Merge branch 'fix-kas-redis-fallback' into 'master'

Switch KAS to use the new Redis Helper logic

See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7317

Merged-by: Ian Baum <[email protected]>
Approved-by: Ian Baum <[email protected]>
Approved-by: Andrew Patterson <[email protected]>
Reviewed-by: Balasankar 'Balu' C <[email protected]>
Reviewed-by: Ian Baum <[email protected]>
Co-authored-by: Balasankar 'Balu' C <[email protected]>

Author: ibaum

files/gitlab-config-template/gitlab.rb.template

@@ -2143,7 +2143,7 @@ external_url 'GENERATED_EXTERNAL_URL'
 # gitlab_kas['redis_port'] = '6379'
 # gitlab_kas['redis_password'] = nil
 
-# gitlab_kas['redis_sentinels'] = {}
+# gitlab_kas['redis_sentinels'] = []
 # gitlab_kas['redis_sentinels_master_name'] = nil
 # gitlab_kas['redis_sentinels_password'] = ''
 

files/gitlab-cookbooks/gitlab-kas/attributes/default.rb

@@ -51,7 +51,7 @@
 default['gitlab_kas']['redis_host'] = nil
 default['gitlab_kas']['redis_port'] = nil
 default['gitlab_kas']['redis_password'] = nil
-default['gitlab_kas']['redis_sentinels'] = nil
+default['gitlab_kas']['redis_sentinels'] = []
 default['gitlab_kas']['redis_sentinels_master_name'] = nil
 default['gitlab_kas']['redis_sentinels_password'] = nil
 default['gitlab_kas']['redis_ssl'] = nil

files/gitlab-cookbooks/gitlab-kas/libraries/gitlab_kas.rb

@@ -107,6 +107,9 @@ def validate_secrets
     end
 
     def parse_redis_settings
+      # If KAS has separate Redis instance specified, do not copy any other settings
+      return if Gitlab['gitlab_kas'].key?('redis_host') || Gitlab['gitlab_kas'].key?('redis_socket')
+
       settings_copied_from_gitlab_rails = %w[
         redis_socket
         redis_host
@@ -120,10 +123,12 @@ def parse_redis_settings
         redis_tls_client_key_file
       ]
       settings_copied_from_gitlab_rails.each do |setting|
-        Gitlab['gitlab_kas'][setting] = Gitlab['gitlab_rails'][setting] || Gitlab['node']['gitlab']['gitlab_rails'][setting] unless Gitlab['gitlab_kas'].key?(setting)
+        Gitlab['node'].default['gitlab_kas'][setting] = Gitlab['node']['gitlab']['gitlab_rails'][setting]
+        Gitlab['gitlab_kas'][setting] = Gitlab['gitlab_rails'][setting] unless Gitlab['gitlab_kas'].key?(setting)
       end
 
-      Gitlab['gitlab_kas']['redis_sentinels_master_name'] = Gitlab['redis']['master_name'] || Gitlab['node']['redis']['master_name'] unless Gitlab['gitlab_kas'].key?('redis_sentinels_master_name')
+      Gitlab['node'].default['gitlab_kas']['redis_sentinels_master_name'] = Gitlab['node']['redis']['master_name']
+      Gitlab['gitlab_kas']['redis_sentinels_master_name'] = Gitlab['redis']['master_name'] unless Gitlab['gitlab_kas'].key?('redis_sentinels_master_name')
     end
 
     private

files/gitlab-cookbooks/gitlab-kas/recipes/enable.rb

@@ -16,7 +16,7 @@
 #
 account_helper = AccountHelper.new(node)
 omnibus_helper = OmnibusHelper.new(node)
-redis_helper = RedisHelper.new(node)
+redis_helper = NewRedisHelper::GitlabKAS.new(node)
 logfiles_helper = LogfilesHelper.new(node)
 logging_settings = logfiles_helper.logging_settings('gitlab-kas')
 
@@ -26,23 +26,17 @@
 gitlab_kas_config_file = File.join(working_dir, 'gitlab-kas-config.yml')
 gitlab_kas_authentication_secret_file = File.join(working_dir, 'authentication_secret_file')
 gitlab_kas_private_api_authentication_secret_file = File.join(working_dir, 'private_api_authentication_secret_file')
-redis_host, redis_port, redis_password = redis_helper.kas_params
-redis_password_present = redis_password && !redis_password.empty?
-redis_sentinels = node['gitlab_kas']['redis_sentinels']
-redis_sentinels_master_name = node['gitlab_kas']['redis_sentinels_master_name']
-redis_sentinels_password = node['gitlab_kas']['redis_sentinels_password']
-redis_sentinels_password_present = redis_sentinels_password && !redis_sentinels_password.empty?
 
+redis_params = redis_helper.redis_params
+
+redis_password = redis_params[:password]
+redis_password_present = redis_password && !redis_password.empty?
 gitlab_kas_redis_password_file = File.join(working_dir, 'redis_password_file')
+
+redis_sentinels_password = redis_params[:sentinelPassword]
+redis_sentinels_password_present = redis_sentinels_password && !redis_sentinels_password.empty?
 gitlab_kas_redis_sentinels_password_file = File.join(working_dir, 'redis_sentinels_password_file')
-redis_default_port = URI::Redis::DEFAULT_PORT
-redis_network = redis_helper.redis_url.scheme == 'unix' ? 'unix' : 'tcp'
-redis_ssl = node['gitlab_kas']['redis_ssl']
-redis_address = if redis_network == 'tcp'
-                  "#{redis_host}:#{redis_port || redis_default_port}"
-                else
-                  node['gitlab_kas']['redis_socket']
-                end
+
 redis_tls_ca_cert_file = node['gitlab_kas']['redis_tls_ca_cert_file']
 redis_tls_client_cert_file = node['gitlab_kas']['redis_tls_client_cert_file']
 redis_tls_client_key_file = node['gitlab_kas']['redis_tls_client_key_file']
@@ -119,16 +113,16 @@
     node['gitlab_kas'].to_hash.merge(
       authentication_secret_file: gitlab_kas_authentication_secret_file,
       private_api_authentication_secret_file: gitlab_kas_private_api_authentication_secret_file,
-      redis_network: redis_network,
-      redis_address: redis_address,
-      redis_ssl: redis_ssl,
+      redis_network: redis_params[:network],
+      redis_address: redis_params[:address],
+      redis_ssl: redis_params[:ssl],
       redis_tls_ca_cert_file: redis_tls_ca_cert_file,
       redis_tls_client_cert_file: redis_tls_client_cert_file,
       redis_tls_client_key_file: redis_tls_client_key_file,
-      redis_default_port: redis_default_port,
+      redis_default_port: URI::Redis::DEFAULT_PORT,
       redis_password_file: redis_password_present ? gitlab_kas_redis_password_file : nil,
-      redis_sentinels_master_name: redis_sentinels_master_name,
-      redis_sentinels: redis_sentinels,
+      redis_sentinels_master_name: redis_params[:sentinelMaster],
+      redis_sentinels: redis_params[:sentinels],
       redis_sentinels_password_file: redis_sentinels_password_present ? gitlab_kas_redis_sentinels_password_file : nil
     )
   )

files/gitlab-cookbooks/gitlab/libraries/redis_helper.rb

@@ -73,10 +73,6 @@ def workhorse_params
     end
   end
 
-  def kas_params
-    redis_params(service_config: @node['gitlab_kas'])
-  end
-
   def validate_instance_shard_config(instance)
     gitlab_rails = @node['gitlab']['gitlab_rails']
 

files/gitlab-cookbooks/package/libraries/helpers/new_redis_helper/base.rb

@@ -52,7 +52,7 @@ def redis_url
         )
       end
 
-      uri.to_s
+      uri
     end
 
     private

files/gitlab-cookbooks/package/libraries/helpers/new_redis_helper/gitlab_kas.rb

@@ -0,0 +1,37 @@
+module NewRedisHelper
+  class GitlabKAS < NewRedisHelper::Base
+    def redis_params
+      {
+        network: redis_network,
+        address: redis_address,
+        password: redis_credentials[:password],
+        sentinels: redis_sentinels,
+        sentinelMaster: master_name,
+        sentinelPassword: redis_sentinels_password,
+        ssl: redis_ssl
+      }
+    end
+
+    private
+
+    def redis_network
+      redis_url.scheme == 'unix' ? 'unix' : 'tcp'
+    end
+
+    def redis_address
+      redis_network == 'tcp' ? "#{redis_host}:#{redis_port || URI::Redis::DEFAULT_PORT}" : redis_socket
+    end
+
+    def master_name
+      node_attr['redis_sentinels_master_name']
+    end
+
+    def node_access_keys
+      %w[gitlab_kas]
+    end
+
+    def support_sentinel_groupname?
+      true
+    end
+  end
+end

files/gitlab-cookbooks/package/libraries/helpers/new_redis_helper/gitlab_workhorse.rb

@@ -2,7 +2,7 @@ module NewRedisHelper
   class GitlabWorkhorse < NewRedisHelper::Base
     def redis_params
       {
-        url: redis_url,
+        url: redis_url.to_s,
         password: redis_credentials[:password],
         sentinels: sentinel_urls,
         sentinelMaster: master_name,