +1,4 @@
 #!/bin/sh
-
-if [ "$TLS_ENABLED" == "true" ]; then
-    redis_base_cmd="redis-cli -p $SERVICE_PORT -a $REDIS_DEFAULT_PASSWORD --tls --cacert ${TLS_MOUNT_PATH}/ca.crt"
-else
-    redis_base_cmd="redis-cli -p $SERVICE_PORT -a $REDIS_DEFAULT_PASSWORD"
-fi
-
+redis_base_cmd="redis-cli -p $SERVICE_PORT -a $REDIS_DEFAULT_PASSWORD $REDIS_CLI_TLS_CMD"
 $redis_base_cmd ${KB_ACCOUNT_STATEMENT}
 $redis_base_cmd acl save
diff --git a/addons/redis/scripts/redis-account.sh b/addons/redis/scripts/redis-account.sh
@@ -2,10 +2,6 @@
 
 set -e
 service_port=${SERVICE_PORT:-6379}
-tls_cmd=""
-if [ "$TLS_ENABLED" == "true" ]; then
-    tls_cmd="--tls --insecure"
-fi
 
 function do_acl_command() {
     local hosts=$1
@@ -19,9 +15,9 @@ function do_acl_command() {
         # in case of fixed ip mode, the host is like this: 10.96.180.100:6379@1 10.96.180.100:6379@2
         # we need to remove the @1 or @2 and remove the port
         host=$(echo "$host" | sed 's/@[0-9]*//g' | sed 's/:[0-9]*/ /g')
-        cmd="redis-cli -h $host -p $service_port --user $user -a $password $tls_cmd"
+        cmd="redis-cli -h $host -p $service_port --user $user -a $password $REDIS_CLI_TLS_CMD"
         if [ -z "$password" ]; then
-            cmd="redis-cli -h $host -p $service_port --user $user $tls_cmd"
+            cmd="redis-cli -h $host -p $service_port --user $user $REDIS_CLI_TLS_CMD"
         fi
         if [ -n "$ACL_COMMAND" ]; then
             echo "DO ACL COMMAND FOR HOST: $host"
@@ -102,7 +98,7 @@ function get_cluster_host_list() {
     fi
     host_list=$(redis-cli -c -h "$CURRENT_POD_NAME.$CURRENT_SHARD_COMPONENT_NAME-headless.$CLUSTER_NAMESPACE.svc.$CLUSTER_DOMAIN" \
         -p $service_port \
-        --user $REDIS_DEFAULT_USER $passwd_cmd $tls_cmd \
+        --user $REDIS_DEFAULT_USER $passwd_cmd $REDIS_CLI_TLS_CMD \
         CLUSTER NODES |
         grep -v "fail" |
         grep -v "noaddr" |
diff --git a/addons/redis/scripts/redis-ping.sh b/addons/redis/scripts/redis-ping.sh
@@ -29,14 +29,10 @@ load_common_library() {
 check_redis_ok() {
   unset_xtrace_when_ut_mode_false
   service_port=${SERVICE_PORT:-6379}
-  tls_cmd=""
-  if [ "$TLS_ENABLED" == "true" ]; then
-    tls_cmd="--tls --cacert ${TLS_MOUNT_PATH}/ca.crt"
-  fi
   if ! is_empty "$REDIS_DEFAULT_PASSWORD"; then
-    cmd="redis-cli -h localhost -p $service_port -a $REDIS_DEFAULT_PASSWORD $tls_cmd ping"
+    cmd="redis-cli -h localhost -p $service_port -a $REDIS_DEFAULT_PASSWORD $REDIS_CLI_TLS_CMD ping"
   else
-    cmd="redis-cli -h localhost -p $service_port $tls_cmd ping"
+    cmd="redis-cli -h localhost -p $service_port $REDIS_CLI_TLS_CMD ping"
   fi
   response=$($cmd)
   status=$?
diff --git a/addons/redis/scripts/redis-pre-stop.sh b/addons/redis/scripts/redis-pre-stop.sh
@@ -19,11 +19,6 @@ test || __() {
   set -e;
 }
 
-tls_cmd=""
-if [ "$TLS_ENABLED" == "true" ]; then
-  tls_cmd="--tls --cacert ${TLS_MOUNT_PATH}/ca.crt"
-fi
-
 load_common_library() {
   # the common.sh scripts is mounted to the same path which is defined in the cmpd.spec.scripts
   common_library_file="/scripts/common.sh"
@@ -33,15 +28,11 @@ load_common_library() {
 
 acl_save_before_stop() {
   service_port=${SERVICE_PORT:-6379}
-  tls_cmd=""
-  if [ "$TLS_ENABLED" == "true" ]; then
-    tls_cmd="--tls --cacert ${TLS_MOUNT_PATH}/ca.crt"
-  fi
   if ! is_empty "$REDIS_DEFAULT_PASSWORD"; then
-    acl_save_command="redis-cli -h localhost -p $service_port -a $REDIS_DEFAULT_PASSWORD $tls_cmd acl save"
+    acl_save_command="redis-cli -h localhost -p $service_port -a $REDIS_DEFAULT_PASSWORD $REDIS_CLI_TLS_CMD acl save"
     logging_mask_acl_save_command="${acl_save_command/$REDIS_DEFAULT_PASSWORD/********}"
   else
-    acl_save_command="redis-cli -h localhost -p $service_port $tls_cmd acl save"
+    acl_save_command="redis-cli -h localhost -p $service_port $REDIS_CLI_TLS_CMD acl save"
     logging_mask_acl_save_command="$acl_save_command"
   fi
   echo "acl save command: $logging_mask_acl_save_command"
diff --git a/addons/redis/scripts/redis-register-to-sentinel.sh b/addons/redis/scripts/redis-register-to-sentinel.sh
@@ -34,11 +34,6 @@ else
   FIXED_POD_IP_ENABLED=false
 fi
 
-tls_cmd=""
-if [ "$TLS_ENABLED" == "true" ]; then
-  tls_cmd="--tls --cacert ${TLS_MOUNT_PATH}/ca.crt"
-fi
-
 load_common_library() {
   # the common.sh scripts is mounted to the same path which is defined in the cmpd.spec.scripts
   common_library_file="/scripts/common.sh"
@@ -153,9 +148,9 @@ check_connectivity() {
   local password=$3
   echo "Checking connectivity to $host on port $port using redis-cli..."
   if is_empty "$password"; then
-    redis-cli -h "$host" -p "$port" $tls_cmd PING | grep -q "PONG"
+    redis-cli -h "$host" -p "$port" $REDIS_CLI_TLS_CMD PING | grep -q "PONG"
   else
-    redis-cli -h "$host" -p "$port" -a "$password" $tls_cmd PING | grep -q "PONG"
+    redis-cli -h "$host" -p "$port" -a "$password" $REDIS_CLI_TLS_CMD PING | grep -q "PONG"
   fi
   if [ $? -eq 0 ]; then
     echo "$host is reachable on port $port."
@@ -174,9 +169,9 @@ execute_sentinel_sub_command() {
 
   local output
   if is_empty "$SENTINEL_PASSWORD"; then
-    output=$(redis-cli -h "$sentinel_host" -p "$sentinel_port" $tls_cmd $command)
+    output=$(redis-cli -h "$sentinel_host" -p "$sentinel_port" $REDIS_CLI_TLS_CMD $command)
   else
-    output=$(redis-cli -h "$sentinel_host" -p "$sentinel_port" -a "$SENTINEL_PASSWORD" $tls_cmd $command)
+    output=$(redis-cli -h "$sentinel_host" -p "$sentinel_port" -a "$SENTINEL_PASSWORD" $REDIS_CLI_TLS_CMD $command)
   fi
   local status=$?
   echo "$output"
@@ -196,9 +191,9 @@ get_master_addr_by_name(){
   local command=$3
   local output
   if is_empty "$SENTINEL_PASSWORD"; then
-    output=$(redis-cli -h "$sentinel_host" -p "$sentinel_port" $tls_cmd $command)
+    output=$(redis-cli -h "$sentinel_host" -p "$sentinel_port" $REDIS_CLI_TLS_CMD $command)
   else
-    output=$(redis-cli -h "$sentinel_host" -p "$sentinel_port" -a "$SENTINEL_PASSWORD" $tls_cmd $command)
+    output=$(redis-cli -h "$sentinel_host" -p "$sentinel_port" -a "$SENTINEL_PASSWORD" $REDIS_CLI_TLS_CMD $command)
   fi
   local status=$?
   if [ $status -ne 0 ]; then
diff --git a/addons/redis/scripts/redis-sentinel-account-provision.sh b/addons/redis/scripts/redis-sentinel-account-provision.sh
@@ -1,10 +1,5 @@
 #!/bin/sh
 
-if [ "$TLS_ENABLED" == "true" ]; then
-    redis_base_cmd="redis-cli -p $SENTINEL_SERVICE_PORT -a $SENTINEL_PASSWORD --tls --cacert ${TLS_MOUNT_PATH}/ca.crt"
-else
-    redis_base_cmd="redis-cli -p $SENTINEL_SERVICE_PORT -a $SENTINEL_PASSWORD"
-fi
-
+redis_base_cmd="redis-cli -p $SENTINEL_SERVICE_PORT -a $SENTINEL_PASSWORD $REDIS_CLI_TLS_CMD"
 $redis_base_cmd ${KB_ACCOUNT_STATEMENT}
 $redis_base_cmd acl save
diff --git a/addons/redis/scripts/redis-sentinel-member-join.sh b/addons/redis/scripts/redis-sentinel-member-join.sh
@@ -65,14 +65,10 @@ temp_output=""
 redis_sentinel_get_masters() {
   local host=$1
   local port=$2
-  tls_cmd=""
-  if [ "$TLS_ENABLED" == "true" ]; then
-    tls_cmd="--tls --cacert ${TLS_MOUNT_PATH}/ca.crt"
-  fi
   if [ -n "$SENTINEL_PASSWORD" ]; then
-    temp_output=$(redis-cli -h "$host" -p "$port" -a "$SENTINEL_PASSWORD" $tls_cmd sentinel masters 2>/dev/null || true)
+    temp_output=$(redis-cli -h "$host" -p "$port" -a "$SENTINEL_PASSWORD" $REDIS_CLI_TLS_CMD sentinel masters 2>/dev/null || true)
   else
-    temp_output=$(redis-cli -h "$host" -p "$port" $tls_cmd sentinel masters 2>/dev/null || true)
+    temp_output=$(redis-cli -h "$host" -p "$port" $REDIS_CLI_TLS_CMD sentinel masters 2>/dev/null || true)
   fi
 }
 
diff --git a/addons/redis/scripts/redis-sentinel-member-leave.sh b/addons/redis/scripts/redis-sentinel-member-leave.sh
@@ -31,10 +31,6 @@ declare -A master_slave_counts
 declare -g sentinel_leave_member_name
 declare -g sentinel_leave_member_fqdn
 declare -a sentinel_pod_list
-tls_cmd=""
-if [ "$TLS_ENABLED" == "true" ]; then
-  tls_cmd="--tls --cacert ${TLS_MOUNT_PATH}/ca.crt"
-fi
 
 redis_sentinel_member_get() {
   if [ -z "$KB_LEAVE_MEMBER_POD_FQDN" ]; then
@@ -62,9 +58,9 @@ redis_sentinel_get_masters() {
   local host="$1"
   local port="$2"
   if [ -n "$SENTINEL_PASSWORD" ]; then
-    temp_output=$(redis-cli -h "$host" -p "$port" -a "$SENTINEL_PASSWORD" $tls_cmd SENTINEL MASTERS 2>/dev/null || true)
+    temp_output=$(redis-cli -h "$host" -p "$port" -a "$SENTINEL_PASSWORD" $REDIS_CLI_TLS_CMD sentinel masters 2>/dev/null || true)
   else
-    temp_output=$(redis-cli -h "$host" -p "$port" $tls_cmd SENTINEL MASTERS 2>/dev/null || true)
+    temp_output=$(redis-cli -h "$host" -p "$port" $REDIS_CLI_TLS_CMD sentinel masters 2>/dev/null || true)
   fi
 }
 
@@ -124,9 +120,9 @@ redis_sentinel_remove_monitor() {
       if [[ -n "$master_name" ]]; then
         echo "master name: $master_name"
         if [ -z "$SENTINEL_PASSWORD" ]; then
-          redis-cli -h "$sentinel_leave_member_fqdn" -p "$redis_default_service_port" $tls_cmd SENTINEL REMOVE "$master_name"
+          redis-cli -h "$sentinel_leave_member_fqdn" -p "$redis_default_service_port" $REDIS_CLI_TLS_CMD SENTINEL REMOVE "$master_name"
         else
-          redis-cli -h "$sentinel_leave_member_fqdn" -p "$redis_default_service_port" -a "$SENTINEL_PASSWORD" $tls_cmd SENTINEL REMOVE "$master_name"
+          redis-cli -h "$sentinel_leave_member_fqdn" -p "$redis_default_service_port" -a "$SENTINEL_PASSWORD" $REDIS_CLI_TLS_CMD SENTINEL REMOVE "$master_name"
         fi
         echo "sentinel no longer monitors $master_name"
         master_name=""
@@ -148,13 +144,13 @@ redis_sentinel_reset_all() {
       success=false
       while [ $retry_count -lt $max_retries ]; do
         if [ -n "$SENTINEL_PASSWORD" ]; then
-          if redis-cli -h "$host" -p "$redis_default_service_port" -a "$SENTINEL_PASSWORD" $tls_cmd SENTINEL RESET "*"; then
+          if redis-cli -h "$host" -p "$redis_default_service_port" -a "$SENTINEL_PASSWORD" $REDIS_CLI_TLS_CMD SENTINEL RESET "*"; then
             echo "sentinel is resetting at $host on port $redis_default_service_port."
             success=true
             break
           fi
         else
-          if redis-cli -h "$host" -p "$redis_default_service_port" $tls_cmd SENTINEL RESET "*" ; then
+          if redis-cli -h "$host" -p "$redis_default_service_port" $REDIS_CLI_TLS_CMD SENTINEL RESET "*" ; then
             echo "sentinel is resetting at $host on port $redis_default_service_port."
             success=true
             break
diff --git a/addons/redis/scripts/redis-sentinel-ping.sh b/addons/redis/scripts/redis-sentinel-ping.sh
@@ -29,14 +29,10 @@ load_common_library() {
 check_redis_sentinel_ok() {
   unset_xtrace_when_ut_mode_false
   sentinel_service_port=${SENTINEL_SERVICE_PORT:-26379}
-  tls_cmd=""
-  if [ "$TLS_ENABLED" == "true" ]; then
-    tls_cmd="--tls --cacert ${TLS_MOUNT_PATH}/ca.crt"
-  fi
   if ! is_empty "$SENTINEL_PASSWORD"; then
-    cmd="redis-cli -h localhost -p $sentinel_service_port -a $SENTINEL_PASSWORD $tls_cmd ping"
+    cmd="redis-cli -h localhost -p $sentinel_service_port -a $SENTINEL_PASSWORD $REDIS_CLI_TLS_CMD ping"
   else
-    cmd="redis-cli -h localhost -p $sentinel_service_port $tls_cmd ping"
+    cmd="redis-cli -h localhost -p $sentinel_service_port $REDIS_CLI_TLS_CMD ping"
   fi
   response=$($cmd)
   status=$?
diff --git a/addons/redis/scripts/redis-sentinel-post-start.sh b/addons/redis/scripts/redis-sentinel-post-start.sh
@@ -30,13 +30,9 @@ acl_set_user_for_redis_sentinel() {
   # set default user password and replication user password
   if [ -n "$SENTINEL_PASSWORD" ]; then
     sentinel_service_port=${SENTINEL_SERVICE_PORT:-26379}
-    tls_cmd=""
-    if [ "$TLS_ENABLED" == "true" ]; then
-      tls_cmd="--tls --cacert ${TLS_MOUNT_PATH}/ca.crt"
-    fi
-    until redis-cli -h localhost -p $sentinel_service_port -a $SENTINEL_PASSWORD $tls_cmd ping; do sleep 1; done
-    redis-cli -h localhost -p $sentinel_service_port -a $SENTINEL_PASSWORD $tls_cmd ACL SETUSER $SENTINEL_USER ON \>$SENTINEL_PASSWORD allchannels +@all
-    redis-cli -h localhost -p $sentinel_service_port -a $SENTINEL_PASSWORD $tls_cmd ACL SAVE
+    until redis-cli -h localhost -p $sentinel_service_port -a $SENTINEL_PASSWORD $REDIS_CLI_TLS_CMD ping; do sleep 1; done
+    redis-cli -h localhost -p $sentinel_service_port -a $SENTINEL_PASSWORD $REDIS_CLI_TLS_CMD ACL SETUSER $SENTINEL_USER ON \>$SENTINEL_PASSWORD allchannels +@all
+    redis-cli -h localhost -p $sentinel_service_port -a $SENTINEL_PASSWORD $REDIS_CLI_TLS_CMD ACL SAVE
     echo "redis sentinel user and password set successfully."
   fi
 }
diff --git a/addons/redis/scripts/redis-start.sh b/addons/redis/scripts/redis-start.sh
@@ -29,10 +29,6 @@ redis_acl_file_bak="/data/users.acl.bak"
 retry_times=3
 retry_delay_second=2
 service_port=${SERVICE_PORT:-6379}
-tls_cmd=""
-if [ "$TLS_ENABLED" == "true" ]; then
-  tls_cmd="--tls --cacert ${TLS_MOUNT_PATH}/ca.crt"
-fi
 
 load_common_library() {
   # the common.sh scripts is mounted to the same path which is defined in the cmpd.spec.scripts
@@ -202,9 +198,9 @@ build_sentinel_get_master_addr_by_name_command() {
   # TODO: replace $SENTINEL_SERVICE_PORT with each sentinel pod's port when sentinel service port is not the same, for example in HostNetwork mode
   sentinel_service_port=${SENTINEL_SERVICE_PORT:-26379}
   if is_empty "$SENTINEL_PASSWORD"; then
-    echo "timeout $timeout_value redis-cli -h $sentinel_pod_fqdn -p $sentinel_service_port $tls_cmd sentinel get-master-addr-by-name $REDIS_COMPONENT_NAME"
+    echo "timeout $timeout_value redis-cli -h $sentinel_pod_fqdn -p $sentinel_service_port $REDIS_CLI_TLS_CMD sentinel get-master-addr-by-name $REDIS_COMPONENT_NAME"
   else
-    echo "timeout $timeout_value redis-cli -h $sentinel_pod_fqdn -p $sentinel_service_port -a $SENTINEL_PASSWORD $tls_cmd sentinel get-master-addr-by-name $REDIS_COMPONENT_NAME"
+    echo "timeout $timeout_value redis-cli -h $sentinel_pod_fqdn -p $sentinel_service_port -a $SENTINEL_PASSWORD $REDIS_CLI_TLS_CMD sentinel get-master-addr-by-name $REDIS_COMPONENT_NAME"
   fi
 }
 
diff --git a/addons/redis/scripts/redis-switchover.sh b/addons/redis/scripts/redis-switchover.sh
@@ -22,10 +22,6 @@ test || __() {
 
 declare -A ORIGINAL_PRIORITIES
 redis_service_port=${SERVICE_PORT:-6379}
-tls_cmd=""
-if [ "$TLS_ENABLED" == "true" ]; then
-  tls_cmd="--tls --cacert ${TLS_MOUNT_PATH}/ca.crt"
-fi
 
 load_common_library() {
   # the common.sh scripts is mounted to the same path which is defined in the cmpd.spec.scripts
@@ -64,9 +60,9 @@ check_redis_role() {
   unset_xtrace_when_ut_mode_false
   local role_info
   if [[ -z "$REDIS_DEFAULT_PASSWORD" ]]; then
-    role_info=$(redis-cli -h "$host" -p "$port" $tls_cmd info replication)
+    role_info=$(redis-cli -h "$host" -p "$port" $REDIS_CLI_TLS_CMD info replication)
   else
-    role_info=$(redis-cli -h "$host" -p "$port" -a "$REDIS_DEFAULT_PASSWORD" $tls_cmd info replication)
+    role_info=$(redis-cli -h "$host" -p "$port" -a "$REDIS_DEFAULT_PASSWORD" $REDIS_CLI_TLS_CMD info replication)
   fi
   status=$?
   set_xtrace_when_ut_mode_false
@@ -158,9 +154,9 @@ check_connectivity() {
   local result
   unset_xtrace_when_ut_mode_false
   if ! is_empty "$password"; then
-    result=$(redis-cli -h "$host" -p "$port" -a "$password" $tls_cmd PING)
+    result=$(redis-cli -h "$host" -p "$port" -a "$password" $REDIS_CLI_TLS_CMD PING)
   else
-    result=$(redis-cli -h "$host" -p "$port" $tls_cmd PING)
+    result=$(redis-cli -h "$host" -p "$port" $REDIS_CLI_TLS_CMD PING)
   fi
   set_xtrace_when_ut_mode_false
   if [[ "$result" == "PONG" ]]; then
@@ -181,9 +177,9 @@ execute_sub_command() {
   local output
   unset_xtrace_when_ut_mode_false
   if ! is_empty "$password"; then
-    output=$(redis-cli -h "$host" -p "$port" -a "$password" $tls_cmd $command)
+    output=$(redis-cli -h "$host" -p "$port" -a "$password" $REDIS_CLI_TLS_CMD $command)
   else
-    output=$(redis-cli -h "$host" -p "$port" $tls_cmd $command)
+    output=$(redis-cli -h "$host" -p "$port" $REDIS_CLI_TLS_CMD $command)
   fi
   local status=$?
   set_xtrace_when_ut_mode_false
@@ -206,9 +202,9 @@ redis_config_get() {
   local output
   unset_xtrace_when_ut_mode_false
   if ! is_empty "$password"; then
-    output=$(redis-cli -h "$host" -p "$port" -a "$password" $tls_cmd $command)
+    output=$(redis-cli -h "$host" -p "$port" -a "$password" $REDIS_CLI_TLS_CMD $command)
   else
-    output=$(redis-cli -h "$host" -p "$port" $tls_cmd $command)
+    output=$(redis-cli -h "$host" -p "$port" $REDIS_CLI_TLS_CMD $command)
   fi
   local status=$?
   set_xtrace_when_ut_mode_false
diff --git a/addons/redis/scripts/redis6-sentinel-post-start.sh b/addons/redis/scripts/redis6-sentinel-post-start.sh
@@ -5,7 +5,7 @@ set -e
 # set default user password and replication user password
 if [ -n "$SENTINEL_PASSWORD" ]; then
   until redis-cli -h 127.0.0.1 -p $SENTINEL_SERVICE_PORT ping; do sleep 1; done
-  redis-cli -h 127.0.0.1 -p $SENTINEL_SERVICE_PORT ACL SETUSER $SENTINEL_USER ON \>$SENTINEL_PASSWORD allchannels +@all
-  redis-cli -h 127.0.0.1 -p $SENTINEL_SERVICE_PORT -a $SENTINEL_PASSWORD ACL SAVE
+  redis-cli -h 127.0.0.1 -p $SENTINEL_SERVICE_PORT $REDIS_CLI_TLS_CMD ACL SETUSER $SENTINEL_USER ON \>$SENTINEL_PASSWORD allchannels +@all
+  redis-cli -h 127.0.0.1 -p $SENTINEL_SERVICE_PORT -a $SENTINEL_PASSWORD $REDIS_CLI_TLS_CMD ACL SAVE
   echo "redis sentinel user and password set successfully."
 fi
diff --git a/addons/redis/scripts/reload-parameter.sh b/addons/redis/scripts/reload-parameter.sh
@@ -22,13 +22,9 @@ if [ "$paramValue" = "\"\"" ]; then
   paramValue=""
 fi
 service_port=${SERVICE_PORT:-6379}
-tls_cmd=""
-if [ "$TLS_ENABLED" == "true" ]; then
-  tls_cmd="--tls --cacert ${TLS_MOUNT_PATH}/ca.crt"
-fi
 
 if [ -z $REDIS_DEFAULT_PASSWORD ]; then
-  redis-cli -p $service_port $tls_cmd CONFIG SET ${paramName} "${paramValue}"
+  redis-cli -p $service_port $REDIS_CLI_TLS_CMD CONFIG SET ${paramName} "${paramValue}"
 else
-  redis-cli -p $service_port -a ${REDIS_DEFAULT_PASSWORD} $tls_cmd CONFIG SET ${paramName} "${paramValue}"
+  redis-cli -p $service_port -a ${REDIS_DEFAULT_PASSWORD} $REDIS_CLI_TLS_CMD CONFIG SET ${paramName} "${paramValue}"
 fi
diff --git a/addons/redis/scripts/reset-master.sh b/addons/redis/scripts/reset-master.sh
@@ -2,18 +2,14 @@
 if [ -z "${SENTINEL_POD_NAME_LIST}" ]; then
    exit 0
 fi
-tls_cmd=""
-if [ "$TLS_ENABLED" == "true" ]; then
-    tls_cmd="--tls --insecure"
-fi
 sentinel_service_port=${SENTINEL_SERVICE_PORT:-26379}
 for sentinel_pod in $(echo ${SENTINEL_POD_NAME_LIST} | tr ',' '\n'); do
     echo "reset master in sentinel ${pod}..."
     fqdn="$sentinel_pod.$SENTINEL_HEADLESS_SERVICE_NAME.$CLUSTER_NAMESPACE.svc.cluster.local"
     if [ -n "${SENTINEL_PASSWORD}" ]; then
-        redis-cli -h $fqdn -p $sentinel_service_port -a ${SENTINEL_PASSWORD} $tls_cmd sentinel reset ${REDIS_COMPONENT_NAME}
+        redis-cli -h $fqdn -p $sentinel_service_port -a ${SENTINEL_PASSWORD} $REDIS_CLI_TLS_CMD sentinel reset ${REDIS_COMPONENT_NAME}
     else
-        redis-cli -h $fqdn -p $sentinel_service_port $tls_cmd sentinel reset ${REDIS_COMPONENT_NAME}
+        redis-cli -h $fqdn -p $sentinel_service_port $REDIS_CLI_TLS_CMD sentinel reset ${REDIS_COMPONENT_NAME}
     fi
     if [ $? -eq 0 ]; then
         echo "reset master in sentinel ${pod} succeeded"
diff --git a/addons/redis/scripts/sync-acl.sh b/addons/redis/scripts/sync-acl.sh
@@ -1,12 +1,9 @@
 #!/bin/bash
 
 service_port=${SERVICE_PORT:-6379}
-redis_base_cmd="redis-cli -p $service_port -a $REDIS_DEFAULT_PASSWORD"
+redis_base_cmd="redis-cli -p $service_port -a $REDIS_DEFAULT_PASSWORD $REDIS_CLI_TLS_CMD"
 if [ -z "$REDIS_DEFAULT_PASSWORD" ]; then
-   redis_base_cmd="redis-cli -p $service_port"
-fi
-if [ "$TLS_ENABLED" == "true" ]; then
-  redis_base_cmd="$redis_base_cmd --tls --cacert ${TLS_MOUNT_PATH}/ca.crt"
+   redis_base_cmd="redis-cli -p $service_port $REDIS_CLI_TLS_CMD"
 fi
 
 is_ok=false
diff --git a/addons/redis/templates/cmpd-redis-sentinel.yaml b/addons/redis/templates/cmpd-redis-sentinel.yaml
diff --git a/addons/redis/templates/cmpd-redis.yaml b/addons/redis/templates/cmpd-redis.yaml
diff --git a/addons/redis/templates/opsdefinition-account.yaml b/addons/redis/templates/opsdefinition-account.yaml
diff --git a/addons/redis/templates/opsdefinition-reset-master.yaml b/addons/redis/templates/opsdefinition-reset-master.yaml
