|
|
3f2a88 |
From 2270c5d6aaf8b3b6d663d413a8e7193a493cfdc5 Mon Sep 17 00:00:00 2001
|
|
|
3f2a88 |
From: Konstantin Pokotilenko <pokotilenko@mail.ru>
|
|
|
3f2a88 |
Date: Tue, 24 Sep 2019 17:26:11 +0300
|
|
|
3f2a88 |
Subject: [PATCH 1/2] Consider redis-cli features to choose optimal password
|
|
|
3f2a88 |
passing method and warning filtering workaround
|
|
|
3f2a88 |
|
|
|
3f2a88 |
---
|
|
|
3f2a88 |
heartbeat/redis.in | 60 +++++++++++++++++++++++++++++++++++++++++++---
|
|
|
3f2a88 |
1 file changed, 57 insertions(+), 3 deletions(-)
|
|
|
3f2a88 |
|
|
|
3f2a88 |
diff --git a/heartbeat/redis.in b/heartbeat/redis.in
|
|
|
3f2a88 |
index ec7186d8b..409961d0b 100644
|
|
|
3f2a88 |
--- a/heartbeat/redis.in
|
|
|
3f2a88 |
+++ b/heartbeat/redis.in
|
|
|
3f2a88 |
@@ -237,6 +237,51 @@ CRM_ATTR_REPL_INFO="${HA_SBIN_DIR}/crm_attribute --type crm_config --name ${INST
|
|
|
3f2a88 |
MASTER_HOST=""
|
|
|
3f2a88 |
MASTER_ACTIVE_CACHED=""
|
|
|
3f2a88 |
MASTER_ACTIVE=""
|
|
|
3f2a88 |
+CLI_HAVE_AUTH_WARNING=0
|
|
|
3f2a88 |
+CLI_HAVE_ARG_NO_AUTH_WARNING=0
|
|
|
3f2a88 |
+CLI_HAVE_ENV_AUTH=0
|
|
|
3f2a88 |
+
|
|
|
3f2a88 |
+cmp_redis_version()
|
|
|
3f2a88 |
+{
|
|
|
3f2a88 |
+
|
|
|
3f2a88 |
+ if [ "$1" == "$2" ]; then
|
|
|
3f2a88 |
+ return 1
|
|
|
3f2a88 |
+ elif [ $(echo -e "$1\n$2" | sort -V | head -1) == "$1" ]; then
|
|
|
3f2a88 |
+ return 0
|
|
|
3f2a88 |
+ else
|
|
|
3f2a88 |
+ return 2
|
|
|
3f2a88 |
+ fi
|
|
|
3f2a88 |
+}
|
|
|
3f2a88 |
+
|
|
|
3f2a88 |
+redis_cli_features()
|
|
|
3f2a88 |
+{
|
|
|
3f2a88 |
+
|
|
|
3f2a88 |
+ CLI_VER=$(redis-cli --version | tr " " "\n" | tail -1)
|
|
|
3f2a88 |
+ # Starting with 4.0.10 there is a warning on stderr when using a pass
|
|
|
3f2a88 |
+ # Starting with 5.0.0 there is an argument to silence the warning: --no-auth-warning
|
|
|
3f2a88 |
+ # Starting with 5.0.3 there is an option to use REDISCLI_AUTH evironment variable for password, no warning in this case
|
|
|
3f2a88 |
+
|
|
|
3f2a88 |
+ cmp_redis_version $CLI_VER 5.0.3
|
|
|
3f2a88 |
+ res=$?
|
|
|
3f2a88 |
+ echo 5.0.3: $res
|
|
|
3f2a88 |
+ if [[ res -ge 1 ]]; then
|
|
|
3f2a88 |
+ CLI_HAVE_ENV_AUTH=1
|
|
|
3f2a88 |
+ fi
|
|
|
3f2a88 |
+
|
|
|
3f2a88 |
+ cmp_redis_version $CLI_VER 5.0.0
|
|
|
3f2a88 |
+ res=$?
|
|
|
3f2a88 |
+ echo 5.0.0: $res
|
|
|
3f2a88 |
+ if [[ res -ge 1 ]]; then
|
|
|
3f2a88 |
+ CLI_HAVE_ARG_NO_AUTH_WARNING=1
|
|
|
3f2a88 |
+ fi
|
|
|
3f2a88 |
+
|
|
|
3f2a88 |
+ cmp_redis_version $CLI_VER 4.0.10
|
|
|
3f2a88 |
+ res=$?
|
|
|
3f2a88 |
+ echo 4.0.10: $res
|
|
|
3f2a88 |
+ if [[ res -ge 1 ]]; then
|
|
|
3f2a88 |
+ CLI_HAVE_AUTH_WARNING=1
|
|
|
3f2a88 |
+ fi
|
|
|
3f2a88 |
+}
|
|
|
3f2a88 |
|
|
|
3f2a88 |
master_is_active()
|
|
|
3f2a88 |
{
|
|
|
3f2a88 |
@@ -315,9 +360,16 @@ set_score()
|
|
|
3f2a88 |
redis_client() {
|
|
|
3f2a88 |
ocf_log debug "redis_client: '$REDIS_CLIENT' -s '$REDIS_SOCKET' $*"
|
|
|
3f2a88 |
if [ -n "$clientpasswd" ]; then
|
|
|
3f2a88 |
- # Starting with 4.0.10 there is a warning on stderr when using a pass
|
|
|
3f2a88 |
- # Once we stop supporting versions < 5.0.0 we can add --no-auth-warning here
|
|
|
3f2a88 |
- ("$REDIS_CLIENT" -s "$REDIS_SOCKET" -a "$clientpasswd" "$@" 2>&1 >&3 3>&- | grep -v "Using a password" >&2 3>&-) 3>&1 | sed 's/\r//'
|
|
|
3f2a88 |
+ # Consider redis-cli features to choose optimal password passing method and warning filtering workaround
|
|
|
3f2a88 |
+ if [[ CLI_HAVE_ENV_AUTH -eq 1 ]]; then
|
|
|
3f2a88 |
+ REDISCLI_AUTH=$clientpasswd "$REDIS_CLIENT" -s "$REDIS_SOCKET" "$@" | sed 's/\r//'
|
|
|
3f2a88 |
+ elif [[ CLI_HAVE_ARG_NO_AUTH_WARNING -eq 1 ]]; then
|
|
|
3f2a88 |
+ "$REDIS_CLIENT" -s "$REDIS_SOCKET" -a "$clientpasswd" "$@" --no-auth-warning | sed 's/\r//'
|
|
|
3f2a88 |
+ elif [[ CLI_HAVE_AUTH_WARNING -eq 1 ]]; then
|
|
|
3f2a88 |
+ ("$REDIS_CLIENT" -s "$REDIS_SOCKET" -a "$clientpasswd" "$@" 2>&1 >&3 3>&- | grep -v "Using a password" >&2 3>&-) 3>&1 | sed 's/\r//'
|
|
|
3f2a88 |
+ else
|
|
|
3f2a88 |
+ "$REDIS_CLIENT" -s "$REDIS_SOCKET" -a "$clientpasswd" "$@" | sed 's/\r//'
|
|
|
3f2a88 |
+ fi
|
|
|
3f2a88 |
else
|
|
|
3f2a88 |
"$REDIS_CLIENT" -s "$REDIS_SOCKET" "$@" | sed 's/\r//'
|
|
|
3f2a88 |
fi
|
|
|
3f2a88 |
@@ -686,6 +738,8 @@ if [ -r "$REDIS_CONFIG" ]; then
|
|
|
3f2a88 |
clientpasswd="$(sed -n -e 's/^\s*requirepass\s*\(.*\)\s*$/\1/p' < $REDIS_CONFIG | tail -n 1)"
|
|
|
3f2a88 |
fi
|
|
|
3f2a88 |
|
|
|
3f2a88 |
+redis_cli_features
|
|
|
3f2a88 |
+
|
|
|
3f2a88 |
ocf_log debug "action=${1:-$__OCF_ACTION} notify_type=${OCF_RESKEY_CRM_meta_notify_type} notify_operation=${OCF_RESKEY_CRM_meta_notify_operation} master_host=${OCF_RESKEY_CRM_meta_notify_master_uname} slave_host=${OCF_RESKEY_CRM_meta_notify_slave_uname} promote_host=${OCF_RESKEY_CRM_meta_notify_promote_uname} demote_host=${OCF_RESKEY_CRM_meta_notify_demote_uname}; params: bin=${OCF_RESKEY_bin} client_bin=${OCF_RESKEY_client_bin} config=${OCF_RESKEY_config} user=${OCF_RESKEY_user} rundir=${OCF_RESKEY_rundir} port=${OCF_RESKEY_port}"
|
|
|
3f2a88 |
|
|
|
3f2a88 |
case "${1:-$__OCF_ACTION}" in
|
|
|
3f2a88 |
|
|
|
3f2a88 |
From 0b9f942a88bfc3ad04938aa5135fad8f8bece69c Mon Sep 17 00:00:00 2001
|
|
|
3f2a88 |
From: Konstantin Pokotilenko <pokotilenko@mail.ru>
|
|
|
3f2a88 |
Date: Tue, 24 Sep 2019 18:35:59 +0300
|
|
|
3f2a88 |
Subject: [PATCH 2/2] use ocf_version_cmp instead of own implementation use
|
|
|
3f2a88 |
same method of getting redis-cli version as already used before in file, this
|
|
|
3f2a88 |
also uses redis client from variable instead of hardcoded remove debug output
|
|
|
3f2a88 |
fix --no-auth-warning argument position
|
|
|
3f2a88 |
|
|
|
3f2a88 |
---
|
|
|
3f2a88 |
heartbeat/redis.in | 25 +++++--------------------
|
|
|
3f2a88 |
1 file changed, 5 insertions(+), 20 deletions(-)
|
|
|
3f2a88 |
|
|
|
3f2a88 |
diff --git a/heartbeat/redis.in b/heartbeat/redis.in
|
|
|
3f2a88 |
index 409961d0b..d722fb12c 100644
|
|
|
3f2a88 |
--- a/heartbeat/redis.in
|
|
|
3f2a88 |
+++ b/heartbeat/redis.in
|
|
|
3f2a88 |
@@ -241,43 +241,28 @@ CLI_HAVE_AUTH_WARNING=0
|
|
|
3f2a88 |
CLI_HAVE_ARG_NO_AUTH_WARNING=0
|
|
|
3f2a88 |
CLI_HAVE_ENV_AUTH=0
|
|
|
3f2a88 |
|
|
|
3f2a88 |
-cmp_redis_version()
|
|
|
3f2a88 |
-{
|
|
|
3f2a88 |
-
|
|
|
3f2a88 |
- if [ "$1" == "$2" ]; then
|
|
|
3f2a88 |
- return 1
|
|
|
3f2a88 |
- elif [ $(echo -e "$1\n$2" | sort -V | head -1) == "$1" ]; then
|
|
|
3f2a88 |
- return 0
|
|
|
3f2a88 |
- else
|
|
|
3f2a88 |
- return 2
|
|
|
3f2a88 |
- fi
|
|
|
3f2a88 |
-}
|
|
|
3f2a88 |
-
|
|
|
3f2a88 |
redis_cli_features()
|
|
|
3f2a88 |
{
|
|
|
3f2a88 |
|
|
|
3f2a88 |
- CLI_VER=$(redis-cli --version | tr " " "\n" | tail -1)
|
|
|
3f2a88 |
+ CLI_VER=$("$REDIS_CLIENT" -v | awk '{print $NF}')
|
|
|
3f2a88 |
# Starting with 4.0.10 there is a warning on stderr when using a pass
|
|
|
3f2a88 |
# Starting with 5.0.0 there is an argument to silence the warning: --no-auth-warning
|
|
|
3f2a88 |
# Starting with 5.0.3 there is an option to use REDISCLI_AUTH evironment variable for password, no warning in this case
|
|
|
3f2a88 |
|
|
|
3f2a88 |
- cmp_redis_version $CLI_VER 5.0.3
|
|
|
3f2a88 |
+ ocf_version_cmp $CLI_VER 5.0.3
|
|
|
3f2a88 |
res=$?
|
|
|
3f2a88 |
- echo 5.0.3: $res
|
|
|
3f2a88 |
if [[ res -ge 1 ]]; then
|
|
|
3f2a88 |
CLI_HAVE_ENV_AUTH=1
|
|
|
3f2a88 |
fi
|
|
|
3f2a88 |
|
|
|
3f2a88 |
- cmp_redis_version $CLI_VER 5.0.0
|
|
|
3f2a88 |
+ ocf_version_cmp $CLI_VER 5.0.0
|
|
|
3f2a88 |
res=$?
|
|
|
3f2a88 |
- echo 5.0.0: $res
|
|
|
3f2a88 |
if [[ res -ge 1 ]]; then
|
|
|
3f2a88 |
CLI_HAVE_ARG_NO_AUTH_WARNING=1
|
|
|
3f2a88 |
fi
|
|
|
3f2a88 |
|
|
|
3f2a88 |
- cmp_redis_version $CLI_VER 4.0.10
|
|
|
3f2a88 |
+ ocf_version_cmp $CLI_VER 4.0.10
|
|
|
3f2a88 |
res=$?
|
|
|
3f2a88 |
- echo 4.0.10: $res
|
|
|
3f2a88 |
if [[ res -ge 1 ]]; then
|
|
|
3f2a88 |
CLI_HAVE_AUTH_WARNING=1
|
|
|
3f2a88 |
fi
|
|
|
3f2a88 |
@@ -364,7 +349,7 @@ redis_client() {
|
|
|
3f2a88 |
if [[ CLI_HAVE_ENV_AUTH -eq 1 ]]; then
|
|
|
3f2a88 |
REDISCLI_AUTH=$clientpasswd "$REDIS_CLIENT" -s "$REDIS_SOCKET" "$@" | sed 's/\r//'
|
|
|
3f2a88 |
elif [[ CLI_HAVE_ARG_NO_AUTH_WARNING -eq 1 ]]; then
|
|
|
3f2a88 |
- "$REDIS_CLIENT" -s "$REDIS_SOCKET" -a "$clientpasswd" "$@" --no-auth-warning | sed 's/\r//'
|
|
|
3f2a88 |
+ "$REDIS_CLIENT" -s "$REDIS_SOCKET" --no-auth-warning -a "$clientpasswd" "$@" | sed 's/\r//'
|
|
|
3f2a88 |
elif [[ CLI_HAVE_AUTH_WARNING -eq 1 ]]; then
|
|
|
3f2a88 |
("$REDIS_CLIENT" -s "$REDIS_SOCKET" -a "$clientpasswd" "$@" 2>&1 >&3 3>&- | grep -v "Using a password" >&2 3>&-) 3>&1 | sed 's/\r//'
|
|
|
3f2a88 |
else
|