Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[bitnami/redis] PreStop Hook to Initiate Failover for Sentinel on PodTermination #5528

Merged
merged 12 commits into from
Feb 26, 2021

Conversation

0x46616c6b
Copy link
Contributor

Description of the change

We have encountered problems with Redis Sentinel and Rolling Upgrades. In this case, the Master Election takes several minutes, which ensures that the service does not work correctly during that time.
Therefore, we implemented a PreStop hook that checks if the pod is the master and initiates a failover.

Benefits

  • Service is useable during a Rolling Upgrade
  • Rolling Upgrades are much faster

Possible drawbacks

  • Covers only the case that the Pod receives a SIGTERM

Applicable issues

#5418
#5400

Checklist

  • Chart version bumped in Chart.yaml according to semver.
  • Title of the PR starts with chart name (e.g. [bitnami/chart])

Copy link
Contributor

@juan131 juan131 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks so much for this great contribution! @miguelaeh @rafariossaa could you please take a look too?

bitnami/redis/templates/configmap-scripts.yaml Outdated Show resolved Hide resolved
bitnami/redis/templates/configmap-scripts.yaml Outdated Show resolved Hide resolved
bitnami/redis/templates/configmap-scripts.yaml Outdated Show resolved Hide resolved
bitnami/redis/templates/configmap-scripts.yaml Outdated Show resolved Hide resolved
bitnami/redis/templates/configmap-scripts.yaml Outdated Show resolved Hide resolved
bitnami/redis/templates/configmap-scripts.yaml Outdated Show resolved Hide resolved
fi

if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a ${REDIS_PASSWORD} {{- end }} -h ${REDIS_SERVICE} -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"

Also, using -a will show a warning becuase of using the password in the command, it would be better to set it with the env var REDISCLI_AUTH

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there an example? The other scripts in the ConfigMap works exactly the same way.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The command itelf is correct, but there could be issues with variables expansions, that's why they should be in the way ${XXX} not $XXX

if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
else
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a $REDIS_PASSWORD {{- end }} -h $REDIS_SERVICE -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
sentinel_info_command="redis-cli {{- if .Values.usePassword }} -a ${REDIS_PASSWORD} {{- end }} -h ${REDIS_SERVICE} -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"

bitnami/redis/templates/configmap-scripts.yaml Outdated Show resolved Hide resolved
bitnami/redis/templates/configmap-scripts.yaml Outdated Show resolved Hide resolved
Copy link
Contributor

@miguelaeh miguelaeh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the PR!
Please take a look at the comments

bitnami/redis/Chart.yaml Outdated Show resolved Hide resolved
@rafariossaa
Copy link
Contributor

Thanks for the PR!
I have nothing to add to the current review done.
The logic LGTM.

Co-authored-by: Miguel Ángel Cabrera Miñagorri <[email protected]>
@0x46616c6b 0x46616c6b requested a review from miguelaeh February 18, 2021 12:12
Copy link
Contributor

@juan131 juan131 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Contributor

@miguelaeh miguelaeh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,
It seems you forgot to implement two of the suggestions, I have unresolved them, could you take a look?
Also, I just notice the Redis service is using template instead of include, added a comment below.

bitnami/redis/templates/configmap-scripts.yaml Outdated Show resolved Hide resolved
Copy link
Contributor

@miguelaeh miguelaeh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @0x46616c6b ,
Please check the comments again, you changed two lines that were correct.
There is a difference between "$VARIABLE" note the there are not {} and "substring${VARIABLE}substring2" note the {}

bitnami/redis/templates/configmap-scripts.yaml Outdated Show resolved Hide resolved
bitnami/redis/templates/configmap-scripts.yaml Outdated Show resolved Hide resolved
Copy link
Contributor

@miguelaeh miguelaeh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @0x46616c6b,
Sorry to be picky with this, I think those are the last needed changes. I tried to edit the files myself but I don't have permissions to do it. Did you allow the file editing by maintainers?

bitnami/redis/templates/configmap-scripts.yaml Outdated Show resolved Hide resolved
bitnami/redis/templates/configmap-scripts.yaml Outdated Show resolved Hide resolved
@0x46616c6b
Copy link
Contributor Author

0x46616c6b commented Feb 24, 2021

Thanks for the good review and your patience. Yes, you can edit the PR or need you some permissions from me?

Copy link
Contributor

@miguelaeh miguelaeh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you very much for addressing the changes!
LGTM!

About the changes, I can't edit the files on this PR, please rebase master to able to merge it

@miguelaeh miguelaeh merged commit 17271c2 into bitnami:master Feb 26, 2021
@0x46616c6b 0x46616c6b deleted the redis-sentinel-prestop-hook branch March 2, 2021 10:52
miguelaeh added a commit to miguelaeh/bitnami-charts that referenced this pull request Apr 6, 2021
…Termination (bitnami#5528)

* add prestop hook for redis sentinel to failover the master

* Update bitnami/redis/templates/configmap-scripts.yaml

Co-authored-by: Juan Ariza Toledano <[email protected]>

* fix indentation

* remove duplicated line

* Apply suggestions from code review

Co-authored-by: Miguel Ángel Cabrera Miñagorri <[email protected]>

* Update bitnami/redis/templates/configmap-scripts.yaml

Co-authored-by: Miguel Ángel Cabrera Miñagorri <[email protected]>

* Apply suggestions from code review

* Apply suggestions from code review

Co-authored-by: Miguel Ángel Cabrera Miñagorri <[email protected]>

* Apply suggestions from code review

Co-authored-by: Miguel Ángel Cabrera Miñagorri <[email protected]>

Co-authored-by: Juan Ariza Toledano <[email protected]>
Co-authored-by: Miguel Ángel Cabrera Miñagorri <[email protected]>
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
redis-cli {{- if .Values.usePassword }} -a "$REDIS_PASSWORD" {{- end }} -h "$REDIS_SERVICE" -p {{ .Values.sentinel.port }} --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel failover mymaster
else
redis-cli {{- if .Values.usePassword }} -a "$REDIS_PASSWORD" {{- end }} -h "$REDIS_SERVICE" -p {{ .Values.sentinel.port }} sentinel failover mymaster
Copy link
Contributor

@srueg srueg Apr 12, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this use the configured {{ .Values.sentinel.masterSet }} instead of hard-coding mymaster?

@miguelaeh
Copy link
Contributor

Hi guys, thank you for noticing this issue and opening a PR to fix it! We are taking care of it.

Gregy added a commit to Gregy/charts that referenced this pull request Apr 21, 2021
This improves on bitnami#5528 by checking and waiting until the failover is
finished on both the redis and the sentinel container. This completely
eliminates momentary service interruption during rollouts.

As we cannot guarantee the failover will be successful the wait time
is capped by the termination grace period - 10s.
bitnami-bot added a commit that referenced this pull request Apr 23, 2021
…rruption (#6080)

* Wait until failover finishes during master pod shutdown

This improves on #5528 by checking and waiting until the failover is
finished on both the redis and the sentinel container. This completely
eliminates momentary service interruption during rollouts.

As we cannot guarantee the failover will be successful the wait time
is capped by the termination grace period - 10s.

* Separate terminationGracePeriod setings for each pod type

* make the use of REDISCLI_AUTH clear

* [bitnami/redis] Update components versions

Signed-off-by: Bitnami Containers <[email protected]>

Co-authored-by: Bitnami Containers <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants