diff --git a/bitnami/redis-sentinel/7.4/debian-12/rootfs/opt/bitnami/scripts/libredissentinel.sh b/bitnami/redis-sentinel/7.4/debian-12/rootfs/opt/bitnami/scripts/libredissentinel.sh index fbf3946ac0ab7..535e5f41c49be 100644 --- a/bitnami/redis-sentinel/7.4/debian-12/rootfs/opt/bitnami/scripts/libredissentinel.sh +++ b/bitnami/redis-sentinel/7.4/debian-12/rootfs/opt/bitnami/scripts/libredissentinel.sh @@ -103,7 +103,11 @@ redis_validate() { print_validation_error "The private key file in the specified path ${REDIS_SENTINEL_TLS_KEY_FILE} does not exist" fi if [[ -z "$REDIS_SENTINEL_TLS_CA_FILE" ]]; then - print_validation_error "You must provide a CA X.509 certificate in order to use TLS" + if [[ -z "$REDIS_SENTINEL_TLS_CA_DIR" ]]; then + print_validation_error "You must provide either a CA X.509 certificate or a CA certificates directory in order to use TLS" + elif [[ ! -d "$REDIS_SENTINEL_TLS_CA_DIR" ]]; then + print_validation_error "The CA certificates directory specified by path ${REDIS_SENTINEL_TLS_CA_DIR} does not exist" + fi elif [[ ! -f "$REDIS_SENTINEL_TLS_CA_FILE" ]]; then print_validation_error "The CA X.509 certificate file in the specified path ${REDIS_SENTINEL_TLS_CA_FILE} does not exist" fi @@ -247,7 +251,12 @@ redis_initialize() { fi redis_conf_set tls-cert-file "$REDIS_SENTINEL_TLS_CERT_FILE" redis_conf_set tls-key-file "$REDIS_SENTINEL_TLS_KEY_FILE" - redis_conf_set tls-ca-cert-file "$REDIS_SENTINEL_TLS_CA_FILE" + if is_empty_value "$REDIS_SENTINEL_TLS_CA_FILE"; then + redis_conf_set tls-ca-cert-dir "$REDIS_SENTINEL_TLS_CA_DIR" + else + redis_conf_set tls-ca-cert-file "$REDIS_SENTINEL_TLS_CA_FILE" + fi + [[ -n "$REDIS_SENTINEL_TLS_DH_PARAMS_FILE" ]] && redis_conf_set tls-dh-params-file "$REDIS_SENTINEL_TLS_DH_PARAMS_FILE" redis_conf_set tls-auth-clients "$REDIS_SENTINEL_TLS_AUTH_CLIENTS" redis_conf_set tls-replication yes diff --git a/bitnami/redis-sentinel/7.4/debian-12/rootfs/opt/bitnami/scripts/redis-sentinel-env.sh b/bitnami/redis-sentinel/7.4/debian-12/rootfs/opt/bitnami/scripts/redis-sentinel-env.sh index 77c6ad05d121c..7ef6d636a48e5 100644 --- a/bitnami/redis-sentinel/7.4/debian-12/rootfs/opt/bitnami/scripts/redis-sentinel-env.sh +++ b/bitnami/redis-sentinel/7.4/debian-12/rootfs/opt/bitnami/scripts/redis-sentinel-env.sh @@ -48,6 +48,7 @@ redis_sentinel_env_vars=( REDIS_SENTINEL_TLS_CERT_FILE REDIS_SENTINEL_TLS_KEY_FILE REDIS_SENTINEL_TLS_CA_FILE + REDIS_SENTINEL_TLS_CA_DIR REDIS_SENTINEL_TLS_DH_PARAMS_FILE REDIS_SENTINEL_TLS_AUTH_CLIENTS REDIS_MASTER_HOST @@ -112,6 +113,7 @@ export REDIS_SENTINEL_TLS_PORT_NUMBER="${REDIS_SENTINEL_TLS_PORT_NUMBER:-26379}" export REDIS_SENTINEL_TLS_CERT_FILE="${REDIS_SENTINEL_TLS_CERT_FILE:-}" export REDIS_SENTINEL_TLS_KEY_FILE="${REDIS_SENTINEL_TLS_KEY_FILE:-}" export REDIS_SENTINEL_TLS_CA_FILE="${REDIS_SENTINEL_TLS_CA_FILE:-}" +export REDIS_SENTINEL_TLS_CA_DIR="${REDIS_SENTINEL_TLS_CA_DIR:-}" export REDIS_SENTINEL_TLS_DH_PARAMS_FILE="${REDIS_SENTINEL_TLS_DH_PARAMS_FILE:-}" export REDIS_SENTINEL_TLS_AUTH_CLIENTS="${REDIS_SENTINEL_TLS_AUTH_CLIENTS:-yes}" diff --git a/bitnami/redis-sentinel/README.md b/bitnami/redis-sentinel/README.md index 3f0356a9c5458..700a0ddbb535b 100644 --- a/bitnami/redis-sentinel/README.md +++ b/bitnami/redis-sentinel/README.md @@ -136,6 +136,7 @@ docker run -it --rm \ | `REDIS_SENTINEL_TLS_CERT_FILE` | Redis TLS certificate file | `nil` | | `REDIS_SENTINEL_TLS_KEY_FILE` | Redis TLS key file | `nil` | | `REDIS_SENTINEL_TLS_CA_FILE` | Redis TLS CA file | `nil` | +| `REDIS_SENTINEL_TLS_CA_DIR` | Directory containing TLS CA certificates | `nil` | | `REDIS_SENTINEL_TLS_DH_PARAMS_FILE` | Redis TLS DH parameter file | `nil` | | `REDIS_SENTINEL_TLS_AUTH_CLIENTS` | Enable Redis TLS client authentication | `yes` | | `REDIS_MASTER_HOST` | Redis master host (used by slaves) | `redis` |