Merge pull request #551 from BjoernHelmbold/add_sentinel_auth

TheMeier · web-flow · commit 767ef251a98f · 2025-08-15T09:59:00.000+02:00
Add sentinel auth_user and auth_pass
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -1553,6 +1553,8 @@ The following parameters are available in the `redis::sentinel` class:
 * [`working_dir`](#-redis--sentinel--working_dir)
 * [`notification_script`](#-redis--sentinel--notification_script)
 * [`client_reconfig_script`](#-redis--sentinel--client_reconfig_script)
+* [`sentinel_auth_pass`](#-redis--sentinel--sentinel_auth_pass)
+* [`sentinel_auth_user`](#-redis--sentinel--sentinel_auth_user)
 * [`acls`](#-redis--sentinel--acls)
 * [`service_ensure`](#-redis--sentinel--service_ensure)
 
@@ -1889,6 +1891,24 @@ Path to the client-reconfig script
 
 Default value: `undef`
 
+##### <a name="-redis--sentinel--sentinel_auth_pass"></a>`sentinel_auth_pass`
+
+Data type: `Optional[Variant[String[1], Sensitive[String[1]]]]`
+
+The password that Sentinels use to authenticate with each other.
+This is needed for Redis 7 with ACLs enabled.
+
+Default value: `undef`
+
+##### <a name="-redis--sentinel--sentinel_auth_user"></a>`sentinel_auth_user`
+
+Data type: `Optional[String[1]]`
+
+The username that Sentinels use to authenticate with each other.
+This is needed for Redis 7 with ACLs enabled.
+
+Default value: `undef`
+
 ##### <a name="-redis--sentinel--acls"></a>`acls`
 
 Data type: `Array[String[1]]`
diff --git a/manifests/sentinel.pp b/manifests/sentinel.pp
@@ -133,6 +133,14 @@
 # @param client_reconfig_script
 #   Path to the client-reconfig script
 #
+# @param sentinel_auth_pass
+#   The password that Sentinels use to authenticate with each other.
+#   This is needed for Redis 7 with ACLs enabled.
+#
+# @param sentinel_auth_user
+#   The username that Sentinels use to authenticate with each other.
+#   This is needed for Redis 7 with ACLs enabled.
+#
 # @param acls
 #   This is a way to pass an array of raw ACLs to Sentinel. The ACLs must be
 #   in the form of:
@@ -190,6 +198,8 @@
   Stdlib::Absolutepath $working_dir = $redis::params::sentinel_working_dir,
   Optional[Stdlib::Absolutepath] $notification_script = undef,
   Optional[Stdlib::Absolutepath] $client_reconfig_script = undef,
+  Optional[Variant[String[1], Sensitive[String[1]]]] $sentinel_auth_pass = undef,
+  Optional[String[1]] $sentinel_auth_user = undef,
   Array[String[1]] $acls = [],
 ) inherits redis::params {
   $auth_pass_unsensitive = if $auth_pass =~ Sensitive {
diff --git a/spec/classes/redis_sentinel_spec.rb b/spec/classes/redis_sentinel_spec.rb
@@ -130,6 +130,8 @@ class { 'redis':
             tls_ca_cert_dir: '/etc/pki/cacerts',
             tls_auth_clients: 'yes',
             tls_replication: true,
+            sentinel_auth_user: 'default',
+            sentinel_auth_pass: '4321'
           }
         end
 
@@ -144,6 +146,9 @@ class { 'redis':
             pidfile #{pidfile}
             protected-mode no
 
+            sentinel sentinel-user default
+            sentinel sentinel-pass 4321
+
             sentinel announce-hostnames yes
             sentinel announce-ip myhostnameOrIP
             sentinel announce-port 1234
diff --git a/templates/redis-sentinel.conf.erb b/templates/redis-sentinel.conf.erb
@@ -10,6 +10,13 @@ daemonize <%= @daemonize ? 'yes' : 'no' %>
 supervised auto
 pidfile <%= @pid_file %>
 protected-mode <%= @protected_mode ? 'yes' : 'no' %>
+<% if @sentinel_auth_user -%>
+
+sentinel sentinel-user <%= @sentinel_auth_user %>
+<% end -%>
+<% if @sentinel_auth_pass -%>
+sentinel sentinel-pass <%= @sentinel_auth_pass %>
+<% end -%>
 
 <% if @sentinel_announce_hostnames -%>
 sentinel announce-hostnames <%= @sentinel_announce_hostnames %>
