Add Redis SSL support via environment variables

This commit adds SSL support for Redis connections in SortingHat.
It allows configuring secure connections using environment
variables that define SSL behavior and certificate files.

New environment variables:

- SORTINGHAT_REDIS_SSL: enables or disables SSL (yes/no)
- SORTINGHAT_REDIS_SSL_CERT_REQS: certificate verification (none/required)
- SORTINGHAT_REDIS_SSL_CA_CERTS: path to the root CA certificates
- SORTINGHAT_REDIS_SSL_CERTFILE: path to the client certificate file
- SORTINGHAT_REDIS_SSL_KEYFILE: path to the private key file

Signed-off-by: Jose Javier Merchante <[email protected]>

Author: jjmerchante

releases/unreleased/redis-ssl-support-via-environment-variables.yml

@@ -0,0 +1,11 @@
+---
+title: Redis SSL support via environment variables
+category: added
+author: Jose Javier Merchante <[email protected]>
+issue: 985
+notes: >
+  Adds support for secure Redis connections over SSL. It can
+  be configured using the following environment variables.
+  SORTINGHAT_REDIS_SSL, SORTINGHAT_REDIS_SSL_CERT_REQS,
+  SORTINGHAT_REDIS_SSL_CA_CERTS, SORTINGHAT_REDIS_SSL_CERTFILE,
+  SORTINGHAT_REDIS_SSL_KEYFILE.

sortinghat/config/settings.py

@@ -269,6 +269,28 @@
     }
 }
 
+#
+# Redis configuration
+#
+# You MUST set the Redis parameters in order to run
+# SortingHat jobs and workers.
+#
+
+REDIS_CONFIG = {
+    'HOST': os.environ.get('SORTINGHAT_REDIS_HOST', '127.0.0.1'),
+    'PORT': os.environ.get('SORTINGHAT_REDIS_PORT', 6379),
+    'PASSWORD': os.environ.get('SORTINGHAT_REDIS_PASSWORD', ''),
+    'ASYNC': os.environ.get('SORTINGHAT_WORKERS_ASYNC', True),
+    'DB': os.environ.get('SORTINGHAT_REDIS_DB', 0),
+    'SSL': os.environ.get('SORTINGHAT_REDIS_SSL', False),
+    'SSL_CERT_REQS': os.environ.get('SORTINGHAT_REDIS_SSL_CERT_REQS', "none"),
+    'REDIS_CLIENT_KWARGS': {
+        'ssl_ca_certs': os.environ.get('SORTINGHAT_REDIS_SSL_CA_CERTS', None),
+        'ssl_certfile': os.environ.get('SORTINGHAT_REDIS_SSL_CERTFILE', None),
+        'ssl_keyfile': os.environ.get('SORTINGHAT_REDIS_SSL_KEYFILE', None),
+    }
+}
+
 #
 # SortingHat workers
 #
@@ -283,13 +305,7 @@
 #
 
 RQ_QUEUES = {
-    'default': {
-        'HOST': os.environ.get('SORTINGHAT_REDIS_HOST', '127.0.0.1'),
-        'PORT': os.environ.get('SORTINGHAT_REDIS_PORT', 6379),
-        'PASSWORD': os.environ.get('SORTINGHAT_REDIS_PASSWORD', ''),
-        'ASYNC': os.environ.get('SORTINGHAT_WORKERS_ASYNC', True),
-        'DB': os.environ.get('SORTINGHAT_REDIS_DB', 0),
-    }
+    'default': REDIS_CONFIG
 }
 
 RQ = {
@@ -339,13 +355,7 @@
     })
 
     RQ_QUEUES.update({
-        tenant: {
-            'HOST': os.environ.get('SORTINGHAT_REDIS_HOST', '127.0.0.1'),
-            'PORT': os.environ.get('SORTINGHAT_REDIS_PORT', 6379),
-            'PASSWORD': os.environ.get('SORTINGHAT_REDIS_PASSWORD', ''),
-            'ASYNC': os.environ.get('SORTINGHAT_WORKERS_ASYNC', True),
-            'DB': os.environ.get('SORTINGHAT_REDIS_DB', 0),
-        }
+        tenant: REDIS_CONFIG
         for tenant in TENANTS_DEDICATED_QUEUES
     })